Effects of Temperature, Humidity, and Supply Voltage on MSP430 Behaviors

As the demand for microchips to control a more technologically connected world increases, so does the outsourcing of manufacturing these microchips, which poses risks of old microchips being refurbished as new and new microchips being tampered with Hardware Trojans (HT). The purpose of this research is to develop a systematic testing approach to analyze various microchips for abnormal behaviors. The Design of Experiments (DOE) technique was used to investigate the effects of temperature, humidity, and supply voltage (VCC) on microchip response parameters of VOL, VOH, VIL, VIH, and power consumption values. All these parameters were also individually examined against supply voltage under various temperature and humidity conditions on ten different MSP430FG6626s in 2 separate tests to determine Chip to Chip (C-2-C) variation, microchip defects and potential failures. A sealed enclosure was created to achieve various needed testing conditions and to allow for multiple chips to be tested simultaneously. Corresponding devices were equipped to the enclosure for in-situ input variation and output recording. DOE analysis concluded that supply voltage is the most statistically significant factor affecting key microchip response parameters of VIL, VIH and VOH within the limits of the input factors. The high repeatability and consistency of the response data to supply voltage ramping among the tested chips confirm that the testing setup and method used in this research are valid for screening microchips for defects and irregularities

Digital IP Protection Using Threshold Voltage Control

This paper proposes a method to completely hide the functionality of a digital standard cell. This is accomplished by a differential threshold logic gate (TLG). A TLG with $n$ inputs implements a subset of Boolean functions of $n$ variables that are linear threshold functions. The output of such a gate is one if and only if an integer weighted linear arithmetic sum of the inputs equals or exceeds a given integer threshold. We present a novel architecture of a TLG that not only allows a single TLG to implement a large number of complex logic functions, which would require multiple levels of logic when implemented using conventional logic primitives, but also allows the selection of that subset of functions by assignment of the transistor threshold voltages to the input transistors. To obfuscate the functionality of the TLG, weights of some inputs are set to zero by setting their device threshold to be a high $V_t$. The threshold voltage of the remaining transistors is set to low $V_t$ to increase their transconductance. The function of a TLG is not determined by the cell itself but rather the signals that are connected to its inputs. This makes it possible to hide the support set of the function by essentially removing some variable from the support set of the function by selective assignment of high and low $V_t$ to the input transistors. We describe how a standard cell library of TLGs can be mixed with conventional standard cells to realize complex logic circuits, whose function can never be discovered by reverse engineering. A 32-bit Wallace tree multiplier and a 28-bit 4-tap filter were synthesized on an ST 65nm process, placed and routed, then simulated including extracted parastics with and without obfuscation. Both obfuscated designs had much lower area (25%) and much lower dynamic power (30%) than their nonobfuscated CMOS counterparts, operating at the same frequency

A Survey on Integrated Circuit Trojans

Traditionally, computer security has been associated with the software security, or the information-data security. Surprisingly, the hardware on which the software executes or the information stored-processed-transmitted has been assumed to be a trusted base of security. The main building blocks of any electronic device are Integrated circuits (ICs) which form the fabric of a computer system. Lately, the use of ICs has expanded from handheld calculators and personal computers (PCs) to smartphones, servers, and Internet-of-Things (IoT) devices. However, this significant growth in the IC market created intense competition among IC vendors, leading to new trends in IC manufacturing. System-on-chip (SoC) design based on intellectual property (IP), a globally spread supply chain of production and distribution of ICs are the foremost of these trends. The emerging trends have resulted in many security and trust weaknesses and vulnerabilities, in computer systems. This includes Hardware Trojans attacks, side-channel attacks, Reverse-engineering, IP piracy, IC counterfeiting, micro probing, physical tampering, and acquisition of private or valuable assets by debugging and testing. IC security and trust vulnerabilities may cause loss of private information, modified/altered functions, which may cause a great economical hazard and big damage to society. Thus, it is crucial to examine the security and trust threats existing in the IC lifecycle and build defense mechanisms against IC Trojan threats. In this article, we examine the IC supply chain and define the possible IC Trojan threats for the parties involved. Then we survey the latest progress of research in the area of countermeasures against the IC Trojan attacks and discuss the challenges and expectations in this area. Keywords: IC supply chain, IC security, IP privacy, hardware trojans, IC trojans DOI: 10.7176/CEIS/12-2-01 Publication date: April 30th 202

