Reliability and security in low power circuits and systems

With the massive deployment of mobile devices in sensitive areas such as healthcare and defense, hardware reliability and security have become hot research topics in recent years. These topics, although different in definition, are usually correlated. This dissertation offers an in-depth treatment on enhancing the reliability and security of low power circuits and systems. The first part of the dissertation deals with the reliability of sub-threshold designs, which use supply voltage lower than the threshold voltage (Vth) of transistors to reduce power. The exponential relationship between delay and Vth significantly jeopardizes their reliability due to process variation induced timing violations. In order to address this problem, this dissertation proposes a novel selective body biasing scheme. In the first work, the selective body biasing problem is formulated as a linearly constrained statistical optimization model, and the adaptive filtering concept is borrowed from the signal processing community to develop an efficient solution. However, since the adaptive filtering algorithm lacks theoretical justification and guaranteed convergence rate, in the second work, a new approach based on semi-infinite programming with incremental hypercubic sampling is proposed, which demonstrates better solution quality with shorter runtime. The second work deals with the security of low power crypto-processors, equipped with Random Dynamic Voltage Scaling (RDVS), in the presence of Correlation Power Analysis (CPA) attacks. This dissertation firstly demonstrates that the resistance of RDVS to CPA can be undermined by lowering power supply voltage. Then, an alarm circuit is proposed to resist this attack. However, the alarm circuit will lead to potential denial-of-service due to noise-triggered false alarms. A non-zero sum game model is then formulated and the Nash Equilibria is analyzed --Abstract, page iii

Statistical circuit simulations - from ‘atomistic’ compact models to statistical standard cell characterisation

This thesis describes the development and application of statistical circuit simulation methodologies to analyse digital circuits subject to intrinsic parameter fluctuations. The specific nature of intrinsic parameter fluctuations are discussed, and we explain the crucial importance to the semiconductor industry of developing design tools which accurately account for their effects. Current work in the area is reviewed, and three important factors are made clear: any statistical circuit simulation methodology must be based on physically correct, predictive models of device variability; the statistical compact models describing device operation must be characterised for accurate transient analysis of circuits; analysis must be carried out on realistic circuit components. Improving on previous efforts in the field, we posit a statistical circuit simulation methodology which accounts for all three of these factors. The established 3-D Glasgow atomistic simulator is employed to predict electrical characteristics for devices aimed at digital circuit applications, with gate lengths from 35 nm to 13 nm. Using these electrical characteristics, extraction of BSIM4 compact models is carried out and their accuracy in performing transient analysis using SPICE is validated against well characterised mixed-mode TCAD simulation results for 35 nm devices. Static d.c. simulations are performed to test the methodology, and a useful analytic model to predict hard logic fault limitations on CMOS supply voltage scaling is derived as part of this work. Using our toolset, the effect of statistical variability introduced by random discrete dopants on the dynamic behaviour of inverters is studied in detail. As devices scaled, dynamic noise margin variation of an inverter is increased and higher output load or input slew rate improves the noise margins and its variation. Intrinsic delay variation based on CV/I delay metric is also compared using ION and IEFF definitions where the best estimate is obtained when considering ION and input transition time variations. Critical delay distribution of a path is also investigated where it is shown non-Gaussian. Finally, the impact of the cell input slew rate definition on the accuracy of the inverter cell timing characterisation in NLDM format is investigated

Efficient, portable template attacks

Template attacks recover data values processed by tamper-resistant devices from side-channel waveforms, such as supply-current fluctuations (power analysis) or electromagnetic emissions. They first profile a device to generate multivariate statistics of the waveforms emitted for each of a set of known processed values, which then identify maximum-likelihood candidates of unknown processed values during an attack. We identify several practical obstacles arising in the implementation of template attacks, ranging from numerical errors to the incompatibility of templates across different devices, and propose and compare several solutions. We identify pooled covariance matrices and prior dimensionality reduction through Fisher's Linear Discriminant Analysis as particularly efficient and effective, especially where many attack traces can be acquired. We evaluate alternative algorithms not only for the task of recovering key bytes from a hardware implementation of the Advanced Encryption Standard; we even reconstruct the value transferred by an individual byte-load instruction, with success rates reaching 85% (or a guessing entropy of less than a quarter bit remaining) after 1000 attack traces, thereby demonstrating direct eavesdropping of 8-bit parallel data lines. Using different devices during the profiling and attack phase can substantially reduce the effectiveness of template attacks. We demonstrate that the same problem can also occur across different measurement campaigns with the same device and that DC offsets (e.g. due to temperature drift) are a significant cause. We improve the portability of template parameters across devices by manipulating the DC content of the eigenvectors that form the projection matrix used for dimensionality reduction of the waveforms

