AISS: Automatic Implementation of Secure SoCs · Side Channel – extraction of secrets through...

AISS:Automatic Implementation of Secure Silicon

Serge Leef

AISS Program Overview

AISS Proposers Day – April 10, 2019

DISTRIBUTION A. Approved for public release: distribution unlimited.

2

Goal

Automate inclusion of scalable defense mechanisms into chip designs to enable security vs. economics optimization

Cost and Complexity of Attack Resistance Mechanisms

Source: shutterstock.com


3

Executive Summary

Large attack surface that results from design complexity can be substantially reduced by automating inclusion of security into architecture and design tools operating at higher abstraction

Reduce human induced security risks by abstracting away details & complexity

Security

Incorporation of security into next generation of system chips, using platform-based design techniques & advances in high level synthesis

Automation

Need for automatic injection of scalable security creates an opportunity for tools & IP that enable semi automated and automaticapproaches to assembly and integration that can substantially improve design productivity


4

Executive Summary

AISS

• Action – Incorporate scalable security into automated chip design process• Make “security in chips” as common as “fluoride in the water supply” (i.e. no opt-out)

• Metrics – Measurably reduce attack surface while driving down design costs• Reduce attack surface by addressing 80% of documented vulnerabilities• Drive the cost of working silicon $20M to $3M to revamp US funding of early stage chip startups

• Cost of Inaction – Insecure chips are a threat to national security, infrastructure, economy

• Approach – Extend and combine current approaches with groundbreaking technologies• On-chip security structures + configurable platforms + synthesis/optimization

• Asymmetric Advantage – Selected technologies only hosted on USG controlled cloud• Key capabilities enabling revolutionary exploration of large optimization spaces

Today

• Motivation – Secure DoD & commercial chips are too complex and expensive to design• Security inclusion is currently not supported by design skills or economics

• DoD Benefit – Enable supply chain where secure silicon is pervasive• Enable suppliers to respond to DoD chip security needs while also protecting commercial silicon

Source: BoeingDISTRIBUTION A. Approved for public release: distribution unlimited.

Limitations• $20M+ cost for medium complexity SoC• 9-12 month design cycles• Many human introduced errors• Unpredictable power and no security

5

System on Chip (SoC) Design Process

Source: Broadcom 5G SoC block diagram

Simplified View of SoC Design Process (source: Mentor)

High Medium Low

Huge

Big

Medium

Small

Tiny

Size

PerformanceTheoreticalBest

Human expertWith unlimited time

1990s

2000s

Present

Machine generatedsolutions

Current Practice• Manual system integration• Lengthy and complex simulation runs• Block level synthesis & optimization

(source: Broadcom)


6

Long Term EDA Dream: System Synthesis

System synthesis & optimization

1. Σ(a*Performance, b*Size)2. Σ(a*Performance, b*Size, c*Power)3. Σ(a*Performance, b*Size, c*Power, d*Security)4. Σ(a*Performance, b*Size, c*Power, {d*SideChannel, e*SupplyChain,

f*RevEngineering, g*MalHardware})

Key challenges:

• Quantification of security

• Rapid estimation of attack resistance

• Multi-dimensional optimizationHigh Medium Low

Huge

Big

Medium

Small

Tiny

Size

Performance

Power

Security = f(SideChannel, SupplyChain, RevEngineering, MalHardware)

(source: Broadcom)DISTRIBUTION A. Approved for public release: distribution unlimited.

7

AISS: Program Structure

On-chipSecurity

TA1

Security ToolsTA1

IntegrationTA2

• Obfuscation• Watermarking• Attack Simulation• Threat Analysis

• Silicon Platforms• Generators• Interconnect• Optimization

Authentication

Provisioning

Monitoring

Security Policy Enforcement

AISS

AISS Will Democratize Chip Security through AutomationDISTRIBUTION A. Approved for public release: distribution unlimited.

