Chaotic Oscillations in CMOS Integrated Circuits

Chaos is a purely mathematical term, describing a signal that is aperiodic and sensitive to initial conditions, but deterministic. Yet, engineers usually see it as an undesirable effect to be avoided in electronics. The first part of the dissertation deals with chaotic oscillation in complementary metal-oxide-semiconductor integrated circuits (CMOS ICs) as an effect behavior due to high power microwave or directed electromagnetic energy source. When the circuit is exposed to external electromagnetic sources, it has long been conjectured that spurious oscillation is generated in the circuits. In the first part of this work, we experimentally and numerically demonstrate that these spurious oscillations, or out-of-band oscillations are in fact chaotic oscillations. In the second part of the thesis, we exploit a CMOS chaotic oscillator in building a cryptographic source, a random number generator. We first demonstrate the presence of chaotic oscillation in standard CMOS circuits. At radio frequencies, ordinary digital circuits can show unexpected nonlinear responses. We evaluate a CMOS inverter coupled with electrostatic discharging (ESD) protection circuits, designed with 0.5 μm CMOS technology, for their chaotic oscillations. As the circuit is driven by a direct radio frequency injection, it exhibits a chaotic dynamics, when the input frequency is higher than the typical maximum operating frequency of the CMOS inverter. We observe an aperiodic signal, a broadband spectrum, and various bifurcations in the experimental results. We analytically discuss the nonlinear physical effects in the given circuit : ESD diode rectification, DC bias shift due to a non-quasi static regime operation of the ESD PN-junction diode, and a nonlinear resonant feedback current path. In order to predict these chaotic dynamics, we use a transistor-based model, and compare the model's performance with the experimental results. In order to verify the presence of chaotic oscillations mathematically, we build on an ordinary differential equation model with the circuit-related nonlinearities. We then calculate the largest Lyapunov exponents to verify the chaotic dynamics. The importance of this work lies in investigating chaotic dynamics of standard CMOS ICs that has long been conjectured. In doing so, we experimentally and numerically give evidences for the presence of chaotic oscillations. We then report on a random number generator design, in which randomness derives from a Boolean chaotic oscillator, designed and fabricated as an integrated circuit. The underlying physics of the chaotic dynamics in the Boolean chaotic oscillator is given by the Boolean delay equation. According to numerical analysis of the Boolean delay equation, a single node network generates chaotic oscillations when two delay inputs are incommensurate numbers and the transition time is fast. To test this hypothesis physically, a discrete Boolean chaotic oscillator is implemented. Using a CMOS 0.5 μm process, we design and fabricate a CMOS Boolean chaotic oscillator which consists of a core chaotic oscillator and a source follower buffer. Chaotic dynamics are verified using time and frequency domain analysis, and the largest Lyapunov exponents are calculated. The measured bit sequences do make a suitable randomness source, as determined via National Institute of Standards and Technology (NIST) standard statistical tests version 2.1

Emerging physical unclonable functions with nanotechnology

Physical unclonable functions (PUFs) are increasingly used for authentication and identification applications as well as the cryptographic key generation. An important feature of a PUF is the reliance on minute random variations in the fabricated hardware to derive a trusted random key. Currently, most PUF designs focus on exploiting process variations intrinsic to the CMOS technology. In recent years, progress in emerging nanoelectronic devices has demonstrated an increase in variation as a consequence of scaling down to the nanoregion. To date, emerging PUFs with nanotechnology have not been fully established, but they are expected to emerge. Initial research in this area aims to provide security primitives for emerging integrated circuits with nanotechnology. In this paper, we review emerging nanotechnology-based PUFs

Comprehensive Designs of Innovate Secure Hardware Devices against Machine Learning Attacks and Power Analysis Attacks

