Circuit Techniques for Low-Power and Secure Internet-of-Things Systems

The coming of Internet of Things (IoT) is expected to connect the physical world to the cyber world through ubiquitous sensors, actuators and computers. The nature of these applications demand long battery life and strong data security. To connect billions of things in the world, the hardware platform for IoT systems must be optimized towards low power consumption, high energy efficiency and low cost. With these constraints, the security of IoT systems become a even more difficult problem compared to that of computer systems. A new holistic system design considering both hardware and software implementations is demanded to face these new challenges. In this work, highly robust and low-cost true random number generators (TRNGs) and physically unclonable functions (PUFs) are designed and implemented as security primitives for secret key management in IoT systems. They provide three critical functions for crypto systems including runtime secret key generation, secure key storage and lightweight device authentication. To achieve robustness and simplicity, the concept of frequency collapse in multi-mode oscillator is proposed, which can effectively amplify the desired random variable in CMOS devices (i.e. process variation or noise) and provide a runtime monitor of the output quality. A TRNG with self-tuning loop to achieve robust operation across -40 to 120 degree Celsius and 0.6 to 1V variations, a TRNG that can be fully synthesized with only standard cells and commercial placement and routing tools, and a PUF with runtime filtering to achieve robust authentication, are designed based upon this concept and verified in several CMOS technology nodes. In addition, a 2-transistor sub-threshold amplifier based "weak" PUF is also presented for chip identification and key storage. This PUF achieves state-of-the-art 1.65% native unstable bit, 1.5fJ per bit energy efficiency, and 3.16% flipping bits across -40 to 120 degree Celsius range at the same time, while occupying only 553 feature size square area in 180nm CMOS. Secondly, the potential security threats of hardware Trojan is investigated and a new Trojan attack using analog behavior of digital processors is proposed as the first stealthy and controllable fabrication-time hardware attack. Hardware Trojan is an emerging concern about globalization of semiconductor supply chain, which can result in catastrophic attacks that are extremely difficult to find and protect against. Hardware Trojans proposed in previous works are based on either design-time code injection to hardware description language or fabrication-time modification of processing steps. There have been defenses developed for both types of attacks. A third type of attack that combines the benefits of logical stealthy and controllability in design-time attacks and physical "invisibility" is proposed in this work that crosses the analog and digital domains. The attack eludes activation by a diverse set of benchmarks and evades known defenses. Lastly, in addition to security-related circuits, physical sensors are also studied as fundamental building blocks of IoT systems in this work. Temperature sensing is one of the most desired functions for a wide range of IoT applications. A sub-threshold oscillator based digital temperature sensor utilizing the exponential temperature dependence of sub-threshold current is proposed and implemented. In 180nm CMOS, it achieves 0.22/0.19K inaccuracy and 73mK noise-limited resolution with only 8865 square micrometer additional area and 75nW extra power consumption to an existing IoT system.PHDElectrical EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/138779/1/kaiyuan_1.pd

A Physical Unclonable Function derived from the power distribution system of an integrated circuit

Hardware support for security mechanisms such as authentication, cryptographic protocols, digital rights management and hardware metering depend heavily on the security of embedded secret keys. The current practice of embedding these keys as digital data in the Integrated Circuit (IC) weakens security because the keys can be learned through attacks. Physical Unclonable Functions (PUFs) are a recently- proposed alternative to storing digital keys on the IC. A PUF leverages the inherent manufacturing variations of an IC to define a random function. However, poor performance under PUF quality criteria such as the level of randomness and reproducibility in the responses have detracted from their adoption and widespread use. In this dissertation, I propose several ways to define a novel PUF using the Power Distribution System (PDS) of an IC. First, I describe the hardware primitive and test setup that is required to obtain the PUF responses. Then, I evaluate the analog PUF responses from silicon against standard PUF quality metrics in order to qualify the strengths and weaknesses of the proposed PUF. I show that the analog PUFs ex- hibit very high levels of randomness and reproducibility, but are sensitive to changes in temperature. Next, I propose extensions to our PUF that enable an exponential number of Challenge/Response Pairs (CRPs) with respect to the number of hardware resources, as well as yielding a marginal increase in the level of randomness. I also use these same analog measurements from silicon to simulate an integrated implementation of the PUF that takes a digital challenge and returns a digital response. I show that the integrated architecture also exhibits high levels of randomness and reproducibility, and is also resistant to changes in temperature. Future work includes designing and building a new IC that implements a more powerful hardware primitive that will improve both the number and accuracy of the measurements, as well as additional hardware that will allow the challenge and response generation to be performed on-chip

