基于A2-RO电路版图填充的硬件木马抗植入方法

李宗哲; 何家骥; 马浩诚; 刘燕江; 秦国轩; 赵毅强

doi:10.13700/j.bh.1001-5965.2020.0592

基于A2-RO电路版图填充的硬件木马抗植入方法

doi: 10.13700/j.bh.1001-5965.2020.0592

1.
天津大学微电子学院, 天津 30007
2.
清华大学微电子学研究所, 北京 100084
3.
中国人民解放军战略支援部队信息工程大学, 郑州 450001

基金项目:

国家自然科学基金 61832018

详细信息

通讯作者:
赵毅强, E-mail: yq_zhao@tju.edu.cn

中图分类号: TN47
计量
- 文章访问数: 424
- HTML全文浏览量: 146
- PDF下载量: 101
- 被引次数: 0
出版历程
- 收稿日期: 2020-10-20
- 录用日期: 2020-12-31
- 网络出版日期: 2022-03-20

A hardware Trojan insertion prevention method based on layout filling with A2-RO circuit

1.
School of Microelectronics, Tianjin University, Tianjin 30007
2.
Institute of Microelectronics, Tsinghua University, Beijing 100084, China
3.
Information Engineering University of PLA Strategic Support Force, Zhengzhou 450001, China

Funds:

National Natural Science Foundation of China 61832018

More Information

Corresponding author: ZHAO Yiqiang, E-mail: yq_zhao@tju.edu.cn

摘要

摘要:
集成电路芯片制造过程中，攻击者可以利用电路版图中的空白区域植入硬件木马。为此，提出了一种基于A2-RO电路版图填充的硬件木马抗植入方法, 以减小电路版图中的空白区域为防护目标，设计了能够动态监测稀有节点翻转情况的功耗表征结构A2-RO，并提出了迭代填充算法及路径构建算法，通过在电路版图的空白区域中智能化地构建A2-RO电路，提高了电路的安全防护水平。基于SMIC 180 nm工艺，以ISCAS’85和ISCAS’89中的基准电路作为研究对象进行仿真验证。仿真结果表明：版图填充后，芯片的面积利用率提高至95%以上，剩余空白区域无法填充最小尺寸的标准单元。A2-RO电路移除攻击后的侧信道电流变化值为1.921 mA，有效实现了对版图空白区域的防护。版图填充的额外布线资源开销可控制在7%以内，对关键路径延时的影响在1.2%以内。
- 集成电路 /
- 硬件木马 /
- 版图填充 /
- 稀有节点 /
- 标准单元
Abstract:
During the chip manufacturing process of integrated circuits, attackers can use blank areas in the circuit layout to implant hardware Trojans. For this reason, this paper proposes a method to prevent inserting hardware Trojans by filling the layout with A2-RO circuit. The goal of protection is reducing the blank areas in the circuit layout. This paper designs the power consumption characterization structure named A2-RO that can dynamically monitor the flipping of rare nodes. And the iterative filling algorithm and the path construction algorithm are proposed. We construct the A2-RO circuit in the blank area intelligently to improve the security level of the circuit. We apply the benchmark circuits in ISCAS'85 and ISCAS'89 as the research object for simulation based on the SMIC 180 nm process. The simulation results show that after filling the layout, the area utilization rate of the chip will be increased to more than 95%, and the remaining blank area cannot be filled with the smallest standard cell. After the removal attack of A2-RO circuit, the change of side channel current is 1.921 mA. The A2-RO circuit can effectively protect the blank areas. The additional routing overhead for layout filling can be controlled within 7%, and the impact on the critical path delay is within 1.2%.
- integrated circuit /
- hardware Trojan /
- layout filling /
- rare node /
- standard cell

HTML全文

图 1 A2-RO电路

Figure 1. A2-RO circuit

下载: 全尺寸图片幻灯片

图 2 A2电路波形示意图

Figure 2. Schematic diagram of A2 circuit waveform

下载: 全尺寸图片幻灯片

图 3 版图填充流程

Figure 3. Layout filling flowchart

下载: 全尺寸图片幻灯片

图 4 迭代填充算法流程

Figure 4. Iterative filling algorithm flowchart

下载: 全尺寸图片幻灯片

图 5 路径构建算法流程

Figure 5. Path construction algorithm flowchart

下载: 全尺寸图片幻灯片

图 6 版图填充

Figure 6. Layout filling

下载: 全尺寸图片幻灯片

图 7 布线资源开销

Figure 7. Routing overhead

下载: 全尺寸图片幻灯片

图 8 平均延时变化比

Figure 8. Mean delay change ratio

下载: 全尺寸图片幻灯片

图 9 最大延时变化比

Figure 9. Maximum delay change ratio

下载: 全尺寸图片幻灯片

图 10 A2-RO电路仿真波形

Figure 10. A2-RO circuit simulation waveform

下载: 全尺寸图片幻灯片

图 11 功耗对比

Figure 11. Power consumption comparison

下载: 全尺寸图片幻灯片

表 1 标准单元信息

Table 1. Standard cell information

标准单元名称	高度/μm	宽度/μm
INVX1	5.04	1.32
INVX2	5.04	1.98
INVX3	5.04	2.64
INVX8	5.04	3.96
INVX12	5.04	8.58
AND2X1	5.04	2.64
A2	5.04	18.48