8

SECURITY


Moving Target (I20)

AISS Focus Areas

In Progress (SSITH)

• Substantial efforts are on-going in the software community

9

Attack Surface Based Reference ModelHa

rdw

are

Softw

are

Hard

war

eSo

ftwar

eIn

terfa

ce

• Side Channel – extraction of secrets through physical communication channels other than intended (assumption: attackers are able to “listen” to emissions)

• Reverse Engineering – extraction of algorithms from an illegally obtained design representation (assumption: attackers have access to design files)

• Supply Chain – Cloning, counterfeit, recycled or re-marked chips represented as genuine(assumption: attackers can manufacture perfect clones)

• Malicious Hardware – insertion of secretly triggered hidden disruptive functionality(assumption: attackers successfully inserted malicious function(s) into the design)

• Alteration of system behavior based on software-accessible points of illicit entry that exist due to hardware design weaknesses or architectural flaws


10

Security Strategies by Company type

Reduce Effort

Reduce Cost

AISS

TARG

ET A

REA

Huge merchant semiconductor companies (Intel, Broadcom, Qualcomm…)• See the critical need and have large expert teams to create custom solutions

Mid-size semiconductor and system companies (NXP, Cisco, Nokia…)• Recognize problems but lack expertise and sufficient economic motivation

Defense contractors (Honeywell, NG, Lockheed…)• Possess deep, but limited, expertise (craft) unevenly applied to specific chips

System integrators (Ring, Fitbit, August…)• No interest due to time-to-market focus and lack of in-house competency


11

On-chip Security – viable strategies are emerging

Source: Mentor Graphics, 2017

• Design: Create secure-reconfigurable SoCs with a unique ID based on an inborn Root of Trust• Enroll: Extract chips unique ID into a secure server during first power up at wafer test• Configure: Inject keys to encrypt, sign, or decrypt content for devices or end-applications• Provision: Program SKUs downstream to reduce inventory risk and exploit volume ramp• Personalize: Enables secure device identity during PCB assembly based on the chip’s Root of Trust• Authorize: Allow authorized parties to securely sign devices based on the SoC Root of Trust• Update: Securely update firmware and provision SOC hardware features in the field• Monitor: Track field use and evolve Big Data analytics on field failures, intrusions, counterfeits


12

AISS Approach to On-Chip Security

Outer Perimeter

IP Provenance & W

atermarking

Off-

chip

Key

Man

agem

ent

Off-chip Tracking

Supply Chain

Side Channel

Reve

rse

Engi

neer

ing M

alicious Hardware

Inner Perimeter

Secret Extraction

KnowledgeExtraction

CloningRecycling

HWR Trojans

Emission Reduction

Authentication, Provisioning, Metering

Logi

c En

cryp

tion

& O

bfus

catio

n

Run-time M

onitoring & Detection

Security Engine • AISS focus is only

on securing inner perimeter with on-chip structures

Image source: Intel

• There are many effective outer perimeter attack strategies

• Some level of off-chip support is also needed

• We are assuming outer perimeter is penetrated or compromised


Security policies are updated and uploaded in response to newly discovered vulnerabilities; hardware upgrades also supported

security policies

reserved space in

eFPGA block

Level 5• Encrypted Busses• Active Trojan Detection• Software Watermarking

On-Chip Interconnect

Function0 Functionn

CPUMEMORY

Level 4• Provenance Extraction• Watermark Extraction

WM Extract WM Extractor

Level 3• Odometers• Quiet Crypto• Bus Monitoring• Trojan Detection

13

AISS: Security Engine

Lock/unlock

Level 2• Provisioning• Obfuscation• Logic locking

Lock/unlock

Level 1• Root of Trust• Keystore

I/O

BUSENCRYPTED BUS

Encrypted BUS Interface Encrypted BUS Interface

Encrypted BUS Interface Encrypted BUS Interface

On-chip, custom-generated “engine” to support design objectives and “Security vs. Economics” trade-off exploration

Security feature to level assignments are just examples

LEGEND: Side Channel ● Reverse Engineering ● Supply Chain ● Malicious Hardware


14

AISS: Threat Analysis & Mitigation

• Suspect Hardware - Rogue hardware injected into the chip

• Watermarking of circuits that survive transformations & can be extracted from all design representations & from live silicon

Source: exostivlabs.com

Has the design changed since trusted state?

Source: stackexchange.com

? Are there suspect circuits present in the design?

• Analysis of Threats by examination of designs for suspect Trojans based on “low activity” and “hard to activate” circuits

• Reverse Engineering - Algorithmic intent derived from design

• Obfuscator of key portions of the design to make interpretation impossible or economically impractical

Can operational intent be derivedfrom design files?

Source: Mentor

• Emission of Meaningful Data - Accessible side-channels

• Simulator to execute attacks while design is soft and fix identified data leakage issues before it is finalized

Does the design emit “secret” information?

