![Page 1: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/1.jpg)
Hardware Trust Implications of 3-D Integration
Ted Huffmire (NPS), Timothy Levin (NPS), Michael Bilzor (NPS), Cynthia E. Irvine (NPS), Jonathan Valamehr (UCSB), Mohit
Tiwari (UCSB), Timothy Sherwood (UCSB), and Ryan Kastner (UCSD)
26 October 2010Workshop on Embedded Systems Security (WESS)
![Page 2: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/2.jpg)
Nile River• Mystery on the Nile: Just Whose River Is It?• Ethiopia Claims High Gound in Right-to-Nile Debate• Thirsty Egypt Clings Tight to the Nile• Weekend Edition Sunday (npr.org)
![Page 3: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/3.jpg)
[Koyanagi05]
•
![Page 4: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/4.jpg)
[Koyanagi05]
• Timeline
![Page 5: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/5.jpg)
Alternative 3-D Approaches
• PoP [Lim10]
Wire Bonding (SiP) [Amkor09]
![Page 6: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/6.jpg)
Alternative 3-D Approaches
• PoP [Lim10]
![Page 7: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/7.jpg)
Alternative 3-D Approaches
• [Amkor10]
![Page 8: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/8.jpg)
Alternative 3-D Approaches
• Face-to-Face [Loh07]
![Page 9: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/9.jpg)
Alternative 3-D Approaches
• Face-to-Back [Loh07]
![Page 10: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/10.jpg)
What is 3Dsec?
• Economics of High Assurance– High NRE Cost, Low Volume– Gap between DoD and Commercial
• Disentangle security from the COTS– Use a separate chip for security– Use 3-D Integration to combine:
• 3-D Control Plane• Computation Plane
– Need to add posts to the COTS chip design• Dual use of computation plane
![Page 11: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/11.jpg)
Pro’s and Con’s
• Why not use a co-processor? On-chip?• Pro’s
– High bandwidth and low latency– Controlled lineage– Direct access to internal structures
• Con’s– Thermal and cooling– Design and testing– Manufacturing yield
![Page 12: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/12.jpg)
Thermal Challenges
• Thermal Simulation [Loh06, Melamed09]
![Page 13: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/13.jpg)
Yield Challenges
• Wafer-to-Wafer Bonding [Euronymous07]
![Page 14: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/14.jpg)
Testing Challenges
• [Thärigen10]
![Page 15: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/15.jpg)
Cost
• Cost of fabricating systems with 3-D– Fabricating and testing the security layer– Bonding it to the host layer– Fabricating the vias– Testing the joined unit
![Page 16: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/16.jpg)
This Paper
• Can a 3-D control plane provide useful secure services when it is conjoined with an untrustworthy computation plane?
• Yes, provided:– Self-protection– Dependency Layering
![Page 17: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/17.jpg)
Face-to-Back Bonding
• [Valamehr10]
![Page 18: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/18.jpg)
Primitives
• [Valamehr10]
![Page 19: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/19.jpg)
Threat Model
• Computation plane– Unintentional hardware flaws– Malicious software
• Not in scope– Malicious inclusions
• Nullify self-protection– Probing of the control plane– Compromising RF emissions
![Page 20: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/20.jpg)
Security Model
• Self-protection– Do not place a post that allows the control
plane to accept extraneous power, requests, or modifications.
• Layered dependencies– Control plane should not depend on the
computation plane
![Page 21: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/21.jpg)
Layered Dependencies
• Never depend on a layer of lesser trustworthiness
![Page 22: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/22.jpg)
Dependency Properties
• Service– Communication (e.g., I/O)– Synchronization
• Call• Resource Creation and Provision
– Storage• Contention
![Page 23: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/23.jpg)
3-D Application Classes
• Enhancement of native functions• Secure alternate service• Isolation and protection• Passive monitoring
– Information flow tracking– Runtime correctness checks– Runtime security auditing
![Page 24: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/24.jpg)
Design Example
• Secure Alternate Service
![Page 25: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/25.jpg)
Examples of 3-D Systems
• Network-on-Chip [Kim07]
![Page 26: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/26.jpg)
Examples of 3-D Systems
• Network-on-Chip [Kim07]
![Page 27: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/27.jpg)
Examples of 3-D Systems
• Particle Physics [Demarteau09]
![Page 28: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/28.jpg)
Examples of 3-D Systems
• Chip Scale Camera Module [Yoshikawa09]
![Page 29: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/29.jpg)
Examples of 3-D Systems
• 3D-PIC 3-D CMOS Imager [Chang10]
![Page 30: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/30.jpg)
Examples of 3-D Systems
• 3-D Stacked Retinal Chip [Kaiho09]
![Page 31: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/31.jpg)
Examples of 3-D Systems
• 3-D Stacked Retinal Chip [Koyanagi05]
![Page 32: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/32.jpg)
Examples of 3-D Systems
• 3-D FPGAs [Razavi09]
![Page 33: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/33.jpg)
Examples of 3-D Systems
• 3D-MAPS: Many-core 3-D Processor with Stacked Memory [Lim10] – Solid work!
![Page 34: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/34.jpg)
Examples of 3-D Systems
• [Eloy10]
![Page 35: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/35.jpg)
Future Work
• Malicious Inclusions• Off-Chip I/O
– Wireless– Wired
• Power• Fault-Tolerant Chips for Critical Systems
![Page 36: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/36.jpg)
Wireless: Capacitive Coupling
• [Kim09]
![Page 37: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/37.jpg)
Wireless: Optical
• Bidirectional Communication [Dietz03]
![Page 38: Hardware Trust Implications of 3-D Integration](https://reader035.vdocuments.site/reader035/viewer/2022062315/5681626f550346895dd2dd65/html5/thumbnails/38.jpg)
Questions?
• faculty.nps.edu/tdhuffmi