From Design to Resign: Securing the Electronics Lifecycle

Transcription

1 SESSION ID: STR1-R11 From Design to Resign: Securing the Electronics Lifecycle Edna Conway Chief Security Officer, Global Value Chain Cisco Systems, Dr. Mark Tehranipoor Intel Charles E. Young Preeminence Endowed Chair Professor in Cybersecurity ECE, University of Florida

2 The Impact of Digital Transformation Operations Technology Information Technology Business Operations Enterprise Culture 3 rd Party Ecosystem 2

3 Transportation Electronics: The Heart of Digital Transformation Manufacturing Operations Center Energy

4 The Fundamentals: Ecosystem Awareness Damage the brand Industrial Espionage Fraud Game the Stock Price Confidential Data Pivot Through us to Attack Customers Steal IP Steal Customer Data Exploit the Network 4

5 The Fundamentals: Know Your Systems Lifecycle & the Technology Within It A p p l i c a t i o n Concept Development Production Utilization Support Retirement Source: NIST SP Recursive Iterative Concurrent Parallel Sequenced Execution

6 The Fundamentals: Understand the Information and Communications (ICT) Value Chain Design Plan Source Make Quality Deliver Sustain End of Life And The Electronics Supply Chain Within It Design Fabrication Assembly Distribution Lifetime End of Life 6

7 The Fundamentals: Identify Who Is In Your ICT Value Chain Open Source Software Software Licensors HW Component Suppliers Cloud Service Providers Logistics Partners OEMs/ODMs IOT Devices Manufacturing Partners Channel/Distributors Repair /Refurbishment Partners Scrap Partners Recycling Partners 7

8 The Fundamentals: Identify the Threats Threats Manipulation Unauthorized Control Espionage Unauthorized Visibility Disruption Denial of Service 8

9 The Fundamentals: Translate Threats to Exposures Exposures Taint Alteration allowing unauthorized control or content visibility Counterfeit Raw materials, finished goods or services which are not authentic IP Misuse Unauthorized disclosure of intellectual property Information Security Breach Unauthorized access to confidential information 9

10 The Fundamentals: The Basics of Hardware Vulnerability System has susceptibility or flaw Attacker gains access to the flaw Attacker Exploit ACCESS GRANTED REDUCED SYSTEM INFORMATION ASSURANCE 10

11 Example Security Attacks on Hardware Trojans Untrusted Foundry Counterfeit ICs Physical Attack Side-channel Fault Injection Reverse Engineering Fake Parts 11

12 Integrity Breaches Across the Electronics Supply Chain Cloned ICs Overuse IPs Remarked ICs false performance and reliability Overproduced ICs Cloned ICs reverse engineered from authentic IC Design Fabrication Assembly Distribution Lifetime End of Life Cloned ICs reverse engineered from authentic IC Overproduced ICs Remarked ICs false performance and reliability Recycled ICs reuse of scrap ICs refurbished ICs represented as new

13 Protection Throughout the Lifecycle Protection Solutions Design Fabrication Assembly Distribution Lifetime End of Life Forward Trust Establishing trust between IP vendors, SoC integrators, Foundry and Assembly + PUF + ECID Unique IDs for chip and system level authentication in the supply chain 13

14 Unique IDs Design Fabrication Assembly Distribution Lifetime End of Life PUF + ECID 14

15 Innovative Solutions: Chip ID Linked to Electronic Device Electronic Chip IDs (ECID) can uniquely identify the device Unclonable IDs acting as a fingerprint data can be read at multiple stages and provide similar results (requires fuzzy logic to compare) Fingerprints include: PUFs (Physical Unclonable Functions) Repeatable test data SRAM startup signatures PUFs can generate encryption keys, enabling the chip itself to act as a root-of-trust + ECID = Identity (Always the same for a specific chip) UID = Fingerprint (Always similar for a specific chip) 15

16 Physical Unclonable Function (PUF) PUF Exploits Inherent Process Variations in Devices (entropy is translated to unique signature) PUF suffers reliability issues (can t reproduce signature through lifetime) Environmental Variation Aging, Wearout Aging impact can be improved Aging resistant design Reliable RO-pair formation Ring Oscillator PUF 16

17 Physical Unclonable Function (PUF) SRAM-PUF: SRAM is based on a bi-stable latch which will retain its values as long as the circuit is powered. A mismatch between the inverter pairs affecting their power-up states. It maps a challenge to a response. Memory PUF 17

18 Authentication Throughout Lifecycle Available Now (Market Leaders) IC & Multi Chip Boards Rework Systems In-Use Returns N Test & Process data Test Rework Genealogy Performance data Usage Data Reliability Data Cross-industry platform connecting electronics supply chain to semiconductor identity 18

19 Authentication Hub OCM Trusted Foundry Or OSAT Untrusted CM Board / System Untrusted OEM Trusted Customer (Home + Business) Enrollment and Authentication Hub 19

