Counterfeiting is estimated to cost the IC industry over $7.5 billion every year. Beyond the financial implications, counterfeiting negatively impacts the systems integrating compromised components.
Different signs of a counterfeit part: (a) fake plating on leads (b) residual material on leads (c) ghost marks (d) heat sink marks from previous use. Image used courtesy of Atadiat
For these reasons, semiconductor manufacturers and the academic community are continually striving to develop schemes to prevent piracy and reverse engineering of IP. Now, researchers at Purdue University have announced a new type of transistor which, they claim, may put an end to a significant amount of semiconductor reverse engineering.
How Semiconductors are Reverse Engineered
There are many methods that attackers can use to reverse engineer and eventually counterfeit an integrated circuit. Reverse engineering a CMOS chip is possible as long as the attacker has the ability to see the chip’s internals.
One method is to use X-ray imaging techniques to see the internal structure of the chip. By observing the way incident X-ray beams differ and scatter within a chip at a variety of angles, researchers have shown that they can determine what the internal structure of a chip must be.
This technique is non-invasive and can occur at any point in a product’s lifecycle, making it difficult to prevent. A variation of this attack can also be achieved with electron microscopy.
X-ray laminography revealing a circuit’s structure. Image from the Paul Scherrer Institute
Another method involves physically decapsulating the chip and manually observing its internal structure. This is an invasive and destructive procedure but has been proven to be an effective method to reverse engineering an IC.
The Schrodinger’s Cat of Transistors
The issue of counterfeit ICs boils down to the fact that digital CMOS technology always consists of identifiable blocks: PMOS pull-up networks and NMOS pull-down networks. Any attacker with an understanding of CMOS who gains access to a chip will theoretically be able to identify circuit blocks and reverse engineer an entire IP.
This month, researchers at Purdue University proposed a solution, and it involves moving away from traditional CMOS.
Layout and symbol of the proposed transistor. Image used courtesy of Wu et al.
Their solution is to create FETs that are neither PMOS nor NMOS until activated in a special way. A Schrodinger’s cat of transistors, these FETs are fabricated from black phosphorus, enabling reconfigurable polarities that can be dynamically switched between p-FET and n-FET operation through electrostatic gating.
The technique makes the digital networks indistinguishable from one another unless a user has the secret key, which correctly activates these devices. The researchers say that not even the chip manufacturer would have the key.
The chip, which includes four transistors, was built from 2D transistors to disguise them from bad actors. Image used courtesy of Purdue University
The result is a device that cannot be reverse-engineered optically. In their paper, the researchers go on to show that the transistors also work well, even operating at supply voltages as low as 0.2 V.
Obscuring Transistor Type
The Purdue researchers say their method for camouflaging is the first that goes beyond the circuit level by instead obscuring the transistor type. While this likely won’t put an end to all piracy concerns, it is definitely an idea that, if expanded on, could significantly decrease the risk of reverse engineering.