A Comprehensive Study of the Hardware Trojan and Side-Channel Attacks in Three-Dimensional (3D) Integrated Circuits (ICs)

Three-dimensional (3D) integration is emerging as promising techniques for high-performance and low-power integrated circuit (IC, a.k.a. chip) design. As 3D chips require more manufacturing phases than conventional planar ICs, more fabrication foundries are involved in the supply chain of 3D ICs. Due to the globalized semiconductor business model, the extended IC supply chain could incur more security challenges on maintaining the integrity, confidentiality, and reliability of integrated circuits and systems. In this work, we analyze the potential security threats induced by the integration techniques for 3D ICs and propose effective attack detection and mitigation methods. More specifically, we first propose a comprehensive characterization for 3D hardware Trojans in the 3D stacking structure. Practical experiment based quantitative analyses have been performed to assess the impact of 3D Trojans on computing systems. Our analysis shows that advanced attackers could exploit the limitation of the most recent 3D IC testing standard IEEE Standard 1838 to bypass the tier-level testing and successfully implement a powerful TSV-Trojan in 3D chips. We propose an enhancement for IEEE Standard 1838 to facilitate the Trojan detection on two neighboring tiers simultaneously. Next, we develop two 3D Trojan detection methods. The proposed frequency-based Trojan-activity identification (FTAI) method can differentiate the frequency changes induced by Trojans from those caused by process variation noise, outperforming the existing time-domain Trojan detection approaches by 38% in Trojan detection rate. Our invariance checking based Trojan detection method leverages the invariance among the 3D communication infrastructure, 3D network-on-chips (NoCs), to tackle the cross-tier 3D hardware Trojans, achieving a Trojan detection rate of over 94%. Furthermore, this work investigates another type of common security threat, side-channel attacks. We first propose to group the supply voltages of different 3D tiers temporally to drive the crypto unit implemented in 3D ICs such that the noise in power distribution network (PDN) can be induced to obfuscate the original power traces and thus mitigates correlation power analysis (CPA) attacks. Furthermore, we study the side-channel attack on the logic locking mechanism in monolithic 3D ICs and propose a logic-cone conjunction (LCC) method and a configuration guideline for the transistor-level logic locking to strengthen its resilience against CPA attacks

Hardware Obfuscation for Finite Field Algorithms

With the rise of computing devices, the security robustness of the devices has become of utmost importance. Companies invest huge sums of money, time and effort in security analysis and vulnerability testing of their software products. Bug bounty programs are held which incentivize security researchers for finding security holes in software. Once holes are found, software firms release security patches for their products. The semiconductor industry has flourished with accelerated innovation. Fabless manufacturing has reduced the time-to-market and lowered the cost of production of devices. Fabless paradigm has introduced trust issues among the hardware designers and manufacturers. Increasing dependence on computing devices in personal applications as well as in critical infrastructure has given a rise to hardware attacks on the devices in the last decade. Reverse engineering and IP theft are major challenges that have emerged for the electronics industry. Integrated circuit design companies experience a loss of billions of dollars because of malicious acts by untrustworthy parties involved in the design and fabrication process, and because of attacks by adversaries on the electronic devices in which the chips are embedded. To counter these attacks, researchers have been working extensively towards finding strong countermeasures. Hardware obfuscation techniques make the reverse engineering of device design and functionality difficult for the adversary. The goal is to conceal or lock the underlying intellectual property of the integrated circuit. Obfuscation in hardware circuits can be implemented to hide the gate-level design, layout and the IP cores. Our work presents a novel hardware obfuscation design through reconfigurable finite field arithmetic units, which can be employed in various error correction and cryptographic algorithms. The effectiveness and efficiency of the proposed methods are verified by an obfuscated Reformulated Inversion-less Berlekamp-Massey (RiBM) architecture based Reed-Solomon decoder. Our experimental results show the hardware implementation of RiBM based Reed-Solomon decoder built using reconfigurable field multiplier designs. The proposed design provides only very low overhead with improved security by obfuscating the functionality and the outputs. The design proposed in our work can also be implemented in hardware designs of other algorithms that are based on finite field arithmetic. However, our main motivation was to target encryption and decryption circuits which store and process sensitive data and are used in critical applications

Provably Trustworthy and Secure Hardware Design with Low Overhead

Due to the globalization of IC design in the semiconductor industry and outsourcing of chip manufacturing, 3PIPs become vulnerable to IP piracy, reverse engineering, counterfeit IC, and hardware Trojans. To thwart such attacks, ICs can be protected using logic encryption techniques. However, strong resilient techniques incur significant overheads. SCAs further complicate matters by introducing potential attacks post-fabrication. One of the most severe SCAs is PA attacks, in which an attacker can observe the power variations of the device and analyze them to extract the secret key. PA attacks can be mitigated via adding large extra hardware; however, the overheads of such solutions can render them impractical, especially when there are power and area constraints. In our first approach, we present two techniques to prevent normal attacks. The first one is based on inserting MUX equal to half/full of the output bit number. In the second technique, we first design PLGs using SiNW FETs and then replace some logic gates in the original design with their SiNW FETs-based PLGs counterparts. In our second approach, we use SiNW FETs to produce obfuscated ICs that are resistant to advanced reverse engineering attacks. Our method is based on designing a small block, whose output is untraceable, namely URSAT. Since URSAT may not offer very strong resilience against the combined AppSAT-removal attack, S-URSAT is achieved using only CMOS-logic gates, and this increases the security level of the design to robustly thwart all existing attacks. In our third topic, we present the usage of ASLD to produce secure and resilient circuits that withstand IC attacks (during the fabrication) and PA attacks (after fabrication). First, we show that ASLD has unique features that can be used to prevent PA and IC attacks. In our three topics, we evaluate each design based on performance overheads and security guarantees