Simulation study of scaling design, performance characterization, statistical variability and reliability of decananometer MOSFETs

This thesis describes a comprehensive, simulation based scaling study – including device design, performance characterization, and the impact of statistical variability – on deca-nanometer bulk MOSFETs. After careful calibration of fabrication processes and electrical characteristics for n- and p-MOSFETs with 35 nm physical gate length, 1 nm EOT and stress engineering, the simulated devices closely match the performance of contemporary 45 nm CMOS technologies. Scaling to 25 nm, 18 nm and 13 nm gate length n and p devices follows generalized scaling rules, augmented by physically realistic constraints and the introduction of high-k/metal-gate stacks. The scaled devices attain the performance stipulated by the ITRS. Device a.c. performance is analyzed, at device and circuit level. Extrinsic parasitics become critical to nano-CMOS device performance. The thesis describes device capacitance components, analyzes the CMOS inverter, and obtains new insights into the inverter propagation delay in nano-CMOS. The projection of a.c. performance of scaled devices is obtained. The statistical variability of electrical characteristics, due to intrinsic parameter fluctuation sources, in contemporary and scaled decananometer MOSFETs is systematically investigated for the first time. The statistical variability sources: random discrete dopants, gate line edge roughness and poly-silicon granularity are simulated, in combination, in an ensemble of microscopically different devices. An increasing trend in the standard deviation of the threshold voltage as a function of scaling is observed. The introduction of high-k/metal gates improves electrostatic integrity and slows this trend. Statistical evaluations of variability in Ion and Ioff as a function of scaling are also performed. For the first time, the impact of strain on statistical variability is studied. Gate line edge roughness results in areas of local channel shortening, accompanied by locally increased strain, both effects increasing the local current. Variations are observed in both the drive current, and in the drive current enhancement normally expected from the application of strain. In addition, the effects of shallow trench isolation (STI) on MOSFET performance and on its statistical variability are investigated for the first time. The inverse-narrow-width effect of STI enhances the current density adjacent to it. This leads to a local enhancement of the influence of junction shapes adjacent to the STI. There is also a statistical impact on the threshold voltage due to random STI induced traps at the silicon/oxide interface

Belle II Technical Design Report

The Belle detector at the KEKB electron-positron collider has collected almost 1 billion Y(4S) events in its decade of operation. Super-KEKB, an upgrade of KEKB is under construction, to increase the luminosity by two orders of magnitude during a three-year shutdown, with an ultimate goal of 8E35 /cm^2 /s luminosity. To exploit the increased luminosity, an upgrade of the Belle detector has been proposed. A new international collaboration Belle-II, is being formed. The Technical Design Report presents physics motivation, basic methods of the accelerator upgrade, as well as key improvements of the detector.Comment: Edited by: Z. Dole\v{z}al and S. Un

Advances in SCA and RF-DNA Fingerprinting Through Enhanced Linear Regression Attacks and Application of Random Forest Classifiers

Radio Frequency (RF) emissions from electronic devices expose security vulnerabilities that can be used by an attacker to extract otherwise unobtainable information. Two realms of study were investigated here, including the exploitation of 1) unintentional RF emissions in the field of Side Channel Analysis (SCA), and 2) intentional RF emissions from physical devices in the field of RF-Distinct Native Attribute (RF-DNA) fingerprinting. Statistical analysis on the linear model fit to measured SCA data in Linear Regression Attacks (LRA) improved performance, achieving 98% success rate for AES key-byte identification from unintentional emissions. However, the presence of non-Gaussian noise required the use of a non-parametric classifier to further improve key guessing attacks. RndF based profiling attacks were successful in very high dimensional data sets, correctly guessing all 16 bytes of the AES key with a 50,000 variable dataset. With variable reduction, Random Forest still outperformed Template Attack for this data set, requiring fewer traces and achieving higher success rates with lower misclassification rate. Finally, the use of a RndF classifier is examined for intentional RF emissions from ZigBee devices to enhance security using RF-DNA fingerprinting. RndF outperformed parametric MDA/ML and non-parametric GRLVQI classifiers, providing up to GS =18.0 dB improvement (reduction in required SNR). Network penetration, measured using rogue ZigBee devices, show that the RndF method improved rogue rejection in noisier environments - gains of up to GS =18.0 dB are realized over previous methods

