Multi-Objective Optimised Synthesis to Improve Cybersecurity – MOOSIC

For that, we first need to establish security properties to be guarantee against HTs, then propose metrics allowing an evaluation of the different parts of the SoC according to these properties and finally integrate gradually efficient counter-measures on sensitive parts.
Security properties can be of two kinds:
• Specific to a functional behavior
• Generic to the data processing
Once these properties are established, we need to take them into account in the design flow and propose efficient hardware counter-measures. Indeed, taking security into account can have a significant impact on performance of the SoC [5-7]. It is therefore necessary to find a good compromise between the level of security sought after and performance. For this, methodologies proposed in the context of SoCs reliability [8] can be helpful. They consist in adding redundancy to the sensitive parts of the SoC and then synthesizing it using the standard criteria (frequency, area, power consumption) and, if performance is not satisfactory, to reiterate the process by changing the architecture [9]. This approach is very expensive in term of design time since it generally requires a lot of iterations to achieve an acceptable solution. Having an automatic and optimized methodology would significantly reduce design time.

Efforts have been made around logic locking technics, and more precisely to SAT attacks counter-measures (based on SAT solver) aiming to find the locking key value. A counter-measure based on protecting scan path was first proposed. In fact, such SAT attacks can only work on combinatorial circuits. To treat sequantail circuits, an access to the scan path is necesary. Prevent an attacker to read/write the scan path stop attack's progress.
Then we concentrate on the problem of optimized insertion of logic locking. A linear mathematical model was first proposed, which has been linearized to use a solver to solve the problem with an exact manner. Then an heuristic was proposed to solve the problem on larger instances. The results on classical benchmarks (ISCAS-85) are promising and encourage to continue.
This work has been integrated inside the Coriolis design flow developped at LIP6. Then, beginning from a synthsized netlist, we build the corresponding graph used for optimisaton. We get the optimized solution to insert key gates in the orignal netlist. In this manner, the proposed solving methodes have been integrated in the design flow. These first works permitted to integrate the functionalities needed by optimisation methods in the design flow.
We also prepared a test plateform for a PicoRV32 processor implemented in the DE1 SoC board with a CycloneV FPGA. This plateform will be usefull to test and validate the methods developped during the project. Different Hardware Trojans were designed and implemented inside the test plateform to then validate the counte-measures.
Furthermore, we proposed a method to detect hardware trojans using electromagnetic waves emitted by the system during its run, combining machine learning algorithms. Obtained results have a detection perfomance close to 100% with a false positive rate of less than 3%. This method can be combined with preventing method to propose a complete counte-measure from pre to post silicon.

We are working on a second counter-measure based on innovative logic gates. The aim of this method is to have a good trade-off between SAT attack resilience and cooruption, contrary to previous works.
For the optimisation methods, number of aspects have to be explored: test on more complexe benchmarks, compare performance between GUROBI and CPLEX solvers. Finally new heuristics have to be explored as well as optimising scan path protection

1. « Placement optimisé d'opérateurs arithmétiques », Mario Flores Gómez, Lilia Zaourar and Roselyne Chotin, ROADEF 2020
2. “Logic Locking: A Survey of Proposed Methods and Evaluation Metrics”, Sophie Dupuis, Marie-Lise Flottes, J. Electron. Test. 35(3): 273-291 (2019)
3. “A Secure Scan Controller for Protecting Logic Locking”, Quang-Linh Nguyen, Emanuele Valea, Marie-Lise Flottes, Sophie Dupuis, Bruno Rouzeyre, IOLTS 2020
2. “Machine Learning based Hardware Trojan Detection using Electromagnetic Emanation”, Junko Takahashi, Keiichi Okabe, Hiroki Itoh, Ngo Xuan Thuy, Sylvain Guilley, Ritu Ranjan Shrivastwa, Mushir Ahmed, Patrick Lejoly, 22nd International Conference on Information and Communications Security (ICICS 20), August 24-27, Copenhagen, Denmark.
4. “Design-for-Hardware-Trust”, Quang-Linh Nguyen, Sophie Dupuis, Marie-Lise Flottes, Bruno Rouzeyre, GDR SoC2 2019
5. Normalisation : Secure-IC contribue à la spécification «Hardware Monitoring« développée dans le cadre de l’ISO/IEC JTC1/SC27/WG3.contribue à la SP «Hardware Monitoring« développée dans le cadre de l’ISO/IEC JTC1/SC27/WG3

Hardware Trojans (HTs) are malicious blocks inserted into Systems on Chip (SoC) by untrusted parties in the IC design/manufacturing flow. They have been identified as a realistic threat, among others to the car safety and military. HTs aim to change SoCs’ behavior, ranging from denial of service, decreased reliability, to confidential information leakage. Such attacks lead to multi-billions dollars loss per year for the semiconductor industry.
Countermeasures against HTs exist, divided into two categories: detection and prevention. Ten years of research have shown that detection is a very challenging task, knowing the stealthy nature of the threat and the multiple possible forms of HTs. Prevention consists in modifying the design flow to take into account security issues. Despite its potential cost, it represents a more effective way to overcome HT insertion. So-called Design-for-Hardware-Trust (DfHT) methods exist, with various goals and impacts on performance.
The MOOSIC project proposes a framework dedicated to security that can be integrated into the conventional IC design flow. The goal is to take into account, as early in the design phase, both countermeasures against HTs and performance, to ensure that the SoC behavior is guaranteed despite untrusted IPs vendors or foundry. Towards this objective, the project envisions to establish and evaluate security properties and then integrate them during synthesis with multi-objective optimization techniques, which will be built on a mathematical modeling of the problem that takes into account both the performance and the HTs‘ effects. It is indeed necessary to find a good compromise between the level of security sought after and performance.
The methodology will be validated on industrial use cases. In this way, the SoC will enable cybercrime avoidance without a significant additional cost.
The project will be conducted by 2 research laboratories specialized in computer science and SoC design (LIRMM and LIP6), a public institute (CEA) dedicated to technological researches, and the “security science company” (Secure-IC)
The project will be divided in 4 scientific work packages:
1. Architecture evaluation in terms of security and proposal of hardware solutions to improve it (LIRMM)
2. Proposal of a complete mathematical modeling of the problem (based on graph theory or mathematical programming) that supports all the constraints and objectives (security, area, frequency, power consumption) as well as optimal resolution strategies for automatic insertion of counter measures (CEA)
3. Proposal of a methodology integrating the model and the proposed hardware solutions (LIP6)
4. Validation on use-cases from the industry (Secure-IC)
Cyber security is a major issue of the Internet of Things and the confidence that we can have in these things. Knowing that by 2020, there will be more than 25 billion connected objects in the world, representing an income of more than 4 trillion dollars, realizing that a connected object contains a HT once it is in use would lead not only to a huge cost but would also undermine the viability of whole business sectors. This threat is comes from the fact that, in the race for low cost, designers no longer control all the steps of the design/manufacturing flow and rely on (possibly untrusted) third parties. Taking into account the problem early in the design phase, and thus ensure a certain confidence in the hardware, will have a significant economic impact.
In this project, we propose not only to take into account the security aspects in the design phase but also other usual constraints such as delay and power consumption. This represents a great scientific advance. For the time being, the security aspect indeed generally treated independently of the others.
This is perfectly relayed by the DEFI 9 “Liberté et sécurité de l’Europe, de ses citoyens et de ses residents” of the ANR Action Plan 2018.