由於積體電路製程供應鏈的關係,一般的積體電路設計公司通常沒有自己的鑄造廠,所以會把自己的設計圖拿到外面鑄造廠公司用最先進的製程做出來。此時自己公司砸了大量金錢設計出來的的設計圖卻要交給外面不信任的公司並不是這麼可靠的。而這些想要侵害、破解、了解設計圖的人我們又叫做「攻擊者」。攻擊者可能會在設計圖裡插入一些惡意的邏輯閘以便進一步的瞭解整個設計圖的運作。這些設計圖還來不及申請專利的情況下,有可能被竊取、賣給其他積體電路設計公司的競爭對手,會造成自己公司的智慧財產被其他公司取得的威脅,讓他們可以免費的大量利用或重複的製造。每年因為智慧財產權的專利被侵占所損失的金額高達數十億到數百億,所以硬體安全是非常重要的。 為了解決硬體安全的問題,有人提出利用分拆式的製造可以有效的提升安全,但近期的研究討論到分拆式的製造的情況之下在某些假設前提下又不能確保安全,還是可以透過逆向工程、硬體木馬等方式進一步的破解。為了改善分拆式製造的防禦不足,很多人提出防禦方法,但往往忽略了成本的考量。本篇論文提出了兩個方法,考慮成本的前提下進一步的解決安全:(一) 在分拆式製造的分層處插入假的管線,以混淆攻擊者。(二)利用備用標準單元來混淆晶片內部的連結以實現硬體安全。這些方法僅增加極少數的繞線成本。最後再把此方法對抗現有漸進式的攻擊方式,實驗結果顯示只有增加0.5%的繞線成本,而且在所有實驗結果,攻擊者成功連接率可以低於2%。
The purpose of split manufacturing is to enhance the security of the design house’s layout when it is manufactured by a foundry. However, it is not completely secure. Recent research suggests that attacks like reverse-engineering, hardware Trojans and network flow attacks can still cause serious threats. Most of the split manufacturing defense techniques focus on the gate level relationship measured by k-security secure metric to ensure the security of layouts. These techniques, however, do not consider the net relationship and distance between pins. In this work, we focus on the corresponding relationship between the cut-nets and the split layer pins. We further propose two ways of obfuscation: a) add the virtual pin in split layer and b) the spare cells used in engineer change order (ECO) to obfuscate the attacker. These methods result in very low to no overhead of wirelength to ensure security. The experimental results demonstrate the effectiveness of our two techniques against proximity attack for all the testcases. We can achieve that the wirelength overhead will not be increased more than 0.5%, and the rate of successful attack of net connection is lower than 2% for our cases.