Efficient template attacks

This is the accepted manuscript version. The final published version is available from http://link.springer.com/chapter/10.1007/978-3-319-08302-5_17.Template attacks remain a powerful side-channel technique to eavesdrop on tamper-resistant hardware. They model the probability distribution of leaking signals and noise to guide a search for secret data values. In practice, several numerical obstacles can arise when implementing such attacks with multivariate normal distributions. We propose efficient methods to avoid these. We also demonstrate how to achieve significant performance improvements, both in terms of information extracted and computational cost, by pooling covariance estimates across all data values. We provide a detailed and systematic overview of many different options for implementing such attacks. Our experimental evaluation of all these methods based on measuring the supply current of a byte-load instruction executed in an unprotected 8-bit microcontroller leads to practical guidance for choosing an attack algorithm.Omar Choudary is a recipient of the Google Europe Fellowship in Mobile Security, and this research is supported in part by this Google Fellowship

Reliability Analysis of Hafnium Oxide Dielectric Based Nanoelectronics

With the physical dimensions ever scaling down, the increasing level of sophistication in nano-electronics requires a comprehensive and multidisciplinary reliability investigation. A kind of nano-devices, HfO2-based high-k dielectric films, are studied in the statistical aspect of reliability as well as electrical and physical aspects of reliability characterization, including charge trapping and degradation mechanisms, breakdown modes and bathtub failure rate estimation. This research characterizes charge trapping and investigates degradation mechanisms in high-k dielectrics. Positive charges trapped in both bulk and interface contribute to the interface state generation and flat band voltage shift when electrons are injected from the gate under a negative gate bias condition.A negligible number of defects are generated until the stress voltage increases to a certain level. As results of hot electrons and positive charges trapped in the interface region, the difference in the breakdown sequence is attributed to the physical thickness of the bulk high-k layer and the structure of the interface layer. Time-to-breakdown data collected in the accelerated life tests are modeled with a bathtub failure rate curve by a 3-step Bayesian approach. Rather than individually considering each stress level in accelerating life tests (ALT), this approach derives the change point and the priors for Bayesian analysis from the time-to-failure data under neighborhood stresses, based on the relationship between the lifetime and stress voltage. This method can provide a fast and reliable estimation of failure rate for burn-in optimization when only a small sample of data is available

Experimental Tests of Particle Flow Calorimetry

Precision physics at future colliders requires highly granular calorimeters to support the Particle Flow Approach for event reconstruction. This article presents a review of about 10 - 15 years of R\&D, mainly conducted within the CALICE collaboration, for this novel type of detector. The performance of large scale prototypes in beam tests validate the technical concept of particle flow calorimeters. The comparison of test beam data with simulation, of e.g.\ hadronic showers, supports full detector studies and gives deeper insight into the structure of hadronic cascades than was possible previously.Comment: 55 pages, 83 figures, to appear in Reviews of Modern physic

Gate leakage variability in nano-CMOS transistors

Gate leakage variability in nano-scale CMOS devices is investigated through advanced modelling and simulations of planar, bulk-type MOSFETs. The motivation for the work stems from the two of the most challenging issues in front of the semiconductor industry - excessive leakage power, and device variability - both being brought about with the aggressive downscaling of device dimensions to the nanometer scale. The aim is to deliver a comprehensive tool for the assessment of gate leakage variability in realistic nano-scale CMOS transistors. We adopt a 3D drift-diffusion device simulation approach with density-gradient quantum corrections, as the most established framework for the study of device variability. The simulator is first extended to model the direct tunnelling of electrons through the gate dielectric, by means of an improved WKB approximation. A study of a 25 nm square gate n-type MOSFET demonstrates that combined effect of discrete random dopants and oxide thickness variation lead to starndard deviation of up to 50% (10%) of the mean gate leakage current in OFF(ON)-state of the transistor. There is also a 5 to 6 times increase of the magnitude of the gate current, compared to that simulated of a uniform device. A significant part of the research is dedicated to the analysis of the non-abrupt bandgap and permittivity transition at the Si/SiO2 interface. One dimensional simulation of a MOS inversion layer with a 1nm SiO2 insulator and realistic band-gap transition reveals a strong impact on subband quantisation (over 50mV reduction in the delta-valley splitting and over 20% redistribution of carriers from the delta-2 to the delta-4 valleys), and enhancement of capacitance (over 10%) and leakage (about 10 times), relative to simulations with an abrupt band-edge transition at the interface