Lead Author: Dr. Meng-Yi Wu, Dr. Kai-Hsin Chuang
In a secure chip, the keys, which constitute the hardware root of trust (HRoT) of the chip, must be fully protected. An HRoT is the most important design in chip security, providing fundamental trust (root keys), hardware identification code (UID), hardware unique keys (HUK), and entropy. Consequently, it often becomes the target of hacker attacks. If there are no effective designs to prevent attacks, the keys that serve as the foundation for secure operations can be easily obtained by attackers, leading to various security issues in applications, such as identity authentication cracking, data encryption breaking, and theft of product design know-how.
Three criteria need to be considered when designing an HRoT:
- Authorized Secured Operation: The operation of the design must have permission control to determine whether the reading of confidential information is legal. It prevents hackers from controlling or obtaining important information during operation by creating errors in the chip’s logic functions through fault injection.
- Secure Storage: To store important security information of the chip, a storage unit must include access control permissions and management, data obfuscation, and data encryption for data read and write operations to prevent information from being read out during power-on or power-off situations, as well as from electrical and physical reverse engineering.
- Trusted Environment: The design must include dedicated logic circuits and registers. Other auxiliary circuits are also required to detect abnormal behaviors within the entire block. It is necessary to mitigate all possible vulnerabilities in the circuit design, or hackers could exploit techniques like power analysis to steal confidential data.
In this book, we will take PUFsecurity’s product PUFrt as an example, which features one-time programmable (OTP), static entropy NeoPUF, and dynamic random number (TRNG). Starting with introducing the system architecture of memory, the book will state various attack methods on chips and the threat models they generate. The countermeasures and protective technologies based on various threats will then be provided. We hope our readers gain a thorough knowledge of HRoT design and understand the design concepts of a secure system as well as what to be aware of.
***
Table of contents
- Introduction
. - Basic of Physical Attacks
2.1. Invasive Attacks
2.2. Semi-invasive Attacks
2.3. Non-invasive Attacks
. - Hardware Root of Trust
3.1. General Requirements
3.2. Design and Threats for Building an NVM Secure Macro 3.3. Threat Models for Secure Macro
3.4. Requirements for Anti-tampering Design
. - Hardware Root of Trust Designs and Anti-Tampering Methods
4.1. Design Concept
4.2. PUFrt: Hardware Root of Trust Design Example
4.3. Features of PUFrt Anti-tampering Design
4.4. Threat Models and Relevant Countermeasures
4.5. Anti-Tampering Design in Hard Macro
4.6. Anti-Tampering Design in RTL
. - Resistance to Invasive Attacks: SEM & TEM Inspection
5.1. Resistance to Physical Inspection
5.2. Resistance to post-HTOL-induced Physical Imprint
5.3. SEM Inspection
5.4. TEM Inspection
5.5. Conclusion
. - Side-Channel Attack: Timing and Power Side Attacks
6.1. Timing Side-Channel Attacks
6.2. Power Side-Channel Attacks
6.3. Confidentiality and Integrity under Extreme Operation
. - PUFrt InGaAs Backside Imaging Analysis
7.1. Experiment Setup
7.2. Experiment Results
7.3. Experiment Summary