Source: Shutterstock


15

Driving Improvements in Design Productivity to Revitalize Venture Capital Investment in Chip Startups

DESIGN PRODUCTIVITY


16

Design Abstraction Progression & Productivity

Source: IBM

Source: Mentor Graphics



Modern chip designs exceed this threshold with billions of transistors & break the methodology

• 1978 – Transistors manually laid out as cells• Practical design size limit: 100 transistors

• 1982 – Logic gates converted into transistors• Practical design size limit: 10,000 transistors

• 1988 – Register Transfer Languages are automatically translated into physical layout

• Practical design size limit: 10,000,000 transistors

• 1967 – Manually drawn polygons• Practical design size limit: 10 transistors


17

Current Methodology is Broken for Large ChipsProductivity

(humans are not getting smarter fast enough to leverage available gates)Integration

(most of the design effort goes into IP integration & interface testing)

Communication(most designs routinely leave power and performance on the table)

Verification(less than 5% of operational space is typically verified)

Source: Mentor


18

Design Methodology Advances Stopped in 1988

• Broken design methodologies disadvantaged small and mid-sizecompanies by making original designs expensive and cumbersome(Economics of these companies make them plausible DoD suppliers)

• Truly large designs are only affordable to huge companies(Typically unmotivated to support DoD applications due to low volumes)

Because of high cost of getting to working silicon, US fablesssemiconductor startups are unappealing to private investors

State of the art in 2018

The NVIDIA XAVIER TSMC's 12nm Fin-FET 9 billion transistors, 350mm2

Per NVIDIA – first autonomous machine processor & most complex SoC ever made

~8,000 Engineering Years*

4+ years to design* (heavily utilizing previous SoC generation as a starting point to reduce design time)*Source: NVIDIA


19

Unaffected by Design Cost ConstraintsChina’s Chip Design Startups are Booming

• China is making a massive investment in chip design and manufacturing • “National Integrated Circuitry Investment Fund” ~ $150B; • There is a sufficient pool of highly trained technologists to support creation of state of the art manufacturing• Chinese Fabs have already demonstrated advanced capabilities While 60% of the fund is allocated to manufacturing,

There are 1,300+ chip design startups with some level of government funding

(Sources: PWC and TrendForce)

At least 1,000 independently judged as real

Chart source: Mentor Graphics

Rapid learning cycles in design and manufacturing in China could position them as a legitimate challenger to US leadership in chips – can we help drive US startups?

Source: Mentor


20

Early-round Funding Dried up for US Chip Startups

Reference: GSM Market Watch, A quarterly funding, IPO and M&A update for the global semiconductor industry, Q2’17± Represents only publicly announced series A financing of private companies

• Virtually no early stage VC funding for US chip startups since 2012• Due to perceived cost of first working silicon > $20M

B

seed

$20M

$3M

$.5M

Proof ofConcept

WorkingPrototype

CustomerEngagement

A

AISS would drive this cost to < $3M* & provide embedded security

AISS

*Productivity improvement: combination of High Level Synthesis, Configurable Platforms, Platform Generators, Multi-dimensional Optimization, IPXact IP integration, eFPGA targetting, etc..


21

AISS: Composition

• Phase I - Assisted Composition – Components are specified• Processor & security related components are user selected & automatically integrated

• Phase II - Automated Composition – Configuration is specified• User selects a platform and provides configuration to a tool that automatically generates an integrated system

ARMM0

512MBDDR

PCIX USB

LIN

PUF

10KEYS

AESCRYPTOCUSTOM

ARMM0

512MBDRAM UART PCIX

USB AESCRYPTOCUSTOM KEY

STORE PUF

Assisted Composition

Design: “Power Doors/Windows ECU”Platform (Automotive Control)• CPUs (A57, M3, M0) • Memory (512MB, 256MB, 128MB) • Networking (LIN, CAN, FlexRay)• Interfaces (PCIx, USB, DBG) Security Module (Suply Chain)• PUF (small, medium, large) • Keystore (small, medium, large)• Storage (OTP, NVRAM, EEPROM)• Connection (JTAG, IJTG, Custom)

PLATFORM(M0, 128MB, LIN, PCIx)

CUSTOM SECURITY MODULE(PUF, Keystore, OTP, JTAG)

