3.3 On-Chip Security Testing

Time	Label	Presentation Title Authors
14:30	3.3.1	(Best Paper Award Candidate) TOTAL: TRNG ON-THE-FLY TESTING FOR ATTACK DETECTION USING LIGHTWEIGHT HARDWARE Speaker: Bohan Yang, Katholieke Universiteit Leuven, BE Authors: Bohan Yang¹, Vladimir Rozic¹, Nele Mentens¹, Wim Dehaene² and Ingrid Verbauwhede¹ ¹Katholieke Universiteit Leuven, BE; ²KU Leuven and IMEC, BE Abstract We present a design methodology for embedded tests of entropy sources. These tests are necessary to detect attacks and failures of true random number generators. The central idea of this work is to use an empirical design methodology consisting of two phases: collecting the data under attack and finding a useful statistical feature. In this work we focus on statistical features that are implementable in lightweight hardware. This is the first paper to address the design of on-the-fly tests based on the attack effects. The presented design methodology is illustrated with 2 examples: an elementary ring-oscillator based TRNG and a carry-chain based TRNG. The effectiveness of the tests was confirmed on FPGA prototypes. Download Paper (PDF; Only available from the DATE venue WiFi)
15:00	3.3.2	ON-CHIP FINGERPRINTING OF IC TOPOLOGY FOR INTEGRITY VERIFICATION Speaker: Maxime Lecomte, CEA, FR Authors: Maxime Lecomte¹, Jacques Fournier¹ and Philippe Maurine² ¹CEA, FR; ²CEA/LIRMM, FR Abstract The integrity of integrated circuits (ICs), in particular for detecting malicious add-ons like Hardware Trojans (HTs), have been studied in several recent research papers. The main limit of the proposed techniques so far is that the bias induced by the process variations restrict their efficiency and practicality. Most of those techniques compare two ICs' signatures while trying to get rid of the process variations. In this paper we propose a novel approach which in practice eliminates this limit. We first make the assumption that IC infection is done at a lot level, which is more realistic than models where infections are done on individual circuits. We introduce a variation model for the performance of CMOS structures in real designs which are different from test chips dedicated to the measure of process variations. This model is used to create signatures of lots which are independent of the process variations and is used as a base to define methods allowing to detect HTs and counterfeits in a straightforward way. The model and the methods are validated experimentally on 30 FPGA boards. Download Paper (PDF; Only available from the DATE venue WiFi)
15:30	3.3.3	ACTIVATION OF LOGIC ENCRYPTED CHIPS: PRE-TEST OR POST-TEST? Speaker: Ozgur Sinanoglu, New York University, Abu Dhabi, AE Authors: Muhammad Yasin¹, Samah Mohamed Saeed², Jeyavijayan (JV) Rajendran³ and Ozgur Sinanoglu⁴ ¹New York University, US; ²University of Washington, Tacoma, US; ³The University of Texas at Dallas, US; ⁴New York University, Abu Dhabi, AE Abstract Logic encryption has been a popular defense against Intellectual Property (IP) piracy, hardware Trojans, reverse engineering, and IC overproduction. It protects a design from these threats by inserting key-gates that break the functionality when controlled by wrong keys. Researchers have taken multiple attempts in breaking logic encryption and leaking its secret key, while they also proposed difficult-to-break logic encryption techniques. Mainly, state-of-the-art logic encryption techniques pursue two different models that differ in when the manufactured chips are activated by loading the secret key on the chip's memory: activation prior to manufacturing test (pre-test) versus subsequent to manufacturing test (post-test). In this paper, we shed light on the interaction between manufacturing test and logic encryption. We assess and compare the pre-test and post-test activation models not only in terms of the impact of logic encryption on test parameters such as fault coverage, test pattern count and test power consumption, but also in terms of the impact of manufacturing test on the security of logic encryption. We outline a test data mining attack that can successfully determine the logic encryption key of a pre-test activated chip by utilizing the test data. Download Paper (PDF; Only available from the DATE venue WiFi)
16:01	IP1-12, 753	TOWARDS HIGHLY RELIABLE SRAM-BASED PUFS Speaker: Elena Ioana Vatajelu, Politecnico di Torino, IT Authors: Elena Ioana Vatajelu¹, Giorgio Di Natale² and Paolo Prinetto³ ¹POLITO, IT; ²LIRMM, FR; ³Politecnico di Torino, IT Abstract Physically Unclonable Functions (PUFs) are emerging cryptographic primitives used to implement low-cost device authentication and secure secret key generation. Several solutions exists for classical CMOS devices, the most investigated solutions today for weak PUF implementation are based on the use of SRAMs which offer the advantage of reusing the memories that already exist in many designs. The efficiency of PUF implementations is strongly dependent on the unclonability and reliability of their responses. It has been shown that SRAM PUFs can guarantee high levels of both unclonability and reliability. However, high reliability is today achieved by using Fuzzy extractor structures combined with complex error correcting codes (ECCs) which increase the complexity and cost of the design. The overheads associated with these techniques increases with their error correction capability. In this paper we define an effective method to identify the unreliable cells in the PUF implementation based on SRAM stability test. This information is used to significantly reduce the need for complex ECCs resulting in efficient, low cost PUF implementations. Download Paper (PDF; Only available from the DATE venue WiFi)
16:02	IP1-13, 791	CURRENT BASED PUF EXPLOITING RANDOM VARIATIONS IN SRAM CELLS Speaker: Fengchao Zhang, University of Florida, US Authors: Fengchao Zhang¹, Shuo Yang¹, Jim Plusquellic² and Swarup Bhunia¹ ¹University of Florida, US; ²University of New Mexico, US Abstract Physical Unclonable Function (PUF) is a security primitive that has been proven to be effective in diverse security solutions ranging from hardware authentication to on-die entropy generation. PUFs can be implemented in a design in two possible ways: (1) adding a separate dedicated circuit; and (2) reusing an existing onchip structure for generating random signatures. A large percentage of existing PUFs falls into the first category, which suffers from the important drawback of often unacceptable hardware and design overhead. Moreover, they cannot be applied to legacy designs, which do not allow insertion of additional circuit structures. Intrinsic PUFs, that rely on pre-existing circuit structures, such as static randomaccess memory (SRAM), fall into the second category. They, however, typically suffer from poor entropy as well as lack of robustness. In this paper, we introduce a novel PUF implementation of the second category that exploits the effect of manufacturing process variations in SRAM read access current. In particular, we note that transistor level variations in SRAM cells cause significant variations in the read current and the variation changes with the stored content in a SRAM cell. We propose a method to transform the analog read current value for an SRAM array into robust binary signatures. The proposed PUF can be easily employed for authentication of commercial SRAM chips without any design modification. Furthermore, it can be realized, with minor hardware modification, into chips with embedded memory, e.g., a processor, for on-die entropy generation. Simulation results at 45nm CMOS process for 1000 chips as well as measurement results based on 30 commercial SRAM chips, show promising randomness, uniqueness and robustness under environmental fluctuations. Download Paper (PDF; Only available from the DATE venue WiFi)
16:00		End of session Coffee Break in Exhibition Area

