Presentation is loading. Please wait.

Presentation is loading. Please wait.

Addressing Supply Chain Security with Split Manufacturing Ted Huffmire Summer UCI CECS Seminar July 27, 2012.

Published byJulia Nicholson Modified over 9 years ago

Similar presentations

Presentation on theme: "Addressing Supply Chain Security with Split Manufacturing Ted Huffmire Summer UCI CECS Seminar July 27, 2012."— Presentation transcript:

1 Addressing Supply Chain Security with Split Manufacturing Ted Huffmire Summer UCI CECS Seminar July 27, 2012

2 Disclaimer The views presented in this talk are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.

3 Outline Motivation and Background Option 1: Reconfigurable Hardware Option 2: 2D Split Manufacturing Option 3: 3D Split Manufacturing Conclusions and Future Work

4 Motivation and Background Option 1: Reconfigurable Hardware Option 2: 2D Split Manufacturing Option 3: 3D Split Manufacturing Conclusions and Future Work

5 What is Hardware Security? Many of the issues of hardware security are similar to traditional computer security –Malware, authentication, program analysis, patches, insiders, social engineering, developmental attacks, evaluation, certification and accreditation, flawed implementations, protocols, system-level issues, network security, usability, economic incentives, complexity. Anything can be hacked, but the attacker has finite resources. –Shades of grey rather than black-and-white (“broken” or not) –Make attackers toil, and design systems that “win” decisively –Each security technique has its advantages and disadvantages, and we must understand each technique's limitations. Even crypto has limitations. We need to know what specific attacks each technique is capable of preventing.

6 What is Hardware Security? Opportunities of hardware –High performance Custom processors for crypto, deep packet inspection, etc. –Direct control –No intermediate OS layers –Physical separation Challenges –Semantic gap –Engineering and fabrication costs

7 What is Hardware Security? Foundry Trust –Malicious Hardware (a.k.a. “gate-ware”) Trojan Horse, Rootkit, Kill Switch –Design Theft (Protecting Intellectual Property) –Start with a secure design before addressing fabrication security Operational Attacks –Power Analysis, Fault Injection, Heating, Optical –Cold Boot, Probing, Math Errors Developmental Attacks –Malicious Design Tools –Malicious IP System Assurance –Security Architecture, Key Management, PUFs –Formal analysis of IP cores (not a panacea)

8 What is Hardware Security? Interfaces [Schaumont 2009] –Secure hardware is part of a bigger system. –Secure hardware interfaces are tricky: How do you distinguish red wires from black wires? –Secure hardware interfaces do not exist yet! –Current secure hardware serves software Composition [Schaumont 2009] –This is not trivial. –To resist side channels, you must avoid redundancy. –However, fault tolerance requires increasing redundancy. –How can you build fault-tolerant, side channel resistant systems? Metrics [Schaumont 2009] –Security is dimensionless. –Metrics are absolutely necessary to do meaningful research. –Without metrics, it is impossible to analyze trade-offs. Education: Electrical Engineers are trained to make things happen rather than to make bad things NOT happen [Schaumont 2009]

9 Trustworthy Tools and IP Stripped-down alternative design flow

10 Option 1 Motivation and Background Option 1: Reconfigurable Hardware Option 2: 2D Split Manufacturing Option 3: 3D Split Manufacturing Conclusions and Future Work

11 Tradeoffs Software vs. Hardware – Generality vs. performance – FPGAs are in between ASIC performance comes at a high NRE cost – Fabrication – Verification Security – IP is vulnerable in overseas foundries – Reduce problem of trusting foundry to problem of trusting FPGA CPU ASIC FPGA General-PurposeApplication-Specific

12 Option 0? Running software on a CPU – Software is loaded onto the CPU in a secure facility after fabrication Coprocessor – One chip is manufactured in a trusted foundry; the other in an overseas foundry – The two reside on the same circuit board

13 Reconfigurable Hardware FPGA Fabric SDRAM (off-chip) DRAM FPGA chip μPμP μPμP μPμP μPμP SRAM Block BRAM FPGA Fabric

14 Trusted Design in FPGAs Source: [Trimberger 2007]

15 Option 2 Motivation and Background Option 1: Reconfigurable Hardware Option 2: 2D Split Manufacturing Option 3: 3D Split Manufacturing Conclusions and Future Work

16 2D Split Manufacturing Design in the US Fabricate through the first or second metal layer at an insecure facility Finish the metal layers 2 through 12 in a trusted facility

17 2D Split Manufacturing To achieve this, the IARPA TIC Program will use a FEOL and BEOL set of processes – FEOL = Front End of Line – BEOL = Back End of Line The final ASIC is the result of the combined FEOL and BEOL processes

18 2D Split Manufacturing Questions – What is the interface?

