The background description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent the work is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure.
For secure applications, SoCs (sometimes referred to as chips) are typically designed and built to satisfy certain customer requirements. These requirements can be directed to protecting embedded information, such as encryption keys and other secret information, from being copied without authorization. The requirements can also be directed to (i) authenticating origin and identification of a chip for use in a system, and (ii) preventing others from copying, cloning, and/or building counterfeit copies of the chip. Although the counterfeit copies can operate and appear the same as the original chip, the counterfeit copies can subvert (i) operational intent of the original chip, and/or (ii) business interests of the design and manufacturer of the original chip.
Various design techniques, system architectures, and security programs are used as counter-measures in manufacturing life cycles to protect sensitive information and to provide a check on chip authenticity. Traditionally, these were effective counter-measures to prevent competitors, clone manufacturers and/or chip counterfeiters from copying chips and/or extracting sensitive encryption keys and secret data.
The threat of having a chip copied and/or sensitive information extracted has evolved and included advanced reverse engineering techniques meant to extract key secrets or key circuit functionality from a chip based on logic-based estimates (or educated guesses). Complete physical circuit and memory data extraction from a chip has been performed to enable a counterfeit chip to be designed and produced. While an expensive undertaking, this extraction allows a counterfeit chip to be constructed having the same unique identity and secret keys as an original chip. Counterfeit copies generated using this type of extraction only succeed (i.e. operate the same and/or perform the same functions as the original chip) after replicating physically apparent attributes of the original chip and then correcting for any extraction errors.
An advanced state-of-the-art technique includes examining small portions of a chip layer-by-layer as the chip is deprocessed. Deprocessing of a chip includes stripping a chip layer-by-layer to expose visible features in each of the layers. This is done until reaching the lowest level (or substrate) of the chip. Apparent structures are synthesized in each portion of the chip to provide a netlist of connected device structures. The resulting netlist is simulated in a field-programmable gate array (FPGA). The extraction errors are iteratively resolved until the extracted circuit (i.e. circuit built as a copy of the original chip) begins to operate the same as the original chip. While time consuming, error-prone, and expensive, this technique remains a viable technique to reverse engineer a chip.