System, method, and apparatus for resisting hardware trojan induced leakage in combinational logics

Abstract

In one embodiment, the invention is a method and apparatus for designing combinational logics with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a design method such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several methods as shown in several embodiments. The methods include randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.

Description

STATEMENT OF GOVERNMENT INTEREST[0001]The invention described herein may be manufactured and used by or for the Government for governmental purposes without the payment of any royalty thereon.BACKGROUND OF THE INVENTION1. Field of the Invention[0002]This invention relates to the field of technology and processes that prevent or reduce data leakage in electronic devices through means of a malicious hardware device or apparatus. More specifically, it relates to a method and apparatus for resisting hardware Trojan induced data leakage in combinational logics.[0003]2. Brief Description of the Related Art[0004]The ever-increasing cost of technology scaling has forced many design houses to outsource their semiconductor fabrication process to lower cost countries. Accordingly, chip manufacturing has become a global enterprise. However, this presents a problem when sensitive designs must be surrendered to the manufacturer before production. These manufacturers may not have secure facilities...

AI Technical Summary

Benefits of technology

This patent describes an apparatus and method for reducing data leakage caused by hardware Trojans in a logic circuit. The apparatus creates combinational logics within a chip to encode and decode the input data, using encryption based on XOR, AND, OR, NAND, and other logic operations. The method also involves selecting the encoded output from multiple logic blocks and un-encoding it using a second logic gate for further security. The securely fabricated input / output chip can communicate and interact with external data sources through quilt packaging. The technical effects of this invention include improved security and data protection against hardware trojans.

Problems solved by technology

The ever-increasing cost of technology scaling has forced many design houses to outsource their semiconductor fabrication process to lower cost countries.

However, this presents a problem when sensitive designs must be surrendered to the manufacturer before production.

These manufacturers may not have secure facilities or processes, and their trustworthiness remains unknown.

This results in companies having to rely on multiple offshore foundries or reliance on commercial off the shelf hardware.

After insertion of the hardware Trojan the original functionality of the chip is maintained with little to no increase in area or power consumption, making it very difficult to detect the attack during testing.

Data leakage Trojans are particularly dangerous because they generally will not affect the normal operation of chips.

Runtime monitoring and post-silicon testing both try to detect the abnormal behaviors of the chip when hardware Trojans are triggered, yet they are ineffective on data leakage Trojans which do not change the chip's normal behavior.

However, the authors seem to acknowledge that, while a game theory approach may improve detection, it does not prevent a sophisticated hardware Trojan from by passing functional testing.

In addition, functional testing can reach a level where it becomes unfeasible or cost prohibitive to continue.

These DFS methods focus on increasing the difficulty of establishing data leakage channels by the hardware Trojan.

However, they can still be compromised when the same design undergoes multiple fabrication runs, and attackers can procure a fabricated chip from one run and reverse-engineer the design.

However, there exists no current process to prevent data leakage when side channels are successfully established.

As most commercial designs are fabricated in multiple runs, this becomes a challenge designers have to address.

Images