A Dual-Mode Weight Storage Analog Neural Network Platform for On-Chip Applications

Abstract-On-chip trainable neural networks show great promise in enabling various desired features of modern integrated circuits (IC), such as Built-In Self-Test (BIST), security and trust monitoring, self-healing, etc. Cost-efficient implementation of these features imposes strict area and power constraints on the circuits dedicated to neural networks, which, however, should not compromise their ability to learn fast and retain functionality throughout their lifecycle. To this end, we have designed and fabricated a reconfigurable analog neural network (ANN) chip which serves as an expertise acquisition platform for various applications requiring on-chip ANN integration. With this platform, we intend to address the key cost-efficiency issues: a fully analog implementation with strict area and power budgets, a learning ability of the proposed architecture, fast dynamic programming of the weight memory during training, and high precision non-volatile storage of weight coefficients during operation or standby. We explore two learning structures: a multilayer perceptron (MLP) and an ontogenic neural network with their corresponding training algorithms. The core circuits are biased in weak inversion and make use of the translinear principle for multiplication and non-linear conversion operations. The chip is mounted on a custom PCB and connected to a computer for chip-in-the-loop training. We present measured results of the core circuits and the dual-mode weight memory. The learning ability is evaluated on a 3-input XOR classification task

Hardware Trojan detection using path delay fingerprint.

Abstract-Trusted IC design is a recently emerged topic since fabrication factories are moving worldwide in order to reduce cost. In order to get a low-cost but effective hardware Trojan detection method to complement traditional testing methods, a new behavior-oriented category method is proposed to divide Trojans into two categories: explicit payload Trojan and implicit payload Trojan. This categorization method makes it possible to construct Trojan models and then lower the cost of testing. Path delays of nominal chips are collected to construct a series of fingerprints, each one representing one aspect of the total characteristics of a genuine design. Chips are validated by comparing their delay parameters to the fingerprints. The comparison of path delays makes small Trojan circuits significant from a delay point of view. The experiment's results show that the detection rate on explicit payload Trojans is 100%, while this method should be developed further if used to detect implicit payload Trojans

An analog checker with inputrelative tolerance for duplicate signals

Abstract W

Enrichment of limited training sets in machine-learning-based analog/RF Test

Abstract-This paper discusses the generation of informationrich, arbitrarily-large synthetic data sets which can be used to (a) efficiently learn tests that correlate a set of low-cost measurements to a set of device performances and (b) grade such tests with parts per million (PPM) accuracy. This is achieved by sampling a non-parametric estimate of the joint probability density function of measurements and performances. Our case study is an ultra-high frequency receiver front-end and the focus of the paper is to learn the mapping between a lowcost test measurement pattern and a single pass/fail test decision which reflects compliance to all performances. The small fraction of devices for which such a test decision is prone to error are identified and retested through standard specification-based test. The mapping can be set to explore thoroughly the tradeoff between test escapes, yield loss, and percentage of retested devices

FuncTeller: How Well Does eFPGA Hide Functionality?

Hardware intellectual property (IP) piracy is an emerging threat to the global supply chain. Correspondingly, various countermeasures aim to protect hardware IPs, such as logic locking, camouflaging, and split manufacturing. However, these countermeasures cannot always guarantee IP security. A malicious attacker can access the layout/netlist of the hardware IP protected by these countermeasures and further retrieve the design. To eliminate/bypass these vulnerabilities, a recent approach redacts the design's IP to an embedded field-programmable gate array (eFPGA), disabling the attacker's access to the layout/netlist. eFPGAs can be programmed with arbitrary functionality. Without the bitstream, the attacker cannot recover the functionality of the protected IP. Consequently, state-of-the-art attacks are inapplicable to pirate the redacted hardware IP. In this paper, we challenge the assumed security of eFPGA-based redaction. We present an attack to retrieve the hardware IP with only black-box access to a programmed eFPGA. We observe the effect of modern electronic design automation (EDA) tools on practical hardware circuits and leverage the observation to guide our attack. Thus, our proposed method FuncTeller selects minterms to query, recovering the circuit function within a reasonable time. We demonstrate the effectiveness and efficiency of FuncTeller on multiple circuits, including academic benchmark circuits, Stanford MIPS processor, IBEX processor, Common Evaluation Platform GPS, and Cybersecurity Awareness Worldwide competition circuits. Our results show that FuncTeller achieves an average accuracy greater than 85% over these tested circuits retrieving the design's functionality.Comment: To be published in the proceedings of the 32st USENIX Security Symposium, 202