19 2D Split Manufacturing Source – http://www.iarpa.gov/solicitations_tic.html – http://www.iarpa.gov/TIC_Presentations/TIC_Pro posers_Day_20110727.pdf

20 Option 3 Motivation and Background Option 1: Reconfigurable Hardware Option 2: 2D Split Manufacturing Option 3: 3D Split Manufacturing Conclusions and Future Work

21 [Koyanagi05]

22 [Koyanagi05] Timeline

23 Alternative 3-D Approaches PoP [Lim10] Wire Bonding (SiP) [Amkor09]

24 Alternative 3-D Approaches PoP [Lim10]

25 Alternative 3-D Approaches [Amkor10]

26 Examples of 3-D Systems Network-on-Chip [Kim07]

27 Examples of 3-D Systems Network-on-Chip [Kim07]

28 Examples of 3-D Systems Particle Physics [Demarteau09]

29 Examples of 3-D Systems Chip Scale Camera Module [Yoshikawa09]

30 Examples of 3-D Systems 3D-PIC 3-D CMOS Imager [Chang10]

31 Examples of 3-D Systems 3-D Stacked Retinal Chip [Kaiho09]

32 Examples of 3-D Systems 3-D Stacked Retinal Chip [Koyanagi05]

33 Medical Image Processing [Cong 2011]

34 Examples of 3-D Systems 3-D FPGAs [Razavi09]

35 Examples of 3-D Systems 3D-MAPS: Many-core 3-D Processor with Stacked Memory [Lim10]

36 Some Data on 3D [Kim 2012] 64 CPU cores joined with 256K of SRAM: 63.8GB/s memory bandwidth [Yoshikawa 2009] CMOS image sensor: 55% reduction in volume and 36% reduction in footprint [Loh 2007] 3D floor plan for Pentium 4: 15% improvement in performance and power; 10.3% improvement in clock frequency for Alpha 21364; 3D version of dynamic non-uniform cache architecture reduces L2 access time by 50%; 3D stacking can allow the cache size to increase, reducing average memory access latency by 13% and reducing off-chip bandwidth by 3x [Black 2006] 3D stacked DRAM cache can reduce cycles per memory access by 13% on average and by as much as 55% while reducing off-chip bandwidth and power by 55% [Loh 2008] Optimizations to 3D DRAM that result in 1.75x speedup over prior 3D- DRAM approaches; L2 miss handling architecture that achieves an extra 17.8% performance improvement [Puttaswamy 2005] 3D-partitioned cache can reduce latency by 21.5%, reduce energy consumption by 30.9%, and increase IPC by 12%.

37 What is 3Dsec? Economics of High Assurance –High NRE Cost, Low Volume –Gap between DoD and Commercial Disentangle security from the COTS –Use a separate chip for security –Use 3-D Integration to combine: 3-D Control Plane Computation Plane –Need to add posts to the COTS chip design Dual use of computation plane

38 Trustworthy System Security through 3-D Integrated Hardware 3DSec : Security Layer Processor Layer Cross Section Post Silicon Layer 2 Silicon Layer 1 Goal: Build trustworthy systems using commercial hardware components Problem: Integrating specialized security mechanisms is too costly for hardware vendors Idea: Augment commodity hardware after fabrication with a separate layer of security circuitry Anticipated Benefits: Configurable, protected, low-cost hardware security controls that can override activity in the commodity hardware Privacy Applications: Detect and intercept the execution of malicious code Prevent the microprocessor internals from being exploited to leak crypto keys Tag and Track private information as it flows through a processor

39 Pro’s and Con’s Why not use a co-processor? On-chip? Pro’s –High bandwidth and low latency –Controlled lineage –Direct access to internal structures Con’s –Thermal and cooling –Design and testing –Manufacturing yield

40 Cost Cost of fabricating systems with 3-D –Fabricating and testing the security layer –Bonding it to the host layer –Fabricating the vias –Testing the joined unit

41 Circuit-Level Modifications Passive vs. Active Monitoring Tapping Re-routing Overriding Disabling

42 3-D Application Classes Enhancement of native functions Secure alternate service Isolation and protection Passive monitoring –Information flow tracking –Runtime correctness checks –Runtime security auditing

43 Self-Protection and Dependency Layering Can a 3-D control plane provide useful secure services when it is conjoined with an untrustworthy computation plane? Yes, provided: –Self-protection –Dependency Layering Applies to overseas foundry –Option 1: FPGA fabric –Option 2: FEOL layer(s) –Option 3: computation plane

44 Conclusions and Future Work Motivation and Background Option 1: Reconfigurable Hardware Option 2: 2D Split Manufacturing Option 3: 3D Split Manufacturing Conclusions and Future Work

45 Conclusions Option 1 – Design never goes to foundry – Simple and inexpensive – Bit-stream decryption mechanism is vulnerable to side channel attack on fielded device. – Caution: Attacker can cause serious harm by modifying the FPGA fabric even without knowledge of the final design to be loaded onto the FPGA

46 Conclusions Option 2 – Only BEOL knows connections between devices made in FEOL stage – What is the interface between FEOL, BEOL? – Cost? Complexity? Feasibility? – Caution: Attacker can cause serious harm by modifying FEOL layer(s) even without knowledge of BEOL layers.

