This Is AuburnElectronic Theses and Dissertations

Robust Solutions for Enabling Trust in Digital Circuits




Zhang, Yuqiao

Type of Degree

PhD Dissertation


Electrical and Computer Engineering


The continuous emergence of counterfeit integrated circuits (ICs) in the electronics supply chain requires immediate solutions since they pose serious threats to our critical infrastructures due to their inferior quality. Information Handling Services Inc. reported that counterfeit ICs represent a potential annual risk of $169 billion to the global electronics supply chain and have continued to increase in recent years. These counterfeit ICs can be categorized into seven distinct types: recycled, remarked, defective/out-of-spec, overproduced, cloned, forged documentation, and tampered. It is reported that recycled ICs account for almost 80% of all reported counterfeit incidents. The rise of these recycled ICs in critical infrastructures can cause major concerns to the government and industry because these chips exhibit lower performance and have a shorter remaining lifespan. In addition, high temperatures, followed by sanding, repackaging, and remarking in the crude recycling process could potentially create extra defects in the ICs. The illegal recycling process may also create latent defects that can pass initial acceptance testing by original equipment manufacturers (OEM) but are susceptible to failure in the field. Furthermore, the detection of these ICs becomes extremely challenging when they are already circulating in the supply chain. Generally, it is necessary to power up a chip at a distributor's site to measure different electrical parameters to verify whether it was pre-owned or not. However, this can be challenging as many distributors may not be equipped with proper test infrastructures. Moreover, the reliability of authentic chips may be reduced if they were removed from their packaging boxes for testing purposes. In parallel, due to the globalization in the semiconductor industry, the cost of maintaining a foundry is enormous. Hence, most integrated circuit IC design houses have become fabless. However, the security issue of intellectual property (IP) becomes another concern. Typically, a design house acquires multiple third-party cores for a system on a chip (SoC) and sends a contract to a foundry/fab for manufacturing and test. The horizontal integration of semiconductor design, manufacturing, and test causes a significant increase in potential harmful threats. The most notable ones are overproduction or counterfeiting of ICs, piracy of IP, and insertion of hardware Trojans (HT). To address these threats, researchers have proposed solutions that include hardware metering, logic locking, IP watermarking, and split manufacturing. Logic locking is the most widely accepted and design-for-trust (DFT) technique to prevent those threats from untrusted manufacturing. It hides the circuit's inner details by incorporating key gates in the original circuit resulting in a key-dependent locked counterpart. The resultant locked circuit functions correctly once the secret key is programmed into its tamper-proof memory. The inserted logic can be commonly categorized based on key-insertion strategy and can be described as: (i) XOR/XNOR-based, (ii) MUX-based, (iii) Look-up Table (LUT)-based, and (iv) state-space based. However, existing logic locking techniques can be rendered ineffective using the state-of-art methods that include Boolean satisfiability (SAT)-based attacks, probing, and tampering attacks. One can obtain the secret key from a functional chip and then unlock any number of locked ICs as the key value remains the same for every chip. Subsequently, different countermeasures were also proposed to increase the effort of launching these powerful logic-based attacks. Reverse engineering (RE) is another powerful attack for IP theft. It can be used by an adversary for the illegal reconstruction of the gate-level design. As a result, an adversary can clone an entire chip, pirate the extracted netlist, or insert a hardware Trojan. IC camouflaging can be an effective technique to prevent RE so that an adversary cannot obtain the inner details of a circuit. In this dissertation, we developed a robust and low-cost solution for enabling the traceability of an IC in the supply chain. Our proposed solution builds a chain of trust among the manufacturer, distributors, and system integrator (end-user) by enabling end-to-end traceability from manufacturing to system integration and providing protection against IC recycling. The proposed solution utilizes a small passive radio-frequency identification (RFID) tag, which needs to be placed on the package. Any authorized entity in the supply chain can verify the authenticity of a chip using a commercial RFID reader. Once the system integrator verifies the signature from all the previous stages, final verification will be performed to detect the prior usage of an IC. The frequency of the IC will be measured again and compared with the stored value provided by the manufacturer. A mismatch will indicate that a recycled IC has been detected. Otherwise, it can be considered a brand-new product. We also propose a new oracle-less logic locking attack based on self-referencing to determine the secret key. We denote our proposed attack as TGA: Topology- Guided Attack on logic locked circuits. Since the entire circuit topology is built from basic Boolean functions that are repeated multiple times (denote as unit function (UF)) in the design, it is possible for an adversary to determine the secret key by comparing the locked instances of these functions with the unlocked ones in the entire netlist. The secret key can be estimated efficiently even for the circuits in which the SAT attack has failed, e.g., c6288 circuit. In addition, an adversary can unlock any netlist using our proposed attack without waiting for a working chip to be available in the market or with no scan access. We also proposed a countermeasure to prevent this attack. If the SoC designer locks all the repeated unit functions, the attack on the locked design will become ineffective as it cannot make a key prediction without self-referencing the unlocked unit function. Spintronic devices offer a feasible choice for post-Moore devices, and magnetic skyrmion-based design becomes a possible candidate for implementing different logic designs and non-volatile memories. Reverse engineering is an advanced tool that can be exploited by the attack to recover the gate-netlist of an IP. IC camouflaging can prevent this attack, and various solutions are proposed for protecting traditional CMOS-based technologies. However, there is no research on camouflaging for skyrmion-based circuits. To solve this concern, we have proposed several novel skyrmion-based gate designs for implementing IC camouflaging on the skyrmion-based circuits. To the best of our knowledge, we are the first to propose camouflaged skyrmion (denoted as CamSkyGate: Camouflaged Skyrmion-based Logic Gates) gates to prevent an adversary from performing reverse engineering on a skyrmion-based circuit. The function of a camouflaged gate is determined by doping technology. The attacker cannot identify the specific gate type for the designed camouflaged gate since the layout is identical and symmetric even with different functions. The mumax3 simulator is used to exhaustively simulate all gates with different input combinations. We have also evaluated the security of the proposed camouflaged designs using SAT attacks. We show that the same security from the traditional CMOS-based camouflaged circuits can be retained. This dissertation provides a comprehensive overview of different existing problems and solutions. To combat the recycled ICs in the supply chain, We have proposed an RFID-based system to enable traceability and trust among the manufacturer, distributor, and system integrator. Any entity in the supply chain is able to verify the authenticity of a chip using a commercial RFID reader. On the logic locking side, we have found the vulnerability of the existing logic locking schemes and proposed an oracle-less topology-based attack. A countermeasure is also discussed to prevent self-referencing. To explore the security aspect of magnetic skyrmion circuit design, we propose the CamSkyGate design to prevent reverse engineering. An adversary cannot extract the full gate-level netlist by performing reverse engineering. The SAT-based security evaluation is also performed, where our proposed design can provide the same level of protection with a smaller key size than the CMOS-based camouflaged counterpart.