Rapid mapping of digital integrated circuit logic gates via multi-spectral backside imaging

Modern semiconductor integrated circuits are increasingly fabricated at untrusted third party foundries. There now exist myriad security threats of malicious tampering at the hardware level and hence a clear and pressing need for new tools that enable rapid, robust and low-cost validation of circuit layouts. Optical backside imaging offers an attractive platform, but its limited resolution and throughput cannot cope with the nanoscale sizes of modern circuitry and the need to image over a large area. We propose and demonstrate a multi-spectral imaging approach to overcome these obstacles by identifying key circuit elements on the basis of their spectral response. This obviates the need to directly image the nanoscale components that define them, thereby relaxing resolution and spatial sampling requirements by 1 and 2 - 4 orders of magnitude respectively. Our results directly address critical security needs in the integrated circuit supply chain and highlight the potential of spectroscopic techniques to address fundamental resolution obstacles caused by the need to image ever shrinking feature sizes in semiconductor integrated circuits

Detecting Hardware Trojans Using Backside Optical Imaging of Embedded Watermarks

ABSTRACT Hardware Trojans are a critical security threat to integrated circuits. We propose an optical method to detect and localize Trojans inserted during the chip fabrication stage. We engineer the fill cells in a standard cell library to be highly reflective at near-IR wavelengths so that they can be readily observed in an optical image taken through the backside of the chip. The pattern produced by their locations produces an easily measured watermark of the circuit layout. Replacement, modification or re-arrangement of these cells to add a Trojan can therefore be detected through rapid postfabrication backside imaging. We evaluate our approach using various hardware blocks where the Trojan circuit area is less than 0.1% of the total area and it consumes less than 2% leakage power of the entire chip. In addition, we evaluate the tolerance of our methodology to background measurement noise and process variation

Designing energy-efficient sub-threshold logic circuits using equalization and non-volatile memory circuits using memristors

The very large scale integration (VLSI) community has utilized aggressive complementary metal-oxide semiconductor (CMOS) technology scaling to meet the ever-increasing performance requirements of computing systems. However, as we enter the nanoscale regime, the prevalent process variation effects degrade the CMOS device reliability. Hence, it is increasingly essential to explore emerging technologies which are compatible with the conventional CMOS process for designing highly-dense memory/logic circuits. Memristor technology is being explored as a potential candidate in designing non-volatile memory arrays and logic circuits with high density, low latency and small energy consumption. In this thesis, we present the detailed functionality of multi-bit 1-Transistor 1-memRistor (1T1R) cell-based memory arrays. We present the performance and energy models for an individual 1T1R memory cell and the memory array as a whole. We have considered TiO2- and HfOx-based memristors, and for these technologies there is a sub-10% difference between energy and performance computed using our models and HSPICE simulations. Using a performance-driven design approach, the energy-optimized TiO2-based RRAM array consumes the least write energy (4.06 pJ/bit) and read energy (188 fJ/bit) when storing 3 bits/cell for 100 nsec write and 1 nsec read access times. Similarly, HfOx-based RRAM array consumes the least write energy (365 fJ/bit) and read energy (173 fJ/bit) when storing 3 bits/cell for 1 nsec write and 200 nsec read access times. On the logic side, we investigate the use of equalization techniques to improve the energy efficiency of digital sequential logic circuits in sub-threshold regime. We first propose the use of a variable threshold feedback equalizer circuit with combinational logic blocks to mitigate the timing errors in digital logic designed in sub-threshold regime. This mitigation of timing errors can be leveraged to reduce the dominant leakage energy by scaling supply voltage or decreasing the propagation delay. At the fixed supply voltage, we can decrease the propagation delay of the critical path in a combinational logic block using equalizer circuits and, correspondingly decrease the leakage energy consumption. For a 8-bit carry lookahead adder designed in UMC 130 nm process, the operating frequency can be increased by 22.87% (on average), while reducing the leakage energy by 22.6% (on average) in the sub-threshold regime. Overall, the feedback equalization technique provides up to 35.4% lower energy-delay product compared to the conventional non-equalized logic. We also propose a tunable adaptive feedback equalizer circuit that can be used with sequential digital logic to mitigate the process variation effects and reduce the dominant leakage energy component in sub-threshold digital logic circuits. For a 64-bit adder designed in 130 nm our proposed approach can reduce the normalized delay variation of the critical path delay from 16.1% to 11.4% while reducing the energy-delay product by 25.83% at minimum energy supply voltage. In addition, we present detailed energy-performance models of the adaptive feedback equalizer circuit. This work serves as a foundation for the design of robust, energy-efficient digital logic circuits in sub-threshold regime