Hardware security is an innovate subject oriented from growing demands of cybersecurity and new information vulnerabilities from physical leakages on hardware devices. However, the mainstream of hardware manufacturing industry is still taking benefits of products and the performance of chips as priority, restricting the design of hardware secure countermeasures under a compromise to a finite expense of overheads. Consider the development trend of hardware industries and state-of-the-art researches of architecture designs, this dissertation proposes some new physical unclonable function (PUF) designs as countermeasures to side-channel attacks (SCA) and machine learning (ML) attacks simultaneously. Except for the joint consideration of hardware and software vulnerabilities, those designs also take efficiencies and overhead problems into consideration, making the new-style of PUF more possible to be merged into current chips as well as their design concepts. While the growth of artificial intelligence and machine-learning techniques dominate the researching trends of Internet of things (IoT) industry, some mainstream architectures of neural networks are implemented as hypothetical attacking model, whose results are used as references for further lifting the performance, the security level, and the efficiency in lateral studies. In addition, a study of implementation of neural networks on hardware designs is proposed, this realized the initial attempt to introduce AI techniques to the designs of voltage regulation (VR). All aforementioned works are demonstrated to be of robustness to threats with corresponding power attack tests or ML attack tests. Some conceptional models are proposed in the last of the dissertation as future plans so as to realize secure on-chip ML models and hardware countermeasures to hybrid threats

Circuit Techniques for Low-Power and Secure Internet-of-Things Systems

The coming of Internet of Things (IoT) is expected to connect the physical world to the cyber world through ubiquitous sensors, actuators and computers. The nature of these applications demand long battery life and strong data security. To connect billions of things in the world, the hardware platform for IoT systems must be optimized towards low power consumption, high energy efficiency and low cost. With these constraints, the security of IoT systems become a even more difficult problem compared to that of computer systems. A new holistic system design considering both hardware and software implementations is demanded to face these new challenges. In this work, highly robust and low-cost true random number generators (TRNGs) and physically unclonable functions (PUFs) are designed and implemented as security primitives for secret key management in IoT systems. They provide three critical functions for crypto systems including runtime secret key generation, secure key storage and lightweight device authentication. To achieve robustness and simplicity, the concept of frequency collapse in multi-mode oscillator is proposed, which can effectively amplify the desired random variable in CMOS devices (i.e. process variation or noise) and provide a runtime monitor of the output quality. A TRNG with self-tuning loop to achieve robust operation across -40 to 120 degree Celsius and 0.6 to 1V variations, a TRNG that can be fully synthesized with only standard cells and commercial placement and routing tools, and a PUF with runtime filtering to achieve robust authentication, are designed based upon this concept and verified in several CMOS technology nodes. In addition, a 2-transistor sub-threshold amplifier based "weak" PUF is also presented for chip identification and key storage. This PUF achieves state-of-the-art 1.65% native unstable bit, 1.5fJ per bit energy efficiency, and 3.16% flipping bits across -40 to 120 degree Celsius range at the same time, while occupying only 553 feature size square area in 180nm CMOS. Secondly, the potential security threats of hardware Trojan is investigated and a new Trojan attack using analog behavior of digital processors is proposed as the first stealthy and controllable fabrication-time hardware attack. Hardware Trojan is an emerging concern about globalization of semiconductor supply chain, which can result in catastrophic attacks that are extremely difficult to find and protect against. Hardware Trojans proposed in previous works are based on either design-time code injection to hardware description language or fabrication-time modification of processing steps. There have been defenses developed for both types of attacks. A third type of attack that combines the benefits of logical stealthy and controllability in design-time attacks and physical "invisibility" is proposed in this work that crosses the analog and digital domains. The attack eludes activation by a diverse set of benchmarks and evades known defenses. Lastly, in addition to security-related circuits, physical sensors are also studied as fundamental building blocks of IoT systems in this work. Temperature sensing is one of the most desired functions for a wide range of IoT applications. A sub-threshold oscillator based digital temperature sensor utilizing the exponential temperature dependence of sub-threshold current is proposed and implemented. In 180nm CMOS, it achieves 0.22/0.19K inaccuracy and 73mK noise-limited resolution with only 8865 square micrometer additional area and 75nW extra power consumption to an existing IoT system.PHDElectrical EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/138779/1/kaiyuan_1.pd

