AISS: Automatic Implementation of Secure SoCs · Side Channel – extraction of secrets through...
Transcript of AISS: Automatic Implementation of Secure SoCs · Side Channel – extraction of secrets through...
AISS:Automatic Implementation of Secure Silicon
Serge Leef
AISS Program Overview
AISS Proposers Day – April 10, 2019
DISTRIBUTION A. Approved for public release: distribution unlimited.
2
Goal
Automate inclusion of scalable defense mechanisms into chip designs to enable security vs. economics optimization
Cost and Complexity of Attack Resistance Mechanisms
Source: shutterstock.com
DISTRIBUTION A. Approved for public release: distribution unlimited.
3
Executive Summary
Large attack surface that results from design complexity can be substantially reduced by automating inclusion of security into architecture and design tools operating at higher abstraction
Reduce human induced security risks by abstracting away details & complexity
Security
Incorporation of security into next generation of system chips, using platform-based design techniques & advances in high level synthesis
Automation
Need for automatic injection of scalable security creates an opportunity for tools & IP that enable semi automated and automaticapproaches to assembly and integration that can substantially improve design productivity
DISTRIBUTION A. Approved for public release: distribution unlimited.
4
Executive Summary
AISS
• Action – Incorporate scalable security into automated chip design process• Make “security in chips” as common as “fluoride in the water supply” (i.e. no opt-out)
• Metrics – Measurably reduce attack surface while driving down design costs• Reduce attack surface by addressing 80% of documented vulnerabilities• Drive the cost of working silicon $20M to $3M to revamp US funding of early stage chip startups
• Cost of Inaction – Insecure chips are a threat to national security, infrastructure, economy
• Approach – Extend and combine current approaches with groundbreaking technologies• On-chip security structures + configurable platforms + synthesis/optimization
• Asymmetric Advantage – Selected technologies only hosted on USG controlled cloud• Key capabilities enabling revolutionary exploration of large optimization spaces
Today
• Motivation – Secure DoD & commercial chips are too complex and expensive to design• Security inclusion is currently not supported by design skills or economics
• DoD Benefit – Enable supply chain where secure silicon is pervasive• Enable suppliers to respond to DoD chip security needs while also protecting commercial silicon
Source: BoeingDISTRIBUTION A. Approved for public release: distribution unlimited.
Limitations• $20M+ cost for medium complexity SoC• 9-12 month design cycles• Many human introduced errors• Unpredictable power and no security
5
System on Chip (SoC) Design Process
Source: Broadcom 5G SoC block diagram
Simplified View of SoC Design Process (source: Mentor)
High Medium Low
Huge
Big
Medium
Small
Tiny
Size
PerformanceTheoreticalBest
Human expertWith unlimited time
1990s
2000s
Present
Machine generatedsolutions
Current Practice• Manual system integration• Lengthy and complex simulation runs• Block level synthesis & optimization
(source: Broadcom)
DISTRIBUTION A. Approved for public release: distribution unlimited.
6
Long Term EDA Dream: System Synthesis
System synthesis & optimization
1. Σ(a*Performance, b*Size)2. Σ(a*Performance, b*Size, c*Power)3. Σ(a*Performance, b*Size, c*Power, d*Security)4. Σ(a*Performance, b*Size, c*Power, {d*SideChannel, e*SupplyChain,
f*RevEngineering, g*MalHardware})
Key challenges:
• Quantification of security
• Rapid estimation of attack resistance
• Multi-dimensional optimizationHigh Medium Low
Huge
Big
Medium
Small
Tiny
Size
Performance
Power
Security = f(SideChannel, SupplyChain, RevEngineering, MalHardware)
(source: Broadcom)DISTRIBUTION A. Approved for public release: distribution unlimited.
7
AISS: Program Structure
On-chipSecurity
TA1
Security ToolsTA1
IntegrationTA2
• Obfuscation• Watermarking• Attack Simulation• Threat Analysis
• Silicon Platforms• Generators• Interconnect• Optimization
Authentication
Provisioning
Monitoring
Security Policy Enforcement
AISS
AISS Will Democratize Chip Security through AutomationDISTRIBUTION A. Approved for public release: distribution unlimited.
8
SECURITY
DISTRIBUTION A. Approved for public release: distribution unlimited.
Moving Target (I20)
AISS Focus Areas
In Progress (SSITH)
• Substantial efforts are on-going in the software community
9
Attack Surface Based Reference ModelHa
rdw
are
Softw
are
Hard
war
eSo
ftwar
eIn
terfa
ce
• Side Channel – extraction of secrets through physical communication channels other than intended (assumption: attackers are able to “listen” to emissions)
• Reverse Engineering – extraction of algorithms from an illegally obtained design representation (assumption: attackers have access to design files)
• Supply Chain – Cloning, counterfeit, recycled or re-marked chips represented as genuine(assumption: attackers can manufacture perfect clones)
• Malicious Hardware – insertion of secretly triggered hidden disruptive functionality(assumption: attackers successfully inserted malicious function(s) into the design)
• Alteration of system behavior based on software-accessible points of illicit entry that exist due to hardware design weaknesses or architectural flaws
DISTRIBUTION A. Approved for public release: distribution unlimited.
10
Security Strategies by Company type
Reduce Effort
Reduce Cost
AISS
TARG
ET A
REA
Huge merchant semiconductor companies (Intel, Broadcom, Qualcomm…)• See the critical need and have large expert teams to create custom solutions
Mid-size semiconductor and system companies (NXP, Cisco, Nokia…)• Recognize problems but lack expertise and sufficient economic motivation
Defense contractors (Honeywell, NG, Lockheed…)• Possess deep, but limited, expertise (craft) unevenly applied to specific chips
System integrators (Ring, Fitbit, August…)• No interest due to time-to-market focus and lack of in-house competency
DISTRIBUTION A. Approved for public release: distribution unlimited.
11
On-chip Security – viable strategies are emerging
Source: Mentor Graphics, 2017
• Design: Create secure-reconfigurable SoCs with a unique ID based on an inborn Root of Trust• Enroll: Extract chips unique ID into a secure server during first power up at wafer test• Configure: Inject keys to encrypt, sign, or decrypt content for devices or end-applications• Provision: Program SKUs downstream to reduce inventory risk and exploit volume ramp• Personalize: Enables secure device identity during PCB assembly based on the chip’s Root of Trust• Authorize: Allow authorized parties to securely sign devices based on the SoC Root of Trust• Update: Securely update firmware and provision SOC hardware features in the field• Monitor: Track field use and evolve Big Data analytics on field failures, intrusions, counterfeits
DISTRIBUTION A. Approved for public release: distribution unlimited.
12
AISS Approach to On-Chip Security
Outer Perimeter
IP Provenance & W
atermarking
Off-
chip
Key
Man
agem
ent
Off-chip Tracking
Supply Chain
Side Channel
Reve
rse
Engi
neer
ing M
alicious Hardware
Inner Perimeter
Secret Extraction
KnowledgeExtraction
CloningRecycling
HWR Trojans
Emission Reduction
Authentication, Provisioning, Metering
Logi
c En
cryp
tion
& O
bfus
catio
n
Run-time M
onitoring & Detection
Security Engine • AISS focus is only
on securing inner perimeter with on-chip structures
Image source: Intel
• There are many effective outer perimeter attack strategies
• Some level of off-chip support is also needed
• We are assuming outer perimeter is penetrated or compromised
DISTRIBUTION A. Approved for public release: distribution unlimited.
