Georg Sigl has spent ten years looking at system security and developing secure ICs for a variety of applications. Starting in the year 2000, he was responsible for developing new secure microcontroller platforms in the Chip Card and Security division at Infineon. He managed the development of two award winning secure platforms: the Infineon SLE88 (Cartes Sesames Award 2001) and the SLE78 (Cartes Sesames Award 2008; Innovation Award of the German Industry 2010). In short, Sigl understand the types of security problems modern digital systems encounter and he’s thought a lot about how to deal with those threats. Signl brought his insights to ICCAD today in the form of a keynote speech titled “Design of Secure Systems – Where are the EDA Tools?”
Before you can understand what needs to be designed, you need to understand the types of attacks directed at secure systems. They take three forms:
- Fault injection
- Side-channel attacks
- Probing and forcing attacks
In all three of these attack forms, some external agency is impressing some sort of influence on a system to try to circumvent its security (if it has any). Fault injection attempts to drive a system into erroneous behavior to gain access to the protected resource. If successful, an injected fault might force a system to skip a security protocol, giving access to the protected resources, or might provide access to the system’s security key(s).
One way to inject a fault is to de-lid a chip (or dissolve the packaging material around the die) and then use a focused laser to flip bits in the circuit through optical energy injection, which can upset flip flops. This is a very powerful attack mechanism, said Sigl. The only countermeasure here is to detect the error caused by the intrusion and this countermeasure usually calls for redundant hardware in the IC’s security section with a comparator used to make sure that both parts of the redundant security block agree with each other.
Side-channel attacks often involve the power pins of an IC. It is possible to make very informed guesses as to the internal operations of a chip by observing the power consumed by the device over time because, in CMOS devices, the power consumed is a direct function of the amount of on-chip activity. You can take this power monitoring even further using an electromagnetic sniffer that can detect activity over a 100 square micron area of the IC.
There are two possible countermeasures for side-channel attacks. The first is to hide or mask power consumption by creating additional on-chip activity. One way to do this, said Sigl, is to use dual-rail, precharged circuits that always generate the same number of bit transitions per clock using a balanced true/inverted logic design. Great in theory, but CMOS power drain also depends on load capacitance so for this approach to work, the true/inverted signals must always be of equal length. Easier said than done.
Probing and forcing attacks use physical probes to inject voltages into a chip, forcing desired logic states in a de-lidded or otherwise exposed die. One way to combat this sort of attack is to place a shielding layer on the IC’s topmost metal layer. However, it is possible to remove such a shield without disabling the IC so Sigl also discussed moving sensitive signal lines to the bottommost metal layers so that upper metal layers carrying critical but not secure signals block any probing attempts.
Security requires hardware support, said Sigl. At a minimum, you need a “hardware trust anchor” he said. However, Sigl also said that he is unaware of any EDA tools that support secure hardware design at the moment. Synthesis tools efficiently optimize redundant circuitry out of carefully crafted security blocks with redundant logic paths. That’s precisely what the tools are designed to do—they are bred for efficient logic generation, not security. Likewise, there are no routers designed to automatically keep security-oriented signals on the bottom metal layers. That’s not how routers are currently built.
Why is security an issue? Sigl gave one example of a completely unsecure system ripe for assault: the wireless tire-pressure gauges in automobile tires. These gauges send wireless signals to antennas in a car so that the inflation state of each tire can be displayed on the car’s instrument panel. The communication protocol was easily reverse engineered and the car’s tire pressure could be effectively manipulated from tens of meters away. Perhaps someone could be forced to stop to deal with a completely flat tire, exposing the driver to assault.
Not likely, you say? Then consider this. Automobile manufacturers are climbing over each other to link you car to the Internet so that they can sell upgrades, information, and entertainment to you while you are driving. Once your car is connected to the Internet, your identity is susceptible to hacking in the same ways that it’s vulnerable in your PC.
Note: In June 2010, Sigl founded a new institute at Technical University Munich for Security in Electrical Engineering and Information Technology. At the same time, he is driving embedded security research as deputy director at the Fraunhofer Research Institution for Applied and Integrated Security AISEC Munich.