2 research outputs found
Circuit Techniques for Low-Power and Secure Internet-of-Things Systems
The coming of Internet of Things (IoT) is expected to connect the physical world to the cyber world through ubiquitous sensors, actuators and computers. The nature of these applications demand long battery life and strong data security. To connect billions of things in the world, the hardware platform for IoT systems must be optimized towards low power consumption, high energy efficiency and low cost. With these constraints, the security of IoT systems become a even more difficult problem compared to that of computer systems. A new holistic system design considering both hardware and software implementations is demanded to face these new challenges.
In this work, highly robust and low-cost true random number generators (TRNGs) and physically unclonable functions (PUFs) are designed and implemented as security primitives for secret key management in IoT systems. They provide three critical functions for crypto systems including runtime secret key generation, secure key storage and lightweight device authentication. To achieve robustness and simplicity, the concept of frequency collapse in multi-mode oscillator is proposed, which can effectively amplify the desired random variable in CMOS devices (i.e. process variation or noise) and provide a runtime monitor of the output quality. A TRNG with self-tuning loop to achieve robust operation across -40 to 120 degree Celsius and 0.6 to 1V variations, a TRNG that can be fully synthesized with only standard cells and commercial placement and routing tools, and a PUF with runtime filtering to achieve robust authentication, are designed based upon this concept and verified in several CMOS technology nodes. In addition, a 2-transistor sub-threshold amplifier based "weak" PUF is also presented for chip identification and key storage. This PUF achieves state-of-the-art 1.65% native unstable bit, 1.5fJ per bit energy efficiency, and 3.16% flipping bits across -40 to 120 degree Celsius range at the same time, while occupying only 553 feature size square area in 180nm CMOS.
Secondly, the potential security threats of hardware Trojan is investigated and a new Trojan attack using analog behavior of digital processors is proposed as the first stealthy and controllable fabrication-time hardware attack. Hardware Trojan is an emerging concern about globalization of semiconductor supply chain, which can result in catastrophic attacks that are extremely difficult to find and protect against. Hardware Trojans proposed in previous works are based on either design-time code injection to hardware description language or fabrication-time modification of processing steps. There have been defenses developed for both types of attacks. A third type of attack that combines the benefits of logical stealthy and controllability in design-time attacks and physical "invisibility" is proposed in this work that crosses the analog and digital domains. The attack eludes activation by a diverse set of benchmarks and evades known defenses.
Lastly, in addition to security-related circuits, physical sensors are also studied as fundamental building blocks of IoT systems in this work. Temperature sensing is one of the most desired functions for a wide range of IoT applications. A sub-threshold oscillator based digital temperature sensor utilizing the exponential temperature dependence of sub-threshold current is proposed and implemented. In 180nm CMOS, it achieves 0.22/0.19K inaccuracy and 73mK noise-limited resolution with only 8865 square micrometer additional area and 75nW extra power consumption to an existing IoT system.PHDElectrical EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/138779/1/kaiyuan_1.pd
Recommended from our members
In-situ and In-field temperature and transistor BTI sensing techniques with microprocessor level implementation
In modern deep-scaled CMOS technologies, various silicon-related pitfalls present challenges to the long-term performance of microprocessors. Such challenges include (1) local hot spots, which breach the thermal limitations of a microprocessor, and (2) transistor aging, especially NBTI, which degrades transistor threshold voltage, ultimately threatening the reliability of the entire memory block. In previous systems, the dummy circuit was placed next to the subject, where the dummy was frequently analyzed, and the readout was used to infer the condition of the target. Due to rapidly changing ambient conditions (e.g., temperature and voltage) and the potential scale of the target dimensions, such metrics may not accurately represent the condition of the target. Moreover, such temperature sensors and canary circuits occupy a significant area.
Therefore, it would be highly preferable to monitor the target circuit in-situ, i.e., to sense the precise transistor at operation. It is also important to achieve an accurate sensing metric. When the temperature is analyzed, the readout should account for voltage and process variations. While sensing the aging degradation, the readout should account for voltage and temperature fluctuations. This would allow testing during in-field operation, while the circuits achieve area-efficiency.
This research had two stages. One result of the first stage was a silicon test chip that was a compact temperature sensor. It involved a family of PTAT+CTAT sensor front-ends that unitized only 6 to 8 conventional CMOS logic devices, yielding a smaller sized chip. The sensor demonstrates accuracy within the target and achieves a 14.3x smaller foot print than preceding published designs. The second product of the first stage was a PMOS aging sensor used in 6T SRAM circuits. The test chip has a real SRAM array, integrated with the proposed PMOS NBTI sensor. It can sense real PMOS NBTI effects in any bit cell (in-situ) and provide robust readings of temperature and voltage (in-field). Intensive aging tests validated the proposed sensing technique.
The second stage was focused on implementing the in-situ and in-field sensing techniques in a real processor. The MIPS microprocessor had a modified instruction cache (I$) and instruction set architecture. With the addition of new instruction aging sensing and minor modification of the circuits, the processor can execute aging sensing opportunistically to evaluate the aging level of its instruction cache. A software framework was developed and verified to estimate the retention voltage of the instruction cache over the lifetime of the chip.
An area-efficient SoC was developed that could transform the instruction cache into an ambient temperature sensor. It had a physically unclonable function (PUF), and it was built with an area-saving technique similar to the earlier work.
This thesis has four chapters. They are presented in chronological and they are aligned with the research described above