Design Tools, Rules, and Metrics for Security Assessment and Mitigation

SoCs are increasingly used in high assurance electronic systems such as those in military, space, automotive, banking, medical, etc. applications. These devices have strict security requirements because their failure can damage major financial infrastructures, endanger personal privacy, and reduce consumer confidence. It has been demonstrated that the security of SoCs can be compromised using timing and power analysis attacks, exploitation of design-for-test (DFT) structures, fault injection attacks, and more. These attacks can effectively bypass the security mechanisms built in the software level and put systems at risk.

Apart from the vulnerabilities exposed by these attacks, many security vulnerabilities in ICs can be unintentionally created by design mistakes, the designer’s lack of understanding of security problems, and computer-aided design (CAD) tools that do not perform optimization with security in mind. These vulnerabilities can create backdoors in the design through which sensitive information can be leaked (violation of confidentiality policy) or an attacker can gain control of a secured system (violation of integrity policy). Therefore, it is of paramount importance to identify security issues during hardware design and validation phase, and address them as early as possible due to the following reasons: 1) there is little if any flexibility in changing or updating post-fabricated integrated circuits; 2) The cost of fixing a vulnerability found at later stages during the design and fabrication processes is significantly higher.

Design engineers may not have sufficient knowledge in hardware security due to the high complexity and diversity of security problems. Hence, hardware security engineers are required to analyze circuit implementations and specifications, and identify potential vulnerabilities. It is prohibitively expensive for design houses to maintain a large team of security experts with high expertise while the growing complexity of modern designs significantly increases the difficulty of manual analysis of security vulnerabilities. Poor security check could result in unresolved security vulnerabilities along with large design overhead, development time and silicon cost. Such limitations suggest to a need for automated design tools, rules, and metrics that aid in security vulnerability analysis and mitigation during design and validation phases.

We are currently investigating the following:

  1. Information Flow Analysis and Verification: We have developed approaches that detect unintended as well as malicious violations of information flow policies (confidentiality and integrity) by modeling on-chip assets (keys, configuration data, firmware, etc.) as faults. Partial-scan automatic test pattern generation (ATPG) algorithms then identify observe/control points through/from which an asset can be leaked/influenced. Our metrics quantify the vulnerabilities of state transition diagrams to fault injection and hardware Trojan insertion in order to identify where to apply low-cost mitigation techniques.
  2. IC Microprobing Vulnerability Analysis and Mitigation: Although protection against software and non-invasive methods of extraction has been widely investigated (e.g., trusted execution environments and side channel resistant layout), physical probing has received little attention. In particular, focused ion beam (FIB) is a powerful tool that allows attackers to access and probe assets. While countermeasures against FIB-based probing such as active meshes, optical sensors, and analog sensors have been proposed, they are clumsy, expensive, and ad-hoc. It’s also been shown time and again that an experienced operator can easily bypass them via FIB’s circuit edit capabilities. Since FIB-based attacks are almost limitless, the best approaches should make probing as costly, time consuming, and frustrating as possible. However, a significant barrier in doing so lies in the fact that the time, effort, and cost to design a FIB-resistant chip must remain reasonable, especially to designers who are not security experts. We have developed the first ever approach that evaluates the vulnerability of an IC layout to microprobing by incorporating FIB parameters. We are currently creating a framework that identifies sensitive nets in the design that are vulnerable to probing, and alters the design/placement flow to provide extra protection.
  3. Security-aware Finite State Machine (FSM) for Mitigation Against Fault Injection: The security of SoCs, MCUs, and FPGAs can be compromised by exploiting the vulnerabilities of the finite state machines (FSMs) through fault injection attacks. These vulnerabilities may be unintentionally introduced by traditional FSM design practices or by CAD tools during synthesis. In our work, we have analyzed how the vulnerabilities in an FSM can be exploited by fault injection, and proposed a multi-pronged security-aware FSM design flow for ASICs and FPGAs. Our proposed FSM design flow starts with a security-aware encoding scheme which makes the FSM resilient against fault attacks. However, the vulnerabilities introduced by the CAD tools cannot be addressed by encoding schemes alone. To analyze for such vulnerabilities, we developed a novel technique named AVFSM. If any vulnerability remains, we have proposed a secure FSM architecture to address them.

Current and Past Project Sponsors

We are thankful for the support provided by the following government agencies and companies:

Our Conference and Journal Papers

NOTE: This directory contains pdf/ps files of articles that may be covered by copyright. You may browse the articles at your convenience, in the same spirit as you may read a journal or a proceedings article in a public library. Retrieving, copying, or distributing these files may violate copyright protection laws.

