The present invention relates to security applications in digital electronics and, more particularly, to systems, devices, and methods of encrypting digital logic gates.
Methods to reverse engineer physical IP are becoming increasingly powerful, automatable, and affordable. Today, sophisticated attackers can gain access to and reverse engineer secret encryption and decryption keys embedded in hardware without much effort. A complete, annotated, hierarchical netlist of a digital circuit can be obtained for less than $15,000. This includes circuits that cannot be patented or otherwise protected—exposing proprietary information. This creates a number of severe problems to chip manufacturers and their customers. A related problem is the exposure of keys due to theft and unauthorized distribution of devices. For example, a subcontractor might sell excess quantities of a manufactured device to others, or resell substandard devices that failed to conform to the contractor's manufacturing specifications under an alternate trade name.
As a consequence, manufacturers are forced to expend considerable time and money to develop countermeasures to deter adversaries. Numerous methods to encrypt, obfuscate, and hide information have been employed in the software domain for a long time. Until now, however, no equivalent methods have been feasible in the hardware domain. Nor does there exist any generation of hardware that would be capable of implementing such techniques.
What is needed are effective systems and methods that allow for the protection of valuable IP and information in the hardware domain, ideally, using automated procedures that are compatible with existing manufacturing tools and processes.
Reference will be made to embodiments of the invention, examples of which may be illustrated in the accompanying figures. These figures are intended to be illustrative, not limiting. Although the invention is generally described in the context of these embodiments, it should be understood that this is not intended to limit the scope of the invention to these particular embodiments.
In the following description, for the purpose of explanation, specific details are set forth in order to provide an understanding of the invention. It will be apparent, however, to one skilled in the art that the invention can be practiced without these details. One skilled in the art will recognize that embodiments of the present invention, described below, may be performed in a variety of ways and using a variety of means. Those skilled in the art will also recognize that additional modifications, applications, and embodiments are within the scope thereof, as are additional fields in which the invention may provide utility. Accordingly, the embodiments described below are illustrative of specific embodiments of the invention and are meant to avoid obscuring the invention.
Reference in the specification to “one embodiment” or “an embodiment” means that a particular feature, structure, characteristic, or function described in connection with the embodiment is included in at least one embodiment of the invention. The appearance of the phrase “in one embodiment,” “in an embodiment,” or the like in various places in the specification are not necessarily referring to the same embodiment.
Furthermore, connections between components or between method steps in the figures are not restricted to connections that are affected directly. Instead, connections illustrated in the figures between components or method steps may be modified or otherwise changed through the addition thereto of intermediary components or method steps, without departing from the teachings of the present invention.
Truth table 100 in
Now, if the result of a logic function were determined not only by its inputs, but additionally by a key (subsequently called “logic key”), as suggested by the present invention, then the functionality of that logic function could not be determined by simply reverse engineering the logic function itself, because the logic key would remain unknown and the output of the logic function could take on any possible result.
A logic key is typically an encrypted key that can be stored, e.g., in a tamperproof storage element. In one embodiment of the invention, the logic key is used to determine the physical wiring for a given logic building block to, in effect, encrypt the logic building block. As a result, reverse engineering of the building block without knowledge of the logic key would show only that the building block can be used to express any possible logic function. However, a reverse engineered building block would not expose the actual function of the logic. The logic key may be used directly, i.e., without intermediate storage, such that each bit controls one logic element. In one embodiment, the logic key is created by decrypting data using a secret or private decryption key.
Encrypted logic key 204 may be stored in a secure memory. Another example of an indirectly storing the logic key will be discussed with respect to
In one embodiment, encrypted logic key d 204 is automatically determined for a given to-be-encrypted logic circuit, for example, a two-dimensional x-y circuit that performs a sensitive algorithm. Ideally, the algorithm has been tested and its proper working condition had been verified.
