There are many ways to hack a chip, including monitoring its power consumption, measuring the radiation it emits (side channel attacks), hitting it with a laser, and physically probing it (tampering). A group of Virginia Tech researchers is leading an effort to close these invasive and non-invasive security holes by meeting each threat with a strong defensive countermeasureone based on nanomaterials and nanodevices.
They have gathered a team to map out a nano-shield to protect a standard CMOS chip. Led by Patrick Schaumont, an associate professor of ECE and expert in secure embedded devices, the team could be considered a special-forces unit of chip security. Schaumont is joined by associate professors Leyla Nazhandali, an expert in chip design, circuit design, and physical unclonable functions (PUFs), and Mantu Hudait, an expert in nanotechnology and FinFET device engineering. Nanotechnology experts from Rice University and cryptographic engineers from Worchester Polytechnic Institute round out the team.
The team is known for many first-of-a-kind demonstrations of scientific concepts, including pioneering research in nanotechnologies and hardware Trojan detection, the demonstration of the first Advanced Encryption Standard (AES) chip, the demonstration of the first SHA-3 chip, and the first demonstration of a side-channel attack on a commercially deployed key lock system.
The chip fortress they plan to design will require all their skills and expertiseand more first-of-kind technologies. We are exploring two security concepts in parallel," says Schaumont. "First, we will develop novel security countermeasures based on nanomaterial shields. Second, we will develop novel nanodevices as active components within a chip."
Layers of shields
The team is building shields to reduce leakage of sensitive information. Some of these security measures can be layered above and below the main portion of the chip, including on-chip batteries and a Faraday cage. "If no signal has to pass in or out, it becomes much more difficult to figure out what the chip is doing," according to Schaumont. "It's like building a little bunker for your chip."
Patrick Schaumont, Leyla Nazhandali, and Mantu Hudait are working to create an impregnable chip.
A classic side-channel attack is to monitor a chip's power consumption. "If you have the battery on the chip, it's completely inaccessible to an attacker." On-chip batteries are usually too costly to be used, but new materials make this countermeasure possible with capacitors, surpercapacitors, and nanobatteries, Schaumont says.
The team also wants to place the entire chip inside a Faraday cage. "We want an EM shield that protects the entire chip, not just a single module," he explains. Once an entire chip can be protected, individual protection of IP cores is no longer necessary and protection becomes less expensive and more transferrable, while development time is slashed.
Nanomaterial shields to eliminate physical tampering are also being developed. "The density and sensitivity of nanomaterials like graphene makes conventional tampering, such as focused ion beams infeasible," he says.
Devices and primitives
While shielding is critical for security, the team is also devising devices that aid in protection, including tamper sensors, secure storage, and even a kill switch. "We want to make the chip aware of any attempt to tamper with it, and able to shut down or destroy itself as necessary," says Schaumont.
Another strategy is to build a small, secure storage area into the chip, "like a lockbox inside a chip," says Schaumont. "Some secret bits can be stored in there, and even if you know where to look, you can't find their value." For that, they look into nanotechnology inspired PUFs.
The final point of defense would be a self-destruct option. Although fuses are already used for this sort of application, current CMOS fuses can be mended. "We're going to build irreparable nano-fuses," asserts Schaumont.
The team is considering multiple, composable countermeasures for protection. This is important, Schaumont says. "Our threat model assumes adversaries may be in physical proximity or even in possession of the chip. It may sound surprising that someone would try to physically tamper your computer," he says. "Nevertheless, this is implied by our desire to take our computers anywhere, and to embed them in everyday objects like credit cards, passports and USB dongles." Threats to the physical security cannot be addressed by changing the application software, or by changing the cryptographic algorithms, he adds.