Digitally-Modulated Transmitter for Wireless Communications

With the increased digital processing capabilities of sub-micron CMOS nodes, pushing the digital world towards the antenna is becoming attractive, enabling higher reconfigurability of the transmitter, therefore, more degrees of freedom to end-users. More specifically, by adopting an RF-DAC (DAC working at RF frequency) instead of the traditional Power Amplifier block allows for increased performance of the whole transmitter. Hence, a polar transmitter is being studied and an implementation in 130 nm CMOS node is expected

Integrated Electronics to Control and Readout Electrochemical Biosensors for Implantable Applications

Biosensors can effectively be used to monitor multiple metabolites such as glucose, lactate, ATP and drugs in the human body. Continuous monitoring of these metabolites is essential for patients with chronic or critical conditions. Moreover, this can be used to tune the dosage of a drug for each individual patient, in order to achieve personalized therapy. Implantable medical devices (IMDs) based on biosensors are emerging as a valid alternative for blood tests in laboratories. They can provide continuous monitoring while reduce the test costs. The potentiostat plays a fundamental role in modern biosensors. A potentiostat is an electronic device that controls the electrochemical cell, using three electrodes, and runs the electrochemical measurement. In particular the IMDs require a low-power, fully-integrated, and autonomous potentiostats to control and readout the biosensors. This thesis describes two integrated circuits (ICs) to control and readout multi-target biosensors: LOPHIC and ARIC. They enable chronoamperometry and cyclic voltammetrymeasurements and consume sub-mW power. The design, implementation, characterisation, and validation with biosensors are presented for each IC. To support the calibration of the biosensors with environmental parameters, ARIC includes circuitry to measure the pHand temperature of the analyte through an Iridiumoxide pH sensor and an off-chip resistor-temperature detector (RTD). In particular, novel circuits to convert resistor value into digital are designed for RTD readout. ARIC is integrated into two IMDs aimed for health-care monitoring and personalized therapy. The control and readout of the embedded sensor arrays have been successfully achieved, thanks to ARIC, and validated for glucose and paracetamol measurements while it is remotely powered through an inductive link. To ensure the security and privacy of IMDs, a lightweight cryptographic system (LCS) is presented. This is the first ASIC implementation of a cryptosystem for IMDs, and is integrated into ARIC. The resulting system provides a unique and fundamental capability by immediately encrypting and signing the sensor data upon its creation within the body. Nano-structures such as Carbon nanotubes have been widely used to improve the sensitivity of the biosensors. However, in most of the cases, they introduce more noise into the measurements and produce a large background current. In this thesis the noise of the sensors incorporating CNTs is studied for the first time. The effect of CNTs as well as sensor geometry on the signal to noise ratio of the sensors is investigated experimentally. To remove the background current of the sensors, a differential readout scheme has been proposed. In particular, a novel differential readout IC is designed and implemented that measures inputcurrents within a wide dynamic range and produces a digital output that corresponds to the -informative- redox current of the biosensor

Attacking and Defending Emerging Computer Systems Using The Memory Remanence Effect