A Unified Multibit PUF and TRNG based on Ring Oscillators for Secure IoT Devices

Physically Unclonable Functions (PUFs) and True Random Number Generators (TRNGs) are cryptographic primitives very well suited for secure IoT devices. This paper proposes a circuit, named multibit-RO-PUF-TRNG, which offers the advantages of unifying PUF and TRNG in the same design. It is based on counting the oscillations of pairs of ring oscillators (ROs), one of them acting as reference. Once the counter of the reference oscillator reaches a fixed value, the count value of the other RO is employed to provide the TRNG and the multibit PUF response. A mathematical model is presented that supports not only the circuit foundations but also a novel and simple calibration procedure that allows optimizing the selection of the design parameters. Experimental results are illustrated with large datasets from two families of FPGAs with different process nodes (90 nm and 28 nm). These results confirm that the proposed calibration provides TRNG and PUF responses with high quality. The raw TRNG bits do not need post-processing and the PUF bits (even 6 bits per RO) show very small aliasing. In the application context of obfuscating and reconstructing secrets generated by the TRNG, the multibit PUF response, together with the proposal of using error-correcting codes and RO selection adapted to each bit, provide savings of at least 79.38% of the ROs compared to using a unibit PUF without RO selection. The proposal has been implemented as an APB peripheral of a VexRiscv RV32I core to illustrate its use in a secure FPGA-based IoT device

D2.1 - Report on Selected TRNG and PUF Principles

This report represents the final version of Deliverable 2.1 of the HECTOR work package WP2. It is a result of discussions and work on Task 2.1 of all HECTOR partners involved in WP2. The aim of the Deliverable 2.1 is to select principles of random number generators (RNGs) and physical unclonable functions (PUFs) that fulfill strict technology, design and security criteria. For example, the selected RNGs must be suitable for implementation in logic devices according to the German AIS20/31 standard. Correspondingly, the selected PUFs must be suitable for applying similar security approach. A standard PUF evaluation approach does not exist, yet, but it should be proposed in the framework of the project. Selected RNGs and PUFs should be then thoroughly evaluated from the point of view of security and the most suitable principles should be implemented in logic devices, such as Field Programmable Logic Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs) during the next phases of the project

Spectral sensitivity near exceptional points as a resource for hardware encryption

The spectral sensitivity near exceptional points (EPs) has been recently explored as an avenue for building sensors with enhanced sensitivity. However, to date, it is not clear whether this class of sensors does indeed outperform traditional sensors in terms of signal-to-noise ratio. In this work, we investigate the spectral sensitivity associated with EPs under a different lens and propose to utilize it as a resource for hardware security. In particular, we introduce a physically unclonable function (PUF) based on analogue electronic circuits that benefit from the drastic eigenvalues bifurcation near a divergent exceptional point to enhance the stochastic entropy caused by inherent parameter fluctuations in electronic components. This in turn results in a perfect entropy source for the generation of encryption keys encoded in analog electrical signals. This lightweight and robust analog-PUF structure may lead to a variety of unforeseen securities and anti-counterfeiting applications in radio-frequency fingerprinting and wireless communications

True random number generator based on RRAM-bias current starved ring oscillator

This work presents a RRAM-bias current starved ring oscillator (CSRO) as TRNG, where the cycle-to-cycle variability of a RRAM device is exploited as source of randomness. A simple voltage divider composed of this RRAM and a resistor is considered to bias the gate terminal of the extra transistor of every current starved (CS) inverter of the RO. In this way, the delay of the inverters is modified, deriving an unpredictable oscillation frequency every time the RRAM switches to the HRS. The oscillation frequency is finally leveraged to extract the sequence of random bits. The design is simple and add low area overhead. Experimental measurements are performed to analyze the cycle-to-cycle variability in the HRS. The very same measurements are subsequently used to validate the TRNG by means of electrical simulations. The obtained results passed all the NIST tests without the need for post-processing.This work was supported by the Spanish MCIN/AEI/10.13039/501100011033 under Project PID2019-103869RB-C33. The work of M. B. González was supported by the Ramón y Cajal under Grant RYC2020-030150-I.Peer ReviewedPostprint (published version