Globally distributed microelectronic supply chains have disrupted trust in silicon hardware and have drawn academia’s attention toward different scenarios of malicious circuit modifications, i.e., hardware Trojans. This dynamic hardware environment, including open-source approaches and evermore outsourcing, requires constant reassessment of offensive and defensive aspects. Based on an untrusted foundry model, this work assesses the concrete technical realizations of layout-only modifications via design file editing, mask editing, or in-line alterations. Furthermore, the attack possibility on different modules within a system on a chip is qualitatively evaluated. Consequently, a modification is demonstrated on an SRAM-’PUF’ module. To link the attack point-of-view with a defensive measure, we propose a hardware reverse engineering-based countermeasure, which is non-reliant on a golden layout. Through a novel approach relying on inherent polygon properties, potentially occurring modifications are detected via clustering and a statistical evaluation of the intra-cluster distributions.  Finally, the approach is demonstrated on samples from 7 nm to 150 nm, for which a modification detection rate between 95% and 100% is reached for all evaluated samples.

The semiconductor industry is heavily relying on outsourcing of design, fabrication, and testing to third parties. The threat of possibly malicious actors in this ramified supply-chain poses a risk for the integrity of integrated circuits (ICs) and hardware Trojans (HTs) are a heavily discussed topic in academia and the industry. A variety of pre- and post-silicon HT prevention and detection techniques has been suggested in prior works. Hardware reverse engineering has the potential to detect potential modification in physical layouts. Yet, there is no model to qualitatively and quantitatively rate the complex and expensive reverse engineering (RE) process addressing its inherent process aberrations and consequently provide a tool for layout verification. The ViTaL framework introduces a statistical validation technique, based on physical layout verification through RE and considers all potential sources of errors. The golden-model based framework is technology-agnostic, scaleable, and user input is optional. For the first time, results of fine pitch metallization layers of a CMOS 40nm process node IC are presented quantitatively and the limitations and possibilities are discussed.

Trust and security of microelectronic systems are a major driver for game-changing trends like autonomous driving or the internet of things. These trends are endangered by threats like soft- and hardware attacks or IP tampering – wherein often hardware reverse engineering (RE) is involved for efficient attack planning. The constant publication of new RE-related scenarios and countermeasures renders a profound rating of these extremely difficult. Researchers and practitioners have no tools or framework which aid a common, consistent classification of these scenarios. In this work, this rating framework is introduced: the common reverse engineering scoring system (CRESS). The framework allows a general classification of published settings and renders them comparable. We introduce three metrics: exploitability, impact, and a timestamp. For these metrics, attributes are defined which allow a granular assessment of RE on the one hand, and attack requirements, consequences, and potential remediation strategies on the other. The system is demonstrated in detail via five case studies and common implications are discussed. We anticipate CRESS to evaluate possible vulnerabilities and to safeguard targets more proactively.