Wuzhen WIC: CPU hardware security technology of Shaojun Wei and Leibo Liu team got selected

2020-05-09 Source:Catamicro Type:Company news

On November 7, 2018, at the main venue of the Fifth World Internet Conference in Wuzhen, Zhejiang, Professor Shaojun Wei, director of the Microelectronics Institute of Tsinghua University, released the DSC technology. This new integrated circuit hardware security technology was selected as one of the 15 leading global scientific and technological achievements of this World Internet Conference (in no particular order).

Since 2016, the World Internet Conference published yearly 15 leading scientific and technological achievements selected, from nearly a thousand declared projects around the world, by dozens of domestic and foreign authoritative experts. These achievements are generally considered to represent the highest level in the field of Internet and information technology.



Shaojun Wei released DSC technology

The hardware security of the CPU chip is the security foundation of the computing system. If you can't ensure the hardware security of the CPU, you can't guarantee the security of the software running on it. The system security and network security that are closely related to it are even more impossible to achieve. For a long time, everyone has been accustomed to think that hardware is safe, so on this basis, to focus on solving software security issues. In early 2018, "Meltdown" and "Spectre" hardware vulnerabilities were exposed. Global mainstream high-performance CPU chips were not immune to these two vulnerabilities. Hundreds of millions of servers, desktops, mobile terminals, etc. were severely affected by security threats, and this is just the tip of the iceberg of CPU hardware security issues.

Modern CPUs can easily integrate tens of billions of transistors, but only a few dozens to hundreds of transistors are needed to implement a hardware Trojan. Once these circuits are implanted, it is very difficult to find them. In addition, the entire process of design, manufacturing, packaging, testing and deployment of modern CPUs requires the participation of hundreds of companies all over the world to complete. It is likely to introduce potential hardware security risks in each phase, but it is extremely difficult to make security supervision cover the entire industry chain. These problems, coupled with inevitable hardware technology vulnerabilities, will bring great challenges to the security of CPU chips. The research of software security in international academia and industry has continued for decades, but the research work on hardware security, especially the hardware security of CPU chips of the core components of information systems, has just begun in recent years.


Serious hardware security threats faced by modern integrated circuits

Twelve years ago, the team of Shaojun Wei and Leibo Liu of the Institute of Microelectronics of Tsinghua University had noticed this problem when they carried out research work on reconfigurable computing chips. After years of continuous scientific research, the team of Shaojun Wei and Leibo Liu proposed the CPU hardware security dynamic checking and control (hereinafter referred as DSC) technology, based on a highly secure and highly flexible reconfigurable computing architecture. This technology is based on the behavior tracking of the CPU, and determines, through rapid analysis and identification, whether there is behavior that damages the hardware safety of the CPU during the operation of the CPU. This technology overcomes the innate deficiencies of traditional security testing before the commercial deployment of CPU that cannot effectively deal with complex hardware security attacks combining hardware with software, and that it is difficult to discover new hardware technology vulnerabilities (namely "offline checking in a simulated environment"). During the power-on operation after the CPU is deployed, all important behaviors of the CPU, such as micro-architecture behaviors including instruction execution, internal state changes, data interaction with external storage and network devices, as well as predictive execution and cache control, are rapidly sampled and real-time analyzed with an independent dynamic reconfigurable chip (namely "online real-time checking in real application scenarios"). Whether it is a hardware Trojan, hardware vulnerabilities (such as "Meltdown" and "Spectre"), hardware backdoors, or malicious use of hardware front doors (such as malicious use of microcode), it will be quickly discovered by the technical solution due to abnormal CPU chip behavior, and can be controlled according to the hazard level and user safety requirements. The above dynamic checking and real-time control of the CPU chip cannot be achieved by traditional security solutions such as anti-virus software, as well as software and hardware "patches". It can provide a highly secure, reliable, and trusted hardware computing environment for users' software, systems, and networks.



Schematic diagram of DSC Technology

The team of Shaojun Wei, Leibo Liu and Montage Technology (a China Electronics group company), used DSC technology for the development of a new X86 architecture CPU. In July 2018, they successfully developed a high performance Jintide® server CPU. The Jintide® CPU combines the reconfigurable computing security checking module with the traditional X86 processor core, and can perform real-time checking and control of the behavior of the X86 core during operation. This is the world's first commercial CPU chip that uses a third-party silicon module to dynamically monitor the hardware security of the processor core. Companies such as Lenovo, Great Wall Computer, and H3C have completed the development of high-performance commercial servers based on Jintide® CPU , which will be marketed.


Using a reconfigurable computing processor to dynamically monitor the hardware security of the processor core



Commercial server machine of Jintide® high-performance CPU, Lenovo SR651, Great Wall JW920, and H3C R4900

China currently has more than 15 million high-performance servers using X86 architecture processor cores. The vast majority of emerging applications such as cloud computing, big data, the Internet of Things, and mobile internet are using such servers as basic computing equipment. However, the CPU chips of these servers are facing huge risks in hardware security without exception. DSC technology can escort the hardware security of the core chips in China's data center, making people more secure and more confident to enjoy the rich and innovative technological achievements on the Internet.

In the past 5 years, the Shaojun Wei and Leibo Liu team have made outstanding achievements in the research of hardware security and cryptographic chips: published more than 150 high-level papers, including more than 50 IEEE Transactions papers, more than 30 top conference papers such as ISCA/DAC; granted more than 60 invention patents; published 3 monographs; participated in the formulation of 1 national standard. Related hardware security technologies have been applied in batches in many core departments and key enterprises in China. The team has won many important scientific and technological awards such as 2015 National Technological Invention Second Prize, 2017 Technical Invention First Prize of Electronic Society, 2015 China Patent Gold Medal, and 2014 Technical Invention First Prize of the Ministry of Education.