Automated Composition

Selected

ARM M0128MB

LINPCIx

SmallSmallOTPJTAG


Combinatorial Optimization explores HUGE solution spaces (billions), but requires rapid estimation of “goodness”Performance and Size estimators are well understood and incorporated in modern tools

AISS will drive discovery of rapid estimation of power and security

• Phase III - Optimized Composition – Objectives are specified• User selects a platform and supplies a cost function with size, performance, power and security goals to guide

combinatorial optimization to find best architectures which are presented to the user for assessment and selection

22

AISS: Optimizated Composition

Design: “Power Doors/Windows ECU”

Platform (Automotive Control)

• Performance = 2• Size = 9• Power = 3• Security = 3

• Supply Chain = 7• Side Channel = 2• Reverse Engineering = 5• Malicious Hardware = 1

Optimized Composition


Source: The 80sPoint: Technology for 2-dimensional optimization has been around for ~40 years 23

AISS: Optimization Cost Functions

f(a,b,c,d) = Σ(a*Performance, b*Size, c*Power, d*Security )

Application Perf. Size Power Security

Lawn Sprinkler 2 7 9 1Engine Control 6 5 1 3

Guided Projectile 5 1 9 7Network Router 9 5 1 8

Mobile Phone 7 9 9 7Smart Watch 3 6 9 3

Cost Function Examples

Application SideChannel

ReverseEng’g

SupplyChain

MaliciousHardware

Lawn Sprinkler 1 1 9 1Engine Control 1 7 5 2

Guided Projectile 3 9 5 9Network Router 9 7 8 9Mobile Phone 8 9 9 6Smart Watch 6 8 9 1

Security CostFunction Expansion

estimate estimate))


24

METRIC MODELS


AISS Solution Space

Low Medium High

500

400

300

200

100

Size (K gates)

Security (Level) 25

“Supply Chain” Attack Surface Metrics

Source: https://www.chemi-con.co.jp Source: Mentor Graphics

State of the Art Solution Strategy: Manual Implementation of

• Hardware root-of-trust, key & certificate storage, interface to outside world• Support for locking and unlocking selected logic blocks• Silicon odometers for re-cycling detection or mission limiting


1 2 3 4 5 6 7 8 9

2

1

Cost ($M)

Time (Months)

• 256 Bit Key• Small Key Store• Lock/unlock

SOTA*

AISS

Success Metrics

• It takes 9 months & $2M+ for a medium security, low feature on-chip engine

• AISS will automatically generate a solution within 1 month of iterations and less than $50K (OPEX)

• AISS will generate multiple application optimized solutions on economics vs. security spectrum and enable informed design decisions

• Cloning• Re-cycling• Off-shore Overproduction

• Counterfeiting• Re-Marking

Attack Vectors

256 Bit KeySmall Key StoreLock/unlock

96 Bit Key

512 Bit KeyDeep Key StoreLock/unlockProvisioningOdometers

*Test chip: 5x5mm, TSMC 180nm, RISC-V, OTP, PUF, SRAM, Secure JTAG, AES256, CMAC, Fuzzy LogicDISTRIBUTION A. Approved for public release: distribution unlimited.

AISS Solution Space

26

“Side Channel” Attack Surface Metrics

1 3 6

2

1

Cost ($M)

Time (Months)

• IP licenses• Integration services

SOTA

AISS

Success Metrics

• It takes about 6 months & $2M+ for IP licensing and integration services

• AISS will automatically generate a solution within 1 month of iterations and less than $200K in IP license costs


• Emission Interpretation• DPA• EMEA

• Glitching• Tomography

Attack Vector(s)

Sour

ce: M

ento

r Gra

phics

Low Medium High

200%

150%

100%

Size (relative to original)

Emissions from Cryptography (Level)

Match active transistors with passives 1:1Produce high level of random noise

Produce some random noise

Normal emissions

State of the Art Solution Strategy: “Emission Resistant” Crypto

• Match all active transistors with inactive counterparts• Incorporate randomness into cryptography



AISS Solution Space

AISS Solution Space

27

“Reverse Engineering” Attack Surface Metrics

Success Metrics

• It takes about 6 months of manual effort to insert simple logic encryption into a medium size secure processor

• AISS will automatically generate a solutions within 1 month of iterations


• Algorithm Extraction• Chip Delayering• Layout Reconstruction• Schematic Generation

Attack Vector(s)

Source: 4004.com Source: microship.com/Source: sciencevisionre.com Source: blog.wiser.com

State of the Art Solution Strategy: Logic Encryption & Obfuscation

• Insert logic that deactivates the design without a runtime key• Use ultra-long keys to achieve obfuscation rather than encryption• Use multi-function blocks instead of key gates• Manipulate state machines to complicate de-obfuscation

SOTA

1 3 6

High

Med

Low

Effort to break (low, med, high)

Time (Months)

Manual Insertion

Size (relative to original)

Low Medium High

State MachineOverloading

Multi-functionObfuscation

Simple Logic Obfuscation

Simple LogicEncryption

Attack Resistance LevelDISTRIBUTION A. Approved for public release: distribution unlimited.

