Malefactors expected to attack 3-D ICs

San Francisco, CA. The move to 3-D integrated-circuit architectures will present significant challenges to design and test engineers, as 2-D test techniques based on fault models and scan test could have limited applicability once dies are stacked. In addition, 3-D stacks will provide new vulnerabilities that could allow malefactors to introduce counterfeit dies or malicious circuitry or code.

The 2.5-D and 3-D ICs will be subject to new failure mechanisms related to interposers and TSVs (through-silicon vias), for example. But the problems extend well beyond that all the way to stack order and die orientation problems that could be inadvertent or malicious.

Al Crouch of ASSET InterTech addressed these issues Thursday in a presentation at the Test Vision 2020 workshop held in conjunction with Semicon West. With dies arriving from multiple sources, he said, problems can occur with respect to die stacking order, die 360° rotation, die top-to-bottom orientation, die front-to-back orientation, and even the number of dies in a stack. When the dies are stacked into a final packaged cube, he said, the cube will need to be verified and power and thermal issues will need to be addressed.

3-D ICs present two sets of issues, Crouch said. A 3-D stack can look like a group of hard cores in a package amenable to traditional IC test techniques such as those based on stuck-at and delay-fault models. But Crouch said that to him a 3-D die stack look like a PCB, amenable to PCOLA (presence, correctness, orientation, live, alignment), SOQ (shorts, opens, quality), and FAM (features, at-speed, measurement) test techniques. To support tests, he said, stacks will require four new access functions, including skip, bypass, or pass-through; turnaround; on-die; and next die. These functions will act as elevators, controlling up-down traffic. IEEE 1149.1 boundary-scan technology will play a key role in stacked-die test.

Crouch continued his talk by presenting research on security issues conducted by Jennifer Dworak, assistant professor in the department of computer science and engineering at SMU, who advises that security needs to be considered in the design and test of 3-D ICs. Dworak has found that security is already a significant concern for 2-D devices, which may be counterfeited or which may contain Trojans. The problem will increase with die stack because of limited access to each die and the complexity of developing functional tests.

In summarizing Dworak's research, Crouch said that Trojans or counterfeit dies can be inserted anywhere in the design cycle, including specification, design, manufacturing, third-party assembly, and indeed anywhere within the supply chain. Even with 2-D devices, Dworak has found that between 2007 and 2010 more than 5.6 million counterfeit semiconductor devices had been seized by U.S. customs and integration officials, and thousands of counterfeit of suspect parts may remain in the supply chain.

Crouch reported that with 3-D ICs, it will be easier to hide and harder to find malicious circuitry. Problems can include a counterfeit die or interposer, a 2-D Trojan in a legitimate die, Trojan firmware in a programmable die (which might be inserted in the field in the case of an FPGA), deliberate incorrect die ordering (which can reduce reliability and performance), or even an extra die that might broadcast confidential data. Crouch suggested some strategies for detecting an extra die in a stack, including monitoring voltage drop, observing a temperature profile, performing side-channel analysis, and using X-rays.

Crouch concluded by saying research is needed now to mitigate 3-D IC security issues—waiting may make solutions more expensive or impossible to implement. If we fail to address these issues, he said, the consequences could be disastrous.

See related Semicon West news and comment:

See a related item on 3-D IC test: