May_EDFA_Digital ELECTRONIC DEVICE FAILURE ANALYSIS | VOLUME 21 NO. 2 30 THE POWER OF IC REVERSE ENGINEERING FOR HARDWARE TRUST AND ASSURANCE Fatemeh Ganji, Domenic Forte, Navid Asadizanjani, Mark Tehranipoor, Damon Woodard Florida Institute for Cybersecurity Research, University of Florida, Gainesville INTRODUCTION The outsourcing of integrated circuit (IC) design, fab- rication, packaging, and testing has dramatically reduced the time and cost of product development. This shift has enabled the widespread availability of microelectronics, which in turn has transformed modern life. However, unintended corollaries include malicious design altera- tion (i.e., hardware Trojan insertion) and the rise of the counterfeit electronics industry. Reverse engineering (RE) is widely used for educational purposes and for detecting intellectual property (IP) infringement, but it can play an even more significant role in hardware trust and assurance. RE of electronic chips and systems refers to the process of retrieving an electronic design layout and/or netlist, stored information (e.g., memory contents, firmware, and software), and functionality/specification through electrical testing and/or physical inspection. Although electronics RE is often considered in a negative light (e.g., illegal cloning of designs and/or disclosing sensitive information to a competitor or adversary), it is the only foolproof way to detect malicious alteration or tampering by foundries, find vulnerabilities present in commercial-of-the-shelf (COTS) chips, and avoid faulty ICs when replacing obsolete hardware. Traditional methods for attaining trust and assurance are either limited or ineffective. For example, run-time monitoring techniques increase resource requirements— power and memory consumption, and area overhead on an IC due to on-chip sensors used to detect anoma- lous activities. In test time methods, the difficulty is in generating test vectors to trigger stealthy, well-placed hardware Trojans in billion-transistor chips. Similarly, with side-channel signal analysis approaches, inescapable process variations and measurement noise undermine the probability of detecting small Trojans. [1] As a result, the confidence level in detecting Trojans using the afore- mentioned techniques is quite low. [2-4] Hence, RE has gained more attention in recent years and experienced community-wide acceptance as an effective approach, in particular for hardware Trojan detection. [5-6] In the area of counterfeit IC detection and avoidance, current best practices require the use of either subject matter experts (SMEs) or procuring lifetime buys for long-term systemmaintenance—or relying on untrusted distributors in the supply chain, whichpotentially involves gray market suppliers. Each of these options is less than ideal. The large quantities of components that SME counterfeit analysts are required to manually analyze and classify makes this practice highly inefficient and costly. As for life-of-type buys, it is impractical and nearly impossible to predict the lifetime of every component in a design, in anticipation of obsolescence and failure. Overestimation of lifetime leads to procuring more components than necessary and consequently wasting resources. Underestimating the lifetime results in non- ideal situations where redesign or procurement through gray market distributors is necessary. Today, there is a significant need in industry—and especially in high-security government applications—for fast and fully automated RE. The RE process comprises delayering, imaging, annotation, and netlist extraction. Current state-of-the-art practices are tedious, challenging, and expensive, requiring a suite of cleanroomandmicros- copy equipment, lengthy imaging times, and manual or semiautomated post-processing steps for converting images to netlists. With the widespread use of semicon- ductors and the sheer number of devices equipped with modern ICs, the lack of fully automated RE is evident. However, recent advancements in failure analysis tools and delayering processes are opening up newdimensions in RE. For example, plasma etching has achieved better EDFAAO (2019) 2:30-36 1537-0755/$19.00 ©ASM International ®