Security policies are updated and uploaded in response to newly discovered vulnerabilities; hardware upgrades also supported
security policies
reserved space in
eFPGA block
Level 5• Encrypted Busses• Active Trojan Detection• Software Watermarking
On-Chip Interconnect
Function0 Functionn
CPUMEMORY
Level 4• Provenance Extraction• Watermark Extraction
WM Extract WM Extractor
Level 3• Odometers• Quiet Crypto• Bus Monitoring• Trojan Detection
13
AISS: Security Engine
Lock/unlock
Level 2• Provisioning• Obfuscation• Logic locking
Lock/unlock
Level 1• Root of Trust• Keystore
I/O
BUSENCRYPTED BUS
Encrypted BUS Interface Encrypted BUS Interface
Encrypted BUS Interface Encrypted BUS Interface
On-chip, custom-generated “engine” to support design objectives and “Security vs. Economics” trade-off exploration
Security feature to level assignments are just examples
LEGEND: Side Channel ● Reverse Engineering ● Supply Chain ● Malicious Hardware
DISTRIBUTION A. Approved for public release: distribution unlimited.
14
AISS: Threat Analysis & Mitigation
• Suspect Hardware - Rogue hardware injected into the chip
• Watermarking of circuits that survive transformations & can be extracted from all design representations & from live silicon
Source: exostivlabs.com
Has the design changed since trusted state?
Source: stackexchange.com
? Are there suspect circuits present in the design?
• Analysis of Threats by examination of designs for suspect Trojans based on “low activity” and “hard to activate” circuits
• Reverse Engineering - Algorithmic intent derived from design
• Obfuscator of key portions of the design to make interpretation impossible or economically impractical
Can operational intent be derivedfrom design files?
Source: Mentor
• Emission of Meaningful Data - Accessible side-channels
• Simulator to execute attacks while design is soft and fix identified data leakage issues before it is finalized
Does the design emit “secret” information?
Source: Shutterstock
DISTRIBUTION A. Approved for public release: distribution unlimited.
15
Driving Improvements in Design Productivity to Revitalize Venture Capital Investment in Chip Startups
DESIGN PRODUCTIVITY
DISTRIBUTION A. Approved for public release: distribution unlimited.
16
Design Abstraction Progression & Productivity
Source: IBM
Source: Mentor Graphics
Source: Mentor Graphics
Source: Mentor Graphics
Modern chip designs exceed this threshold with billions of transistors & break the methodology
• 1978 – Transistors manually laid out as cells• Practical design size limit: 100 transistors
• 1982 – Logic gates converted into transistors• Practical design size limit: 10,000 transistors
• 1988 – Register Transfer Languages are automatically translated into physical layout
• Practical design size limit: 10,000,000 transistors
• 1967 – Manually drawn polygons• Practical design size limit: 10 transistors
DISTRIBUTION A. Approved for public release: distribution unlimited.
17
Current Methodology is Broken for Large ChipsProductivity
(humans are not getting smarter fast enough to leverage available gates)Integration
(most of the design effort goes into IP integration & interface testing)
Communication(most designs routinely leave power and performance on the table)
Verification(less than 5% of operational space is typically verified)
Source: Mentor
DISTRIBUTION A. Approved for public release: distribution unlimited.
18
Design Methodology Advances Stopped in 1988
• Broken design methodologies disadvantaged small and mid-sizecompanies by making original designs expensive and cumbersome(Economics of these companies make them plausible DoD suppliers)
• Truly large designs are only affordable to huge companies(Typically unmotivated to support DoD applications due to low volumes)
Because of high cost of getting to working silicon, US fablesssemiconductor startups are unappealing to private investors
State of the art in 2018
The NVIDIA XAVIER TSMC's 12nm Fin-FET 9 billion transistors, 350mm2
Per NVIDIA – first autonomous machine processor & most complex SoC ever made
~8,000 Engineering Years*
4+ years to design* (heavily utilizing previous SoC generation as a starting point to reduce design time)*Source: NVIDIA
DISTRIBUTION A. Approved for public release: distribution unlimited.
