Reza M. Rad

Power supply signal calibration techniques for improving detection resolution to hardware Trojans

Chip design and fabrication is becoming increasingly vulnerable to malicious activities and alternations with globalization. An adversary can introduce a Trojan designed to disable and/or destroy a system at some future time (Time Bomb) or the Trojan may serve to leak confidential information covertly to the adversary. This paper proposes a taxonomy for Trojan classification and then describes a statistical approach for detecting hardware Trojans that is based on the analysis of an ICs power supply transient signals. A key component to improving the resolution of power analysis techniques to Trojans is calibrating for process and test environment (PE) variations. The main focus of this research is on the evaluation of four signal calibration techniques, each designed to reduce the adverse impact of PE variations on our statistical Trojan detection method.

Sensitivity analysis to hardware Trojans using power supply transient signals

Trust in reference to integrated circuits addresses the concern that the design and/or fabrication of the IC may be purposely altered by an adversary. The insertion of a hardware Trojan involves a deliberate and malicious change to an IC that adds or removes functionality or reduces its reliability. Trojans are designed to disable and/or destroy the IC at some future time or they may serve to leak confidential information covertly to the adversary. Trojans are cleverly hidden by the adversary to make it extremely difficult for chip validation processes, such as manufacturing test, to accidentally discover them. This paper investigates a power supply transient signal analysis method for detecting Trojans that is based on the analysis of multiple power port signals. In particular, we focus on determining the smallest detectable Trojan in a set of process simulation models that characterize a TSMC 0.18 um process.

A Sensitivity Analysis of Power Signal Methods for Detecting Hardware Trojans Under Real Process and Environmental Conditions

Trust in reference to integrated circuits addresses the concern that the design and/or fabrication of the integrated circuit (IC) may be purposely altered by an adversary. The insertion of a hardware Trojan involves a deliberate and malicious change to an IC that adds or removes functionality or reduces its reliability. Trojans are designed to disable and/or destroy the IC at some future time or they may serve to leak confidential information covertly to the adversary. Trojans can be cleverly hidden by the adversary to make it extremely difficult for chip validation processes, such as manufacturing test, to accidentally discover them. This paper investigates the sensitivity of a power supply transient signal analysis method for detecting Trojans. In particular, we focus on determining the smallest detectable Trojan, i.e., the least number of gates a Trojan may have and still be detected, using a set of process simulation models that characterize a TSMC 0.18 μm process. We also evaluate the sensitivity of our Trojan detection method in the presence of measurement noise and background switching activity.

An Experimental Analysis of Power and Delay Signal-to-Noise Requirements for Detecting Trojans and Methods for Achieving the Required Detection Sensitivities

New validation methods are needed for ensuring integrated circuit (IC) Trust, and in particular for detecting hardware Trojans. In this paper, we investigate the signal-to-noise ratio (SNR) requirements for detecting Trojans by conducting ring oscillator (RO) experiments on a set of V2Pro FPGAs. The ROs enable a high degree of control over the switching activity in the FPGAs while simultaneously permitting subtle delay and transient power supply anomalies to be introduced through simple modifications to the RO logic structure. Power and delay analyses are first carried out across a set of FPGAs using RO configurations that emulate Trojan-free conditions. These experiments are designed to determine the magnitude of process and environmental (PE) variations, and are used to establish statistical limits on the noise floor for the subsequent emulated Trojan experiments. The emulated Trojan experiments introduce anomalies in power and delay in subtle ways as additional loads and series inserted gates. The data from both experiments is used to determine the detection sensitivity of several statistical methods to the transient anomalies introduced by these types of design modifications. A calibration technique is proposed that improves sensitivity to small transient anomalies significantly. Finally, we describe testing techniques that enable high resolution measurements of power and delay to support the proposed calibration and statistics-based detection methods.

A new hybrid FPGA with nanoscale clusters and CMOS routing

In this paper we propose a hybrid FPGA using nanoscale clusters with an architecture similar to clusters of traditional CMOS FPGAs. The proposed cluster is made of a crossbar of nanowires configured to implement the required LUTs and intra-cluster MUXes. A CMOS interface is also proposed to provide configuration and latching for the nanoscale cluster. Inter-cluster routing is assumed to remain at CMOS scale. Experimental analysis is performed to evaluate area and performance of the hybrid FPGA and results are compared with traditional fully CMOS FPGA (scaled to 22nm). Up to 15% area reduction was obtained from implementing MCNC benchmarks on hybrid FPGA. Performance of the hybrid FPGA is shown to be close to that of CMOS FPGA

