Obfuscation (hardware)

Under hardware obfuscation obfuscation of the layout of integrated circuits (to be ICs such as crypto processors , microcontrollers , SoC ) understood. It is an essential measure to protect against manipulation such as the deliberate installation of weak points (sabotage, backdoors ) and intellectual property ( English know-how, intellectual property ) and generally makes reverse engineering and thus product piracy more difficult .

background

Successful products are often copied. While patent law protects the development of the original manufacturer, but at the same time allows patents to be circumvented through alternative technical solutions and thus promotes the variety of technical solutions, some providers shorten the development process by copying the developments of others without authorization and distributing them themselves.

Risks for manufacturers of the original

This creates various risks for the manufacturer of the original:

The product pirate brings the copied product into circulation as an original. This can have different consequences:
- The copy has qualitative defects (e.g. microprocessor copy is offered overclocked) for which the manufacturer is responsible. If the defective product cannot be immediately identified as an imitation, the original manufacturer will be charged with safety defects ( product liability ) and the image of his brand will be damaged.
- Functions for espionage or sabotage were added to the copy (hardware Trojans )
The copied product is recognized as such by the end user anyway, because z. B. Copies of branded watches or cards for Pay-TV decryption are considerably cheaper and the quality of the copied product is sufficient for the buyer
The manufacturer of the original can no longer refinance its development costs from sales

Global division of labor

Further need for hardware obfuscation arises from the fact that globalization has resulted in a division of labor in the development and production of ICs, so that fewer and fewer providers are able to develop, manufacture and sell complex semiconductor components themselves.

The division of tasks between the cooperating companies can be represented by the following structure:

Architecture : The provider by whom and under whose name the IC is sold has its own components as well as those from other providers. The external components can be function blocks for encryption, energy management or something else.
Integration : The components are put together to form a system. Correct functioning is ensured through analyzes and simulations. The result is an optimized circuit diagram.
Test design : In the final inspection, every IC is checked for functionality. While the functions of simple circuits can still be tested via the connection to the pins led to the outside, complex circuits have internal test mechanisms that allow greater testing depth. The integration of such test structures is a separate work step that is performed by specialized service providers and is based on the finished circuit diagram.
Production : The manufacturer of the semiconductor receives the layout of the masks. If this is not trusted, he receives little or no information on how the IC is to be tested, so that the manufacturer does not allow production to continue beyond the contractually agreed quantity and sell these ICs via his own channels.
Assembly : The semiconductors are contacted by another service provider with the pins of the housing and possibly other semiconductors in the same housing ( multi-chip module , system-in-package , package-on-package ). After that, they are fully tested. Possibly the IC will then be contacted on a circuit board.

This division creates the risk that intellectual property may inadvertently and unnecessarily leak to a cooperating company.

Methods of obfuscation

Basically, when it comes to obfuscation, you have to choose between methods that work against unauthorized use and methods that make reverse engineering more difficult.

There are several types of obfuscation:

Activation before first use: The semiconductor contains additional logic gates that are added to a function block. They are only configured permanently and correctly in the final production step or by the end user. If the IC is tested prior to configuration, it will produce mostly incorrect outputs.
Gates that do not reveal whether they are working as XOR, NAND or NOR. Alternatively, multiplexers can also be used, the configuration of which is obscured.
A hardware design in which the circuit is expanded with additional gates. These additional gates are connected to real contacts as well as to dummy contacts (contacts with inconspicuous interruptions). In reverse engineering, the masking gates and the effective contacts must also be identified.

These measures can be supplemented by cryptographic protection mechanisms or unique IDs by physical unclonable functions (PUF).

disadvantage

Disadvantages of obfuscation can be:

Part of the development effort is put into obfuscation
Measures of obfuscation offer the end customer no benefit, but they increase the complexity and thus
- the risk of failure because the semiconductor has more functions than are necessary for the specified execution and
- there are more possibilities for errors that can be overlooked during tests and analyzes and thus introduce an additional risk in safety-critical applications.
- Longer runtimes if a signal passes through additional cascades of gates
At the same time, however, the proof of unauthorized use by third parties is made more difficult if the owner of the rights can no longer prove patent-protected features because the imitator himself has taken measures to obfuscate.
Cases are documented in which the original ICs were bought up and sold to end customers with a new, higher clock rate. Obfuscation does not help against such methods.

In this respect, open source developments offer the advantage that no effort has to be put into obfuscation.

Individual evidence

↑ Domenic Forte, Swarup Bhunia, Mark M. Tehranipoor (Ed.): Hardware Protection through Obfuscation . 1st edition. Springer International Publishing AG, 2017, ISBN 978-3-319-49018-2 , 1.2.1 Integrated Circuit Supply Chain (English).
↑ Domenic Forte, Swarup Bhunia, Mark M. Tehranipoor (Ed.): Hardware Protection through Obfuscation . 1st edition. Springer International Publishing AG, 2017, ISBN 978-3-319-49018-2 , 1.1 Introduction (English). Example of the case of Xilinx (plaintiff) against Flextronics (distributor of Xilinx products)

[ftn1-1] Domenic Forte, Swarup Bhunia, Mark M. Tehranipoor (Ed.): Hardware Protection through Obfuscation . 1st edition. Springer International Publishing AG, 2017, ISBN 978-3-319-49018-2 , 1.2.1 Integrated Circuit Supply Chain (English).

[ftn2-2] Domenic Forte, Swarup Bhunia, Mark M. Tehranipoor (Ed.): Hardware Protection through Obfuscation . 1st edition. Springer International Publishing AG, 2017, ISBN 978-3-319-49018-2 , 1.1 Introduction (English). Example of the case of Xilinx (plaintiff) against Flextronics (distributor of Xilinx products)