In computer systems, manufacturing variances and hardware effects are typically abstracted away by the software layer. This dissertation explores how these effects, specifically memory remanence, can be used both as an attack vector and a tool to defend emerging computing systems. To achieve this, we show how time-keeping, anonymity, and authenticity can be affected by memory remanence. In terms of attacks, we explore the deanonymizing effect of approximate computing in the context of approximate memory in Probable Cause. We show how data passing through an approximate memory is watermarked with a device specific tag that points the attacker back to the device. In terms of defenses, we first present TARDIS: an approach to provide a notion of time for transiently powered embedded devices without requiring any hardware modification using remanence effect of SRAM. TARDIS allows these devices to keep a coarse-grained notion of time without the need for a running clock. Second, we propose data retention voltage of memory cells as a new type of physical unclonable function that allows for low-cost authentication and counterfeit resistance in computer systems.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/136985/1/rahmati_1.pd

Low Power Memory/Memristor Devices and Systems

This reprint focusses on achieving low-power computation using memristive devices. The topic was designed as a convenient reference point: it contains a mix of techniques starting from the fundamental manufacturing of memristive devices all the way to applications such as physically unclonable functions, and also covers perspectives on, e.g., in-memory computing, which is inextricably linked with emerging memory devices such as memristors. Finally, the reprint contains a few articles representing how other communities (from typical CMOS design to photonics) are fighting on their own fronts in the quest towards low-power computation, as a comparison with the memristor literature. We hope that readers will enjoy discovering the articles within

Continuous Mode High Efficiency Power Amplifier Design for X Band

This thesis is focused on the investigation and implementation of novel techniques for the design of X band (8 - 12GHz) power amplifiers. One of the main topics is the expansion and novel implementation of continuous mode theory, with the intention of improving the bandwidth and efficiency of X band power amplifiers. This work builds upon the Class B/J continuous mode theory to incorporate cases where <[ZF0] 6= RL, not described by the original Class B/J theory, with a tool called the “clipping contour”. The clipping contour tool shows a graphical representation on the Smith chart of the boundary between impedances generating a voltage waveform which will modulate or “clip” the current waveform, and a voltage waveform which will leave the current waveform unaltered. This non-clipping space is shown, with measured load pull and amplifier data, to represent the maximum efficiency case for a given ZF0, thus the clipping contour tool thus gives designers the ability to predict the areas of highest efficiency and power given any ZF0, without the need to use costly, time consuming multi harmonic load pull techniques. Push pull amplifiers using quarter wave coupled line baluns are proposed as an ideal matching topology to exploit this new tool. Various balun topologies are studied using a novel extended transmission line model. This model is shown to predict accurately and explain the “trace separation” effect seen in planar baluns and not their 3D coaxial cable equivalents. It also forms the basis of analysis which results in a powerful new equation capable of guaranteeing the elimination of trace separation completely, without compromising performance. This equation is used to design an optimal balun which possesses the largest fractional bandwidth (130%) of any balun ever published on single layer thin film Alumina, whilst simultaneously eliminating trace separation. The optimised Alumina baluns are used to construct push pull output demonstrator circuits which show efficiencies of 40% over greater than an octave bandwidth, a significant advancement of any other comparable published work. These techniques demonstrate the potential to exceed double octave bandwidths with efficiencies greater than 40% once optimised. Initial investigations on MMIC and 2.5D processes show the potential to replicate the Alumina performance over octave and decade bandwidths respectively

Comprehensive study of physical unclonable functions on FPGAs: correlation driven Implementation, deep learning modeling attacks, and countermeasures