28

“Malicious Hardware” Attack Surface Metrics

State of the Art Solution Strategies: Design & Runtime

• Payload Countermeasures• Watermarking of pre-existing IP• Threat analysis of incoming IP

• Trigger Countermeasures• Runtime Trojan detection

Success Metrics

• Enable secure path for movement of IP through the process by watermarking it at time of publication and authenticating it at all stages of design and after manufacturing.

• Develop tools that statically analyze designs for known threat models.

• Detect all bus-based triggering attempts if they fall outside communication rules.

• IP as a Carrier• Layout Modification• Mask Manipulation

Attack Vectors



29

PROGRAMMATICS


Demonstrable Deliverables

INITIAL SECURITY SYSTEM

TOOLFRAMEWORK

ADVANCED SECURITY SYSTEM

BASIC TOOLS

DYNAMIC SECURITY SYSTEM

ADVANCEDTOOLS

PHASE I(15 months)

PHASE II(18 months)

PHASE III(15 months)

TA1

TA2 INITIAL PLATFORM

CONFIGURABLE PLATFORM

DYNAMIC PLATFORM

IV&V

VULNERABILITY TESTMETHODOLOGY & TOOLS VULNERABILITY DATABASE MANAGEMENT & AUDITING

RED TEAM STRATEGY DEVELOPMENT & EXECUTIONSECURITY ESTIMATIONQUANTIFICAITON

ESTIMATORACCURACY METRICS

Auto-integratedARM & RISC-5 SoCs

Design: 3 months

• CPU + Memory• 2 Accelerators• 2 Commodity IPs• Crypto, OTP• Boot Odometer• Enrollment• Authentication• Provisioning• Logic locking

• Simulation based estimation

• Simple watermarks• Gate-based logic

obfuscation

Auto-generatedARM & RISC-5 SoCs

Design: 1 month

• Configurable CPU• Memory & eFPGA• 2 Generated IPs• 2 Synthesized IPs

• Balanced & Noisy Crypto Cores

• Boot & Activity Odometers

• Trojan Detection• Policy Uploads• Chip Tracking

• Simulation based estimation

• Fast Estimator Prototypes

• Smart watermarks• MFL-based logic

obfuscation

OptimizedARM & RISC-5 SoCs

Design: 1 week

• Platform Generator• Security Engine

Generator• Bus Synthesizer• Fast Estimators• System Optimizer

• Crypto Generator• Odometer Generator• Homomorphism• Active Trojan

Detector

• Persistent Watermarking

• IP Threat Analyzer• SAT Solver Attack

Resistant Obfuscator


31

Detailed Programmatic View

BINITIAL SECURITY SYSTEM ADVANCED SECURITY SYSTEM DYNAMIC SECURITY SYSTEM

PHASE 1 PHASE 2 PHASE 3

TA1

Modular Security Engine Configurable Security Engine Generated Security Engine

Basic Asset Management Provisioning and Tracking Security Configuration

Foundational Security IP Advanced Security IP Generated Security IP

TA2 INITIAL PLATFORM CONFIGURABLE PLATFORM DYNAMIC PLATFORM

Static Platform Modular Platform Generated Platform

IP Integration IP Generation Interconnect Generation

System Architecture Semi-automatic Integration System Optimization

Simple Watermarks Smart Watermarks Persistent Watermarks

Threat Heuristics Threat Detection Integrated Analysis

Obfuscation Framework Basic Obfuscation Advanced Obfuscation


www.darpa.mil

32DISTRIBUTION A. Approved for public release: distribution unlimited.

AISS: Automatic Implementation of Secure SoCs · Side Channel – extraction of secrets through...

Documents

Transcript of AISS: Automatic Implementation of Secure SoCs · Side Channel – extraction of secrets through...