19
Unaffected by Design Cost ConstraintsChina’s Chip Design Startups are Booming
• China is making a massive investment in chip design and manufacturing • “National Integrated Circuitry Investment Fund” ~ $150B; • There is a sufficient pool of highly trained technologists to support creation of state of the art manufacturing• Chinese Fabs have already demonstrated advanced capabilities While 60% of the fund is allocated to manufacturing,
There are 1,300+ chip design startups with some level of government funding
(Sources: PWC and TrendForce)
At least 1,000 independently judged as real
Chart source: Mentor Graphics
Rapid learning cycles in design and manufacturing in China could position them as a legitimate challenger to US leadership in chips – can we help drive US startups?
Source: Mentor
DISTRIBUTION A. Approved for public release: distribution unlimited.
20
Early-round Funding Dried up for US Chip Startups
Reference: GSM Market Watch, A quarterly funding, IPO and M&A update for the global semiconductor industry, Q2’17± Represents only publicly announced series A financing of private companies
• Virtually no early stage VC funding for US chip startups since 2012• Due to perceived cost of first working silicon > $20M
B
seed
$20M
$3M
$.5M
Proof ofConcept
WorkingPrototype
CustomerEngagement
A
AISS would drive this cost to < $3M* & provide embedded security
AISS
*Productivity improvement: combination of High Level Synthesis, Configurable Platforms, Platform Generators, Multi-dimensional Optimization, IPXact IP integration, eFPGA targetting, etc..
DISTRIBUTION A. Approved for public release: distribution unlimited.
21
AISS: Composition
• Phase I - Assisted Composition – Components are specified• Processor & security related components are user selected & automatically integrated
• Phase II - Automated Composition – Configuration is specified• User selects a platform and provides configuration to a tool that automatically generates an integrated system
ARMM0
512MBDDR
PCIX USB
LIN
PUF
10KEYS
AESCRYPTOCUSTOM
ARMM0
512MBDRAM UART PCIX
USB AESCRYPTOCUSTOM KEY
STORE PUF
Assisted Composition
Design: “Power Doors/Windows ECU”Platform (Automotive Control)• CPUs (A57, M3, M0) • Memory (512MB, 256MB, 128MB) • Networking (LIN, CAN, FlexRay)• Interfaces (PCIx, USB, DBG) Security Module (Suply Chain)• PUF (small, medium, large) • Keystore (small, medium, large)• Storage (OTP, NVRAM, EEPROM)• Connection (JTAG, IJTG, Custom)
PLATFORM(M0, 128MB, LIN, PCIx)
CUSTOM SECURITY MODULE(PUF, Keystore, OTP, JTAG)
Automated Composition
Selected
ARM M0128MB
LINPCIx
SmallSmallOTPJTAG
DISTRIBUTION A. Approved for public release: distribution unlimited.
Combinatorial Optimization explores HUGE solution spaces (billions), but requires rapid estimation of “goodness”Performance and Size estimators are well understood and incorporated in modern tools
AISS will drive discovery of rapid estimation of power and security
• Phase III - Optimized Composition – Objectives are specified• User selects a platform and supplies a cost function with size, performance, power and security goals to guide
combinatorial optimization to find best architectures which are presented to the user for assessment and selection
22
AISS: Optimizated Composition
Design: “Power Doors/Windows ECU”
Platform (Automotive Control)
• Performance = 2• Size = 9• Power = 3• Security = 3
• Supply Chain = 7• Side Channel = 2• Reverse Engineering = 5• Malicious Hardware = 1
Optimized Composition
DISTRIBUTION A. Approved for public release: distribution unlimited.
Source: The 80sPoint: Technology for 2-dimensional optimization has been around for ~40 years 23
AISS: Optimization Cost Functions
f(a,b,c,d) = Σ(a*Performance, b*Size, c*Power, d*Security )
Application Perf. Size Power Security
Lawn Sprinkler 2 7 9 1Engine Control 6 5 1 3
Guided Projectile 5 1 9 7Network Router 9 5 1 8
Mobile Phone 7 9 9 7Smart Watch 3 6 9 3
Cost Function Examples
Application SideChannel
ReverseEng’g
SupplyChain
MaliciousHardware
Lawn Sprinkler 1 1 9 1Engine Control 1 7 5 2
Guided Projectile 3 9 5 9Network Router 9 7 8 9Mobile Phone 8 9 9 6Smart Watch 6 8 9 1
Security CostFunction Expansion
estimate estimate))
DISTRIBUTION A. Approved for public release: distribution unlimited.