For more than a decade and a half, Physical Unclonable Functions (PUFs) have been presented as a promising hardware security primitive. The idea of exploiting variabilities in hardware fabrication to generate a unique fingerprint for every silicon chip introduced a more secure and cheaper alternative. Other solutions using non-volatile memory to store cryptographic keys, require additional processing steps to generate keys externally, and secure environments to exchange generated keys, which introduce many points of attack that can be used to extract the secret keys. PUFs were addressed in the literature from different perspectives. Many publications focused on proposing new PUF architectures and evaluation metrics to improve security properties like response uniqueness per chip, response reproducibility of the same PUF input, and response unpredictability using previous input/response pairs. Other research proposed attack schemes to clone the response of PUFs, using conventional machine learning (ML) algorithms, side-channel attacks using power and electromagnetic traces, and fault injection using laser beams and electromagnetic pulses. However, most attack schemes to be successful, imposed some restrictions on the targeted PUF architectures, which make it simpler and easier to attack. Furthermore, they did not propose solid and provable enhancements on these architectures to countermeasure the attacks. This leaves many open questions concerning how to implement perfect secure PUFs especially on FPGAs, how to extend previous modeling attack schemes to be successful against more complex PUF architectures (and understand why modeling attacks work) and how to detect and countermeasure these attacks to guarantee that secret data are safe from the attackers. This Ph.D. dissertation contributes to the state of the art research on physical unclonable functions in several ways. First, the thesis provides a comprehensive analysis of the implementation of secure PUFs on FPGAs using manual placement and manual routing techniques guided by new performance metrics to overcome FPGAs restrictions with minimum hardware and area overhead. Then the impact of deep learning (DL) algorithms is studied as a promising modeling attack scheme against complex PUF architectures, which were reported immune to conventional (ML) techniques. Furthermore, it is shown that DL modeling attacks successfully overcome the restrictions imposed by previous research even with the lack of accurate mathematical models of these PUF architectures. Finally, this comprehensive analysis is completed by understanding why deep learning attacks are successful and how to build new PUF architectures and extra circuitry to thwart these types of attacks. This research is important for deploying cheap and efficient hardware security primitives in different fields, including IoT applications, embedded systems, automotive and military equipment. Additionally, it puts more focus on the development of strong intrinsic PUFs which are widely proposed and deployed in many security protocols used for authentication, key establishment, and Oblivious transfer protocols

Degradation in FPGAs: Monitoring, Modeling and Mitigation

This dissertation targets the transistor aging degradation as well as the associated thermal challenges in FPGAs (since there is an exponential relation between aging and chip temperature). The main objectives are to perform experimentation, analysis and device-level model abstraction for modeling the degradation in FPGAs, then to monitor the FPGA to keep track of aging rates and ultimately to propose an aging-aware FPGA design flow to mitigate the aging

Advanced filters and components for power applications

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (p. 159-163).The objective of this thesis is to improve the high frequency performance of components and filters by better compensating the parasitic effects of practical components. The main application for this improvement is in design of low pass filters for power electronics, although some other applications will be presented. In switching power supplies the input and output filters must attenuate frequencies related to the fundamental switching frequency of the converter. The filters represent a major contribution to the weight, volume and price of the power supply. Therefore, aspects of the design of the switching power converter, especially those related to the switching frequency, are limited by the high frequency performance of the filters. The usual methods of improving the high frequency performance of the filter includes using larger, better components. Filter performance can improve by using higher quality inductors and capacitors or by adding high frequency capacitors in parallel with the filter capacitor. Also, an additional filter stage can be added. All of these methods add significant cost to the design of the power supply. If the effect of high-frequency parasitic elements in the components can be reduced (at a low cost) the performance of the filter can be enhanced. This allows the development of filters with much better high frequency attenuation, or the reduction of filter size and cost at a constant performance level. In filtering and other applications, the ability to reduce the effect of parasitic elements will be a technique that will enable many high-frequency designs. Specifically, this thesis will present two techniques that can be used to reduce the effects of parasitic inductance and capacitance. One technique,(cont.) called inductance cancellation, is used to reduce the amount of parasitic inductance in a path of interest. The other technique, capacitance cancellation, will reduce the effect of a parasitic capacitance in an inductor. The techniques introduced here cannot be used to improve performance of passive components in all applications. These techniques, though, do provide major improvements in most filtering applications, an application in which parasitic components play an important role in the design.by Timothy C. Neugebauer.Ph.D