research

Graphic courtesy of Pranav Mehta

Ozgur Sinanoglu: The Future of Chip Security

Professor Ozgur Sinanoglu talks to the Research Desk about his work, cyberattacks and the future of chip security.

Nov 12, 2016

Ozgur Sinanoglu is an associate professor of Electrical and Computer Engineering. He heads the Design for Excellence Lab, which focuses its research on chip security and reliability. The National recently covered his team’s research. On the occasion of Cyber Security Awareness Week at NYU Abu Dhabi, The Gazelle's Research Desk talked to Sinanoglu about his work, cyberattacks and the future of chip security.
The DFX lab stands for Design for Excellence. Could you elaborate what Design for Excellence techniques are with respect to your field of work?
Design for Excellence is a very general term that we picked deliberately to encapsulate a variety of things. When you are designing a chip, traditionally you design it for performance, to make it run fast, for low power operations so that your battery lasts longer; you also make sure that the chip area is small so that you can pack more functionality and you make the final electronic devices small. These are the metrics chips have always been designed for. But lately, new metrics have been added to the mix. For the last 30 years or so, reliability has been improved so you can design chips that last longer in the field — you don’t want them to fail quickly or produce erroneous outputs. This constitutes Design for Reliability.
Recently, in the last 10 years, security has gained popularity; even at the lowest level of abstraction, which is hardware, because everything is built on top of hardware. When hardware is compromised, no matter how strong the software is, the whole system is compromised. Thus, Design for Security is another theme within the Design for Excellence framework. Security as well as trust are important; chips that a company designs are typically fabricated offshore, so designers do not have perfect control over the fabrication process. There is no guarantee that the fabricated chips will be doing what the design dictates. To summarize, Design for Reliability, Design for Security and Design for Trust are the new themes that my lab is looking at, in addition to area, power and design.
There has been a surge in cyberattacks over the world recently. Why do you think this is the case, and how can your work help prevent them?
To understand this better, let’s categorize these cyberattacks into three groups. The first is hacking that goes on for financial purposes. People want to hack credit cards and financial systems to make profit — that’s stealing using technology. Another form of attack is activism. They believe in a certain cause and they don’t like certain governments and corporations so they go and hack by DDoS attacks and shut their servers down. The final form of attack, which has been increasing in the last few years — and I think this form of attack is of concern to most people — is one state launching attacks on other states in the cyberworld, which is far more serious than hacktivism.
My research is looking at these threats irrespective of the final category of the acts. When we ask for research collaboration with certain agencies, we tailor chips to their needs. They can use [my work] to secure whatever application they have, against threats that concern them. Our research addresses security and trust at the hardware level. Our chips may be designed here at a safe place where nobody can steal anything, but once the designs are complete and we ship it off to a fabrication yard offshore, can we really trust the end result? When the time comes, the chips need to be tested for defects, packaged and assembled. Even these steps today are outsourced to third parties. Can we trust these steps? So what are some of the things we can do on the design level? Can we put some defences on the chip level, so that when somebody tampers [with the chip], the chips becomes useless, for instance? Or perhaps, people won’t be able to understand the chip design because of some obfuscations put at the design level. These are some of the things we do so that the final product is trustworthy.
You mentioned the increasing role of states in the cyberworld. Any engineering involves technical and ethical facets, so with respect to the recent FBI-Apple encryption dispute, where do you draw the line between complete encryption and providing backdoor channels for access?
The good thing is my research doesn’t usually face these questions at all. We always approach the problems at a technical level. This is more of a personal question, and my answer doesn’t matter there. There are two kinds of people who could come to us. One could ask — We have a research problem, can you help figure out a backdoor into it? The other could say — Let’s design these chips in a way that is impossible to break. For example, Apple, so that FBI cannot hack into their chips. It’s a difficult question and really depends on the context in which we’re dealing with things. In our research, we keep things very generic, without having to deal with these ethical dilemmas and questions. I agree that when it comes to security, technology is just one among many factors like public policy, law, psychology and intellectual property — it is a broad spectrum of things. Yet, we really hope that it doesn’t come to us making calls in either direction; we just like to stick to the technology and the research aspects.
Could you tell me what the consequence of Moore’s Law would be on your work? Do you fear that by the time you come up with a prototype or product, it could already start becoming irrelevant simply because of the way technology is progressing?
