Security IP icon

Security

Circuit Camouflage Technology

Rambus Circuit Camouflage Technology protects semiconductors against reverse engineering and cloning by competitors, state actors, and nefarious parties. Circuit Camouflage is an anti-reverse engineering and anti-cloning technology designed for commercial and government applications. It provides protection at the standard-cell level, using proprietary techniques that significantly decrease the accuracy of automated tools used in the reverse engineering process.

How Circuit Camouflage Works

Reverse engineering a circuit is done via the use of destructive ‘de-layering’ techniques. The reverse engineering party first de-lids the chip’s package and takes an image of the silicon chip. Then, specialty equipment carefully removes a very thin layer of the silicon. At this point, an image of the now exposed layer is taken. This process is repeated until the entire silicon chip has been de-layered and photographed. The resulting images are then digitized, aligned and combined. Automated tools then analyze the visual model to build a functional model of the chip, resulting in a full netlist and a hierarchical RTL of the design.

Rambus Circuit Camouflage Technology is designed to complicate this process through the integration of multiple “lookalike cells” into a chip’s design. These cells are either optically indistinguishable from the standard cells used throughout the design, or they may appear like nothing the reverse engineer has ever seen. Camouflaged cells can also be enabled to perform logic functions that are different than what would be expected by visual analysis. Together, these approaches introduce errors into the reverse-engineering process, resulting in an incorrect netlist recovered from the silicon.

Normal AND2 gate
Normal AND2 gate
Camouflage AND2 gate

The camouflage AND2 gate appears identical to the normal AND2 gate, but performs a different logic function.

Watch Anti-Tampering Technologies Webinar

Anti-Tampering Technologies

The design of chip anti-tamper protection needs to adapt and scale with rising threats. Adversaries range from high school hackers to well-funded state actors. Given the threats, it’s useful to think about anti-tamper countermeasures as a hierarchy of safeguards that parallel the type, effort and expense of attacks. Watch this webinar to learn the eleven kinds of tampering attacks and their required skills and resources, and countermeasures for each of these attacks.

Camouflage cells are typically custom-created for individual chip OEMs or specific chip designs, ensuring that an adversary’s knowledge gained from a prior design doesn’t inform reverse engineering of a new design. Circuit Camouflage uses foundry standard processes, standard tools and design methodologies, and doesn’t rely on coatings or shields. It provides a high return on investment for silicon manufacturers and chip makers desiring intellectual property protection while having products in environments with a high risk of attack.

SmartFill: Protecting Critical IP

Rambus SmartFill technology provides high tamper-resistance from unauthorized modifications to the design by eliminating the whitespace in the post place-and-route circuitry. This both complicates reverse-engineering, as well as denies attackers any space in which to insert a trojan circuit without destroying the underlying function of the chip.

Implementation in Devices

Protected by more than 50 US and international patents, Rambus has developed the know-how and proprietary trade secret techniques that uniquely position us to implement these designs. We offer training and licensing options, enabling your design team to implement Circuit Camouflage Technology in your devices. We also offer a range of courses in hardening silicon IP to reverse engineering, cloning, and tamper attacks.

Rambus Circuit Camouflage and SmartFill technologies protect design secrets from competitors and counterfeiters through combating state-of-the-art circuit extraction attack vectors. They significantly extend the security life of your product, and are applicable to any CMOS process and digital design (analog camouflage IP also available). In practice for over 20 years, our techniques easily apply to standard cell design flow with minimal impacts to area, performance, and power consumption.

CryptoManager Root of Trust Cover

The CryptoManager Root of Trust

Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.

Related Markets & Applications

Rambus logo