This talk presents a survey of known attacks and practices in 4 categories, as well as relevant research works and solutions.
Since the invention of the first integrated circuit (IC) in 1958 and introduction of first standalone Central Processing Unit (CPU) in 1971, we witnessed and continue to observe the breathtaking advances in IC manufacturing, transistor density and architectural solutions. These advances fueled the imagination of developers so that we now have diverse application fields for integrated circuits. Till recently, we have intuitively trusted the chips to control our lives and processes, so we have huge amount of sensitive information processed in chips. However, nowadays, attacks are being launched increasingly for economic reasons by well-funded criminal organizations or for intelligence purposes to get access to secret and sensitive information. Moreover, the emergence of globalized and horizontal IC and semiconductor business model, mainly driven by cost savings, is requiring both designs and users re-asses their trust in hardware and even in the supply chain. In recent years many reports have appointed to these attacks on the electronic components and their supply chain. The semiconductor industry is today loosing over $4 billion a year due to these kind of attacks.
Hardware attacks and trust issues can be classified into the following classes:
1. IC data (assets) attacks: These are attacks that aim at retrieving the secret data of the IC; e.g., hacking a smart cart to get the secret key;
2. IC design (IP) attacks: These are attacks that aim at getting more information on the IC design in order to counterfeit it; e.g., perform reverse engineering on an IC or IP, steal and/or even claim the ownership;
3. IC functionality (tampering) attacks: these are attacks that target the alternation of the original function of the chip/system. For example, a chip ceases functioning or continues to operate but then in an impaired manner, a chip introducing corruption in the data, etc.
4. IC piracy: in these cases, fraudulent practices are used to illegally sell circuits to make "easy money". This class includes for example over-building of integrated circuit and re-packaging of used old circuits to re-sell as new ones.
** Presenter:
Giorgio Di Natale received the PhD in Computer Engineering from Politecnico di Torino in Italy in 2003.
He is currently a researcher (CR1) for the National Council of Scientific Research (CNRS). He has published more than 100 articles in publications spanning a broad range of diverse disciplines, including memory testing, fault tolerance, software implemented hardware fault tolerance and secure circuits. He is the action chair of the COST Action IC1204 (TRUDEVICE), senior member of the IEEE and chair of the European group of the Test Technology Technical Council (TTTC) of IEEE Computer Society.