Concurrent Error Detection Methods for Asynchronous Burst-Mode Machines

Abstract-Asynchronous controllers exhibit various characteristics that limit the effectiveness and applicability of the Concurrent Error Detection (CED) methods developed for their synchronous counterparts. Asynchronous Burst-Mode Machines (ABMMs), for example, do not have a global clock to synchronize the ABMM with the additional circuitry that is typically used by synchronous CED methods (for example, duplication). Therefore, performing effective CED in ABMMs requires a synchronization method that will appropriately enable the checker (for example, comparator) in order to avoid false alarms. Also, ABMMs contain redundant logic, which guarantees the hazard-free operation required for correct interaction between the circuit and its environment. Redundant logic, however, allows some single event transients to manifest themselves only as hazards but not as logic discrepancies. Therefore, performing effective CED in ABMMs requires the ability to detect hazards with which synchronous CED methods are not concerned. In this work, we first devise hardware solutions for performing checking synchronization and hazard detection. We then demonstrate how these solutions enable the development of three complete CED methods for ABMMs. The first method (Duplication-based CED) is an adaptation of the well-known duplication method within the context of ABMMs. The second method (Transition-Triggered CED) is a variation of duplication wherein the implementation cost is reduced by allowing hazards in the duplicate circuit. In contrast to these two methods, which are nonintrusive, the third method (Berger code-based CED) is intrusive since it requires reencoding of the ABMM with check symbols based on the Berger code. Although this intrusiveness may slightly impact performance, Berger code-based CED incurs the lowest area overhead among the three methods, as indicated through experimental results

Handling Discontinuous Effects in Modeling Spatial Correlation of Wafer-level Analog/RF Tests

Abstract-In an effort to reduce the cost of specification testing in analog/RF circuits, spatial correlation modeling of wafer-level measurements has recently attracted increased attention. Existing approaches for capturing and leveraging such correlation, however, rely on the assumption that spatial variation is smooth and continuous. This, in turn, limits the effectiveness of these methods on actual production data, which often exhibits localized spatial discontinuous effects. In this work, we propose a novel approach which enables spatial correlation modeling of waferlevel analog/RF tests to handle such effects and, thereby, to drastically reduce prediction error for measurements exhibiting discontinuous spatial patterns. The core of the proposed approach is a k-means algorithm which partitions a wafer into k clusters, as caused by discontinuous effects. Individual correlation models are then constructed within each cluster, revoking the assumption that spatial patterns should be smooth and continuous across the entire wafer. Effectiveness of the proposed approach is evaluated on industrial probe test data from more than 3,400 wafers, revealing significant error reduction over existing approaches

Unlocking Hardware Security Assurance: The Potential of LLMs

System-on-Chips (SoCs) form the crux of modern computing systems. SoCs enable high-level integration through the utilization of multiple Intellectual Property (IP) cores. However, the integration of multiple IP cores also presents unique challenges owing to their inherent vulnerabilities, thereby compromising the security of the entire system. Hence, it is imperative to perform hardware security validation to address these concerns. The efficiency of this validation procedure is contingent on the quality of the SoC security properties provided. However, generating security properties with traditional approaches often requires expert intervention and is limited to a few IPs, thereby resulting in a time-consuming and non-robust process. To address this issue, we, for the first time, propose a novel and automated Natural Language Processing (NLP)-based Security Property Generator (NSPG). Specifically, our approach utilizes hardware documentation in order to propose the first hardware security-specific language model, HS-BERT, for extracting security properties dedicated to hardware design. To evaluate our proposed technique, we trained the HS-BERT model using sentences from RISC-V, OpenRISC, MIPS, OpenSPARC, and OpenTitan SoC documentation. When assessedb on five untrained OpenTitan hardware IP documents, NSPG was able to extract 326 security properties from 1723 sentences. This, in turn, aided in identifying eight security bugs in the OpenTitan SoC design presented in the hardware hacking competition, Hack@DAC 2022