Modeling and model-aware signal processing methods for enhancement of optical systems

Theoretical and numerical modeling of optical systems are increasingly being utilized in a wide range of areas in physics and engineering for characterizing and improving existing systems or developing new methods. This dissertation focuses on determining and improving the performance of imaging and non-imaging optical systems through modeling and developing model-aware enhancement methods. We evaluate the performance, demonstrate enhancements in terms of resolution and light collection efficiency, and improve the capabilities of the systems through changes to the system design and through post-processing techniques. We consider application areas in integrated circuit (IC) imaging for fault analysis and malicious circuitry detection, and free-form lens design for creating prescribed illumination patterns. The first part of this dissertation focuses on sub-surface imaging of ICs for fault analysis using a solid immersion lens (SIL) microscope. We first derive the Green's function of the microscope and use it to determine its resolution limits for bulk silicon and silicon-on-insulator (SOI) chips. We then propose an optimization framework for designing super-resolving apodization masks that utilizes the developed model and demonstrate the trade-offs in designing such masks. Finally, we derive the full electromagnetic model of the SIL microscope that models the image of an arbitrary sub-surface structure. With the rapidly shrinking dimensions of ICs, we are increasingly limited in resolving the features and identifying potential modifications despite the resolution improvements provided by the state-of-the-art microscopy techniques and enhancement methods described here. In the second part of this dissertation, we shift our focus away from improving the resolution and consider an optical framework that does not require high resolution imaging for detecting malicious circuitry. We develop a classification-based high-throughput gate identification method that utilizes the physical model of the optical system. We then propose a lower-throughput system to increase the detection accuracy, based on higher resolution imaging to supplement the former method. Finally, we consider the problem of free-form lens design for forming prescribed illumination patterns as a non-imaging application. Common methods that design free-form lenses for forming patterns consider the input light source to be a point source, however using extended light sources with such lenses lead to significant blurring in the resulting pattern. We propose a deconvolution-based framework that utilizes the lens geometry to model the blurring effects and eliminates this degradation, resulting in sharper patterns

Modeling and model-aware signal processing methods for enhancement of optical systems

Theoretical and numerical modeling of optical systems are increasingly being utilized in a wide range of areas in physics and engineering for characterizing and improving existing systems or developing new methods. This dissertation focuses on determining and improving the performance of imaging and non-imaging optical systems through modeling and developing model-aware enhancement methods. We evaluate the performance, demonstrate enhancements in terms of resolution and light collection efficiency, and improve the capabilities of the systems through changes to the system design and through post-processing techniques. We consider application areas in integrated circuit (IC) imaging for fault analysis and malicious circuitry detection, and free-form lens design for creating prescribed illumination patterns. The first part of this dissertation focuses on sub-surface imaging of ICs for fault analysis using a solid immersion lens (SIL) microscope. We first derive the Green's function of the microscope and use it to determine its resolution limits for bulk silicon and silicon-on-insulator (SOI) chips. We then propose an optimization framework for designing super-resolving apodization masks that utilizes the developed model and demonstrate the trade-offs in designing such masks. Finally, we derive the full electromagnetic model of the SIL microscope that models the image of an arbitrary sub-surface structure. With the rapidly shrinking dimensions of ICs, we are increasingly limited in resolving the features and identifying potential modifications despite the resolution improvements provided by the state-of-the-art microscopy techniques and enhancement methods described here. In the second part of this dissertation, we shift our focus away from improving the resolution and consider an optical framework that does not require high resolution imaging for detecting malicious circuitry. We develop a classification-based high-throughput gate identification method that utilizes the physical model of the optical system. We then propose a lower-throughput system to increase the detection accuracy, based on higher resolution imaging to supplement the former method. Finally, we consider the problem of free-form lens design for forming prescribed illumination patterns as a non-imaging application. Common methods that design free-form lenses for forming patterns consider the input light source to be a point source, however using extended light sources with such lenses lead to significant blurring in the resulting pattern. We propose a deconvolution-based framework that utilizes the lens geometry to model the blurring effects and eliminates this degradation, resulting in sharper patterns

