ACTIVE SHIELD IP

 

The Active Shield IP is a digital IP and analog IP that detects invasive attacks. It is based on a sensing mesh that covers the area to be protected and that outputs an alarm if an attacked attempts to tamper with the mesh. The sensing mesh is located on the  topmost metal layer of the integrated circuit. The Active Shield IP can operate in passive or active mode. In active mode, a stream of random data is injected into the sensing mesh  and monitored in order to detect attempts to cut and strap the sensing mesh. The Active Shield IP uses standard cells when operated in active mode and custom cells when operated in passive mode.

 

 Active Shield IP

 

The Active Shield IP is a fully configurable solution that allows you to adjust the area to be protected, the mesh's pitch, the distribution and density of interconnects for random data injection as well as several other key parameters. Configuration is done through a GUI software that generates the custom RTL,layout constraint files and outputs ressource utilisation figures of the customized Active Shield IP. With this GUI software, you can easily find the appropriate trade-off between chip area coverage, level of protection and area/power consumption.

 

The Active Shield IP connects to your design through a AMBA APB interface. Through this interface, you can dynamically configure the Active mode and manage alarms.

 

WHAT's COOLHighlights

  

  • Essential protection against invasive attacks
  • Fully customizable solution  : area, pitch, density, distribution, frequency can be modified from GUI software interface

 

Low PowerPower consumption

  • 5 µW to protect a 2mm2 area (65nm implementation with typical customization parameters)

 

Security featuresFeatures

  • Active mode against cut and strap attacks

 

 

Digital DeliverablesDigital Deliverables

  • Software GUI customization assistant
  • Synthesizable RTL source code
  • Synthesis scripts for DC Compiler & Synplify
  • Testbench RTL source code

 

Analog DeliverablesAnalog Deliverables

  • Specification and integration manual
  • GDSII and Layer Map files for custom cells used in Passive Mode
  • TCL (Cadence Encounter) layout constraint file for digital IP
  • Library Exchange Format (LEF) defining size and pin locations
  • RTL Behavioral Model
  • Timing Constraint Files
  • Netlist in SPICE format for LVS




 

 

Did you know ?

 

Invasive attacks are sophisticated attacks because they require expensive equipement. Invasive attacks usually  start with package removal using fuming nitric acid (HNO3).

 

Circuits manufactured in 0.5µm process technology and above can be reverse-engineered  using a high resolution con-focal microscope for chips manufactured in 0.5µm process technology. Chips manufactured in smaller process  require another sample preparation step that consist in removing the passivation layer(s) using wet chemical etchnig, plasma etchnig or chemical-mechanical polishing (CMP).

Once this is achieved,  scanning electron microscope and micro-probing enable the attacker to reverse-engineer and/or to inject faults in the cicruit. The total cost of equipment for such attacks is several $100k.

 

An alternative to such attacks is called semi-invasive attacks and consit in backside imaging using optical microscopy and to exploit side-channels such as optical emission of the circuit. Semi-invasive side channels attacks on AES implementation have been reported since 2009.