PORTLAND, Ore. — The yearly International Symposium on Physical Design is a gathering of the movers and shakers formulating the future physical design of the world's most complex integrated circuits. It also features a fiercely competitive design contest that often advances the state of the art in the physical designs of chips -- and this year was no exception.
ISPD-14, which took place March 30 to April 2, kicked off with a keynote address titled "Hardware Cyber Security" from Serge Leef, vice president and general manager of new ventures and system-level engineering division at Mentor Graphics. "Even a small malicious modification to chip hardware can be particularly devastating to system security," Leef said.
Evidence points to electronic warfare already being conducted, he said. For instance, there's the widely discussed story about Syrian radar defenses being knocked out before a 2007 Israeli raid that leveled a clandestine plutonium bomb-making facility. Details are scant, but one possibility being considered by commentators is that off-the-shelf processors used by Syria had hidden back doors that enabled Israel to disrupt their normal functions, thus making Israeli jets invisible to Syrian radar.
Closer to home, Leef said, the US supply chain has already been compromised by counterfeit chips. Even military chips had been found with potentially harmful hardware features. In 2010, Dell warned that some of its server motherboards had been found to contain malicious hardware that could let adversaries access otherwise secure computers and networks.
According to Leef, major parts of the IC supply chain are considered untrusted. The outsourcing of semiconductor manufacturing affords plenty of opportunities to inject hardware Trojans into chips involving untrusted IP, cell libraries, and models in the design phase all the way to untrusted masks, chip fabrication (see figure), and assembly/test.
Mentor Graphics' Serge Leef said a major part of the IC
supply chain is untrusted.
One solution, he said, would be the creation a of trusted supply chain in a manner similar to a virtual private network (VPN) -- allowing users to design ICs in an untrusted supply chain the way a VPN operates through an untrusted Internet. Countermeasures could include run-time detection mechanisms, snoopers that watch out for common attack models (such as bus locking on SoCs and PCBs), and on-chip odometers that count physical events such as power cycles or memory accesses. The odometer's encrypted data would be accessed only by mechanisms provided by the IP rights holder at the time of activation/authentication.
These and similar setups should make it possible to secure supply chain protection without incurring the high cost of setting up "trusted fabs."