A Call to Action on 3D IC Security
Counterfeit semiconductor parts are the focus of highly-visible, new DOD and National Security initiatives and legislation, yet, little progress has been made to avert the problem of Trojan chips (embedded malicious circuits). Last summer, the Intelligence Advanced Research Projects Activity (IARPA) kicked off a new program, the Trusted Integrated Chips, which will eventually lead to secure, leading-edge semiconductors for defense systems. However, concerns about commercial-off-the-shelf chips, required for all defense systems and providing the infrastructure for the nation’s communication, internet, and power systems, have mostly been ignored. An emerging technology, called three-dimensional integrated circuits (3D IC), readily allows previously separate ICs to be stacked together within a single package, providing large performance gains and cost reduction. At the same time, this technology also provides a relatively uncomplicated path for inserting a Trojan chip during packaging—a step that has been predominately outsourced to Asia, namely China, where 70% of counterfeit chips originate. This new technology risk impacts both defense and consumer systems. Industry awareness and early stage design guidelines and industry standards are needed to head off this threat and reap the technology’s benefit.
Counterfeit and Trojan Chips
Reports of counterfeit chips making it into critical defense systems have been all over the news the past year. Unfortunately, it has taken some very serious crises to gain the attention needed to aggressively combat the problem.
Almost lost in the discourse is the issue of Trojan chips. A Trojan chip is not merely a counterfeit; it’s a chip that works as advertised, but with something “extra.” Buried within the Trojan chip’s circuitry is malicious functionality designed to steal or modify data, control, or even damage the system. The possibility of Trojan chips making it into the supply chain is only just beginning to be addressed by Homeland Security, while at the same time rapidly advancing technologies in semiconductor packaging are making Trojan hardware a serious, unresolved issue for commercial and consumer systems.
When a Trojan chip is inserted into a system during manufacturing, without the vendor’s knowledge, the intention is malicious. If the Trojan circuitry modifies memory, perhaps a spurious purchase order, stock trade, or funds transfer is corrupted. An electric bill for $3,000 becomes $300,000; or an order for critical parts goes to a wrong address. Worse, the system might randomly hang or stop working, in the middle of a national crisis. Norton and MacAfee won’t find the source, as the offending cause is not in software.
A Deep-Seated Problem
Even after a 2005 Defense Science Board report outlined the seriousness of the Trojan hardware threat; it has taken years for agencies to respond. After much discussion and delay, the responsibility for secure, leading-edge manufacturing was eventually transferred to the Intelligence Advanced Research Projects Activity (IARPA) within Homeland Security, who kicked off their Trusted Integrated Circuits (TIC) program in late July 2011. From its genesis, this program has conceded that with the continued migration of most leading-edge, specialty chip fabrication to Asia, potentially insecure, foreign foundries will be key piece of DOD’s secure solution.
Even with safe, TIC-program parts, DOD must still trust and use high-volume, commercial, off-the-shelf, ‘standard’ parts in designs. This is an Achilles’ heel. The standard parts are hardly immune to Trojan circuitry, creating a risk for defense, commercial, and consumer systems alike. In fact, asymmetric attacks on civilian infrastructures, which a militarily, less-capable adversary would resort to during a time of war, are almost a guarantee. A hardware Trojan attack, targeting commonly-used non-military systems, such as home and office computers, satellites, communication backbones, power grids, and smart phones and tablets, could cripple America.
New Technology, New Threat
Within each integrated circuit package are often many individual chips wired together. An emerging technology, called three-dimensional integrated circuits (3D IC) allows chips to be seamlessly stacked together. Initially, a passive part (named a 2.5D interposer) routing connections between the chips is used.
3D IC’s impact on the industry is profound. Packaging expert Deepak Sekar from Monolithic3D has predicted that 3D “has the potential to disrupt the…industry… if 2.5D gets cheap enough someday, IP (Intellectual Property) blocks could be manufactured as separate dice and assembled together on an interposer.” Stacking DRAM, Wi-Fi, and Flash memory on a processor, within a single package, is then possible. Lower power consumption, faster speed, much smaller footprint, and, ideally, lower cost are all benefits. Though an emerging technology, 3D IC use is ramping quickly.
Slipping a Trojan chip or interposer into the 3D IC assembly provides an opportune means of injecting malicious circuitry. Furthermore, detection of a 3D IC Trojan is next to impossible as x-ray and thermal imaging of the stacked chips provides little visibility, particularly if the Trojan is not powered until activated by remote command or timer. Destructive tear-down will reveal the rogue chip, but delaying inclusion until post-acceptance, and using random insertion, thwarts its discovery.
Chip packaging has been extensively outsourced to Asia, increasingly to China. As nearly 70% of counterfeit parts originate in China, the possibility of 3D IC packages assembled there being tainted with Trojan circuitry is considerable. As an example of this movement, the world’s biggest chip packager, ASE, recently announced $US6B investments in setting up leading edge assembly capability in Shanghai, hiring over 60,000 workers in the process.
What can be done to provide the most benefit from 3D IC while keeping final products secure?
Immediate National Security Solution
For defense applications it is required that a captive, US-based, 3D IC assembly and packaging capability be funded and added into the Trusted Foundry mix of national security-directed solutions.
A “design for security” methodology, anticipating the potential inclusion of 3D IC-enabled Trojan circuitry, is required for consumer products. Encrypting transmitted, in-package data is just one means of thwarting a Trojan’s ability to monitor the data bus. Auditing the 3D IC assembly process, through a secure photogrammetric “paper trail” of key steps might also be used. However, for solutions to work, it requires coordination and acceptance of guidelines and standards throughout the semiconductor supply chain. Facilitation and coordination, from International SEMATECH, Si2, JEDEC, US National Labs such as Sandia, and Taiwan’s Industrial Technology Research Institute (ITRI), is needed for concurrence.
No nation is immune from the threat of Trojan hardware. Industry trust must be secured through global cooperation. Will it take incidents like DOD has experienced with counterfeit chips to force a solution, or will we be proactive in heading off a serious event? Who will take the lead?
 Defense Science Board Task Force On High Performance Microchip Supply, Office of the Under Secretary of Defense, 2/2005
 BAA: IARPA-BAA-11-09
 China’s Space Program: A Growing Factor in U.S. Security Planning, Dean Cheng, The Heritage Foundation, 9/16/2011
 Is the Buzz around Xilinx’s 2.5D FPGA Justified?, Deepak Sekar, MonolithIC3D.com Blog, 12/4/2011
 Packaging Equipment Market Outlook, Clark Tseng, SEMI Industry Research and Statistics, 7/5/2011
 China Counterfeit Parts in U.S. Military Aircraft, Tony Cappacio, Bloomberg, 11/8/2011
 ASE to invest US$6 billion in Shanghai, Lisa Wang,Taipei Times, 9/22/2011