Rice University computer engineers have created a way to design integrated circuits that can contain many multiple selves. The chips can assume one identify or a subset of identities at a time, depending on the user’s needs. New research shows that multiple “personalities” in an integrated circuit can be even a more powerful security mechanism that can be used for a variety of digital rights management tasks as well as for circuit optimization and customization without sacrificing the related power, delay and area metrics.
The technology is being unveiled today at the Design Automation Conference (DAC) in Anaheim, Calif. It could be used for enhanced device security, content provisioning, application metering, device optimization and more.
“With ‘n-variant’ integrated circuits, it is possible to design portable media players that are inherently unique,” said Farinaz Koushanfar, assistant professor of electrical and computer engineering at Rice and principal investigator on the project. “New methods of digital rights management can be built upon such devices. For example, media files can be made such that they only run on a certain variant and cannot be played by another.”
Koushanfar said content providers could also use n-variant chips to sell metered access to software, music or movies because the chips can be programmed to switch from one variant to another at a particular time or after a file has been accessed a certain number of times. She said the availability of multiple triggers for switching between variants opens the door for diverse applications.
“Our polymorphic chips can switch between variants based on both external triggers and automated, self-adaptive triggers,” said Rice computer science graduate student Yousra Alkabani, who will present a paper on the research at the DAC conference today.
“An important application is in providing security through diversity,” Alkabani said. “The key here is that a successful adversary has to simultaneously compromise all chip variants with the same input. By switching among the variants — and by designing each in a security-conscious way — we can make it impossible for attackers to do this.”
The idea of providing security through diversity is not new. But unlike previous strategies, Rice’s method has low overhead costs — it doesn’t sap processing and battery power — and it’s inherently more secure while the devices are all coming from the same mask.
“It’s possible to achieve diversity by adding redundant hardware cores, but such an approach would incur a huge overhead and it would be vulnerable to attacks,” Koushanfar said. “A key advantage to integrating the heterogeneity into the functional specification of the design is that removal, extractions or deletion of the variants is not viable, regardless of whether they were configured during manufacturing or post-manufacturing.”
Koushanfar said the combination of low overhead and maximum security opens the door to many applications. “Our approach will allow integrated circuit designers to build diverse chips with a single mask. They can also make self-adaptive and polymorphic hardware.”
She said some of the most exciting possibilities are in device optimization.
“Because of manufacturing variability, no two silicon chips have the exact same characteristics. When chipmakers produce new chips, they test them to see which ones perform the best. With our approach, integrated circuit designers can use the testing results to select the variant that has the best power/delay characteristics and performance for specific tasks.”
In the realm of digital rights management and content metering, Koushanfar said low overhead is particularly attractive to those who wish to make secure, lightweight portable embedded devices. To demonstrate, she and Alkabani used the n-variant methodology to design a prototype portable MPEG media player. They found they were able to implement millions of variants of the player on a single chip with negligible overhead.