  • M. Choudhury, S. Tajik, D. Forte, “SPARSE: Spatially Aware LFI Resilient State Machine Encoding”, Hardware and Architectural Support for Security and Privacy (HASP), October 2021. [pdf]
  • J. Bellay, D. Forte, R. Martin, C. Taylor, “Hardware Vulnerability Description, Sharing and Reporting”, in GOMACTech, March 2021. [pdf]
  • M. Choudhury, S. Tajik, D. Forte, “”PATRON: A Pragmatic Approach for Encoding LFI Resistant FSMs”,to appear Design, Automation and Test in Europe (DATE), February 2021. [preprint]
  • H. Wang, Q. Shi, A. Nahiyan, D. Forte, M. Tehranipoor, “A Physical Design Flow against Front-side Probing Attacks by Internal Shielding”, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), Vol. 39, No. 10, October 2020. [link]
  • A. Covic, F. Ganji, D. Forte, “Circuit Masking Schemes: New Hope for Backside Probing Countermeasures?”, SRC TECHCON, September 2020.
  • M. Gao, H. Wang, M. Tehranipoor, D. Forte, “iPROBE V2: Internal Shielding-based Countermeasures against Both Back-side and Front-side Probing Attacks”, SRC TECHCON, September 2020.
  • A. Nahiyan, J. Park, H. Miao, Y. Iskander, F. Farahmandi, D. Forte, M. Tehranipoor, “SCRIPT: A CAD Framework for Power Side-channel Vulnerability Assessment using Information Flow Tracking and Pattern Generation”, ACM Transactions on Design Automation of Electronic Systems (TODAES), Vol. 25, No. 3, May 2020. [link]
  • A. Covic, Q. Shi, H. Shen, D. Forte, “Contact-to-Silicide Probing Attacks on Integrated Circuits and Countermeasures”, IEEE Asian Hardware-Oriented Security and Trust (AsianHOST), December 2019. [pdf]
  • H. Wang, Q. Shi. D. Forte, M. Tehranipoor, “Probing Assessment Framework and Evaluation of Anti-probing Solutions”, IEEE Transactions on Very Large Scale Integration Systems (TVLSI), Vol. 27, No. 6, June 2019. [link]
  • A. Nahiyan, F. Farahmandi, P. Mishra, D. Forte, M. Tehranipoor, “Security-aware FSM Design Flow for Identifying and Mitigating Vulnerabilities to Fault Attacks”, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), Vol. 38, No. 6, June 2019. [link]
  • Q. Shi, H. Wang, N. Asadi, M. Tehranipoor, D. Forte, “A Comprehensive Analysis on Vulnerability of Active Shields to Tilted Microprobing Attacks”, IEEE Asian Hardware-Oriented Security and Trust (AsianHOST), December 2018. [pdf]
  • D. Capecci, G. Contreras, D. Forte, M.Tehranipoor, S. Bhunia, “Automated SoC Security from Design to Fabrication” in GOMACTech, March 2018.
  • H. Wang, Q. Shi, D. Forte, M. Tehranipoor, “Probing Attacks on Integrated Circuits: Challenges and Research Opportunities”, IEEE Design & Test, Vol. 34, No. 5, October 2017. [link]
  • A. Nahiyan, M. Sadi, R. Vittal, G. Contreras, D. Forte, M.Tehranipoor, “Hardware Trojan Detection through Information Flow Security Verification,” IEEE International Test Conference (ITC), Oct. 2017. [pdf]
  • Q. Shi, N. Asadizanjani, D. Forte, M.Tehranipoor, “Layout-based Microprobing Vulnerability Assessment for Security Critical Applications,” in GOMACTech, March 2017.
  • G. K. Contreras, A. Nahiyan, S. Bhunia, D. Forte, M. Tehranipoor, “Security Vulnerability Analysis of Design-for-Test Exploits for Asset Protection in SoCs,” Asia and South Pacifi c Design Automation Conference (ASP-DAC), Jan. 2017. [link]
  • A. Nahiyan, K. Xiao, K. Yang, Y. Jin, D. Forte, M. Tehranipoor, “AVFSM: A Framework for Identifying and Mitigating Vulnerabilities in FSMs”, Design Automation Conference (DAC) 2016, June 2016. [link]
  • T. Le, J. Di, M. Tehranipoor, D. Forte, L. Wang, “Tracking Data Flow at Gate-Level through Structural Checking”, GLSVLSI, May 2016. [link]
  • Q. Shi, N. Asadizanjani, D. Forte, M.Tehranipoor, “A Layout-driven Framework to Assess Vulnerability of ICs to Microprobing Attacks”, Hardware-Oriented Security and Trust (HOST) 2016, May 2016. [pdf[HOST 2016 Best Paper Award]