skip to main content

Explore Research Products in the NSF-PAR

Title: Learning Assisted Side Channel Delay Test for Detection of Recycled ICs
With the outsourcing of design flow, ensuring the security and trustworthiness of integrated circuits has become more challenging. Among the security threats, IC counterfeiting and recycled ICs have received a lot of attention due to their inferior quality, and in turn, their negative impact on the reliability and security of the underlying devices. Detecting recycled ICs is challenging due to the effect of process variations and process drift occurring during the chip fabrication. Moreover, relying on a golden chip as a basis for comparison is not always feasible. Accordingly, this paper presents a recycled IC detection scheme based on delay side-channel testing. The proposed method relies on the features extracted during the design flow and the sample delays extracted from the target chip to build a Neural Network model using which the target chip can be truly identified as new or recycled. The proposed method classifies the timing paths of the target chip into two groups based on their vulnerability to aging using the information collected from the design and detects the recycled ICs based on the deviation of the delay of these two sets from each other.  more » « less
Award ID(s):
1718434 2200446
NSF-PAR ID:
10298701
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
ASPDAC '21: Proceedings of the 26th Asia and South Pacific Design Automation Conference
Page Range / eLocation ID:
455 to 462
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ( , 2020 IEEE 38th VLSI Test Symposium (VTS))
    null (Ed.)
    The recycling of used integrated circuits (ICs) has raised serious problems in ensuring the integrity of today's globalized semiconductor supply chain. This poses a serious threat to critical infrastructure due to potentially shorter lifetime, lower reliability, and poorer performance from these counterfeit new chips. Recently, we have proposed a highly effective approach for detecting such chips by exploiting the power-up state of on-chip SRAMs. Due to the symmetry of the memory array layout, an equal number of cells power-up to the 0 and 1 logic states in a new unused SRAM; this ratio gets skewed in time due to uneven NBTI aging from normal usage in the field. Although this solution is very effective in detecting recycled ICs, its applicability is somewhat limited as a large number older designs do not have large on-chip memories. In this paper, we propose an alternate approach based on the initial power-up state of scan flip-flops, which are present in virtually every digital circuit. Since the flip-flops, unlike SRAM cells, are generally not perfectly symmetrical in layout, an equal number of scan cells will not power-up to 0 or 1 logic states in most designs. Consequently, a stable time zero reference of 50% logic 0s and 1s cannot be used for determining the subsequent usage of a chip. To overcome this key limitation, we propose a novel solution in this paper that reliably identifies used ICs from testing the part alone, without the need for any additional reference data or even the netlist of the circuit. Through scan testing of the IC, we first identify a significant number of asymmetrically stressed flip-flops in the design, divided into two groups. One group of flip-flops is selected such that it mostly experiences the 1 logic state during functional operation, while the other group mostly experiences the 0 state. The resulting differential stress during operation causes growing disparity over time in the number of 0s (and 1s) observed in these two groups at power-up. When new and unaged, these two groups behave similarly, with similar percentage of 1s (or 0s). However, over time the differential stress makes these counts diverge. We show that this changing count can be a measure of operational aging. Our simulation results show that it is possible to reliably detect used ICs after as little as three months of operation. 
    more » « less
  2. ; ( , Proceedings of Great Lakes Symposium on VLSI (GLSVLSI))
    Chip designers can secure their ICs against piracy and overproduction by employing logic locking and obfuscation. However, there are numerous attacks that can examine the logic-locked netlist with the assistance of an activated IC and extract the correct key using a SAT solver. In addition, when it comes to fabrication, the imposed area overhead is a challenge that needs careful attention to preserve the design goals. Thus, to assign a logic locking method that can provide security against diverse attacks and at the same time add minimal area overhead, a comprehensive understanding of the circuit structure is needed. Towards this goal, in this paper, we first build a multi-label dataset by running different attacks on benchmarks locked with existing logic locking methods and various key sizes to capture the provided level of security and overhead for each benchmark. Then we propose and analyze CoLA, a convolutional neural network model that is trained on this dataset and thus is able to map circuits to secure low-overhead locking schemes by analyzing extracted features of the benchmark circuits. Considering various resynthesized versions of the same circuits empowers CoLA to learn features beyond the structure view alone. We use a quantization method that can lower the computation overhead of feature extraction in the classification of new, unseen data, hence speeding up the locking assignment process. Results on over 10,000 data show high accuracy both in the training and validation phases. 
