By Professor Ajay Joshi and David Rollow
Most of the attention paid to hacking currently is on software-based “cyberattacks”. But what if a rogue engineer secretly inserts a malicious circuit into an IC chip? Attacks on hardware are as serious a security issue as software cyberattacks, especially in military applications where the danger is that computerized equipment essential to national security can be compromised.
Lately, the US Military has become increasingly worried about the security of Integrated Circuit (IC) chips used in military systems. The major concern so far has been about tampering of chips during the design phase. However, University of Michigan researchers have recently shown that a small malicious circuit can be easily inserted while a processor chip is being manufactured. This malicious circuit can in turn compromise the chip’s operation in the field.
Many companies that sell VLSI chips rely on third-party manufacturers since that gives them access to advanced CMOS technology at low cost. To protect against tampering, during manufacturing, the company engineers use side-channel information (power, temperature, etc.) collected from a variety of on-chip and off-chip sensors to determine if a chip received from a third-party manufacturer is functioning normally. This approach can easily detect large malicious circuits inserted during manufacturing, but it cannot detect small malicious circuits.
Professors Ajay Joshi, Selim Ünlü, and their students have been working on addressing this hardware security vulnerability over the past year. The team has identified a method to optically watermark an IC chip to secure it against any tampering during its manufacture. On this highly interdisciplinary project, Professor Joshi serves as the VLSI expert, while Professor Ünlü provides imaging and nanoantenna technology expertise.
Their method leverages optical structures that are designed as copper metal nanoantennas built into the IC chip. These metal nanoantennas are engineered to collect unique scattering responses that are highly sensitive to their geometry and the optical properties of the structures present in their surroundings. The layout of the entire IC chip design can determine an overall optical watermark for the chip, which serves as the golden reference. The IC chip design is then sent for manufacturing. The manufactured chip is imaged on delivery to compare the chip image to the golden reference using sophisticated signal processing techniques. Any mismatch between the golden reference and its image is considered to be a sign of a compromised chip.