Uniquely Identifiable Tamper-Evident Device Using Coupling between Subwavelength Gratings

Reliability and sensitive information protection are critical aspects of integrated circuits. A novel technique using near-field evanescent wave coupling from two subwavelength gratings (SWGs), with the input laser source delivered through an optical fiber is presented for tamper evidence of electronic components. The first grating of the pair of coupled subwavelength gratings (CSWGs) was milled directly on the output facet of the silica fiber using focused ion beam (FIB) etching. The second grating was patterned using e-beam lithography and etched into a glass substrate using reactive ion etching (RIE). The slightest intrusion attempt would separate the CSWGs and eliminate near-field coupling between the gratings. Tampering, therefore, would become evident. Computer simulations guided the design for optimal operation of the security solution. The physical dimensions of the SWGs, i.e. period and thickness, were optimized, for a 650 nm illuminating wavelength. The optimal dimensions resulted in a 560 nm grating period for the first grating etched in the silica optical fiber and 420 nm for the second grating etched in borosilicate glass. The incident light beam had a half-width at half-maximum (HWHM) of at least 7 µm to allow discernible higher transmission orders, and a HWHM of 28 µm for minimum noise. The minimum number of individual grating lines present on the optical fiber facet was identified as 15 lines. Grating rotation due to the cylindrical geometry of the fiber resulted in a rotation of the far-field pattern, corresponding to the rotation angle of moiré fringes. With the goal of later adding authentication to tamper evidence, the concept of CSWGs signature was also modeled by introducing random and planned variations in the glass grating. The fiber was placed on a stage supported by a nanomanipulator, which permitted three-dimensional displacement while maintaining the fiber tip normal to the surface of the glass substrate. A 650 nm diode laser was fixed to a translation mount that transmitted the light source through the optical fiber, and the output intensity was measured using a silicon photodiode. The evanescent wave coupling output results for the CSWGs were measured and compared to the simulation results

`THz Torch' technology: secure thermal infrared wireless communications using engineered blackbody radiation

The thermal (emitted) infrared frequency bands, from 20 to 40 THz and 60 to 100 THz, are best known for applications in thermography. This underused and unregulated part of the spectral range offers opportunities for the development of secure communications. The `THz Torch' concept, operating between the THz and mid-infrared ranges, was recently introduced. This technology fundamentally exploits engineered blackbody radiation, by partitioning thermally-generated spectral power into pre-defined frequency channels; the energy in each channel is then independently pulsed modulated to create a robust form of short-range secure communications in the far/mid-infrared. In the thesis, the development of `THz Torch' wireless communications systems will first be introduced. State-of-the-art THz technologies, infrared sources and detectors, as well as near-infrared and visible light communications technologies, will be reviewed in Chapter 2. Basic single-channel architecture of the `THz Torch' technology will be presented in Chapter 3. Fundamental limits for the first single-channel proof-of-concept demonstrator will be discussed, and possible engineering solutions will be proposed and verified experimentally. With such improvements, to date, octave bandwidth (25 to 50 THz) single-channel wireless links have been demonstrated with >2 kbit/s data rate and >10 cm transmission distance. To further increase the overall end-to-end data rate and/or the level of security, multiplexing schemes for `THz Torch' technologies are proposed in Chapter 4. Both frequency division multiplexing (FDM) and frequency-hopping spread-spectrum (FHSS) working demonstrators, operating between 10 and 100 THz spectral range, will be implemented. With such 4-channel multiplexing schemes, measured bit error rates (BERs) of <10−6 have been achieved over a transmission distance of 2.5 cm. Moreover, the integrity of such 4-channel multiplexing system is evaluated by introducing four jamming, interception and channel crosstalk experiments. Chapter 5 gives a detailed power link budget analysis for the 4-channel multiplexing system. The design, simulation and measurement of scalable THz metal mesh filters, which have potential applications for multi-channel `THz Torch' technology, will be presented in Chapter 6. The conclusions and further work are summarised in the last chapter. It is expected that this thermodynamics-based approach represents a new paradigm in the sense that 19th century physics can be exploited with 20th century multiplexing concepts for low cost 21st century ubiquitous security and defence applications in the thermal infrared range.Open Acces

Abstracts on Radio Direction Finding (1899 - 1995)

The files on this record represent the various databases that originally composed the CD-ROM issue of "Abstracts on Radio Direction Finding" database, which is now part of the Dudley Knox Library's Abstracts and Selected Full Text Documents on Radio Direction Finding (1899 - 1995) Collection. (See Calhoun record https://calhoun.nps.edu/handle/10945/57364 for further information on this collection and the bibliography). Due to issues of technological obsolescence preventing current and future audiences from accessing the bibliography, DKL exported and converted into the three files on this record the various databases contained in the CD-ROM. The contents of these files are: 1) RDFA_CompleteBibliography_xls.zip [RDFA_CompleteBibliography.xls: Metadata for the complete bibliography, in Excel 97-2003 Workbook format; RDFA_Glossary.xls: Glossary of terms, in Excel 97-2003 Workbookformat; RDFA_Biographies.xls: Biographies of leading figures, in Excel 97-2003 Workbook format]; 2) RDFA_CompleteBibliography_csv.zip [RDFA_CompleteBibliography.TXT: Metadata for the complete bibliography, in CSV format; RDFA_Glossary.TXT: Glossary of terms, in CSV format; RDFA_Biographies.TXT: Biographies of leading figures, in CSV format]; 3) RDFA_CompleteBibliography.pdf: A human readable display of the bibliographic data, as a means of double-checking any possible deviations due to conversion