Hardware security and IP core protection of CE systems

Abstract

In the modern era of Consumer Electronics (CE), use of Intellectual Property (IP) cores in global supply chains have become an inexorable part of complex System on Chip (SoC) design process. Use of IP cores not only speed up the design productivity massively but also decrease the design period immensely. Importing these IP cores from third-party IP (3PIP) vendors by the system integrator or SoC designer has become a standard industry de facto. Earlier, IP vendors have mainly prioritized on the performance and functionality of an IP core but neglected IP security. As evident, in a typical IP design flow, specification only includes performance and functionality but totally overlooks an important dimension i.e., security/protection. With the increasing popularity and prevailing usage of IP cores in SoC, rivalry between multiple IP core vendors have also multiplied, which invites security threats like infringement of IP core, IP piracy, dishonest claim of ownership, insertion of hardware Trojan, etc. Similar to an untrustworthy 3PIP vendor, an adversary may also be present in a foundry. He/she can launch reverse engineering attack to extract the gate-level netlist of an IP core. The objective is to counterfeit the IP core, insert Trojan logic, etc. Sometimes an attack can also be launched on the secured IP core by removing its security features. Therefore this mandates robust security and protection mechanisms. Strong security and protection of IP core are expected to become the key focus in recent years due to the involvement of globalization in the SoC design process. This dissertation proposes different solutions to secure and protect hardware/IP cores of CE systems from multiple attacks. To be specific, this thesis provides seven different methodologies for generating secured IP cores for CE systems at the architectural level. It solves the problem of (a) fraudulent claim of ownership, IP piracy and IP cloning for DSP IP core by proposing a novel watermarking methodology which is easily adaptable by any (Computer Aided Design) CAD tool. The experimental results over the standard applications indicate an average reduction in the final embedding cost of 6% compared to a recent approach. (b) Tampering or removal of the implanted signature in the IP cores by inserting a robust and distributed triple-phase watermarking methodology which is encoded through 7 variables and dispersed over three different phases. The experimental results over the standardapplications indicate it yields zero delay and minimal area overhead compared to the baseline and achieves average cost reductions of 7.38% and 6.25% compared to two similar approaches. Further, it achieves 3:4 1043 and 2:8 1019 times more tamper tolerant than similar approaches. (c) Abusing the rights of the IP core buyer and seller for DSP kernel applications by implanting IP seller’s watermark and IP buyer’s fingerprint in the design, thus provides symmetrical IP core protection. Experimental results indicate an average 1% design cost overhead compared to baseline (unprotected) design and <1% design cost overhead compared to a non-symmetrical approach. (d) Reverse engineering attack for DSP kernel by transforming the architecture of an application into a non-obvious one through a robust multi-stage structural obfuscation methodology. Experimental results over the standard applications indicate an improvement in the power of obfuscation by 22% and reduction in obfuscated design cost by 55% is achieved compared to recent prior work. (e) SAT (Boolean Satisfiability) and removal attacks of the functionally obfuscated DSP IP core by integrating a custom light-weight Advance Encryption Standard (AES) core in the design. The AES module utilizes <1% of the available design logic elements of the FPGA. (f) Reverse engineering attack on the JPEG (Joint Photography Expert Group) IP core by generating a low-cost structurally obfuscated design. The design cost of the proposed obfuscated JPEG CODEC IP core is reduced by 5% and enhanced the robustness by 76% compared to a non-obfuscated design. (g) Hardware Trojan detection by generating a low-cost Trojan secured datapath architecture for DSP kernel, which explores the optimal vendor allocation and loop unrolling factor through Particle Swarm Optimization (PSO) based Design Space Exploration (DSE). The results generated indicate that a detection rate of 100% was achieved while handling such Trojans. Therefore, all approaches incur very minimal design overhead compared to the baseline (unprotected) design and achieve a significant reduction in design overhead and improvement in security/robustness compared to the current state-of-the-art.