24
METRIC MODELS
DISTRIBUTION A. Approved for public release: distribution unlimited.
AISS Solution Space
Low Medium High
500
400
300
200
100
Size (K gates)
Security (Level) 25
“Supply Chain” Attack Surface Metrics
Source: https://www.chemi-con.co.jp Source: Mentor Graphics
State of the Art Solution Strategy: Manual Implementation of
• Hardware root-of-trust, key & certificate storage, interface to outside world• Support for locking and unlocking selected logic blocks• Silicon odometers for re-cycling detection or mission limiting
Source: Mentor Graphics
1 2 3 4 5 6 7 8 9
2
1
Cost ($M)
Time (Months)
• 256 Bit Key• Small Key Store• Lock/unlock
SOTA*
AISS
Success Metrics
• It takes 9 months & $2M+ for a medium security, low feature on-chip engine
• AISS will automatically generate a solution within 1 month of iterations and less than $50K (OPEX)
• AISS will generate multiple application optimized solutions on economics vs. security spectrum and enable informed design decisions
• Cloning• Re-cycling• Off-shore Overproduction
• Counterfeiting• Re-Marking
Attack Vectors
256 Bit KeySmall Key StoreLock/unlock
96 Bit Key
512 Bit KeyDeep Key StoreLock/unlockProvisioningOdometers
*Test chip: 5x5mm, TSMC 180nm, RISC-V, OTP, PUF, SRAM, Secure JTAG, AES256, CMAC, Fuzzy LogicDISTRIBUTION A. Approved for public release: distribution unlimited.
AISS Solution Space
26
“Side Channel” Attack Surface Metrics
1 3 6
2
1
Cost ($M)
Time (Months)
• IP licenses• Integration services
SOTA
AISS
Success Metrics
• It takes about 6 months & $2M+ for IP licensing and integration services
• AISS will automatically generate a solution within 1 month of iterations and less than $200K in IP license costs
• AISS will generate multiple application optimized solutions on economics vs. security spectrum and enable informed design decisions
• Emission Interpretation• DPA• EMEA
• Glitching• Tomography
Attack Vector(s)
Sour
ce: M
ento
r Gra
phics
Low Medium High
200%
150%
100%
Size (relative to original)
Emissions from Cryptography (Level)
Match active transistors with passives 1:1Produce high level of random noise
Produce some random noise
Normal emissions
State of the Art Solution Strategy: “Emission Resistant” Crypto
• Match all active transistors with inactive counterparts• Incorporate randomness into cryptography
Source: Mentor Graphics
DISTRIBUTION A. Approved for public release: distribution unlimited.
AISS Solution Space
AISS Solution Space
27
“Reverse Engineering” Attack Surface Metrics
Success Metrics
• It takes about 6 months of manual effort to insert simple logic encryption into a medium size secure processor
• AISS will automatically generate a solutions within 1 month of iterations
• AISS will generate multiple application optimized solutions on economics vs. security spectrum and enable informed design decisions
• Algorithm Extraction• Chip Delayering• Layout Reconstruction• Schematic Generation
Attack Vector(s)
Source: 4004.com Source: microship.com/Source: sciencevisionre.com Source: blog.wiser.com
State of the Art Solution Strategy: Logic Encryption & Obfuscation
• Insert logic that deactivates the design without a runtime key• Use ultra-long keys to achieve obfuscation rather than encryption• Use multi-function blocks instead of key gates• Manipulate state machines to complicate de-obfuscation
SOTA
1 3 6
High
Med
Low
Effort to break (low, med, high)
Time (Months)
Manual Insertion
Size (relative to original)
Low Medium High
State MachineOverloading
Multi-functionObfuscation
Simple Logic Obfuscation
Simple LogicEncryption
Attack Resistance LevelDISTRIBUTION A. Approved for public release: distribution unlimited.
