N252-102 TITLE: Hardware-Level, Reverse-Engineering Resistant Logic Designs for Standard Complementary Metal-Oxide-Semiconductor (CMOS) Processes

OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Advanced Computing and Software;Microelectronics

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

OBJECTIVE: Develop a hardware-based design for standard Complementary Metal-Oxide-Semiconductor (CMOS) processes that stymies a range of common attacks and limits the ability of third parties to understand the functional behavior of fabricated chips.

DESCRIPTION: With the advances in various technologies, integrated circuits have become increasingly susceptible to reverse engineering. De-layering of an integrated circuit, for instance, reveals the interconnections between transistors and permits discerning the behavior of function blocks. This, in turn, enables eventually reconstructing the netlist and hence understanding the behavior of the full system. Adversaries would thus be free to copy the designs for their own uses. They could also probe them for faults and develop countermeasures. If these adversaries can insert themselves into the supply chain, then they would additionally be able to introduce back-doors, kill switches, and other mechanisms into the designs.

Reverse engineering is an especially significant threat to small embedded systems that operate in contested areas. Both commercial and non-commercial entities have shown that integrated-circuit extraction is possible and that those circuits can be successfully reverse engineered even when non-standard, hardware-level encryption is employed. Embedded, on-chip memories are also no longer safe from analysis.

Due to the threat that reverse engineering poses, several groups have proposed integrated-circuit camouflage approaches. These include the incorporation of dummy contacts, vias, and filler cells along with programmable standard cells. However, each of these has substantial issues. Dummy contacts, vias, and filler cells have no physical connections with the actual circuit. They thus do not hinder the de-layering process and serve to only marginally slow the progress of automated tools. Using programmable standard cells is incredibly costly, as it is a non-standard process at most, if not all, semiconductor foundries. As a consequence of these limitations, research has concentrated on the development of diverse logic families that rely on different threshold devices to conceal the hardware. The physical appearance of these devices is identical for different functionalities and is extremely difficult to discern from imaging and de-layering. However, many of the proposed logic families rely on the absolute values of the threshold voltage due to the single-ended configuration. They require external bias voltages to control the switches for proper orientation. Process-voltage-temperature variations can significantly affect these logic families and ultimately cause them to malfunction. Switching between nodes is also highly complicated.

The Office of Naval Research (ONR) seeks the submission of SBIR proposals that outline novel approaches for resisting reverse-engineering efforts. These approaches should focus on hardware-based protection mechanisms that are completely agnostic to the chosen application. Any SBIR proposals that include solutions focused either primarily or solely on software-based mechanisms will not be considered responsive to this topic.

There are several requirements for a hypothetical hardware-level obfuscation approach that are found in existing offerings. Some additional research is hence needed. Any proposed approach shall be suitable for both synchronous and asynchronous architectures. The approach shall be implementable in any standard CMOS process without the need for custom masks to both demonstrate basic attack-resistant functionality and achieve reasonably high chip yield rates. Custom masks can be used if they exhibit clear advantages with regard to chip power efficiency, performance, and reliability. To ensure that any proposed approach has broad applicability for transition sponsors and commercial partners, newer nodes shall be targeted. These shall include, at the minimum, either a TSMC 28-nm node or a GlobalFoundries 22-nm node during the first two phases of this SBIR and either a TSMC 16-nm node or a GlobalFoundries 12-nm node in the third phase of this SBIR. The change in nodes is necessary to validate that the approach is mostly, if not entirely, process independent. Regardless of the node, the proposed approach shall demonstrate a clear resilience to imaging-based attacks and de-layering. It shall be impervious to optical, laser, and scanning-electron-microscope sensing modalities along with any similar modalities. It shall also be resistant to side-channel attacks based on time, voltage, and current measurements. Any side-channel measurements should have, at most, a five-percent deviation per operation. Some resistance, if not complete resistance, to laser-fault injection should be theoretically demonstrated and empirically validated. Likewise, some resistance to machine-learning (ML) attacks should be empirically demonstrated. The types of ML attacks will be specified in the third phase of the SBIR. Lastly, there are hard requirements on the number of additional transistors that can be used in any proposed approach compared to the non-obfuscated designs. For an n-input, 1-output Boolean function block, the total number of transistors allowed in the obfuscated design should be either less than or equal to n + (n + 1) x 2^(n - 1). The number of stacked transistors, if used, shall be less than or equal to n - 1. These transistor requirements ensure that any proposed approach strikes a reasonable balance between security, silicon area, power, and performance.

Design Requirements: A hardware-based approach that stymies a range of common attacks and prevents, as much as possible, third parties from understanding the functional behavior of chips fabricated using it. This approach shall possess the following traits:

- Cover all Boolean logic within a single functional block with n inputs and a single output, with n being at least four.

- The number of total transistors for an n-input functional block shall be less than or equal to n + (n + 1) * 2^(n - 1).

- The number of stacked transistors shall be less than or equal to n - 1 for an n-input functional block.

- Implementable in any standard CMOS process for a 28-nm node and below.

- Implementable without the need for custom masks.

- Complete application agnosticity.

- Less than five percent side-channel signature variation per logical operation.

- Usable for synchronous and asynchronous architectures.

- Resilience to vision-based attacks that use various sensing modalities to uncover functional-block and system-level behavior.

- Resilience to side-channel attacks based on time, voltage, and current measurements to deduce functional-block and system-level behavior.

- Partial resilience to common machine-learning attacks that attempt to infer functional-block behavior.

- Partial resilience to laser-fault injection attacks.