The logic gates identified in the original design in
While generic building blocks 402-408 can be configured to perform certain desired functions, configuration 400 in
In one embodiment, configuration information represented by key bits 410 is stored, in a tamperproof memory, for later use as a decryption key. Upon a power-up condition, or as needed, a state machine or software may extract key bits 410 from the tamperproof memory and shift them into their corresponding logic gates. As a result, logic function 400 regains the properties of the logic function shown in
It is noted that the process of replacing generic building blocks 402-408 may be repeated for any and all remaining logic gates in the sequence. One advantage of an automated, computer-controlled replacement process is that it eliminates the need to re-implement or re-build an existing circuit that is to be protected. One of ordinary skill in the art will appreciate scan chains and serialized logic may be combined in the creation step and in the hardware implementation. An example of the details of each generic block, e.g., S1404 is provided in
Returning to
In scenarios where there are any errors in logic key bits 410, logic building blocks 402-408 will perform unknown or invalid operations. In one embodiment, a built-in self-test (BIST) is performed upon power-up and combined with the loading of logic key bits 410 so as to take advantage of the fact that both the BIST and the key loading make use of serialized logic by, e.g., a logic scan. The effect decrypting a logic function by using an invalid or wrong key is illustrated in
It is noted that unlike field programmable gate arrays, this system does not have to be designed to be capable of expressing more than one arbitrary logic function during runtime. Typically, only the originally designed, valid logic function is activated, while all other incorrect combinations are inactive. Additionally, errors in logic key bits may cause system latch-up and other violations. Therefore, in one embodiment, generic logic blocks are specifically designed to avoid these unwanted effects.
Regarding testability in manufacturing, the desired function is tested and verified as correct, while any undesired invalid (i.e., wrongly configured) function does not have to be tested except to the extent required to ensure reliable operation of the correct function. For example, the logic key bits could be loaded to unlock the logic function, and scanning could be performed just as it would in a regular test flow to verify correct timing. For incorrect logic functions, the circuit may be tested to ensure that the incorrect logic does not permanently negatively impact the system (e.g., by causing a destructive latch-up). It is noted that, unlike for the correct function, timing is of no concern and may or may not be met for incorrect functions.
While the invention as described above results in a powerful hurdle for reverse engineering, additional steps may be taken to protect the keying material to make it inaccessible to potential intruders. In one embodiment, the logic key that holds the secret is therefore stored in a tamper-resistant, battery-backed non-volatile memory. Indirect storage of the logic may be achieved by employing alternatives that do not require a battery. One embodiment uses Physically Uncloneable Functions (PUFs) as secure physical elements. A PUF is typically a random, device-unique but constant number that may change as soon as the device is being probed. Therefore, such unique identification elements serve as excellent encryption keys.
Logic key protection using a secure physical element is illustrated in
One simple example used for illustrative purposes is an XOR operation. Assuming that x=(d XOR k), then k=(d XOR x), i.e., both PUF d 1002 and unlocking key x 1004 are needed to calculate logic key k 1006. In other words, because x 1004 is dependent on PUF d 1002, PUF d 1002 is needed to compute k from unlocking key x 1004. But this also means that unlocking key x 1004 is computable, since all the necessary information is known or determinable. In particular, logic key k 1006 is known from designing the function, and the value of PUF d 1002 can be determined from measurements, for example, as part of the manufacturing process. Given PUF d 1002 and logic key k 1006, unlocking key x 1004 can be computed from x=f−1(d, k). In practice, strong cryptographic functions fc( ) rather than XOR are used.
The value of unlocking key x 1004 may then be stored, for example, inside the device's OTP, Flash memory, battery-backed SRAM or other non-volatile memory. For a potential attacker, the value of obtaining unlocking key x 1004 is extremely low since, by itself, unlocking key x 1004 cannot be used to activate other devices. Nor does unlocking key x 1004 unlock the logic function of the device.
In one embodiment, at device startup, or upon use of the logic function, the device computes logic key k 1006 as k=f(d, x) and loads (i.e., shifts) logic key k 1006 into the logic block configuration, thereby activating the correct logic function. As an advantage, only unlocking key x 1004 needs to be stored on the chip, and not secret key k 1006 itself, such that logic key k 1006 is successfully obfuscated. Note that if k were stored directly, PUF 1002 would not have any bearing on key k 1006. One of ordinary skill in the art will appreciate that a multitude of functions of varying speeds, sizes, and more complex cryptographic properties can be used, including public key cryptography.
In one embodiment, the system described in
Moving certain logic operations on inputs and outputs of a logic function into software allows the use a different logic key k2 1160 instead of original logic key k1 1110 and, thus, provides additional control over logic keys. Multiple pairs of keys and software may be used in computing the equivalent information. In one embodiment, software library enables software operations 1170 and 1180 on the inputs and outputs of logic function 1154, respectively, to negate a predetermined number of the input bits 1152 to logic function 1154 by inverting corresponding generic logic blocks such that the results computed by logic function 1154 are identical to results of non-inverted inputs computed with a different software library. As illustrated in
In operation, the software bit inversion results in equivalent processing as that in example in
Some embodiments of the present invention may greatly increase the gate count of a logic implementation, e.g., by a factor of five, and result in a decrease of the achievable speed. Therefore, in one embodiment, the systems and methods of the present invention are applied only to critical blocks in a given design. In another embodiment, custom cells are used to reduce the footprint of individual generic logic blocks. In yet another embodiment, a subset of the chip design is run at reduced clock speeds to reduce the required die area and/or mitigate the impact of an increased gate count.