47 Conclusions Option 3 – Computation plane manufactured in untrusted foundry, control plane manufactured in trusted foundry – Caution: attacker can cause harm by modifying computation plane even without knowledge of control plane.

48 Conclusions Option 3 – 3D probing for testing purposes is harder for 3D than for 2D – It is not trivial to chemically remove package of 3DIC, break bond between tiers, and tap the TSVs – Tiers are tightly bonded and have no exposed shared buses or I/O pins – Future work: secure protocols between tiers

49 Conclusions Option 2 vs. Option 3 – Both are challenging. What is the interface? – Option 2: Can we depend on untrusted FEOL devices? Can we protect ourselves from them? Can same FEOL wafer design be used for many different BEOL designs? Can we tap, override, disable, reroute, etc.? Can we decouple security and non-security functionality? – Option 3: Can we use untrusted computation plane? Can we protect ourselves from them? Can same computation plane be used with many different control planes (or alone)?

50 Split Manufacturing Discussion Points – Can we trust the result of split manufacturing? – Could this approach harm security? – What are the challenges of 2D? – What are the challenges of 3D? – Is it worth it? When is it worth it? – Why not use trusted foundry always? – Are trusted foundries a band aid solution to offshoring trend? – Can we do everything from scratch?

51 Questions? faculty.nps.edu/tdhuffmi

52 Additional Slides Additional slides

53 Split Manufacturing 2-D 3-D

54 Face-to-Back Bonding Rerouting bus signals

Download ppt "Addressing Supply Chain Security with Split Manufacturing Ted Huffmire Summer UCI CECS Seminar July 27, 2012."

Similar presentations

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
A reconfigurable system featuring dynamically extensible embedded microprocessor, FPGA, and customizable I/O Borgatti, M. Lertora, F. Foret, B. Cali, L.

A reconfigurable system featuring dynamically extensible embedded microprocessor, FPGA, and customizable I/O Borgatti, M. Lertora, F. Foret, B. Cali, L.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &

Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &
Memory Chapter 3. Slide 2 of 14Chapter 1 Objectives  Explain the types of memory  Explain the types of RAM  Explain the working of the RAM  List the.

Memory Chapter 3. Slide 2 of 14Chapter 1 Objectives  Explain the types of memory  Explain the types of RAM  Explain the working of the RAM  List the.
Programmable Logic Devices

Programmable Logic Devices
Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.

Fault Detection in a HW/SW CoDesign Environment Prepared by A. Gaye Soykök.
Architecture Support for Security Peter Chapman Michael Maass.

Architecture Support for Security Peter Chapman Michael Maass.
SDN and Openflow.

SDN and Openflow.
Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.

Hardware Support for Trustworthy Systems Ted Huffmire ACACES 2012 Fiuggi, Italy.
3Dsec: Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire 14 January 2009.

3Dsec: Trustworthy System Security through 3-D Integrated Hardware Ted Huffmire 14 January 2009.
3D-MAPS: 3D Massively Parallel Processor with Stacked Memory Dae Hyun Kim, Krit Athikulwongse, Michael Healy, Mohammad Hossain, Moongon Jung, et al. Georgia.

3D-MAPS: 3D Massively Parallel Processor with Stacked Memory Dae Hyun Kim, Krit Athikulwongse, Michael Healy, Mohammad Hossain, Moongon Jung, et al. Georgia.
Week 1- Fall 2009 Dr. Kimberly E. Newman University of Colorado.

Week 1- Fall 2009 Dr. Kimberly E. Newman University of Colorado.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
1 HW/SW Partitioning Embedded Systems Design. 2 Hardware/Software Codesign “Exploration of the system design space formed by combinations of hardware.

1 HW/SW Partitioning Embedded Systems Design. 2 Hardware/Software Codesign “Exploration of the system design space formed by combinations of hardware.
OCIN Workshop Wrapup Bill Dally. Thanks To Funding –NSF - Timothy Pinkston, Federica Darema, Mike Foster –UC Discovery Program Organization –Jane Klickman,

OCIN Workshop Wrapup Bill Dally. Thanks To Funding –NSF - Timothy Pinkston, Federica Darema, Mike Foster –UC Discovery Program Organization –Jane Klickman,
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Configurable System-on-Chip: Xilinx EDK

Configurable System-on-Chip: Xilinx EDK

Similar presentations

Ads by Google