Search for: All records

Vulnerabilities of key based analog obfuscation methodologies that modify the transistor dimensions of a circuit are evaluated. Two attack vectors on a common source amplifier, differential amplifier, operational amplifier, and voltage controlled oscillator are developed. The first attack exploits the lack of possible key combinations permitted around the correct key, which is a result of requiring a unique key to lock the circuit. An average of 5 possible key combinations were returned in an average of 5.47 seconds when executing the key spacing attack. The second attack vector utilizes the monotonic relationship between the sizing of the transistors and the functional response of the circuit to determine the correct key. The average time to execute the attack, while assuming process, voltage, and temperature (PVT) variation of 10%, was 1.18 seconds. Both equal key spacing and non-monotonic key dependencies are discussed as ways to mitigate the threats to future analog obfuscation techniques. 

In this paper, an approach is described for enhancing the security of analog circuits using Satisfiability Modulo theory (SMT) based design space exploration. The technique takes as inputs generic circuit equations and performance constraints and, by exhaustively exploring the design space, outputs transistor sizes that satisfy the given constraints. The analog satisfiability (aSAT) methodology is applied to parameter biasing obfuscation, where the width of a transistor is obfuscated to mask circuit properties, while also limiting the number of keys that produce the target performance requirements. The proposed methodology is used in the design of a differential amplifier and a two stage amplifier. The widths determined through aSAT analysis are shown to meet the gain, phase margin, and power consumption requirements for both a differential amplifier and a two-stage amplifier. However, a 7 MHz offset in the gain-bandwidth of the two-stage amplifier is observed from the target value of 30 MHz. The total gain of the two stage amplifier is masked with a 24 bit encryption key that results in a probability of 5.96x10-08 to determine the correct key. The simulated results indicate that the proposed analog design methodology quickly and accurately determines transistor sizes for target specifications, while also accounting for obfuscation of analog circuit parameters. 

A methodology to secure analog intellectual property (IP) by obfuscating biasing conditions is presented in this paper. Previous research methodologies have focused on protecting digital IP from theft, overproduction, counterfeiting, and Trojan insertion. Analog IP has not been investigated as it does not share the same replicated structures and functionalities used for digital protection. The bias encryption techniques presented in this paper are implemented on a phase locked loop (PLL). The operating frequency of the PLL is masked in the range of 800 MHz to 2.2 GHz with a 40-bit encryption key. The probability of determining the correct key through brute force attack is 9.095×10-13. The overheads of encrypting the PLL include a 6.3% increase in active area, a 0.89% increase in power consumption, and a 5 dBc/Hz increase in phase noise.