BOOTSTRAP: Behavior Obfuscation and Hardware Trojan Detection through Selective Post-Fabrication Transistor-Level Programming

Description:

The University of Texas at Dallas is seeking companies interested in commercializing a technology that addresses the key security challenges of contemporary semiconductor manufacturing by enabling several design obfuscation features. This technology, termed a transistor-level programmable fabric (TRAP), builds on all of the capabilities currently offered by field-programmable gate arrays (FPGAs) - which are often used for building a prototype integrated circuit (IC) from standard parts – while providing improved performance efficiency, greater area utilization, and reduced time to market.

The TRAP fabric was developed on conventional static CMOS processes but has significant advantages over current FPGAs, such as its ability to be seamlessly integrated into a typical CAD flow with minimal changes. The main novelty of the TRAP fabric lies in its inherent ability to provide extremely low-cost design obfuscation through selective post-fabrication transistor-level programming. This reconfigurable architecture is achieved without the use of lookup tables (LUT) - required in FPGAs - reducing the design size. Area utilization is further improved through both chip-level virtualization (can implement a design much larger than its physical size) and board-level virtualization (can simultaneously implement multiple separate designs that would otherwise require multiple programmable chips). Including a TRAP fabric in an IC can also be used for hardware Trojan detection, both during off-line manufacturing testing and during normal on-line functionality. The aforementioned attributes will provide strategic advantages to those that choose to implement TRAP architecture in future designs, especially given its potential as embedded blocks in larger application-specific integrated circuit (ASIC) chips.

 

Technical Summary:

The TRAP fabric supports libraries containing cells of the same height and variable width, just as in a typical standard cell circuit. Thus, the transition from a prototype to a custom IC is simplified by allowing the TRAP block to be co-designed along with a conventional standard cell block on an ASIC. The same synthesis, placement, and timing analysis tools can be used for both portions of such an ASIC.

BOOTSTRAP resembles FPGA-based solutions, with important distinctions:

  1. Stores multiple configuration bits per configurable transistor (2 or more “configuration bits” aka “programming bits” per configurable transistor (or “switch”)
  2. Uses a transistor-based fabric (programmable array) rather than a gate array with conventional lookup tables, whose size/architecture is known and may be functionally reverse-engineered
  3. Overhead is in the 20-30% range, as opposed to the order(s) of magnitude imposed by FPGAs
  4. Can be seamlessly integrated in the typical CAD flow with only minimal changes, while FPGAs require a separate tool-flow

  Design Obfuscation Features:

  1. Post-Fabrication Programming – Without the programming bits in place, the functionality of the TRAP block cannot be determined.
  2. Cell Boundary Obfuscation – In an un-programmed TRAP fabric, the boundaries of logic or flip-flop library cells are unknown.
  3. Chip Virtualization – The TRAP fabric enables dispersing of the withheld portion of a design over multiple virtual layers of functionality which are overlaid on and time-share the physical TRAP fabric.
  4. State Obfuscation – The TRAP fabric contains separate state-holding elements for each virtual layer. Thereby, when splitting the withheld functionality in layers, we will ensure that each layer includes sequential behavior and that the interaction between layers is also sequential. This allows for the concurrent obfuscation of logic and state space.
  5. Interconnect Obfuscation – While interconnecting the custom and TRAP portions of a design, the actual connections can be made programmable and, thereby, hidden.
  6. Device Personalization – Personalization of each individual chip instance is supported by embedding a unique code in it through fuses or anti-fuses. Accordingly, each chip will require a different version of the program, appropriately matched to the unique code. Such fused code checking logic will be embedded into the TRAP logic itself, so that it cannot be bypassed.

 

Figure 1 : Design obfuscation through BOOTSTRAP.

 

Value Proposition:

BOOTSTRAP is the first all-encompassing and cost-effective solution that addresses the security challenges faced in contemporary semiconductor manufacturing while simultaneously improving area efficiency and reducing overhead compared to FPGA-based solutions.

 

Applications:

  • Hardware development    – low-cost alternative to FPGA/ASIC design starts, with the ability to re-program in the field
  • ASIC prototyping    – reconfigurable without requiring a LUT, reduced time to market, lower non-recurring engineering costs
  • Computable processes    – digital signal processing, software-defined radio, medical imaging, speech recognition, cryptography, etc.

 

Key Benefits:

  • Design Obfuscation    – Reconfigurable architecture, chip virtualization, and post-fabrication programming allow for inherent protection
  • Reduced Size    – Eliminates need for LUT, supports both chip-level and board-level virtualization
  • Dynamic Reconfiguration    – allows simultaneous storage of three configurations and dynamic switching between them within a single clock cycle while retaining the fabric’s computational state
  • Efficient    – Produces a programmable chip with far less overhead and power compared with standard FPGA chip
  • Hardware Trojan Detection    – Roving duplicate-and-compare based functional equivalence checking method reveals malicious logic in the custom portion of the IC

 

 

Publication:  

Tian, Jingxiang, et al. “A Field Programmable Transistor Array Featuring Single-Cycle Partial/Full Dynamic Reconfiguration.” Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017, 30 Mar. 2017. IEEE Xplore, doi:10.23919/date.2017.7927200.

IP Status: Patent pending.

Licensing Opportunity: This technology is available for exclusive or non-exclusive licensing.

ID Number: MP-17035

Contact: otc@utdallas.edu

Patent Information:
Category(s):
Electronics
For Information, Contact:
OTC Licensing
otc@utdallas.edu
Inventors:
Carl Sechen
Georgios Makris
Jingxiang Tian
Gaurav Rajavendra Reddy
Keywords:
Cybersecurity
Devices
Engineering & Physical Sciences
Semiconductor, MEMS & Nanotechnology
© 2024. All Rights Reserved. Powered by Inteum