下载: 导出CSV

表 2 基准电路填充结果

Table 2. Reference circuit filling results

基准电路	初始面积利用率/%	最终面积利用率/%	A2数目/个	逻辑单元数目/个
c6288	84.90	95.43	4	105
c6288	90.03	97.35	2	67
c7552	84.97	95.71	4	104
c7552	90.08	96.79	2	62
s1423	85.21	95.90	2	82
s1423	90.31	96.90	2	52
s13207	85.90	95.88	18	618
s13207	90.10	96.41	13	445

下载: 导出CSV

表 3 设计指标对比

Table 3. Comparison of design indicators

文献	引脚开销/个	额外面积开销/μm²	可填充最大初始面积利用率/%	是否兼容数字电路设计流程
文献[9]	4	0	80	是
文献[10]	4	0	85	是
文献[11]	≥2	>0	不受限制	否
本文	0	0	90	是

下载: 导出CSV

参考文献(16)

[1]	GUIN U, ZHOU Z, SINGH A. Robust design-for-security architecture for enabling trust in IC manufacturing and test[J]. IEEE Transactions on Very Large Scale Integration Systems, 2018, 26(5): 818-830. doi: 10.1109/TVLSI.2018.2797019
[2]	YASIN M, RAJENDRAN J, SINANOGLU O, et al. On improving the security of logic locking[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2016, 35(9): 1411-1424. doi: 10.1109/TCAD.2015.2511144
[3]	ZHANG J L, QU G. Recent attacks and defenses on FPGA-based systems[J]. ACM Transactions on Reconfigurable Technology and Systems, 2019, 12(3): 1-25.
[4]	HOSSEIN-TALAEE H, JAHANIAN A. Layout vulnerability reduction against Trojan insertion using security-aware white space distribution[C]//2017 IEEE Computer Society Annual Symposium on VLSI. Piscataway: IEEE Press, 2017, 1: 551-555.
[5]	SALMANI H, TEHRANIPOOR M. Vulnerability analysis of a circuit layout to hardware Trojan insertion[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(6): 1214-1225. doi: 10.1109/TIFS.2016.2520910
[6]	黄钊, 王泉, 杨鹏飞. 硬件木马: 关键问题研究进展及新动向[J]. 计算机学报, 2019, 42(5): 67-91. https://www.cnki.com.cn/Article/CJFDTOTAL-JSJX201905005.htm HUANG Z, WANG Q, YANG P F. Hardware Trojan: Research progress and new trends on key problems[J]. Chinese Journal of Computers, 2019, 42(5): 67-91(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-JSJX201905005.htm
[7]	LI H, LIU Q, ZHANG J L. A survey of hardware Trojan threat and defense[J]. Integration, 2016, 55: 426-437. doi: 10.1016/j.vlsi.2016.01.004
[8]	COCCHI R P, BAUKUS J P, CHOW L W, et al. Circuit camouflage integration for hardware IP protection[C]//2014 51st ACM/EDAC/IEEE Design Automation Conference. Piscataway: IEEE Press, 2014: 1-5.
[9]	XIAO K, FORTE D, TEHRANIPOOR M. A novel built-in self-authentication technique to prevent inserting hardware Trojans[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2014, 33(12): 1778-1791. doi: 10.1109/TCAD.2014.2356453
[10]	BA P S, DUPUIS S, PALANICHAMY M, et al. Hardware trust through layout filling: A hardware Trojan prevention technique[C]//2016 IEEE Computer Society Annual Symposium on VLSI. Piscataway: IEEE Press, 2016: 254-259.
[11]	SUPON T M, SEYEDBARHAGH M, RASHIDZADEH R, et al. Hardware Trojan prevention through limiting access to the active region[C]//14th International Conference on Design & Technology of Integrated Systems in Nanoscale Era. Piscataway: IEEE Press, 2019: 1-6.
[12]	LIU Y, ZHAO Y, HE J, et al. A statistical test generation based on mutation analysis for improving the hardware Trojan detection[J]. Journal of Circuits, Systems and Computers, 2020, 29(3): 10-25.
[13]	YANG K, HICKS M, DONG Q, et al. A2: Analog malicious hardware[C]//Security & Privacy. Piscataway: IEEE Press, 2016: 18-37.
[14]	SAHA S, CHAKRABORTY R S, NUTHAKKI S S, et al. Improved test pattern generation for hardware Trojan detection using genetic algorithm and boolean satisfiability[C]//International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015: 577-596.
[15]	赵永嘉, 戴树岭. 基于图像骨架和贪婪算法的无人机航路规划[J]. 北京航空航天大学学报, 2010, 36(4): 474-477. https://bhxb.buaa.edu.cn/CN/Y2010/V36/I4/474 ZHAO Y J, DAI S L. Unmanned aircraft vehicle path planning based on image skeleton and greedy algorithm[J]. Journal of Beijing University of Aeronautics and Astronautics, 2010, 36(4): 474-477(in Chinese). https://bhxb.buaa.edu.cn/CN/Y2010/V36/I4/474
[16]	李红, 张志宾. 基于快速模拟退火的组合聚类算法[J]. 北京航空航天大学学报, 2019, 45(8): 1646-1652. doi: 10.13700/j.bh.1001-5965.2018.0647 LI H, ZHANG Z B. Ensemble clustering algorithm based on rapid simulated annealing[J]. Journal of Beijing University of Aeronautics and Astronautics, 2019, 45(8): 1646-1652(in Chinese). doi: 10.13700/j.bh.1001-5965.2018.0647