Date of Award

6-18-2021

Publication Type

Doctoral Thesis

Degree Name

Ph.D.

Department

Electrical and Computer Engineering

Keywords

DfHT, Hardware Security, Hardware Trojan, Layout Filling, Memristor, Obfuscation

Supervisor

Rashid Rashidzadeh

Supervisor

Roberto Muscedere

Rights

info:eu-repo/semantics/embargoedAccess

Abstract

The costs of in-house IC fabrication have increased significantly with new technology nodes and nanoscale transistors. Many companies have outsourced their need for IC fabrication to eliminate the overhead costs associated with operating a fabrication facility. While outsourcing has its benefits, it provides opportunities for hardware Trojan (HT) injection at different design levels. Hardware Trojans and IP piracy are the new realities that must be considered for trustworthy IC design. The miniature size of HTs, coupled with their diversity and unpredictable effects, makes them difficult to detect. Even though various solutions and design methods have been proposed to address security concerns posed by HTs, a comprehensive solution is yet far from reach. Moreover, the effects of Process, Voltage, and Temperature (PVT) variations have been largely neglected in the reported solutions which may undermine their effectiveness. This dissertation presents Hardware Trojan prevention techniques that are resilient to PVT variations.In this dissertation, two new Design-For-Security (DFS) solutions for HT prevention using a layout filling technique and a layout manipulation method are presented. The first DFS technique involves occupying the unused polysilicon layer with minimum feature wires to deprive attackers of the resources needed for Trojan routing. This technique prevents attackers from inserting an active layer on the silicon substrate. Since the active layer connects to the polysilicon layer directly, if the unused poly layer is covered with minimum size wires, it becomes impossible for an attacker to rout a HT without removing a portion of the polysilicon wires. A readout circuit is used to ensure that the layer is intact and has not been tampered with. This technique can provide a complete utilization of the unused areas of the polysilicon layer. A novel tamper resilient solution is also presented as the second DFS technique to capture integrated circuits' electromagnetic (EM) signature. In this method, the remaining metal and polysilicon layers are utilized as internal magnetic probes to monitor the device's signature and, in the meantime, deprive attackers of layout resources to route HTs. 3D full-wave EM field simulations using High-Frequency Structural Simulator (HFSS) show that tampering with a chip to insert a Trojan of 12 μm2, the area required to insert an inverter, can be detected through the magnetic signature. Some unique HTs native to 3D ICs, such as HTs inserted during “Die Stacking” and “TSV Bonding” stages, can also be detected using this technique. A solution utilizing memristor technology is also presented in this dissertation to implement a configurable layout to obfuscate the design. The main design is divided into sub-circuits and forwarded to a fabrication foundry, but the interconnects between those are not revealed to the foundry. The sub-circuits are connected through configurable memristor switches after fabrication. In the proposed solution, split manufacturing is not needed, and an untrusted foundry can fabricate the circuit without compromising its security. Moreover, the proposed technique provides direct access to the sub-circuits through a network of configurable switches. This will increase the observability and controllability at the test phase and help detect and isolate possible Trojans.

Download

Share

COinS