A multi-layer approach to designing secure systems: from circuit to software

In the last few years, security has become one of the key challenges in computing systems. Failures in the secure operations of these systems have led to massive information leaks and cyber-attacks. Case in point, the identity leaks from Equifax in 2016, Spectre and Meltdown attacks to Intel and AMD processors in 2017, Cyber-attacks on Facebook in 2018. These recent attacks have shown that the intruders attack different layers of the systems, from low-level hardware to software as a service(SaaS). To protect the systems, the defense mechanisms should confront the attacks in the different layers of the systems. In this work, we propose four security mechanisms for computing systems: (i ) using backside imaging to detect Hardware Trojans (HTs) in Application Specific Integrated Circuits (ASICs) chips, (ii ) developing energy-efficient reconfigurable cryptographic engines, (iii) examining the feasibility of malware detection using Hardware Performance Counters (HPC). Most of the threat models assume that the root of trust is the hardware running beneath the software stack. However, attackers can insert malicious hardware blocks, i.e. HTs, into the Integrated Circuits (ICs) that provide back-doors to the attackers or leak confidential information. HTs inserted during fabrication are extremely hard to detect since their overheads in performance and power are below the variations in the performance and power caused by manufacturing. In our work, we have developed an optical method that identifies modified or replaced gates in the ICs. We use the near-infrared light to image the ICs because silicon is transparent to near-infrared light and metal reflects infrared light. We leverage the near-infrared imaging to identify the locations of each gate, based on the signatures of metal structures reflected by the lowest metal layer. By comparing the imaged results to the pre-fabrication design, we can identify any modifications, shifts or replacements in the circuits to detect HTs. With the trust of the silicon, the computing system must use secure communication channels for its applications. The low-energy cost devices, such as the Internet of Things (IoT), leverage strong cryptographic algorithms (e.g. AES, RSA, and SHA) during communications. The cryptographic operations cause the IoT devices a significant amount of power. As a result, the power budget limits their applications. To mitigate the high power consumption, modern processors embed these cryptographic operations into hardware primitives. This also improves system performance. The hardware unit embedded into the processor provides high energy-efficiency, low energy cost. However, hardware implementations limit flexibility. The longevity of theIoTs can exceed the lifetime of the cryptographic algorithms. The replacement of the IoT devices is costly and sometimes prohibitive, e.g., monitors in nuclear reactors.In order to reconfigure cryptographic algorithms into hardware, we have developed a system with a reconfigurable encryption engine on the Zedboard platform. The hardware implementation of the engine ensures fast, energy-efficient cryptographic operations. With reliable hardware and secure communication channels in place, the computing systems should detect any malicious behaviors in the processes. We have explored the use of the Hardware Performance Counters (HPCs) in malware detection. HPCs are hardware units that count micro-architectural events, such as cache hits/misses and floating point operations. Anti-virus software is commonly used to detect malware but it also introduces performance overhead. To reduce anti-virus performance overhead, many researchers propose to use HPCs with machine learning models in malware detection. However, it is counter-intuitive that the high-level program behaviors can manifest themselves in low-level statics. We perform experiments using 2 ∼ 3 × larger program counts than the previous works and perform a rigorous analysis to determine whether HPCs can be used to detect malware. Our results show that the False Discovery Rate of malware detection can reach 20%. If we deploy this detection system on a fresh installed Windows 7 systems, among 1,323 binaries, 198 binaries would be flagged as malware