Ingress of threshold voltage-triggered hardware trojan in the modern FPGA fabric–detection methodology and mitigation

The ageing phenomenon of negative bias temperature instability (NBTI) continues to challenge the dynamic thermal management of modern FPGAs. Increased transistor density leads to thermal accumulation and propagates higher and non-uniform temperature variations across the FPGA. This aggravates the impact of NBTI on key PMOS transistor parameters such as threshold voltage and drain current. Where it ages the transistors, with a successive reduction in FPGA lifetime and reliability, it also challenges its security. The ingress of threshold voltage-triggered hardware Trojan, a stealthy and malicious electronic circuit, in the modern FPGA, is one such potential threat that could exploit NBTI and severely affect its performance. The development of an effective and efficient countermeasure against it is, therefore, highly critical. Accordingly, we present a comprehensive FPGA security scheme, comprising novel elements of hardware Trojan infection, detection, and mitigation, to protect FPGA applications against the hardware Trojan. Built around the threat model of a naval warship’s integrated self-protection system (ISPS), we propose a threshold voltage-triggered hardware Trojan that operates in a threshold voltage region of 0.45V to 0.998V, consuming ultra-low power (10.5nW), and remaining stealthy with an area overhead as low as 1.5% for a 28 nm technology node. The hardware Trojan detection sub-scheme provides a unique lightweight threshold voltage-aware sensor with a detection sensitivity of 0.251mV/nA. With fixed and dynamic ring oscillator-based sensor segments, the precise measurement of frequency and delay variations in response to shifts in the threshold voltage of a PMOS transistor is also proposed. Finally, the FPGA security scheme is reinforced with an online transistor dynamic scaling (OTDS) to mitigate the impact of hardware Trojan through run-time tolerant circuitry capable of identifying critical gates with worst-case drain current degradation

Design techniques for safe, reliable, and trustworthy analog circuits

Rapid developments in communication, automation, and smart technologies continue to drive the trend of increasingly large-scale integration of electronics. The number of ICs embedded in various systems continues to rise to realize more sophisticated functions and capabilities, and as a result we rely more and more on the smooth, safe, and secure operation of ICs. Quality assurance of ICs is of paramount importance in critical missions because faults can incur heavy consequences. To ensure reliability, IC designs undergo a thorough verification process prior to fabrication and comprehensive testing and measurements before distribution. These steps provide confidence in parts shortly after their deployment into operation. Many critical ICs also embed functions to detect abnormal or faulty behavior in the field and add another layer of safety to the operation. The methodology for creating these built-in self-tests (BISTs) for digital circuits is fairly mature, yet analog and mixed signal (AMS) circuits still present a significant challenge for verification and testing. The development of in-field tests for AMS circuits is relatively new. Part of the difficulty is the many constraints that define satisfactory function. Complicated signal generators and observers are usually required to stimulate the circuit and measure its response in order to accurately determine if it meets specifications. These are available in a production test environment in the form of external equipment, but the amount of hardware, power, and other resources required for these tests make it impractical for in-field operation. To address this issue, some simple, low-resource test circuits have been developed to test some fundamental AMS blocks. The test results allow one to infer faulty behavior of circuit rather than explicitly confirming specifications are not met, which makes the design of test inputs and observers significantly easier. These test circuits use simple analog-digital interfaces which aid the integration of the designs into existing digital test architectures. The AMS test circuits were implemented on a PCB to demonstrate their feasibility. For ICs targeting high reliability, the parts are designed such that the probability of a fault occurring is extremely low, at least for a time. BISTs for in-field testing are intended to detect faults originating from a single source because of a defect or some other unpredictable event. But every IC will reach a time when devices start to fail independently of each other because of normal wear from use. The physical mechanisms causing transistor degradation, called transistor aging, have a predictable trend for a given history of use. On-chip monitors that track device aging over the life of a part can provide warnings before widespread failure occurs and allow confident operation of IC right up to its effective end of life (EOL). A bias and temperature instability (BTI) monitor was designed to estimate the evolving probability of BTI degradation in a device or devices during its operation. In addition to the chance of random failures in critical ICs, designers and customers must also concern themselves with intentionally induced failures. The important role these parts play in their respective systems makes them potential targets of attack by third parties whose goal is contrary to the parts’ primary missions. One potential class of threats is the hardware Trojan horse, a hidden and malicious function physically embedded in the design. These are high- risk/high-reward attacks because insertion of the Trojan is generally considered difficult but successful activation is potentially devastating. Much research and resources have been dedicated to developing threat models, identifying potential means of insertion and operation, and detection of Trojans during production tests. However, these efforts are almost entirely focused on the security of digital circuits while threats to AMS circuits have been ignored. One of the main reasons for this is the inherent sensitivity of AMS circuits, which leads to the assumption that any tampering would be obvious. This assumption falls short when a well- known problem in AMS circuit design is considered: multi-stable operation. A definitive taxonomy of this sub-class of hardware Trojans was constructed to complement existing definitions and efforts on Trojan classification. An example of an AMS circuit with such a Trojan is provided to validate the threat this class of Trojans poses

Design for prognostics and security in field programmable gate arrays (FPGAs).

There is an evolutionary progression of Field Programmable Gate Arrays (FPGAs) toward more complex and high power density architectures such as Systems-on- Chip (SoC) and Adaptive Compute Acceleration Platforms (ACAP). Primarily, this is attributable to the continual transistor miniaturisation and more innovative and efficient IC manufacturing processes. Concurrently, degradation mechanism of Bias Temperature Instability (BTI) has become more pronounced with respect to its ageing impact. It could weaken the reliability of VLSI devices, FPGAs in particular due to their run-time reconfigurability. At the same time, vulnerability of FPGAs to device-level attacks in the increasing cyber and hardware threat environment is also quadrupling as the susceptible reliability realm opens door for the rogue elements to intervene. Insertion of highly stealthy and malicious circuitry, called hardware Trojans, in FPGAs is one of such malicious interventions. On the one hand where such attacks/interventions adversely affect the security ambit of these devices, they also undermine their reliability substantially. Hitherto, the security and reliability are treated as two separate entities impacting the FPGA health. This has resulted in fragmented solutions that do not reflect the true state of the FPGA operational and functional readiness, thereby making them even more prone to hardware attacks. The recent episodes of Spectre and Meltdown vulnerabilities are some of the key examples. This research addresses these concerns by adopting an integrated approach and investigating the FPGA security and reliability as two inter-dependent entities with an additional dimension of health estimation/ prognostics. The design and implementation of a small footprint frequency and threshold voltage-shift detection sensor, a novel hardware Trojan, and an online transistor dynamic scaling circuitry present a viable FPGA security scheme that helps build a strong microarchitectural level defence against unscrupulous hardware attacks. Augmented with an efficient Kernel-based learning technique for FPGA health estimation/prognostics, the optimal integrated solution proves to be more dependable and trustworthy than the prevalent disjointed approach.Samie, Mohammad (Associate)PhD in Transport System