| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | January 27, 2016 |
| Latest Amendment Date: | August 1, 2019 |
| Award Number: | 1603483 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Sandip Kundu
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2015 |
| End Date: | September 30, 2020 (Estimated) |
| Total Intended Award Amount: | $190,969.00 |
| Total Awarded Amount to Date: | $198,969.00 |
| Funds Obligated to Date: |
FY 2019 = $8,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1523 UNION RD RM 207 GAINESVILLE FL US 32611-1941 (352)392-3516 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
FL US 32611-2002 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
Special Projects - CNS, Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001920DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
To reduce production cost while meeting time-to-market constraints, semiconductor companies usually design hardware systems with reusable hardware modules, popularly known as Intellectual Property (IP) blocks. Growing reliance on these hardware IPs, often gathered from untrusted third-party vendors, severely affects the security and trustworthiness of the final system. The hardware IPs acquired from external sources may come with deliberate malicious implants, undocumented interfaces working as hidden backdoor, or other integrity issues. Tampered hardware IPs can lead to security and privacy concerns (e.g., when used in handheld devices) as well as life-threatening consequences (e.g., when used in safety-critical systems). It is extremely difficult to verify the integrity and trustworthiness of hardware IPs due to incomplete functional specifications and lack of golden reference models. To address this critical need, in this project, we develop a comprehensive and scalable framework for IP trust analysis and verification. We evaluate IPs of diverse types and forms and develop threat models, taxonomy and instances of IP trust/integrity issues. We investigate an integrative IP trust validation framework that combines the complementary abilities of functional, structural and parametric verification. We employ both statistical as well as judicious directed tests to sensitize rarely triggered malicious changes and observe their effects. The unified validation framework is flexible to detect diverse tampering efforts, scalable to large designs, and eliminates the need for a golden model. A platform for IP trust validation, threat analysis, and trust metrics would provide enabling technology to future designers to implement secure and trusted systems for diverse applications.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Primary goals of this NSF research project were to analyze the major hardware security issues related to third-party intellectual property blocks (3PIPs), which are increasingly used in modern system on chip (SoC) designs and then investigate an integrative approach to trust verification of these IP blocks. Modern SoC designs involve integration of a large number of IP blocks, many of which are acquired from untrusted third-party vendors. This project greatly enhances our understanding of the related threat space, trust metrics to quantify level of assurance, and effective solutions for trust verification or trusted system operation with untrusted IP blocks.
The major intellectual contributions of the project are described next in detail.
The need to secure hardware devices in the untrusted supply chain ecosystem has instigated a wide body of research. However, newer attacks are developed that are capable of bypassing the known methods, thus creating an arms race commonly observed in software security research. Detection of malicious circuits in broader categories of microelectronic components and emerging technologies provide an interesting avenue for future research. We have explored combination of design for test (DFT) and trust verification solutions could be explored to combat these new challenges.
Quantifying the degree to which a device can be trusted is also challenging problem. We have developed a suite of trust metrics that quantify the presence of a specific vulnerability in the hardware or the coverage of a solution against a particular vulnerability. Logic testing based Trojan detection methods can benefit from trigger coverage and Trojan coverage metric to represent the ability of generated test patterns in triggering and detecting a large number of hard-to-activate Trojans. Hardware Trojans are likely to be formed utilizing the rarely switching nets of the design. Even when they are triggered, their malicious impact may not be observable at the output. Test vectors with high trigger coverage are expected to switch those nets to their rare values; thus, increasing the probability of triggering potential Trojans.
We have developed novel countermeasures that apply to COTS-based manufacturing processes used in consumer, commercial and military products is an interesting avenue for exploration. Trust verification of COTS components using logic testing would require efficient test generation using only high-level specification of the suspect component. Application of side-channel analysis (SCA) based verification has been studied as well by leveraging self-referencing techniques that can utilize the side-channel signature of an untrusted component as a reference.
An IP containing a security vulnerability—whether inadvertent or malicious—may compromise the trustworthiness of the entire SoC, e.g., by leaking sensitive information or causing execution failures at key points. Existing functional validation approaches, post-manufacturing tests, and IP trust verification techniques are inadequate to accomplish comprehensive system-level security assurance in the presence of untrusted IPs. In this work, we have also analyzed the security issues at the SoC level caused by untrusted IPs. We have developed a novel, resilient SoC security architecture to ensure trusted SoC operation with untrusted IPs. Our architecture realizes fine-grained IP-trust aware security policies in an efficient security policy checker that enables runtime monitoring of security issues arising from untrusted IPs. We have demonstrated the effectiveness of this framework for system protection using several illustrative practical use cases.
Outreach
We have pursued diverse outreach activities in this project. Besides publishing and presenting technical articles, organizing special sessions or tutorials in conferences, guest-editing special issues in journal, we have also developed the CAD for Assurance Website, supported by the Hardware Security Community: https://cadforassurance.org/
The CAD for Trust and Assurance website is an academic dissemination effort by researchers in the field of hardware security. The goal is to assemble information on all CAD for trust/assurance activities in academia and industry in one place and share them with the broader community of researchers and practitioners in a timely manner, with an easy-to-search and easy-to-access interface. We’ve included information on many major CAD tools the research community have developed over the past decade, including open-source license-free or ready-for-licensing tools, associated metrics, relevant publications and video-demos.
Future Directions:
The research findings and educational efforts undertaken in this project are expected to create pathways for many future explorations and development.
(1) Exploration of new attack modalities and further enhancing the threat space for third-party IP blocks of various types, including analog and mixed-signal IP blocks, which this project
(2) Future work on hardware IP protection will involve extension of the functional and machine learning based trust verification of large intellectual property blocks and SoCs and development of new metrics and evaluation on industrial designs.
(3) Future work on hardware Trojan detection will involve application of advanced statistical analysis as well as machine learning techniques to improve the detection accuracy and the confidence level.
Last Modified: 02/03/2021
Modified by: Swarup K Bhunia
Please report errors in award information by writing to: awardsearch@nsf.gov.
