Secure logic chip for resisting hardware trojan induced leakage in combinational logics
Inventors
Shi, Yiyu • SCHULZE, TRAVIS • KWIAT, KEVIN • KAMHOUA, CHARLES A.
Assignees
United States Department of the Air Force
Publication Number
US-11995222-B2
Publication Date
2024-05-28
Expiration Date
2036-09-29
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
In one embodiment, the invention is a method and apparatus for designing combinational logics with resistance to hardware Trojan induced data leakage. The invention solves the untrustworthy fabrication risk problem by introducing a design method such that even when the design is entirely known to an attacker and a data leakage Trojan is injected subsequently, no useful information can be obtained. This invention contains several methods as shown in several embodiments. The methods include randomized encoding of binary logic, converting any combinational binary logic into one with randomized encoding, and partitioning a randomized encoded logic for split manufacturing.
Core Innovation
The invention is a method and apparatus for designing combinational logics with resistance to hardware Trojan induced data leakage. It introduces a design method applying randomized encoding of binary logic to convert any combinational binary logic into a form with randomized encoding and partitioning this randomized encoded logic for split manufacturing. This ensures that even if the design is fully known to an attacker who then injects a data leakage Trojan, no useful information can be extracted.
The problem addressed is the untrustworthy fabrication risk inherent in semiconductor manufacturing outsourced to potentially unsecure foundries. Hardware Trojans are malicious modifications to the chip circuitry, often undetectable through conventional functional testing because they preserve normal operation except when triggered to leak sensitive data via side channels. Existing measures like runtime monitoring, post-silicon testing, and design for security focus on detecting or hiding such Trojans, but are ineffective especially when an attacker can reverse engineer a chip from one manufacturing run and then inject Trojans in subsequent runs. There lacks a method to prevent data leakage even when side channels are established and the design information is compromised.
The invention achieves this by encoding logic signals with random values in a dual-rail encoding scheme, such that the decoded logic state cannot be determined without knowledge of the random encoding. This encoding uses randomized dual-rail codes shared across gates with a random rail generated by a secure random logic state generator. The design separates the random encoding and decoding logic into a securely fabricated chip portion, which communicates with the rest of the logic fabricated in an unsecure environment, using quilt packaging to form a composite chip. By keeping the random signals and decoding mechanisms secure and hidden from the attacker, any information obtained by hardware Trojans embedded in the conventional logic portion is unreadable.
Claims Coverage
The patent includes one independent claim defining several inventive features of a security apparatus for logic circuits.
Randomized dual-rail encoding for secure logic input
The apparatus includes a secure section that uses a random logic state generator to produce a random logic state that encodes logic inputs via randomized dual-rail encoding, producing securely encoded outputs.
Secure decoding and un-encoding mechanism
The apparatus has a multiplexer selecting securely decodable logic inputs and a second logic gate utilizing the same random logic state to un-encode these inputs to produce the original un-encoded logic output.
Partitioning between secure and unsecure sections with secure fabrication
The security apparatus is divided into a secure section inaccessible to malicious intrusion through secure fabrication and an unsecure section, with connections between them that maintain security of the random logic state and encoding.
Collectively, the independent claim describes a security apparatus combining randomized dual-rail encoding controlled by a random logic state, secure encoding and decoding logic gates, and a partitioned secure/unsecure layout fabricated with secure methods to prevent hardware Trojan induced data leakage in combinational logic circuits.
Stated Advantages
The invention prevents data leakage from hardware Trojans even when the attacker fully knows the design and can inject Trojans later.
It reduces the ability of attackers to interpret or decode information obtained from compromised portions of the chip, enforcing security by requiring guessing within a prohibitively large search space.
The use of quilt packaging allows secure fabrication and integration of critical encoding and decoding logic separately from unsecure logic blocks, enhancing tamper resistance.
The approach introduces only modest area and power overhead, approximately doubling for randomized dual-rail logic, with multiple implementation variations available.
Documented Applications
The invention is applied to combinational logic circuits particularly vulnerable to hardware Trojan insertion during outsourced semiconductor fabrication.
It is suitable for security-critical hardware such as military systems, aerospace, and defense platforms where data leakage Trojans pose significant threats.
The apparatus and method can be implemented using quilt packaging technology, allowing separate fabrication of secure input/output chips that encode/decode random logic states.
Interested in licensing this patent?