28
“Malicious Hardware” Attack Surface Metrics
State of the Art Solution Strategies: Design & Runtime
• Payload Countermeasures• Watermarking of pre-existing IP• Threat analysis of incoming IP
• Trigger Countermeasures• Runtime Trojan detection
Success Metrics
• Enable secure path for movement of IP through the process by watermarking it at time of publication and authenticating it at all stages of design and after manufacturing.
• Develop tools that statically analyze designs for known threat models.
• Detect all bus-based triggering attempts if they fall outside communication rules.
• IP as a Carrier• Layout Modification• Mask Manipulation
Attack Vectors
Source: Mentor Graphics
DISTRIBUTION A. Approved for public release: distribution unlimited.
29
PROGRAMMATICS
DISTRIBUTION A. Approved for public release: distribution unlimited.
Demonstrable Deliverables
INITIAL SECURITY SYSTEM
TOOLFRAMEWORK
ADVANCED SECURITY SYSTEM
BASIC TOOLS
DYNAMIC SECURITY SYSTEM
ADVANCEDTOOLS
PHASE I(15 months)
PHASE II(18 months)
PHASE III(15 months)
TA1
TA2 INITIAL PLATFORM
CONFIGURABLE PLATFORM
DYNAMIC PLATFORM
IV&V
VULNERABILITY TESTMETHODOLOGY & TOOLS VULNERABILITY DATABASE MANAGEMENT & AUDITING
RED TEAM STRATEGY DEVELOPMENT & EXECUTIONSECURITY ESTIMATIONQUANTIFICAITON
ESTIMATORACCURACY METRICS
Auto-integratedARM & RISC-5 SoCs
Design: 3 months
• CPU + Memory• 2 Accelerators• 2 Commodity IPs• Crypto, OTP• Boot Odometer• Enrollment• Authentication• Provisioning• Logic locking
• Simulation based estimation
• Simple watermarks• Gate-based logic
obfuscation
Auto-generatedARM & RISC-5 SoCs
Design: 1 month
• Configurable CPU• Memory & eFPGA• 2 Generated IPs• 2 Synthesized IPs
• Balanced & Noisy Crypto Cores
• Boot & Activity Odometers
• Trojan Detection• Policy Uploads• Chip Tracking
• Simulation based estimation
• Fast Estimator Prototypes
• Smart watermarks• MFL-based logic
obfuscation
OptimizedARM & RISC-5 SoCs
Design: 1 week
• Platform Generator• Security Engine
Generator• Bus Synthesizer• Fast Estimators• System Optimizer
• Crypto Generator• Odometer Generator• Homomorphism• Active Trojan
Detector
• Persistent Watermarking
• IP Threat Analyzer• SAT Solver Attack
Resistant Obfuscator
DISTRIBUTION A. Approved for public release: distribution unlimited.
31
Detailed Programmatic View
BINITIAL SECURITY SYSTEM ADVANCED SECURITY SYSTEM DYNAMIC SECURITY SYSTEM
PHASE 1 PHASE 2 PHASE 3
TA1
Modular Security Engine Configurable Security Engine Generated Security Engine
Basic Asset Management Provisioning and Tracking Security Configuration
Foundational Security IP Advanced Security IP Generated Security IP
TA2 INITIAL PLATFORM CONFIGURABLE PLATFORM DYNAMIC PLATFORM
Static Platform Modular Platform Generated Platform
IP Integration IP Generation Interconnect Generation
System Architecture Semi-automatic Integration System Optimization
Simple Watermarks Smart Watermarks Persistent Watermarks
Threat Heuristics Threat Detection Integrated Analysis
Obfuscation Framework Basic Obfuscation Advanced Obfuscation
DISTRIBUTION A. Approved for public release: distribution unlimited.
www.darpa.mil
32DISTRIBUTION A. Approved for public release: distribution unlimited.