A Zero-overhead Flow for Security Closure

TL;DR

This paper introduces a novel, scalable, zero-overhead security closure flow for ASIC design that enhances security against hardware Trojans and physical attacks without degrading traditional design metrics.

Contribution

It presents the first security-aware ASIC design flow integrated within commercial tools that achieves security goals with negligible overhead.

Findings

Achieves best-known security metrics on benchmark circuits

Maintains high QoR with security enhancements

Provides open-source tools and protected circuit designs

Abstract

In the traditional Application-Specific Integrated Circuit (ASIC) design flow, the concept of timing closure implies to reach convergence during physical synthesis such that, under a given area and power budget, the design works at the targeted frequency. However, security has been largely neglected when evaluating the Quality of Results (QoR) from physical synthesis. In general, commercial place & route tools do not understand security goals. In this work, we propose a modified ASIC design flow that is security-aware and, differently from prior research, does not degrade QoR for the sake of security improvement. Therefore, we propose a first-of-its-kind zero-overhead flow for security closure. Our flow is concerned with two distinct threat models: (i) insertion of Hardware Trojans (HTs) and (ii) physical probing/fault injection. Importantly, the flow is entirely executed within a commercial place & route engine and is scalable. In several metrics, our security-aware flow achieves the best-known results for the ISPD`22 set of benchmark circuits while incurring negligible design overheads due to security-related strategies. Finally, we open source the entire methodology (as a set of scripts) and also share the protected circuits (as design databases) for the benefit of the hardware security community.