Time

Label

Presentation Title
Authors

14:30

3.3.1

(Best Paper Award Candidate)
TOTAL: TRNG ON-THE-FLY TESTING FOR ATTACK DETECTION USING LIGHTWEIGHT HARDWARE
Speaker:
Bohan Yang, Katholieke Universiteit Leuven, BE
Authors:
Bohan Yang¹, Vladimir Rozic¹, Nele Mentens¹, Wim Dehaene² and Ingrid Verbauwhede¹
¹Katholieke Universiteit Leuven, BE; ²KU Leuven and IMEC, BE
Abstract
We present a design methodology for embedded tests of entropy sources. These tests are necessary to detect attacks and failures of true random number generators. The central idea of this work is to use an empirical design methodology consisting of two phases: collecting the data under attack and finding a useful statistical feature. In this work we focus on statistical features that are implementable in lightweight hardware. This is the first paper to address the design of on-the-fly tests based on the attack effects. The presented design methodology is illustrated with 2 examples: an elementary ring-oscillator based TRNG and a carry-chain based TRNG. The effectiveness of the tests was confirmed on FPGA prototypes.
Download Paper (PDF; Only available from the DATE venue WiFi)

15:00

3.3.2

ON-CHIP FINGERPRINTING OF IC TOPOLOGY FOR INTEGRITY VERIFICATION
Speaker:
Maxime Lecomte, CEA, FR
Authors:
Maxime Lecomte¹, Jacques Fournier¹ and Philippe Maurine²
¹CEA, FR; ²CEA/LIRMM, FR
Abstract
The integrity of integrated circuits (ICs), in particular for detecting malicious add-ons like Hardware Trojans (HTs), have been studied in several recent research papers. The main limit of the proposed techniques so far is that the bias induced by the process variations restrict their efficiency and practicality. Most of those techniques compare two ICs' signatures while trying to get rid of the process variations. In this paper we propose a novel approach which in practice eliminates this limit. We first make the assumption that IC infection is done at a lot level, which is more realistic than models where infections are done on individual circuits. We introduce a variation model for the performance of CMOS structures in real designs which are different from test chips dedicated to the measure of process variations. This model is used to create signatures of lots which are independent of the process variations and is used as a base to define methods allowing to detect HTs and counterfeits in a straightforward way. The model and the methods are validated experimentally on 30 FPGA boards.
Download Paper (PDF; Only available from the DATE venue WiFi)

