Design for trust in behavioral VLSI design

Abstract

The continuous globalization in the semiconductor design and fabrication process of integrated circuits (ICs) is making these extremely vulnerable to malicious modifications. An adversary in a foundry or in an intellectual property (IP) design house, can insert a small malicious circuitry inside the genuine circuit which can lead to a serious catastrophe in the field of operation or leak the secret information. In addition, the electronic design automation (EDA) industry has tackled the increase in IC design complexity and shorter design cycles by raising the abstraction level from register transfer level (RTL) to behavioral level (C/C++/SystemC). This paradigm shift opens a new window for attackers to insert more powerful hardware Trojan, as a single line in a behavioral program can lead to 7× moregates than at the RT-level [1]. Thus, this thesis addresses the possible security issues concerned to behavioral IPs (BIPS) mapped as hardware accelerators inthe heterogeneous system on chip (SoC). Although this thesis mainly extends theories to protect the BIP user from malicious alterations of the BIP, it also investigates methods to protect the BIP vendor from an unlawful usage of the BIP. For this purpose, an open source benchmark suite called Security Synthesizable SystemC benchmark (S3Cbench) consists of multiple BIPs written in synthesizable SystemC which include different types of Trojan was first created. These benchmarks are used as the backbone of this work to create methods to find these Trojans when no golden reference models exist. This thesis then studies the impact of obfuscation on the quality of results (QoR) of the BIPs and propose an efficient method to obfuscate these BIPs without a significant QoR degradation due to the redundant operations inserted by the obfuscator. A hardware Trojan detection technique which leverages formal verification techniques at the behavioral level is also presented. In particular, property checking techniques to increase source code coverage. This thesis also addresses the detection of hardware Trojan at the system level. C-Based VLSI design has many advantages compared to traditional RTL design. One that this work takes advantages of is the generation of fast cycle-accurate models of complete SoCs. This is used to measure the exact timing at which each BIP mapped as a loosely coupled Hardware Accelerator (HWAcc) slave. This is in turn used to detect if the Trojan has been triggered during the intervals in which the accelerator is not performing any computation. This allows the fine tuning of our proposed circuit called Trust Filters which can detect the hardware Trojans at runtime. The last part of this thesis addresses the issues of how to avoid hardware Trojan to be inserted in runtime reconfigurable systems which depend on a configuration bit stream to reprogram their functionality every clock cycle, making them extremely vulnerable to Trojan. The experimental results and implementation analysis demonstrate the effectiveness of our proposed techniques.