AI for Microelectronics Security & Assurance

AI for Microelectronics Security & Assurance

AI for Security-Aware Electronics:

Counterfeit electronics in the supply chain are a longstanding problem with nontrivial impacts to government, industry, and society as a whole: (i) security and reliability risks for critical systems and infrastructures that incorporate them; (ii) substantial economic losses for intellectual property (IP) owners; (iii) source of revenue for terrorist groups and organized crime; (iv) reduce the incentive to develop new products and ideas, thereby impacting worldwide innovation, economic growth, and employment. The counterfeit chip market has an estimated worldwide value of $75B, and such chips are integrated into electronic devices reportedly worth more than $169. The ongoing chip shortage due to the COVID-19 pandemic is only aggravating the situation by creating huge gaps in the supply chain.

 A current FINS thrust focuses on using artificial intelligence (AI), image processing, and computer vision to address the challenges associated with non-invasive physical inspection for counterfeit integrated circuit (IC) and printed circuit board (PCB) detection. Namely, by automating identification of the defects associated with counterfeits, to reduce the time, costs, and need for subject matter experts. This technology is envisioned for use by non-technical, minimally trained operators such as border agents at U.S. Ports of Entry.

 

Automated  Physical Inspection for Counterfeit Electronics Detection and Avoidance:

Counterfeit electronics in the supply chain are a longstanding problem with nontrivial impacts to government, industry, and society as a whole: (i) security and reliability risks for critical systems and infrastructures that incorporate them; (ii) substantial economic losses for intellectual property (IP) owners; (iii) source of revenue for terrorist groups and organized crime; (iv) reduce the incentive to develop new products and ideas, thereby impacting worldwide innovation, economic growth, and employment. The counterfeit chip market has an estimated worldwide value of $75B, and such chips are integrated into electronic devices reportedly worth more than $169. The ongoing chip shortage due to the COVID-19 pandemic is only aggravating the situation by creating huge gaps in the supply chain.

A current thrust of FINS research focuses on using artificial intelligence (AI), image processing, and computer vision to address the challenges associated with non-invasive physical inspection for counterfeit integrated circuit (IC) and printed circuit board (PCB) detection. Namely, by automating identification of the defects associated with counterfeits, we can reduce the time, costs, and need for subject matter experts. This technology is envisioned for use by non-technical, minimally trained operators such as border agents at U.S. Ports of Entry.

 

Cyber Deception for Proactive Defense Against Physical Attacks:

Modern system-on-chip circuits (SoCs) handle sensitive assets like keys, proprietary firmware, top secret data, etc. Attacks against SoCs may arise from malicious or vulnerable software, the hardware itself (e.g., hardware Trojans), and physical attacks against hardware (side channel analysis, fault injection, optical probing, microprobing, and circuit edit). Recently, cyber-attacks that exploit physical vulnerabilities have been successfully performed against commercial chips, e.g., to remotely extract keys from TrustZone in ARM/Android devices, to breach confidentiality and integrity of Intel SGX and AMD SEV, and more. These exploits demonstrate that existing solutions are not enough. Further, given the static and long-lived nature of hardware, it can be argued that compromise by physical attacks is inevitable.

FINS’ current research on this topic aims to address hardware vulnerabilities to physical attacks using cyber deception. Cyber deception is an emerging proactive methodology that tries to reverse the typical asymmetry in cybersecurity where the attacker changes at will while the defender is a static “sitting duck”. Specifically, we are utilizing deception to enable chip designers to gather intelligence on attacks/attackers, assess their exploitive capabilities, and perform self-aware manipulation that forces them to waste valuable time and resources during physical attacks. In the long term, artificial intelligence (AI) and game theory will be used to craft optimal hardware deception policies.

 

Data Augmentation:

A significant barrier in data-driven analysis, especially deep learning, is the lack of data. In microelectronics security, the development of pre-silicon assessment tools and post-silicon assistance tests requires lots of real-world test articles, benchmarks, measurements, and datasets. The obvious advantage of real examples is that they have security vulnerabilities already identified, e.g., CVEs in the National Vulnerability Database. However, such designs are typically confidential, proprietary, or difficult to share. Further, collecting images and/or measurements from real-world systems can be time-consuming and expensive. This has led most researchers to rely on open-source data, which is also limited.

In this project of Dr. Forte‘s, we focus on generating arbitrarily large amounts of synthetic test articles and benchmarks using data augmentation. Data augmentation is a technique used to increase the amount of data by adding slightly modified copies of already existing data. For example, in the image domain, we are employing generative adversarial networks (GANs) and semantic maps to create realistic optical and SEM images for counterfeit detection, hardware Trojan detection, etc. At the circuit level, we are creating diverse test articles and benchmarks using a mixture of parameter variation, traditional optimization, and AI-based optimization.

 

Reverse Engineering for Integrated Circuits:

Integrated Circuit (IC) manufacturing leverages a global supply chain to maintain economic competitiveness. Modularization of the manufacturing workflow leaves it vulnerable to malicious attacks. For instance, untrusted foundries may deliberately install backdoors, i.e., hardware Trojans, into cyber systems for an adversary to exploit at will, or the circuit design -the intellectual property (IP) of the designer, maybe stolen and duplicated. Reverse Engineering (RE) is the only approach for security experts to verify IC design, detect stolen IP, and, potentially, guarantee trust in the device. However, the existing RE process is ad-hoc, unscalable, error-prone, and requires manual intervention by subject matter experts -thereby, limiting its potential as the go-to tool for hardware assurance. 

One of FINS’ projects on this topic is working on resolving these limitations by developing critical algorithmic infrastructure to advance automation in the IC RE process. This project uses concepts from image processing, computer vision, machine learning and artificial intelligence (AI) to acquire, process and gain insights from electron microscopy images of the IC and further develop AI-driven security policy for generating RE-compliant IC design for seamless cost/time-efficient design verification. The knowledge gained through this project will also be disseminating through educational programs and collaborations with the semiconductor industry.