

# Pre-silicon Identification of Security Vulnerabilities

Doug Carson, Solution Expert doug.carson@keysight.com

**Verification Futures 1/7/2025** 

Innovators
start here

# Secure Devices and Semiconductors



#### Semiconductor Development

- Secure enclaves in ICs
- Assure cryptography silicon
- Protect foundry supply chain
- Protect sensitive IP



#### Aerospace and Defense

- Prevent reverse engineering
- Identify supply chain threats
- Secure communications
- Chain of trust in systems

#### **Commercial Communications**

Ъ

- ORAN radio security
- GSMA eSIM security
- Digital wallets on devices
- Secure boot in network equipment and IoT devices



#### **Data Center**

- Trusted platform modules
- OCP SAFE certification
- Full lifecycle protection of cryptographic material
- Secure AI models from theft and tampering



### **Industry View on Semiconductor Challenges**





Globalization

Supply Chain Security

Securing the lifecycle

System security



Packaging

Chiplets & mixed signal

Side channels

Complexity



## **Scaling Up**

Secure by design feasibility Skills shortage AL and ML



### **Exploiting Hardware Vulnerabilities**





### **How is Hardware Hacked?**

SURVEY DEVICE using SIDE CHANNEL

**M** KEYSIGHT

**BREAK** 

INTO

DEVICE

using

FAULT

**INJECTION** 

### Pre-silicon Opportunities to Break the Hardware Security Kill Chain

"To know your enemy, you must become your enemy" – Sun Tzu



Power leakage Timing leakage

Electromagnetic leakage

Over the air leakage



IDENTIFY FAULT INJECTION POINTS

Power crowbar glitches Clocking glitches

Laser fault injection EM pulse injection



ASSESS VULNERABILITIES

Automated signal acquisition and analysis

Cryptographic test vector leakage assessment



#### **CERTIFY SYSTEM**

Assure compliance to industry protection profiles

Traceability of 3<sup>rd</sup> party devices and subsystems

### **Pre-Silicon Analysis**

Finding leakage at chip design





### **Simulation types**



RTL simulation (signal analysis)

- Fast
- Easy to find root cause
- No gate delays



Netlist simulation (signal analysis)

- With/without gate delays
- Specific to cell library
- More realistic



- Xilinx netlist simulation (signal analysis)
- With/without gate delays
- Specific to FPGA type
- More realistic
- No power simulation possible



#### **Power analysis**

- Slow
- Even more realistic

### **GLITCHES IN RTL SIMULATION**

#### Snippet from VCD file

|                                | Time                      |     | 000 ps 104500 ps | 105000 ps 105500 ps | 106000 ps 106500 ps | 107000 ps 107500 ps 108000 ps |
|--------------------------------|---------------------------|-----|------------------|---------------------|---------------------|-------------------------------|
| Scopes                         | top.clk                   | 1   | 1                |                     |                     |                               |
| ▼ top                          | sbox_isnt[0].sbox_unit.\r | 000 | 000              | χχ 018              |                     |                               |
| ▼ dut                          | sbox_isnt[0].sbox_unit.\r |     |                  |                     |                     |                               |
| ▼ aes_core                     | sbox_isnt[0].sbox_unit.\r |     | 3                | χ2χ1                |                     |                               |
| \regi_reg                      | sbox_isnt[0].sbox_unit.\r |     | 2                | <u> </u>            |                     |                               |
| \state_reg                     | sbox_isnt[0].sbox_unit.\r |     | 3                | <u></u>             |                     |                               |
| ► core_data                    | sbox_isnt[0].sbox_unit.\r |     | 2                | <u> </u>            |                     |                               |
| ► fsm_unit                     | sbox_isnt[0].sbox_unit.\r |     |                  |                     |                     | XXX 3                         |
| ► key_holder                   | sbox_isnt[0].sbox_unit.\r |     | 2                |                     |                     | <u> </u>                      |
| mux_gate_SB                    |                           |     | 3                |                     |                     | <u>^</u>                      |
| sbox_isnt[0].sbox_unit         | sbox_isnt[0].sbox_unit.\r |     |                  |                     |                     | XXX 3                         |
| ► sbox_isnt[1].sbox_unit       | sbox_isnt[0].sbox_unit.\r |     | 3                |                     |                     | <u>X</u> 3                    |
| ► sbox_isnt[2].sbox_unit       | sbox_isnt[0].sbox_unit.\r |     | 1                | XX @                |                     | XXX 0                         |
| ► sbox_isnt[3].sbox_unit       | sbox_isnt[0].sbox_unit.\r |     | 2                | <u></u>             |                     | <u>X3</u>                     |
| ▼ prng_unit                    | sbox_isnt[0].sbox_unit.\r |     | 1                | XX @                |                     | XXX.0                         |
| \regi_reg                      | sbox_isnt[0].sbox_unit.\r |     | 2                | <u>X1</u>           |                     | χ3                            |
|                                | sbox_isnt[0].sbox_unit.\r |     |                  |                     |                     |                               |
| Variables Filter (conl 🛛 🗡 🗛 🕂 | sbox_isnt[0].sbox_unit.\r | 0   |                  |                     |                     |                               |
| E [0]                          | sbox_isnt[0].sbox_unit.\r | 0   |                  |                     |                     |                               |
| KH_add_from_sb                 | sbox_isnt[0].sbox_unit.\r | 0   |                  |                     |                     |                               |
| KH_enable                      | sbox_isnt[0].sbox_unit.\r | 8   | 8                | (a                  |                     | χχ5                           |
| KH_sh_4bytes_from_key [63:0]   | sbox_isnt[0].sbox_unit.\r | 8   | 8                |                     |                     |                               |
| KH_sh_4bytes_rot_to_SB [47:0]  | sbox_isnt[0].sbox_unit.\r | 8   | 8                | ) a                 |                     | χχ5                           |
| SR [0]                         | sbox_isnt[0].sbox_unit.\r | с   | ¢                | χ4                  |                     | χ7                            |
|                                |                           | 4   | 4                | V a                 |                     |                               |

### **TEST CONFIGURATION**



### **Analysis using Inspector – Initial Revision**

#### FPGA netlist simulation (including delays)



**KEYSIGHT** 



# Testing the mitigated design

(C) KEYSIGHT TECHNOLOGIES

### Countermeasures

https://opentitan.org/book/doc/security/implementation\_guidelines/hardware/index.html#general-module-level-design-guidance

- •32-bit wide datapaths
- Constant time crypto operations
- •Blinding and masking of intermediate values
- Increase Hamming weight on state representation
- ECC or dual rail on critical transfers
- Randomness using LFSFs
- Glitch detector circuits



### **Comparison of Leakage Before and After Testing**

Before (left) vs after (right)



**KEYSIGHT** 

### **Correlation with physical measurements**

Most leaky signals from simulation



Measurements from FPGA

### **Keysight Hardware Security Solution Stack**



## Summary

Device security is a real and growing threat impacting semiconductors, AD systems, communications and data centres

Kill chain is survey, break-in, reverse engineering and scalable effect. Break it by shifting left Identify power and timing vulnerabilities in simulation to predict side-channel leakage at gate level.

Employ countermeasures or check with your IP provider.