20 Protection Throughout the Lifecycle Design Fabrication Assembly Distribution Lifetime End of Life FORTIS + 20

21 Logic Obfuscation Key Gates CUK[i] A 1 g 0 A 2 g 2 A 3 A 4 A n g 1 a) Original Netlist g 3 Y 1 A 1 g 0 A 2 g 2 A 3 A 4 g 1 X D 1/0 k i 0 D/D g 3 D/D Y 1m A n b) Obfuscated netlist 21

22 Logic Obfuscation FSM based Approach Add an obfuscated mode on top of the original transition functionality. Obfuscation pattern guides the circuit to normal mode. Transition arc K3 offers the sole design route from obfuscated mode to normal mode Obfuscation also protects original functionality prevents IP Piracy from an untrusted foundry Bhunia, et. al., HARPOON: an obfuscation-based SoC design methodology for hardware protection, TCAD

23 Design-to-Fab Trust Risk IP Piracy Sell Another SoC Designer 3PIP 1 License Sell SoC Design Contract Chips 3PIP 2 3PIP n Trust SoC Designer Trust #chips Foundry/ Assembly IP Owners IP Overuse #chips Supply Chain #chips IC Overproduction 23

24 Establishing Forward Trust Encrypted and Locked Sell Another SoC Designer 3PIP 1 License Sell SoC Design Contract Chips 3PIP 2 3PIP n Trust SoC Designer Trust #chips Foundry/ Assembly IP Owners Need Keys from 3PIP Owners #chips Supply Chain #chips Need Keys from SoC Designers 24

25 Challenges How to lock a netlist which activates test before unlocking? How to securely transfer the keys from 3PIP owners and SoC designer to the foundry and assembly? 3PIP 1 3PIP 2 3PIP n License Sell Trust Encrypted and Locked SoC Design SoC Designer Sell Contrac t Trust #chips Another SoC Designer Chips Foundry/ Assembly How to protect an 3PIP from unwanted modification? IP Owners Need Keys from 3PIP Owners #chips Supply Chain #chips Need Keys from SoC Designers 25

26 FORTIS -- Framework Gate-level Netlist Lock Insertion Test Pattern Generation 3PIPs RTL Modified RTL Test Patterns Gate-level Netlist Lock Insertion Test Pattern Generation In-house IP RTL Modified RTL Test Patterns Other in-house IPs Simulation SoC Test Pattern Repository GDSII Fabrication Package Test Defect Free Chips Wafer Test Packaging Functional Activation RTL Gate-level Netlist Test Pattern Generation Test Patterns IP Owners Trust SoC Designer Trust Foundry/ Assembly 26

27 Test Before IC Activation A 1 g 0 A 2 g 2 SE A 3 A 4 A n g 1 a) Original Netlist g 3 Y 1 CUK[i] 0 SI 1 CLK D FF i Q I 1 1 A 1 g 0 A 2 g 2 A 3 A 4 g 1 CUK[i] X D 1/0 k i 0 D/D g 3 D/D Y 1m A 1 g 0 A 2 g 2 A 3 A 4 A n g 1 X D c) Proposed Netlist k i D 0 g 3 D Y 1m A n b) Obfuscated netlist 27

28 Key Transfer: Chip Side System on a Chip 1 m TRNG KC pri (.) m 4 K S sig(m) 2 {m,sig(m)} + 3 KD pub (.) 5 OTP IK + 6 KD pub (K S ) 7 TK= {IK,KD pub (K S )} CUK OTP 14 TK = K S (CUK) 28

29 Key Transfer: SoC Designer Side System on a Chip Designer 8 TK= {IK,KD pub (K S )} IK - 9 OTP K S 10 sig(m) - KC pub (.) Compare m 11 KD pub (K S ) KD pri (.) 12 Yes K S TK = K S (CUK) 13 OTP CUK 29

30 IP Overuse System on a Chip 30

31 Call to Action: A Secure Ecosystem Chip Design Chip Foundry Chip Assembly PCB Assembly System Assembly Government?? Academia EDA Company 3PIP Vendors Security IP Vendors 31

32 Stay Aware Internet of things was mobilised for internet outage, says Dyn 'Internet Of Things' Hacking Attack Led To Widespread Outage Of Popular Websites Counterfeit electronics: Another security threat from China Obama to Sign Bill Combating Counterfeit Chips Unregulated E-waste Exports Fuel Counterfeit Electronics That Undermine U.S. National Security Hackers create more IoT botnets with Mirai source code House panel to tackle security of internet-connected devices World's Biggest Mirai Botnet Is Being Rented Out For DDoS Attacks After Dyn cyberattack, lawmakers seek best path forward 32

33 Global Public-Private Responses EU Horizon 2020 U.S. Initiatives Global Standards 33

34 What Can We Do Together Map the Who, What & Where of Your Electronics Ecosystem Monitor Geo-political and Industry Trends Join In Demanding Root of Trust Implement Protection Techniques Innovate with the Electronics Lifecycle in Mind

35 Back-up for Possible Use 35

36 IP Vendors Distributed Across the Globe Long and globally distributed supply chain of hardware IPs makes SoC design increasingly vulnerable to diverse trust/integrity issues.