First of all many people argue that Moore’s Law is coming to an end because technology cannot be scaled any further as we are reaching the physical limits. That is triggering a whole new research on emerging technologies. Today, we are using a certain technology, but can we continue using the same material and keep pushing for Moore’s Law to make chips smaller, faster and less power consuming? In my research, we are looking for these emerging technologies and their safety implications, specifically whether they are going to introduce vulnerabilities that don’t exist in today’s chip. We are also looking at what these new technologies offer in terms of certain properties that we can leverage for security.
Secondly, the type of defences we typically come up with in our research are typically independent of the underlying technology or material. We think that whatever defences we come up with, for the most part, are applicable at least for a couple of generations. With that in mind, we still keep track of emerging developments and their security aspects.
Often in your line of work, prototyping is easier than mass production. Do you face problems in replicability?
In this line of research, you need to ensure that the solutions you come up with are practical and scalable. Typically, in academia, what people do is they implement these solutions as software tools and they collect results with computer simulations. What we’re about to do, in a different way, is designing a complete chip and we implement defence solutions in that chip and get it fabricated. In November, we’ll ship the design to an offshore fabrication yard — just like the model the industry follows — specifically, GlobalFoundries fabrication yard in Singapore. Our home-grown security solutions will be fabricated on the microprocessor. Then, we will be able to claim that this would be the first truly trustworthy microprocessor chip that is resilient to different kinds of threats. Nobody will be able to tamper with the chip during fabrication because they won’t be able to tell the functionality.
Another concern is sending a chip to the fabrication yard and telling them to fabricate 10,000 pieces, but they go ahead and fabricate 20,000 and sell off the excess chips in the black market. This is called overproduction. In the case of our chips, nobody will be able to do that because there will be a secret key to be loaded into the chip, without which it is useless. In term of mass production, the fabrication yard can only make the number we tell them because we will get the chips back and load the secret key onto the chips. In this field, you could come up with the greatest solution in your mind, but it could be [so] impractical that nobody could implement [it]. This solution took us time, but now that we have all the pieces together, we are excited for it.
Your research primarily deals with hardware. A major problem in the chip industry today is the risk of products being reverse-engineered by rivals. Do you foresee that as a potential danger?
Indeed. Along with the threat of hardware trojans, in which someone plants malicious circuitry in your design in the fabrication yard that could serve as backdoors, reverse engineering is another threat that we address. This is a big problem when it comes to certain applications such as military applications, when weapons fall in the hands of the enemy, who can then reverse-engineer the chip to reconstruct the design details to be able to clone it. One of Intel’s microprocessors, a pretty advanced technology, has been fully reverse-engineered. This was done by taking a chip and opening it up. A chip consists of metal layers, images of which are taken by specialized microscopes. Chemicals are used to peel the first layer, get images, peel the next layer and so on, after which image processing tools are used to reconstruct the design details. There is a company in San Francisco which goes by the name Chipworks that actually provides this as a service. Let’s say you are a design company. You take your competitor’s chip, give it to this company and for a sum of money, they will reverse-engineer the chip — remember, in the U.S., reverse engineering is legal. What you cannot do, however, is clone a chip, sell it and make money. You can also get a chip reverse-engineered to check whether another company stole your intellectual property. If you identify similarities, you can then sue the company for using the same design block. If companies in California can do this, imagine national states and the enormous resources they have.
Thus, we design the chip in such a way that there are obfuscations even at the transistor and layout levels. So when somebody takes images, because of some dummy contacts and connections, reverse-engineers think these parts have a function, but this isn’t the case. We call this layout camouflaging, which is a solution against hackers reverse-engineering our chips.
How far do you think you are from deploying your solutions at a larger scale?
So far, our work has been research-based. We have done projects with U.S. government entities like the Department of Defence and the Army Research Office and we are doing projects indirectly with the UAE government as well; there are entities that fund local research and we received grants. So at this level, we are collaborating with different agencies to get our research going. We are also publishing papers and filing patent applications. The recent developments in chip fabrication, with our solutions in them, is our first step into thinking how we can take these solutions and deploy them in wide applications. Once we have those chips, we will have solutions and a proof-of-concept that shows that the things that we intended to do are not only computer simulations, but are also implemented on a physical chip.
Email the Research Desk at feedback@thegazelle.org.
gazelle logo