A Non-invasive Technique to Detect Authentic/Counterfeit SRAM Chips

Many commercially available memory chips are fabricated worldwide in untrusted facilities. Therefore, a counterfeit memory chip can easily enter into the supply chain in different formats. Deploying these counterfeit memory chips into an electronic system can severely affect security and reliability domains because of their sub-standard quality, poor performance, and shorter lifespan. Therefore, a proper solution is required to identify counterfeit memory chips before deploying them in mission-, safety-, and security-critical systems. However, a single solution to prevent counterfeiting is challenging due to the diversity of counterfeit types, sources, and refinement techniques. Besides, the chips can pass initial testing and still fail while being used in the system. Furthermore, existing solutions focus on detecting a single counterfeit type (e.g., detecting recycled memory chips). This work proposes a framework that detects major counterfeit static random-access memory (SRAM) types by attesting/identifying the origin of the manufacturer. The proposed technique generates a single signature for a manufacturer and does not require any exhaustive registration/authentication process. We validate our proposed technique using 345 SRAM chips produced by major manufacturers. The silicon results show that the test scores ($F_{1}$ score) of our proposed technique of identifying memory manufacturer and part-number are 93% and 71%, respectively.Comment: This manuscript has been submitted for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessibl

Non-invasive Techniques Towards Recovering Highly Secure Unclonable Cryptographic Keys and Detecting Counterfeit Memory Chips

Due to the ubiquitous presence of memory components in all electronic computing systems, memory-based signatures are considered low-cost alternatives to generate unique device identifiers (IDs) and cryptographic keys. On the one hand, this unique device ID can potentially be used to identify major types of device counterfeitings such as remarked, overproduced, and cloned. On the other hand, memory-based cryptographic keys are commercially used in many cryptographic applications such as securing software IP, encrypting key vault, anchoring device root of trust, and device authentication for could services. As memory components generate this signature in runtime rather than storing them in memory, an attacker cannot clone/copy the signature and reuse them in malicious activity. However, to ensure the desired level of security, signatures generated from two different memory chips should be completely random and uncorrelated from each other. Traditionally, memory-based signatures are considered unique and uncorrelated due to the random variation in the manufacturing process. Unfortunately, in previous studies, many deterministic components of the manufacturing process, such as memory architecture, layout, systematic process variation, device package, are ignored. This dissertation shows that these deterministic factors can significantly correlate two memory signatures if those two memory chips share the same manufacturing resources (i.e., manufacturing facility, specification set, design file, etc.). We demonstrate that this signature correlation can be used to detect major counterfeit types in a non-invasive and low-cost manner. Furthermore, we use this signature correlation as side-channel information to attack memory-based cryptographic keys. We validate our contribution by collecting data from several commercially available off-the-shelf (COTS) memory chips/modules and considering different usage-case scenarios