Technical challenges: Ideally, the proposed approach should be implementable in only a few more gates, compared to non-obfuscated designs, and therefore offer low-power, high-performance capabilities for a given node.

The proposed approach, and chips fabricated using it, may be used for applications in harsh environments not currently considered by the acquisition program. A path forward for extreme-temperature operating conditions, such as those between -40 C and 120 C, shall be established in the design stage, even if it is not implemented in the prototypes. The chips will not be used in environments where direct contact with water is expected. They will also not be used in environments where either high background radiation, high humidity, high pressure, or some combination thereof, is expected. Lastly, they are not expected to be used in biological organisms.

PHASE I: Outline a hardware-level logic obfuscation approach that is resistant to reverse engineering by optical, laser, and scanning-electron-microscope sensing modalities, reverse engineering by analyzing the routing and metal traces along with the logic architectures, and reverse engineering to side-channel signatures, like timing, current, and voltage. Develop a comprehensive simulation for advanced nodes, such as TSMC 28-nm or below and GlobalFoundries 22-nm or below. Outline the functionality, reliability, and expected yield of the approach, which includes Monte Carlo simulations. Prepare a Phase II plan.

PHASE II: Design, fabricate, verify, and test a simple test chip that uses the proposed hardware-level obfuscation approach. This chip could include, for instance, simple logic gates, adders, and registers. A more complex design shall be considered following the success of this first chip. This could include, for instance, either a 128-bit AES engine or an 8-bit microprocessor. Fabricate and evaluate more than fifty samples, ensuring that a majority of the samples exhibit the desired functionality so as to demonstrate that the approach achieves a high yield and prevents against optical-based and side-channel-based attacks. Build a standard digital library that follows the standard digital design flow. Ensure that this library shall be both timing and place-and-route compatible with existing electronic-design-automation (EDA) synthesis tools like Cadence and Synopsys. Provide a full analysis of power, silicon area, speed, and noise margin compared to standard logic designs for the designs made using this library. Ensure that any chips fabricated using this library are operational within the temperature range specified.

PHASE III DUAL USE APPLICATIONS: Investigate and show a resilience of the proposed approach to attacks that use laser-fault injection reverse engineering and machine-learning reverse engineering. For fabricated chip designs, provide a full analysis of the yield rate and compare to standard logic designs. Once such tasks are completed, develop an automated design compiler for converting existing digital designs to attack-resistant designs for processes such as TSMC 16-nm or below and GlobalFoundries 12-nm or below. This compiler may be created in conjunction with larger industry partners. Work with foundries to develop custom masks to improve performance, reliability, and yield of the proposed secure logic framework, if improvements would offer substantial operational increases. Specify plans to either license the designs or facilitate transition to a major design partner, with the aim to use both the design compiler and standard library in multiple programs of record. Pertinent industries to target during this effort would include mobile device manufacturers, medical device manufacturers, automobile manufacturers, and semiconductor manufacturers. Other relevant industries include those that are involved with designing and producing integrated circuits via a decentralized supply chain and where the risk of intellectual-property theft is high.

REFERENCES:

1. Erbagci, B.; Erbagci, C.; Akkaya, N.E.C. and Mai, K. "A secure camouflaged threshold voltage defined logic family." Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2016, pp. 229-235. DOI: 10.1109/HST.2016.7495587
2. Rajendran, J.; Sam, M.; Sinanoglu, O. and Karri, R. "Security analysis of integrated circuit camouflaging." Proceedings of the ACM SIGSAC conference on Computer and Communications Security (CCS), 2013, pp. 709-720. DOI: 10.1145/2508859.2516656
3. Zhong, Y. and Guin, U. "Complexity analysis of the SAT attack on logic locking." IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 42, no. 10, 2023, pp. 3143-3156. DOI: 10.1109/TCAD.2023.3240933
4. Park, B. and Maghari, N. "Logic obfuscation through enhanced threshold voltage defined logic family." IEEE Transactions on Circuits and Systems, vol. 67, no. 12, 2020, pp. 3407-3411. DOI: 10.1109/TCSII.2020.2993447
5. Bankapalli, Y. S. and Wong, H.Y. "TCAD augmented machine learning for semiconductor device failure troubleshooting and reverse engineering." Proceedings of the International Conference on Simulation of Semiconductor Processes and Devices (SISPAD), 2019, pp. 1-4. DOI: 10.1109/SISPAD.2019.8870467
6. Lu, T.; Lu, A. and Wong, H.Y. "Device image-IV mapping using variational autoencoder for inverse design and forward prediction." Proceedings of the International Conference on Simulation of Semiconductor Processes and Devices (SISPAD), 2023, pp. 161-164. DOI: 10.23919/SISPAD57422.2023.10319583
7. Akkaya, N.E.C.; Erbagci, B. and Mai, K. "A secure camouflaged logic family using post-manufacturing programming with a 3.6 GHz adder prototype in 65 nm CMOS at 1V nominal VDD." 2018 IEEE International Solid-State Circuits Conference - (ISSCC), San Francisco, CA, USA, 2018, pp. 128-130. DOI: 10.1109/ISSCC.2018.8310217
8. Torrance, R. and James, D. "Reverse engineering in the semiconductor industry." Proceedings of the IEEE Custom Integrated Circuits Conference (CICC), 2007, pp. 429-436. DOI: 10.1109/CICC.2007.4405767

KEYWORDS: Reverse Engineering; Camouflaged Gates; Hardware Obfuscation; Logic Obfuscation; Chip Security; Application-specific integrated circuit; Secure ASIC Design; Secure ASIC Fabrication

---