Stepping up security in chip design: Texplained

Headquartered in Valbonne, South of France, start-up Texplained is on a mission to render chip-level reverse engineering a dead-end for IC counterfeiters. Although today’s Common Criteria Certification schemes for secure chips consider laboratory-grade invasive attacks as a negligible threat, Texplained’s CEO Clarisse Ginet is here to prove otherwise.

“It used to be the case, maybe 15 years ago, that invasive attacks (chemically and physically removing layers to read through a chip’s architecture) were too technical and too costly to be a threat, but this is no longer the case today”, argues Ginet, “Just imagine, we are a small startup and yet we were able to fund our own lab and break into most commercial chips available today.”

An advanced probing setup.

There is a plethora of countermeasures aimed at non-invasive attacks such as Differential Power Analysis (DPA) side channel attacks for which Rambus provide noise-reduction and obfuscation IP. But the reality, argues Ginet, is that today’s serious counterfeiters want it all, the chip’s internals together with its embedded code, and they opt for invasive attacks most of the time since they get a 100% target hit.

“Nowadays, due to numerous countermeasures, non-invasive attacks or semi-invasive attacks have become quite difficult and bring little value to hackers”, notes the CEO, “you don’t really know what you are looking for and where to look, so you have to accidentally kill a lot of chips by inadvertently triggering security mechanisms.”

“But once a chip has been opened up and analysed thoroughly, it is easier to guide non-invasive attacks to extract its code or to communicate with it through its standard or custom protocol. If you look at the multibillion dollar opportunities in counterfeiting payTV smart cards or producing off-branded printer cartridges and other computer peripherals, these are markets that have been broken through invasive attacks, because they offer a 100% yield.”

And if most counterfeiters target consumer products shipping in the hundreds of millions, state-sponsored counterfeiters could target military-grade ICs, reverse-engineer them and replicate them with backdoors before infiltrating them into the supply chain. According to the Ginet, today’s secure chips are so vulnerable that not including invasive attacks into Common Criteria Certification schemes is akin to a denial of reality.

Of course, there are chips that resist better than others, some are actively shielded with intricate metal layers, others feature PUFs (Physically Unclonable Functions), but in the end, none of these chips will resist a complete strip-out giving away all their secrets.

“It may take a few attempts, but once you’ve completely mapped a chip’s internals, you can always find ways to bypass a shield before inducing a code leak” Ginet told eeNews Europe.

Yet, she says Texplained has patented a unique hardware IP solution that thwarts all attempts at leaking out the embedded code, even when the chip has been fully analysed and understood. That means you could still duplicate a physical chip, but without ever having access to its code, it would just be dead silicon.

“Instead of adding costly shielding metal layers or trying to obfuscate a chip design, which can always be reverse-engineered anyway, we only introduce a few standard cells within the circuit to detect any attempt at extracting the code”, explained Ginet.

The NVM Defender module as Texplained calls it (for the protection of Non-Volatile Memory) consists of “sensing cells” carefully placed in the critical path of the data between the non-volatile memory and the instruction register.

Ginet didn’t want to tell much more, though she admitted there was some form of initial calibration run that would establish what a normal software execution flow would be like, so that any significant difference sensed by the hardware cells along that critical path would trigger a Defense Module (integrated on a custom basis depending on the chip’s architecture) able to kill the chip or stop all executions.

Because both the detection and the defense module are 100% designed in hardware with anti-bypass features and based on standard cells fully integrated in the digital core of the chip, they operate “on-the-fly” and intrinsically detect any deviation from a normal execution flow. They make the chip self-aware at the hardware level, rather than relying on a potentially compromised software check. The extra cells along the data path offer constant passive monitoring with no impact on power consumption.

Texplained’s NVM Defender as a bloc diagram.

“Our IP is minimally invasive, ranging from a few extra standard cells to maybe one hundred cells maximum depending on the chip’s architecture” said Ginet, “in terms of footprint, this is practically negligible compared to the tens of thousands of standard cells you find in a typical smart card chip and certainly less costly and more effective than implementing complete metal shields or PUFs which can require up to 25 000 logic gates solution”.

The new IP, claims Ginet, renders invasive attacks useless because you can’t bypass the countermeasures, hence over with counterfeiting, cloning or code emulation on other chips.

Licensing its NVM Defender IP, Texplained charges an upfront fee plus royalties per chips produced. Deliverables include the architecture of the countermeasure, the design specification of the detection module and support from Texplained to adapt the countermeasure to the chip’s architecture for a seamless integration.