Lund University Publications

Threats and protection of on-chip test features throughout the lifetime of Integrated Circuits

• Mark

Abstract

The development and manufacturing process for Integrated Circuits (ICs) has become complex and globally distributed. System integrators use a mix of custom made logic with third-party Intellectual Property (IP) blocks, untrusted software tools, and external actors for manufacturing, post-production test, and validation. The many untrusted actors involved throughout the IC’s lifetime become a security risk. An adversary may even be able to insert malicious logic, a so-called Hardware Trojan (HT), which can perform attacks from within the IC itself. The use of embedded test features, such as Design-for-Test (DfT) instruments for validation, configuration and diagnostics, are essential for ensuring correct functionality of the IC. A high... (More)

The development and manufacturing process for Integrated Circuits (ICs) has become complex and globally distributed. System integrators use a mix of custom made logic with third-party Intellectual Property (IP) blocks, untrusted software tools, and external actors for manufacturing, post-production test, and validation. The many untrusted actors involved throughout the IC’s lifetime become a security risk. An adversary may even be able to insert malicious logic, a so-called Hardware Trojan (HT), which can perform attacks from within the IC itself. The use of embedded test features, such as Design-for-Test (DfT) instruments for validation, configuration and diagnostics, are essential for ensuring correct functionality of the IC. A high number of instruments are usually needed, and Reconfigurable Scan Networks (RSNs) may be used to enable efficient integration and flexible access. The powerful capabilities of DfT-instruments, as well as the standardized communication protocols, make them a prime target for an adversary to use with malicious intent.

The aim of this thesis is to investigate threats emerging from the complex and globally distributed IC life-cycle, and propose methods to improve security, especially against HTs, and attacks exploiting on-chip resources, such as DfT-instruments. First, a method is presented to protect against HT attacks in RSNs, by modifying Segment Insertion Bit (SIB) components. The proposed method is implemented on benchmark circuits, synthesized, and tested with commercial tools. The solution has improvements when it comes to scalability, usability, access time, and area overhead, compared to related work. Then, we propose a method for sharing on-chip logic, instruments in an RSN, between different external actors. Instruments outside of the user’s specification are restricted and hidden, to avoid misuse, while also protecting against HT attacks. On top of this, user authentication is made simple, and with no access time overhead in the RSN. Then, an attack, based on exploiting commonly used DfT instruments, is demonstrated by an HT that leaks the secret key from an AES module. Finally, a network for security monitoring and defense is proposed, to protect against attacks misusing embedded instruments. In conclusion, the work in this thesis contributes with methods for improving the security of an IC, without having to fully trust all actors involved throughout the IC’s lifetime. (Less)