Youhua Shi

A score-based classification method for identifying hardware-trojans at gate-level netlists

Recently, digital ICs are often designed by outside vendors to reduce design costs in semiconductor industry, which may introduce severe risks that malicious attackers implement Hardware Trojans (HTs) on them. Since IC design phase generates only a single design result, an RT-level or gate-level netlist for example, we cannot assume an HT-free netlist or a Golden netlist and then it is too difficult to identify whether a generated netlist is HT-free or HT-inserted. In this paper, we propose a score-based classification method for identifying HT-free or HT-inserted gate-level netlists without using a Golden netlist. Our proposed method does not directly detect HTs themselves in a gate-level netlist but a net included in HTs, which is called Trojan net, instead. Firstly, we observe Trojan nets from several HT-inserted benchmarks and extract several their features. Secondly, we give scores to extracted Trojan net features and sum up them for each net in benchmarks. Then we can find out a score threshold to classify HT-free and HT-inserted netlists. Based on these scores, we can successfully classify HT-free and HT-inserted netlists in all the Trust-HUB gate-level benchmarks. Experimental results demonstrate that our method successfully identify all the HT-inserted gate-level benchmarks to be “HT-inserted” and all the HT-free gate-level benchmarks to be “HT-free” in approximately three hours for each benchmark.

Robust Secure Scan Design Against Scan-Based Differential Cryptanalysis

Scan technology carries the potential risk of being misused as a “side channel” to leak out the secrets of crypto cores. The existing scan-based attacks could be viewed as one kind of differential cryptanalysis, which takes advantages of scan chains to observe the bit changes between pairs of chosen plaintexts so as to identify the secret keys. To address such a design/test challenge, this paper proposes a robust secure scan structure design for crypto cores as a countermeasure against scan-based attacks to maintain high security without compromising the testability.

Low Power Test Compression Technique for Designs with Multiple Scan Chain

This paper presents a new DFT technique that can significantly reduce test data volume as well as scan-in power consumption for multiscan-based designs. It can also help to reduce test time and tester channel requirements with small hardware overhead. In the proposed approach, we start with a pre-computed test cube set and fill the don’t-cares with proper values for joint reduction of test data volume and scan power consumption. In addition we explore the linear dependencies of the scan chains to construct a fanout structure only with inverters to achieve further compression. Experimental results for the larger ISCAS’89 benchmarks show the efficiency of the proposed technique.

Dynamically changeable secure scan architecture against scan-based side channel attack

Scan test which is one of the useful design for testability techniques is effective for LSIs including cryptographic circuit. It can observe and control the internal states of the circuit under test by using scan chain. However, scan chain presents a significant security risk of information leakage for scan-based attacks which retrieves secret keys of cryptographic LSIs. In this paper, a secure scan architecture against scan-based attack which still has high testability is proposed. In our method, scan data is dynamically changed by adding the latch to any FFs in the scan chain. We show that by using proposed method, neither the secret key nor the testability of an RSA circuit implementation is compromised, and the effectiveness of the proposed method.

MH4 : multiple-supply-voltages aware high-level synthesis for high-integrated and high-frequency circuits for HDR architectures

In this paper, we propose multiple-supply-voltages aware high-level synthesis algorithm for HDR architectures which realizes high-speed and high-efficient circuits. We propose three new techniques: virtual area estimation, virtual area adaptation, and floorplanning-directed huddling, and integrate them into our HDR architecture synthesis algorithm. Virtual area estimation/adaptation effectively estimates a huddle area by gradually reducing it during iterations, which improves the convergence of our algorithm. Floorplanningdirected huddling determines huddle composition very effectively by performing floorplanning and functional unit assignment inside huddles simultaneously. Experimental results show that our algorithm achieves about 29% run-time-saving compared with the conventional algorithms, and obtains a solution which cannot be obtained by our original algorithm even if a very tight clock constraint is given.