Techniques for Improving Security and Trustworthiness of Integrated Circuits

The integrated circuit (IC) development process is becoming increasingly vulnerable to malicious activities because untrusted parties could be involved in this IC development flow. There are four typical problems that impact the security and trustworthiness of ICs used in military, financial, transportation, or other critical systems: (i) Malicious inclusions and alterations, known as hardware Trojans, can be inserted into a design by modifying the design during GDSII development and fabrication. Hardware Trojans in ICs may cause malfunctions, lower the reliability of ICs, leak confidential information to adversaries or even destroy the system under specifically designed conditions. (ii) The number of circuit-related counterfeiting incidents reported by component manufacturers has increased significantly over the past few years with recycled ICs contributing the largest percentage of the total reported counterfeiting incidents. Since these recycled ICs have been used in the field before, the performance and reliability of such ICs has been degraded by aging effects and harsh recycling process. (iii) Reverse engineering (RE) is process of extracting a circuit’s gate-level netlist, and/or inferring its functionality. The RE causes threats to the design because attackers can steal and pirate a design (IP piracy), identify the device technology, or facilitate other hardware attacks. (iv) Traditional tools for uniquely identifying devices are vulnerable to non-invasive or invasive physical attacks. Securing the ID/key is of utmost importance since leakage of even a single device ID/key could be exploited by an adversary to hack other devices or produce pirated devices. In this work, we have developed a series of design and test methodologies to deal with these four challenging issues and thus enhance the security, trustworthiness and reliability of ICs. The techniques proposed in this thesis include: a path delay fingerprinting technique for detection of hardware Trojans, recycled ICs, and other types counterfeit ICs including remarked, overproduced, and cloned ICs with their unique identifiers; a Built-In Self-Authentication (BISA) technique to prevent hardware Trojan insertions by untrusted fabrication facilities; an efficient and secure split manufacturing via Obfuscated Built-In Self-Authentication (OBISA) technique to prevent reverse engineering by untrusted fabrication facilities; and a novel bit selection approach for obtaining the most reliable bits for SRAM-based physical unclonable function (PUF) across environmental conditions and silicon aging effects

An efficient unused integrated circuits detection algorithm for parallel scan architecture

In recent days, many integrated circuits (ICs) are operated parallelly to increase switching operations in on-chip static random access memory (SRAM) array, due to more complex tasks and parallel operations being executed in many digital systems. Hence, it is important to efficiently identify the long-duration unused ICs in the on-chip SRAM memory array layout and to effectively distribute the task to unused ICs in SRAM memory array. In the present globalization, semiconductor supply chain detection of unused SRAM in large memory arrays is a very difficult task. This also results in reduced lifetime and more power dissipation. To overcome the above-mentioned drawbacks, an efficient unused integrated circuits detection algorithm (ICDA) for parallel scan architecture is proposed to differentiate the ‘0’ and ‘1’ in a larger SRAM memory array. The proposed architecture avoids the unbalancing of ‘0’ and ‘1’ concentrations in the on-chip SRAM memory array and also optimizes the area required for the memory array. As per simulation results, the proposed method is more efficient in terms of reliability, the detection rate in both used and unused ICs and reduction of power dissipation in comparison to conventional methods such as backscattering side-channel analysis (BSCA) and network attached storage (NAS) algorithm

Investigating and Leveraging EM and Backscattering Side Channels for Hardware Security

This dissertation is focused on investigating and leveraging side-channel leakage for hardware security. To help designers address and take advantage of electromagnetic (EM) side channels, two methods for locating the physical sources of EM side channels have been developed. Both methods are used to investigate how the EM side-channel sources change with frequency and program activity. The second half of this dissertation introduces two methods that use side channels for component authentication. The same properties that make side channels such a threat, also make them useful for authenticating electronic components. The first method uses EM side channels for identifying integrated circuits (ICs) installed on a device. Focusing on components already integrated onto a device lets designers authenticate devices assembled by third parties. The second method uses the recently defined backscattering side channel for detecting recycled ICs. Unlike other types of side channels, backscattering is directly affected by the IC aging. Since the backscattering side channel is nondestructive and requires no additional circuitry on the IC, it is low cost. The effect of aging on the side channel is then investigated through simulation and experimentation.Ph.D

A survey on security analysis of machine learning-oriented hardware and software intellectual property

Intellectual Property (IP) includes ideas, innovations, methodologies, works of authorship (viz., literary and artistic works), emblems, brands, images, etc. This property is intangible since it is pertinent to the human intellect. Therefore, IP entities are indisputably vulnerable to infringements and modifications without the owner’s consent. IP protection regulations have been deployed and are still in practice, including patents, copyrights, contracts, trademarks, trade secrets, etc., to address these challenges. Unfortunately, these protections are insufficient to keep IP entities from being changed or stolen without permission. As for this, some IPs require hardware IP protection mechanisms, and others require software IP protection techniques. To secure these IPs, researchers have explored the domain of Intellectual Property Protection (IPP) using different approaches. In this paper, we discuss the existing IP rights and concurrent breakthroughs in the field of IPP research; provide discussions on hardware IP and software IP attacks and defense techniques; summarize different applications of IP protection; and lastly, identify the challenges and future research prospects in hardware and software IP security