At step 1304, each type of logic gate used is analyzed and identified.
At step 1306, a sequence of key bits is obtained and assigned to the logic gate, such that a generic logic building block can perform the equivalent function.
At step 1308, the logic gate is replaced with a generic logic gate or building block.
At step 1310, key bits are stored, e.g., in a database.
Finally, steps 1304 through 1310 are repeated for some or all of the remaining logic gates in the sequence.
It will be appreciated by those skilled in the art that fewer or additional steps may be incorporated with the steps illustrated herein without departing from the scope of the invention. No particular order is implied by the arrangement of blocks within the flowchart or the description herein.
It will be further appreciated that the preceding examples and embodiments are exemplary and are for the purposes of clarity and understanding and not limiting to the scope of the present invention. It is intended that all permutations, enhancements, equivalents, combinations, and improvements thereto that are apparent to those skilled in the art, upon a reading of the specification and a study of the drawings, are included within the scope of the present invention. It is therefore intended that the claims include all such modifications, permutations, and equivalents as fall within the true spirit and scope of the present invention.
This application is a continuation of previously filed patent application Ser. No. 14/659,348, titled “Systems and Methods for Enhancing Confidentiality Via Logic Gate Encryption,” listing as inventors Robert Michael Muchsel, Donald Wood Loomis, III., Edward Tangkwai Ma, Hung Thanh Nguyen, Nancy Kow Iida, and Mark Alan Lovell, and filed Mar. 16, 2015, which is related to and claims the priority benefit of U.S. Provisional Application No. 62/058,564, titled “Systems and Methods for Enhancing Confidentiality Via Logic Gate Encryption,” listing as inventors Robert Michael Muchsel, Donald Wood Loomis, III., Edward Tangkwai Ma, Hung Thanh Nguyen, Nancy Kow Iida, and Mark Alan Lovell, and filed Oct. 1, 2014, which applications are hereby incorporated herein by reference in their entireties.
Number | Name | Date | Kind |
---|---|---|---|
4508977 | Page | Apr 1985 | A |
6112187 | Fukawa | Aug 2000 | A |
6757831 | Folmsbee | Jun 2004 | B1 |
6965675 | Trimberger | Nov 2005 | B1 |
7606362 | Streicher | Oct 2009 | B1 |
7984305 | Ochi | Jul 2011 | B2 |
8009827 | Okochi | Aug 2011 | B2 |
8200235 | Villier | Jun 2012 | B2 |
8364960 | Baroffio | Jan 2013 | B2 |
8879727 | Taylor | Nov 2014 | B2 |
8879827 | Aviv | Nov 2014 | B2 |
20020080972 | Kato | Jun 2002 | A1 |
20020150252 | Wong | Oct 2002 | A1 |
20020166058 | Fueki | Nov 2002 | A1 |
20040223618 | Dellow | Nov 2004 | A1 |
20060186919 | Verma | Aug 2006 | A1 |
20060265603 | McLean | Nov 2006 | A1 |
20080219448 | Almeida | Sep 2008 | A1 |
20080260441 | Takagi | Oct 2008 | A1 |
20090067632 | Nakano | Mar 2009 | A1 |
20090110188 | Dolgunov | Apr 2009 | A1 |
20090132821 | Matsuzaki | May 2009 | A1 |
20100229069 | Yamaguchi | Sep 2010 | A1 |
20110255694 | Miyauchi | Oct 2011 | A1 |
20120069995 | Matthews, Jr. | Mar 2012 | A1 |
20120230492 | Fujisaki | Sep 2012 | A1 |
20130230492 | Fire et al. | Sep 2013 | A1 |
20140044265 | Kocher | Feb 2014 | A1 |
20150304105 | Shi | Oct 2015 | A1 |
20150379276 | Glickman | Dec 2015 | A1 |
Number | Date | Country | |
---|---|---|---|
20170317677 A1 | Nov 2017 | US |
Number | Date | Country | |
---|---|---|---|
62058564 | Oct 2014 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 14659348 | Mar 2015 | US |
Child | 15645562 | US |