    more » « less
  3. ; ; ( , Frontiers in Nanotechnology)
    Hardware Trojans in Integrated Circuits (ICs), that are inserted as hostile modifications in the design phase and/or the fabrication phase, are a security threat since the semiconductor manufacturing process is increasingly becoming globalized. These Trojans are devised to stay hidden during standard structural and functional testing procedures and only activate under pre-determined rare conditions (e.g., after a large number of clock cycles or the assertion of an improbable net). Once triggered, they can deliver malicious payloads (e.g., denial-of-service and information leakage attacks). Current literature identifies a collection of logic Trojans (both trigger circuits and payloads), but minimal research exists on memory Trojans despite their high feasibility. Emerging Non-Volatile Memories (NVMs), such as Resistive RAM (RRAM), have special properties such as non-volatility and gradual drift in bitcell resistance under a pulsing voltage input that make them prime targets to deploy hardware Trojans. In this paper, we present two delay-based and two voltage-based Trojan triggers using emerging NVM (ENTT) by utilizing RRAM’s resistance drift under a pulsing voltage input. Simulations show that ENTTs can be triggered by reading/writing to a specific memory address N times (N could be 2,500–3,500 or a different value for each ENTT design). Since the RRAM is non-volatile, address accesses can be intermittent and therefore stay undetected from system-level techniques that can identify continuous hammering as a possible security threat. We also present three reset techniques to de-activate the triggers. The resulting static/dynamic power overhead and maximum area overhead incurred by the proposed ENTTs are 104.24 μW/0.426 μW and 9.15 μm2, respectively in PTM 65 nm technology. ENTTs are effective against contemporary Trojan detection techniques and system level protocols. We also propose countermeasures to detect ENTT during the test phase and/or prevent fault-injection attacks during deployment. 
    more » « less
  4. ; ; ; ; ( , 2022 IEEE International Symposium on Hardware Oriented Security and Trust (HOST))
    In recent years, semiconductor industry has out-sourced the manufacturing to low-cost but not necessarily trusted foundries. This fabless business model encounters new security challenges, including piracy and overproduction. A well-studied solution to prevent unauthorized products from functioning is logic encryption, where a chip is encrypted using a key only known to the designer. However, the majority of the logic encryption solutions are vulnerable due to key uniformity and probing attacks. In this paper, we first present GSAT, a Global attack on existing IC-specific logic encryption schemes using the SAT model, that effectively deciphers the hidden global key pluggable to all the encrypted ICs. Next, we propose a highly secure and low-cost remedy called SPLEnD: Strong PUF -based Logic Encryption Design. Traditional I C-specific encryption schemes are vulnerable to GSAT attack, while SPLEnD not only effectively resists GSAT, but also balances security and efficiency. 
    more » « less
  5. ; ; ; ( , SRC TECHCON)
    Microprobing attacks poses a serious threat to security-critical applications by enabling attackers to steal assets and/or secrets within integrated circuits (ICs).With the assistance of focused ion beam (FIB), microprobing attacks are even more powerful. Although there are some existing countermeasures like active shields, analog shields, and t-private circuits, the FIB’s capabilities are not taken into consideration and thus these countermeasures are inefficient and only provide limited resistance against the FIB-enhanced microprobing attacks. To counter the attack, we previously proposed a FIB-aware antiprobing physical design flow that utilizes computer-aided design (CAD) tools to detect and prevent microprobing attack from the IC front-side with minimal extra design effort. In this paper, we expand this flow to protect not only front-side of the IC, but provide simultaneous protection of both front-side and back-side. Results in an Advanced Encryption Standard (AES) benchmark show that, by using the proposed flow, the vulnerable area exposed to front-side probing on security-critical nets is reduced to zero at low FIB aspect ratios with less than 2% timing and area overhead. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email