Intellectual Property: Trust… But Verify
As the supply chain of components and IP expands, so too do the opportunities for adversarial tampering.
By John Hallman, Product Manager Trust & Security
For those around the microelectronic component industry for many years, we have seen quite a transformation of capability, sourcing of the supply chain, and now threats to these devices that drive the technology in our world today.
These integrated circuits (ICs), once so simple as a few transistors, have continued to follow Moore’s Law and are now made up of tens of billions of transistors. ICs have become so complex that they too are now made up of many independent modules, often referred to as third-party intellectual property (3PIP).
In addition to the increased capability, the source of the components, as well as the 3PIP, has become a global effort. Examples of this globalization are evident by design and production of such major systems as the Apple iPhone and the F-35 fighter jet. The major suppliers for the Apple iPhone all demonstrate a global contribution to a complex supply chain. Similarly, several countries, including the U.S., Netherlands, Norway, Canada, Australia, United Kingdom, Turkey, and Italy, are all source supply for the F-35.
As the complexity of the system, components, and the supply chain all increase, the opportunity for adversarial tampering causes a growing concern.
While the motives for tampering vary significantly, there is little argument that today’s microelectronics are far more vulnerable than years past and offer fertile opportunity for attackers. In late 2018, Bloomberg reported “The Big Hack” where an alleged tiny microchip was implanted to compromise data on a larger motherboard. Previously, in early 2018, Meltdown and Spectre grabbed headlines as researchers exposed a vulnerability in a feature of modern microprocessors called speculative execution.
Even earlier, reports detailed a failure in a Russian probe satellite due to faulty memory chips. Further analysis claims that the chips were counterfeit and not the chips built to the standard to withstand the radiation effects to which they were exposed. Each of these incidents, while different in their implementation, intention, and effect, demonstrates a sampling of vulnerabilities to which our systems are exposed today. Generalizing these vulnerabilities at the system and integrated circuit level, we quickly see how 3PIP will also be susceptible. 3PIP offers an attacker or adversary a golden opportunity to slip hardware Trojans –– unwanted or unknown function –– into an IC without detection.
Vulnerabilities may paint a bleak future in achieving secure systems, but all hope is not lost. Trust, but verify –– from an old Russian proverb, and later eternalized as a presidential phrase –– may again be the guidance we seek. Integrators of the 3PIP into ICs must monitor compliance of these modules without adding time and complexity to an already challenging process.
Traditional hardware verification includes simulation and emulation, and is limited by vector sets and the time to test as many combinations as possible. This functional verification focuses on system use and misses many corner cases. Attackers often identify “misuse” cases and deliberately exploit their target with stealthy implants meant to go undetected.
Formal methods, with the use of assertions, can check certain functions and confirm the absence or presence of the desired specified properties. Hardware formal verification too has its limits with state space checking. However, when the formal proof completes, it will be known to hold for all cases. High-capacity formal engines have an important role in the 3PIP verification process but alone may not be enough. There is a need for new, dedicated EDA solutions that can measure the trustworthiness of a design and detect Trojans in a systematic and affordable manner. New verification technology must encapsulate automation and expertise “under the hood.”
As we approach a threshold of new products, technologies, and missions such as self-driving cars, 5G cellular networks and space flight to Mars, we must ensure that the 3PIP for these systems is functionally correct, safe, secure, and trustworthy. High-integrity ICs are crucial to the modern society. OneSpin provides solutions that assure the integrity of next-generation, largest, and most complex ICs.