Engineering Trade-off Considerations Regarding Design-for-Security, Design-for-Verification, and Design-for-Test

The United States government has identified that application specific integrated circuit (ASIC) and field programmable gate array (FPGA) hardware are at risk from a variety of adversary attacks. This finding affects system security and trust. Consequently, processes are being developed for system mitigation and countermeasure application. The scope of this tutorial pertains to potential vulnerabilities and countermeasures within the ASIC/FPGA design cycle. The presentation demonstrates how design practices can affect the risk for the adversary to: change circuitry, steal intellectual property, and listen to data operations. An important portion of the design cycle is assuring the design is working as specified or as expected. This is accomplished by exhaustive testing of the target design. Alternatively, it has been shown that well established schemes for test coverage enhancement (design-for-verification (DFV) and design-for-test (DFT)) can create conduits for adversary accessibility. As a result, it is essential to perform a trade between robust test coverage versus reliable design implementation. The goal of this tutorial is to explain the evolution of design practices; review adversary accessibility points due to DFV and DFT circuitry insertion (back door circuitry); and to describe common engineering trade-off considerations for test versus adversary threats.