We describe a design and fabrication experiment that has been performed to investigate a methodology for assessing the security of application specific integrated circuits (ASICs) fabricated in a split-manufacturing process based on 3-D integrated circuit (3DIC) technologies. The purpose of this process is to protect critical IP from reverse engineering if an adversary obtains either the fabricated wafers or their GDS. A number of 3DIC-based fabrication alternatives were evaluated, and one is selected for this experiment. Several designs, from the trivial to the complex, were used for the study. A self-test module was embedded in each design to facilitate the postfabrication testing. Various obfuscation techniques that include camouflage in the form of function and lookup table hiding and insertion of redundant logic in order to confuse potential attackers were applied. Smart partitioning was implemented for each design in an attempt to conceal vital functions. We introduced metrics that are based on the number of connection possibilities ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$C_{p}$ </tex-math></inline-formula> ) and the depth of partitioning ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$P_{\mathrm{ depth}}$ </tex-math></inline-formula> ) to measure the obfuscation strength. The results show that it should take more than 10 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">60</sup> years to reconstruct the netlist using a brute-force attack. Measurement results are presented showing fabrication success.
Read full abstract