15:30

3.3.3

ACTIVATION OF LOGIC ENCRYPTED CHIPS: PRE-TEST OR POST-TEST?
Speaker:
Ozgur Sinanoglu, New York University, Abu Dhabi, AE
Authors:
Muhammad Yasin¹, Samah Mohamed Saeed², Jeyavijayan (JV) Rajendran³ and Ozgur Sinanoglu⁴
¹New York University, US; ²University of Washington, Tacoma, US; ³The University of Texas at Dallas, US; ⁴New York University, Abu Dhabi, AE
Abstract
Logic encryption has been a popular defense against Intellectual Property (IP) piracy, hardware Trojans, reverse engineering, and IC overproduction. It protects a design from these threats by inserting key-gates that break the functionality when controlled by wrong keys. Researchers have taken multiple attempts in breaking logic encryption and leaking its secret key, while they also proposed difficult-to-break logic encryption techniques. Mainly, state-of-the-art logic encryption techniques pursue two different models that differ in when the manufactured chips are activated by loading the secret key on the chip's memory: activation prior to manufacturing test (pre-test) versus subsequent to manufacturing test (post-test). In this paper, we shed light on the interaction between manufacturing test and logic encryption. We assess and compare the pre-test and post-test activation models not only in terms of the impact of logic encryption on test parameters such as fault coverage, test pattern count and test power consumption, but also in terms of the impact of manufacturing test on the security of logic encryption. We outline a test data mining attack that can successfully determine the logic encryption key of a pre-test activated chip by utilizing the test data.
Download Paper (PDF; Only available from the DATE venue WiFi)

16:01

IP1-12, 753

TOWARDS HIGHLY RELIABLE SRAM-BASED PUFS
Speaker:
Elena Ioana Vatajelu, Politecnico di Torino, IT
Authors:
Elena Ioana Vatajelu¹, Giorgio Di Natale² and Paolo Prinetto³
¹POLITO, IT; ²LIRMM, FR; ³Politecnico di Torino, IT
Abstract
Physically Unclonable Functions (PUFs) are emerging cryptographic primitives used to implement low-cost device authentication and secure secret key generation. Several solutions exists for classical CMOS devices, the most investigated solutions today for weak PUF implementation are based on the use of SRAMs which offer the advantage of reusing the memories that already exist in many designs. The efficiency of PUF implementations is strongly dependent on the unclonability and reliability of their responses. It has been shown that SRAM PUFs can guarantee high levels of both unclonability and reliability. However, high reliability is today achieved by using Fuzzy extractor structures combined with complex error correcting codes (ECCs) which increase the complexity and cost of the design. The overheads associated with these techniques increases with their error correction capability. In this paper we define an effective method to identify the unreliable cells in the PUF implementation based on SRAM stability test. This information is used to significantly reduce the need for complex ECCs resulting in efficient, low cost PUF implementations.
Download Paper (PDF; Only available from the DATE venue WiFi)

16:02

IP1-13, 791

CURRENT BASED PUF EXPLOITING RANDOM VARIATIONS IN SRAM CELLS
Speaker:
Fengchao Zhang, University of Florida, US
Authors:
Fengchao Zhang¹, Shuo Yang¹, Jim Plusquellic² and Swarup Bhunia¹
¹University of Florida, US; ²University of New Mexico, US
Abstract
Physical Unclonable Function (PUF) is a security primitive that has been proven to be effective in diverse security solutions ranging from hardware authentication to on-die entropy generation. PUFs can be implemented in a design in two possible ways: (1) adding a separate dedicated circuit; and (2) reusing an existing onchip structure for generating random signatures. A large percentage of existing PUFs falls into the first category, which suffers from the important drawback of often unacceptable hardware and design overhead. Moreover, they cannot be applied to legacy designs, which do not allow insertion of additional circuit structures. Intrinsic PUFs, that rely on pre-existing circuit structures, such as static randomaccess memory (SRAM), fall into the second category. They, however, typically suffer from poor entropy as well as lack of robustness. In this paper, we introduce a novel PUF implementation of the second category that exploits the effect of manufacturing process variations in SRAM read access current. In particular, we note that transistor level variations in SRAM cells cause significant variations in the read current and the variation changes with the stored content in a SRAM cell. We propose a method to transform the analog read current value for an SRAM array into robust binary signatures. The proposed PUF can be easily employed for authentication of commercial SRAM chips without any design modification. Furthermore, it can be realized, with minor hardware modification, into chips with embedded memory, e.g., a processor, for on-die entropy generation. Simulation results at 45nm CMOS process for 1000 chips as well as measurement results based on 30 commercial SRAM chips, show promising randomness, uniqueness and robustness under environmental fluctuations.
Download Paper (PDF; Only available from the DATE venue WiFi)

16:00

End of session
Coffee Break in Exhibition Area

Visit us at DATE 2016