A Support Vector Regression based Machine Learning method for on-chip Aging Estimation

Semiconductor supply chain industry is spread worldwide to reduce cost and to meet the electronic systems high demand for ICs, and with the era of internet of things (IoT), the estimated numbers of electronic devices will rise over trillions. This drift in the semiconductor supply chain produces high volume of e-waste, which affects integrated circuits (ICs) security and reliability through counterfeiting, i.e., recycled and remarked ICs. Utilising recycled IC as a new one or a remarked IC to upgrade its level into critical infrastructure such as defence or medical electronics may cause systems failure, compromising human lives and financial loss. This paper harvests aging degradation induced by BTI and HCI, observing frequency and discharge time affected by changes in drain current and sub-threshold leakage current over time, respectively. Such task is undertaken by Cadence simulations, implementing a 51-stage ring oscillator (51-RO) using 22nm CMOS technology library and aging model provided by GlobalFoundries (GF). Machine learning (ML) algorithm of support vector regression (SVR) is adapted for this application, using a training process that involves operating temperature, discharge time, frequency, and aging time. The data sampling is performed over an emulated 12 years period with four representative temperatures of 20° C, 40° C, 60° C, and 80° C with additional testing data from temperatures of 25° C and 50° C. The results demonstrate a high accuracy on aging estimation by SVR, reported as a normal distribution with the mean (µ) equal to 0.01 years (3.6 days) and a standard deviation (σ) of ±0.1 years (±36 days)

Flash-based security primitives: Evolution, challenges and future directions

Over the last two decades, hardware security has gained increasing attention in academia and industry. Flash memory has been given a spotlight in recent years, with the question of whether or not it can prove useful in a security role. Because of inherent process variation in the characteristics of flash memory modules, they can provide a unique fingerprint for a device and have thus been proposed as locations for hardware security primitives. These primitives include physical unclonable functions (PUFs), true random number generators (TRNGs), and integrated circuit (IC) counterfeit detection. In this paper, we evaluate the efficacy of flash memory-based security primitives and categorize them based on the process variations they exploit, as well as other features. We also compare and evaluate flash-based security primitives in order to identify drawbacks and essential design considerations. Finally, we describe new directions, challenges of research, and possible security vulnerabilities for flash-based security primitives that we believe would benefit from further exploration

EMI measurement and modeling techniques for complex electronic circuits and modules

This dissertation consists of four papers. In the first paper, a combined model for predicting the most critical radiated emissions and total radiated power due to the display signals in a TV by incorporating the main processing board using the Huygens Equivalence theorem and the radiation due to the flex cable based on active probe measurements was developed. In the second paper, a frequency-tunable resonant magnetic field probe was designed in the frequency range 900-2260 MHz for near-field scanning applications for the radio frequency interference studies by using a varactor diode providing the required capacitance and the parasitic inductance of a magnetic field loop (i.e., a parallel LC circuit). Measurement results showed good agreement with the simulated results. In the third paper, a wideband microwave method was developed as a means for rapid detection of slight dissimilarities (including counterfeit) and aging effects in integrated circuits (ICs) based on measuring the complex reflection coefficient of an IC when illuminated with an open-ended rectangular waveguide probe, at K-band (18-26.5 GHz) and Ka-band (26.5-40 GHz) microwave frequencies. In the fourth paper, a method to predict radiated emissions from DC-DC converters with cables attached on the input side to a LISN and on the output side to a DC brushless motor as load based on linear terminal equivalent circuit modeling was demonstrated. The linear terminal equivalent model was extracted using measured input and output side common mode currents for various characterization impedances connected at the input and output terminals of the converter --Abstract, page iv