New Transistor Camouflage Technology Prevents Chip Hacking and Reverse Engineering

For as long as people have been making computer chips and circuits, other people have been attempting to hack and reverse engineer them. In the 1980s, for example, Sinclair Research’s innovative ULA (Uncommitted Logic Array) chip, which was the key to producing the ZX Spectrum at a low cost, was successfully reverse engineered in the Soviet Union, resulting in dozens of clones. That kind of reverse engineering continues today, usually for the purpose of subverting security measures or infringing upon intellectual property. To prevent reverse engineering efforts, Purdue University researchers have developed transistor camouflage that obscures the types of transistors used in chip designs.

Transistors are simple logic elements that make up the basic building blocks of many types of IC (Integrated Circuit) chips. Your computer’s CPU, for example, contains hundreds of millions—possibly even billions—of individual transistors. While many chip designs are published, that isn’t often the case. Corporations spend a lot of money to develop those chips and generally want to keep the designs proprietary. But that doesn’t stop hackers and competing companies from attempting to reverse engineer chip designs. To do so, they use a variety of tools to identify the types of transistors used and how they are connected. There are techniques that make reverse engineering more difficult, but all of the current methods can be circumvented.

This new camouflage makes it nearly impossible to determine a transistor’s type with today’s tools. Transistors are either N-type or P-type, and you have to know which is which in order to successfully reverse engineer a chip. N-type transistors transmit when gate is 0 (negative voltage) and P-type transistors transmit when gate is 1 (positive voltage). If you had a single transistor in your hand, it would be easy enough to test it to figure out whether it was N-type or P-type. But when you have millions and millions of microscopic transistors packed into a single chip, things get trickier.

When reverse engineering today, transistors in chips are usually identified by how they carry a current. If the transistor transports electrons, it is an N-type. If it has a “hole,” meaning the absence of an electron, it is a P-type. Essentially, the difference is whether the transistor is “on” when positive or negative voltage is applied. These properties are what make Boolean logic possible and what this new camouflage is hiding. By using black phosphorous to fabricate the transistors, the researchers were able to make N-type and P-type transistors that operate at a similar current level. That makes them nearly impossible to identify using current tools and prevents reverse engineering. Black phosphorous is too volatile for current chip manufacturing, but similar materials could be used to stop intellectual property theft in the future.