Confusion is the name of the game in outwitting microchip reverse engineers
If your enemy’s warship is better than yours, there are two things you can do.
You can start from scratch, employing small armies of researchers and engineers to match or beat it. Or you can get hold of one of your opponent’s warships, figure out how it works, and copy it.
It is a practice known as reverse engineering, and it has a long, but not altogether glorious, history. More than 2,000 years ago, the Romans reverse-engineered ships captured from Carthage, ultimately contributing to Rome’s defeat of the North African civilisation.
Plenty of others are still at it. Two years ago, Iran claimed it had reverse-engineered an American spy drone that crashed on its territory.
Iran was understandably keen to shout about its high-tech copying from the rafters. More often, though, countries and companies are much more coy about their industrial and military espionage.
Last year, China tried to deflect suggestions that its Shenyang J-15 fighter aircraft was a reverse-engineered Russian Sukhoi Su-33, claiming its own aircraft was more advanced than the one it was supposedly based on.
But while these audacious pilferings grab headlines, many acts of reverse engineering are on an altogether smaller, but arguably no less significant, scale. In recent years, the reverse engineering of microchips, which run everything from smartphones to nuclear power plants, has become a major problem, one that is said to cost legitimate producers billions of dollars a year.
It is a problem that has only been exacerbated by the globalisation of research and development, and manufacturing over the past decade, according to Dr Ozgur Sinanoglu, an assistant professor of engineering at New York University Abu Dhabi.
“The whole design process has become globally distributed,” says Dr Sinanoglu. “The chips are designed in one part of the world and fabricated in offshore factories somewhere in Taiwan or China. This has opened up security or trust vulnerabilities in these electronic chips.”
Reverse engineering a microchip is not easy. Working out the identity of all the tens of millions of connections that make up a modern integrated circuit is the very definition of a fiddly business, requiring the use of chemicals to open up the layers of the chip before microscopes and advanced imaging technology are employed to work out the connections.
But in the future, legitimate chip manufacturers could have advanced technology of their own at their disposal as they look to prevent the theft of their intellectual property.
Dr Sinanoglu and a team of co-researchers at the Polytechnic Institute of New York University (NYU-Poly) recently revealed details of a method aimed at stopping reverse engineers in their tracks.
To prevent copiers from working out how a circuit works, engineers can insert what are known as “camouflaged gates”. In simple terms, these are fake electrical connections within the circuit designed to act as decoys to hackers.
“Chips consist of multiple different layers. There are contact points where layers touch … An attacker cannot see what’s inside that contact. We create contacts in such a way that certain contacts are real, but certain contacts deceive,” says Dr Sinanoglu.
“From the top-level view, it looks like there’s a contact point, but actually it’s a fake contact point.”
Working out which of these apparent contact points are real or fake is certainly possible. But doing so for each of the tens of millions of gates in a chip, given that the genuine and fake gates look identical under a microscope, is an extremely time-consuming process of trial and error – off-putting to all but the most determined (and well-resourced) thief.
What Dr Sinanoglu and the other researchers have done is develop a sophisticated piece of software that works out how many camouflaged gates a particular chip needs, and suggests where they should be located.
Camouflaged gates require more transistors than a standard gate. The result is that they not only consume about 25 to 30 per cent more power, they also take up more room on a chip. So the aim is to have just enough to ensure the chip design is secure, while not demanding too much space or power.
In a chip with about 100 million gates, the software’s step-by-step calculation procedure, known as an algorithm, suggests 4 to 5 per cent of gates need to be camouflaged to make the circuit secure.
If this many gates are camouflaged, the size of the chip is increased by about 0.2 to 0.3 per cent and the amount of power it consumes grows by a similar amount. Determining how much more expensive this would make the chip is more difficult, says Dr Sinanoglu, but at least the modest reduction in efficiency is manageable.
Among Dr Sinanoglu’s joint researchers on the project is Jeyavijayan Rajendran, a doctoral candidate and the lead author of the paper that the scientists wrote in describing their work.
It was recently named the best student paper at a conference on computer and communications security, organised by the Association for Computing Machinery.
In a further demonstration of the potential significance of the work, Dr Sinanoglu and a co-researcher, Ramesh Karri, a professor at NYU-Poly, have been awarded a US$500,000 grant by the United States government’s National Science Federation to continue their research over the next three years.
The scientists would like to see their idea commercialised, so that companies could use their software when developing integrated circuits.
Manufacturers would only want to use the algorithm if the software is almost foolproof. Dr Sinanoglu is confident that this is the case, saying it is “close to impossible” to reverse engineer a chip with the recommended number of camouflaged gates in the proposed locations. It would take about 100 man-years to make a copy, Dr Sinanoglu suggests.
That said, it is difficult to tell what tricks the cyber-attackers might have up their proverbial sleeve now or in the future.
“We make our claim based on the assumption that we know the technology used for reverse engineering, but there’s no guarantee that they [copiers] couldn’t come up with the next phase [of technology]. The attackers are advancing rapidly,” says Dr Sinanoglu. “We come up with a defence, and they come up with a new attack.”
Published: January 19, 2014 04:00 AM