IIPS: Infrastructure IP for Secure SoC Design

Abstract

Security is becoming an increasingly important parameter in current system-on-chip (SoC) design due to diverse hardware security attacks that can affect manufacturers, system designers or end users. To effectively address the security issues, design-time considerations, e.g. incorporation of design-for-security (DfS) features, are becoming essential. However, DfS measures for diverse security threats require specific design modifications to achieve target security level, which significantly increases design effort thus time-to-market, and usually incurs considerable design overhead. In addition, the general heterogeneous architecture of current SoCs makes many core-level DfS mechanisms unusable at SoC level. In this paper, we propose a centralized on-chip infrastructure IP for SoC security (IIPS), which alleviates the SoC designers from separately addressing different security issues through design modifications in multiple cores. It also provides ease of integration and functional scalability. We consider a specific implementation of IIPS that provides protection against: (1) scan-based attack for information leakage through low-overhead authentication; (2) counterfeiting attacks through integration of a Physical Unclonable Function (PUF); and (3) hardware Trojan attacks through a test infrastructure for trust validation. To make the IP amenable for plug-and-play during SoC design, working protocols of the security functions are designed to comply with IEEE 1500 Standard for Embedded Core Test (SECT). Since IIPS resides outside the functional modules, it does not incur functional performance or power overhead. Simulations and experiments on example SoC designs validate the effectiveness of IIPS in providing protections against diverse attacks at a low hardware overhead.