Security has been playing an important role in safeguarding our day-to-day life. With the advent of the Internet, the connected devices have exhibited an increasing level of heterogeneity over the years. In an estimation, about 50 billion devices will be connected to the Internet by the year 2020. Maintaining security over all these different devices becomes a daunting task. Thus, there is a significant need for technology that ensures the integrity and reliability of a system and the components used in it. Today, the electronic systems are so prevalent in the critical infrastructures where the failure of a system causes a gigantic damage to the safety and security of our lives. The prime goal of my research is to investigate various solutions for securing a system at the hardware level. I am currently working on a wide variety of different topics related to the hardware security. Specifically, my research spans three related areas in hardware security – (i) securing electronic component supply chain by developing efficient strategies for the detection and avoidance of counterfeit integrated circuits (ICs), (ii) ensuring trust and integrity for various electronic systems, and (iii) establishing trust in integrated circuit (IC) manufacturing and distribution.
I. Securing Electronic Component Supply Chain:
With the advent of globalization and the resulting horizontal integration, present-day electronic component supply chain has become extremely complex and calls for immediate solutions to eliminate counterfeit integrated circuits (ICs). Such counterfeit ICs -- recycled, remarked, overproduced, defective, cloned, or tampered -- have raised serious concerns regarding the safety and security of our critical infrastructures, such as, military systems, financial infrastructures, transportation, communication, medical systems, and many more applications. A report from the Information Handling Services Inc. (Englewood, CO, USA) shows that reports of counterfeit parts have quadrupled since 2009. This data has been compiled from two reporting entities - The Electronic Resellers Association International (ERAI) Inc. (Naples, FL, USA) and the Government-Industry Data Exchange Program, GIDEP (Corona, CA, USA). It is mentioned that the five most commonly counterfeited components (e.g., analog ICs, microprocessor ICs, memory ICs, programmable logic ICs, and transistors) represent $169 billion in potential annual risk for the global electronics supply chain based on all reported counterfeit incidents in 2011.
II. Assurance of Trust and Integrity for Electronic Systems:
The recent growth of the Internet of Things (IoT) creates an opportunity to use a wide variety of devices in a connected environment. IoT is an infrastructure in which billions of devices (“things”) are connected to the Internet to enable direct interactions between the physical world and computer-based systems. These edge devices are constituted from a wide variety of electronic and electromechanical devices such as smart thermostats, lights, watches, mobile phones, sensors, actuators, and many others. In one estimate, Cisco has predicted that there will be upwards of 50 billion devices connected by 2020. These devices are usually designed to operate on very low-power and so often have limited hardware resources.
It is becoming increasingly difficult to ensure the security, integrity, and authenticity of these edge devices because of their sourcing; most of these devices are manufactured in environments of limited trust that in particular lack relevant government or other appropriate oversight, and then travel across the globe through intermediaries in the supply chain before being deployed. These factors make it virtually impossible to gauge the origin of these systems and their components, and to track their route in the supply chain. Numerous incidents have highlighted the far-reaching penetration of such counterfeit devices into the electronics supply chain, including cloned systems into the United States defense supply chain. The electronic systems are increasingly vulnerable to counterfeiting and piracy due to the enhanced capability of adversaries. The majority of counterfeit systems today are of cloned type, which have been on the rise in the recent years. Ensuring the security of such systems is of great concern as an adversary can create a backdoor or insert a malware in such systems to bypass the existing security modules. The reliability of such systems could also be questionable as the parts used in these systems may be counterfeit and/or of inferior quality. It is of prime importance to develop solutions that can prevent an adversary from creating these counterfeit and cloned systems.
III. Establishment of Trust for Protecting Intellectual Properties (IPs) and Integrated Circuits (ICs):
The persistent trend of device scaling has enabled designers to fit more and more functionality on a system-on-chip (SoC) to reduce overall area and cost of an integrated circuits (ICs). As the complexity has grown exponentially, it is impossible to design a complete SoC by a design house alone. Therefore, the semiconductor industry has shifted gears to the concept of design reuse rather than designing the whole SoC from scratch. Nowadays, the SoC designers obtain licenses for various functional blocks (known as intellectual properties or IPs) for their SoCs to optimize the design process and decrease time-to-market. In parallel, the increased complexity of the fabrication process has resulted in a majority of SoC designers no longer maintaining a fabrication unit (or foundry) of their own. Building and maintaining such fabs for modern SoCs are reported to cost more than several billions of dollars and increasing as technology further scales. Given the increasing cost, the semiconductor business has largely shifted to a contract-foundry business model (horizontal business model) over the past two decades. In this business model, the SoC designers first get licenses for 3PIPs to be used in their SoC designs, design the SoCs by integrating the various 3PIPs and then outsource the SoC design to the foundries and assemblies for fabrication and packaging to reduce time-to-market and manufacturing costs.
When an untrusted party overuses the IPs or overproduces the ICs and sells in the open market, the IP owners or the SOC designers lose any possible revenue that could have been gained from those chips. However, an even bigger concern with these ICs is that of reliability. An IC that uses a pirated IP may create a backdoor to leak secret information to the attacker or disable a system at some critical point in time. In addition, overproduced ICs may simply end up in the market with minimal or no testing for reliability and functionality. These ICs may also find their way into the supply chain for many critical applications, which raises concerns for safety and reliability. Since these ICs have the same name of the SoC designers, their failure would also tarnish company reputation. In addition, an SoC designer may legally purchase a 3PIP core from an IP vendor and then make clones, or illegitimate copies of the original IP. Similarly, untrusted foundries may sell illegal copies of the GDSII files that they receive from SoC designers for fabrication. Further, the integrity of the IP may be at risk. An untrusted SoC designer can add some extra features to those third party IPs (3PIPs) to make them look like a different one and then sell them to another SoC designer. An untrusted SoC designer may also modify a 3PIP in order to introduce a backdoor or hardware Trojan into the chip.