SCT: an approach for testing and configuring nanoscale devices

Molecular electronics-based devices are assumed to include at least 10 gate-equivalents/cm and defect densities as high as 10%; novel test strategies are necessary to efficiently test and diagnose these nanoscale devices. Configuration time, test time and defect map size are among the major challenges for these new devices. In this paper, we propose a new approach that simultaneously configures and tests nano devices. A new built-in self-test (BIST) scheme for testing and defect tolerance of nanoscale devices is proposed. The proposed procedure is based on testing reconfigurable nanoblocks at the time of implementing a function of a desired application on that block. This simultaneous configuration and test (SCT) procedure considerably reduces the test and configuration time. It also eliminates the need for storing the location of the defects in the defect map on/off-chip. The presented probabilistic analyses results show the effectiveness of this process in terms of test and configuration time for architectures with rich interconnect resources

Built-In Self-Test and Recovery Procedures for Molecular Electronics-Based Nanofabrics

In this paper, a built-in self-test (BIST) procedure is proposed for testing and fault tolerance of molecular electronics-based nanofabrics. The nanofabrics are assumed to include up to 1012 devices/cm2; this requires new test strategies that can efficiently test and diagnose the nanofabrics in a reasonable time. Our BIST procedure utilizes nanofabric components as small test groups containing test pattern generator and response analyzer. Small test groups (fine-grained test) result in higher diagnosability and recovery. The proposed technique applies the test in parallel with a low number of test configurations resulting in a manageable test time. Due to high defect density of nanofabrics, an efficient diagnosis procedure is done after BIST procedure to achieve high recovery. This is called recovery-increase procedure, and this increases the available number of fault-free components detected in a nanochip. Finally, a defect database called defect map is created to be used by compilers during the configuration of the nanofabrics to avoid defective components. This results in a reliable system constructed from unreliable components. Our simulation results demonstrate the effectiveness of the proposed BIST and recovery-increase procedures

SCT: A novel approach for testing and configuring nanoscale devices

Novel strategies are necessary to efficiently test and configure emerging reconfigurable nanoscale devices, in addition to providing defect tolerance. This is mainly due to the high defect densities that are expected for these devices. Among different approaches, reconfiguration-based defect avoidance has proven to be a practical solution. However, configuration time, test time, and defect-map size remain among the major challenges for these new devices. In this article, we propose a new approach (called SCT) that simultaneously performs test and configuration. The proposed method uses a built-in self-test (BIST) scheme for test and defect tolerance. The method is based on testing reconfigurable nanoblocks at the time of implementing a function of a desired application on that block. The SCT method considerably reduces the total test and configuration time. It also eliminates the need for storing the location of defects in a defect map on- or off-chip. The presented probabilistic analysis results show the effectiveness of this method in terms of test and configuration time for architectures with rich interconnect resources. Also, a Verilog simulation model is developed for crossbar-based nano-architectures. This model is used to implement several MCNC benchmarks based on the proposed SCT method. The simulation results demonstrate efficiency of the method in terms of test time and yield under different defect rates.

Fine-grained island style architecture for molecular electronic devices

In this paper a fine-grained island style architecture is proposed based on crossbars of nanowires with diode-logic created by molecular devices. A multiple-bit access mechanism is the main requirement for the clusters in every island style architecture to provide inputs, outputs and configuration bits. Island style FPGA architecture with its rich interconnect capabilities seems to be a proper choice for high-level architectures in nanoscale devices. Providing appropriate access to all clusters inside such architectures to communicate with input, output and configuration signals is the main requirement in these structures. In this paper, a multiple-bit DMUX scheme is proposed to act as CMOS-Nano interface and facilitate the configuration and input/output transfer to the nanoscale crossbar structure of the clusters. Two different architectures for the multiple-bit DMUX are proposed. The first DMUX architecture uses nano-imprint technology to provide the required interconnections between nanowires in the architecture and hence is completely nanoscale while the second architecture uses CMOS wires as select lines of the DMUX. These two architectures are analyzed in terms of area overhead based on the number of CMOS and nanoscale wires used in them. The calculations show that both approaches are area efficient when compared to their CMOS counterpart. The estimates also show that for a wide variety of cluster sizes, area of a cluster, that can be configured as large number of lookup tables (LUTs), is significantly smaller than a single 4-input CMOS LUT (22 nm technology). The proposed nano architecture also has its novelty in structure of the clusters and the way these clusters can be used to implement multiple logic functions on them.

A Novel Fault Localization Technique Based on Deconvolution and Calibration of Power Pad Transients Signals

This paper describes a new fault localization method that is based on the analysis of power supply transient signals. Impulse response functions derived from the power grid are used to de-construct the measured power port transient signals into a set of gate level transients generated by the logic gates as signals propagate along paths in the circuit. By comparing these gate transients with those obtained from a defect-free chip or simulation model, it is possible to identify anomalies produced by defects and to locate them to specific path segments in the layout. Impulse response functions are used to significantly reduce both the attenuation effects of the power grid on the gate-generated transients and the chip-to-chip impedance variations in the power grid and test environment. Non-linear calibration techniques are proposed to reduce the chip-to-chip variations in path delays introduced by process variations. The procedure is demonstrated using simulation experiments to locate the position of defects to one or a small group of gates.