FCSCAN: an efficient multiscan-based test compression technique for test cost reduction

This paper proposes a new multiscan-based test input data compression technique by employing a fan-out compression scan architecture (FCSCAN) for test cost reduction. The basic idea of FCSCAN is to target the minority specified 1 or 0 bits (either 1 or 0) in scan slices for compression. Due to the low specified bit density in test cube set, FCSCAN can significantly reduce input test data volume and the number of required test channels so as to reduce test cost. The FCSCAN technique is easy to be implemented with small hardware overhead and does not need any special ATPG for test generation. In addition, based on the theoretical compression efficiency analysis, improved procedures are also proposed for the FCSCAN to achieve further compression. Experimental results on both benchmark circuits and one real industrial design indicate that drastic reduction in test cost can be indeed achieved.

State-dependent changeable scan architecture against scan-based side channel attacks

Scan test is a powerful and popular test technique because it can control and observe the internal states of the circuit under test. However, scan path would be used to discover the internals of crypto hardware, which presents a significant security risk of information leakage. An interesting design-for-test technique by inserting inverters into the internal scan path to complicate the scan structure has been recently presented. Unfortunately, it still carries the potential of being attacked through statistical analysis of the information scanned out from chips. Therefore, in this paper we propose secure scan architecture, called dynamic variable secure scan, against scan-based side channel attack. The modified scan flip-flops are state-dependent, which could cause the output of each State-dependent Scan FF to be inverted or not so as to make it more difficult to discover the internal scan architecture.

Suspicious timing error prediction with in-cycle clock gating

Conventionally, circuits are designed to add pessimistic timing margin to solve delay variation problems, which guarantees “always correct” operations. However, due to the fact that such a worst-case condition occurs rarely, the traditional pessimistic design method is therefore becoming one of the main obstacles for designers to achieve higher performance and/or ultra-low power consumption. By monitoring timing error occurrence during circuit operation, adaptive timing error detection and recovery methods have gained wide interests recently as a promising solution. As an extension of existing research, in this paper, we propose a suspicious timing error prediction method for performance or energy efficiency improvement in pipeline designs. Experimental results show that with when compared with typical margin designs, the proposed method can 1) achieve up to 1.41X throughput improvement with in-situ timing error prediction ability; and 2) allow the design to be overclocked by up to 1.88X with “always correct” outputs.

Multiple test set generation method for LFSR-based BIST

In this paper we propose a new reseeding method for LFSR-based test pattern generation suitable for circuits with random pattern resistant faults. The character of our method is that the proposed test pattern generator (TPG) can work both in normal LFSR mode, to generate pseudorandom test vectors, and in jumping mode to make the TPG jump from a state to the required state (seed of next group). Experimental results indicate that its superiority against other known reseeding techniques with respect to the length of the test sequence and the required area overhead.

FPGA-based SHA-3 acceleration on a 32-bit processor via instruction set extension

As embedded systems play more and more important roles Internet of Things (IoT), the integration of cryptographic functionalities is an urgent demand to ensure data and information security. Recently, Keccak was declared as the winner of the third generation of Secure Hashing Algorithm (SHA-3). However, implementing SHA-3 on a specific 32-bit processor failed to meet the performance requirement. On the other hand, implementing it as a cryptographic coprocessor consumes a lot of extra area and requires customized driver program. Although implementing Keccak on a 64-bit platform is more efficient, this platform is not suitable for embedded implementation. In this paper, we propose a novel SHA-3 implementation using instruction set extension based on a 32-bit LEON3 processor (an open source processor), with the goals of reducing execution cycles and code size. Experimental results show that the proposed design reduces around 87% execution cycles and 10.5% code size as compared to reference designs. Our design takes up only 9.44% extra area with negligible speed overhead compared to the standard LEON3 processor. Compared to the existing hardware accelerators, our proposed design occupies only half of area resources and does not require extra driver programs to be developed when integrated into the overall system.