What are Emerging Hardware Security Technologies?
What are Emerging Hardware Security Technologies?
What are Emerging Hardware Security Technologies?
The emergence of various emerging technologies offers the potential to advance the concept of hardware security.
To review some emerging technologies, there are spintronics, memristors, carbon nanotubes and related transistors, nanowires and related transistors, 3D and 2.5D integration.
These emerging devices share some interesting properties that are difficult to achieve with traditional CMOS technologies.
This paper discusses the application of emerging hardware security technologies to improve hardware security and outlines the associated challenges.
1 Introduction
Figure 1 shows the emerging hardware security technologies involved in this paper, the features related to hardware security and beneficial to hardware security in emerging hardware security technologies, the corresponding security solutions, and the security threats these solutions address.
picture source: https://arxiv.org/pdf/2001.08780.pdf
2. Emerging devices
The emerging devices share some interesting properties that are difficult to achieve with traditional CMOS technologies.
More specifically, spintronics, memristors, carbon nanotube transistors, and NWFETs can all be tailored to incorporate significant variability, randomness, reconfigurability, polymorphic behavior, resilience against reverse engineering, and Possibly used to separate trusted and untrusted components (the latter by means of split fabrication).
Therefore, these devices can well serve puf, trng, IP protection schemes, and shield side channel leakage. In addition, memristors can also provide resilience against tampering through destructive data management.
The actual implementation prospects of such emerging device-based security schemes depend on various aspects, from general circuit design and security analysis, to manufacturing capabilities and equipment maturity, and so on.
Other papers also review emerging devices in the context of hardware security, see, for example, [1-3].
2.1 Spintronics
Various current studies propose polymorphic behavior and/or reconfigurability of IP protection.
For example, Alasad et al. [4] use full-spin logic for camouflage.
However, they present some device-unique primitive layouts; easily distinguishable in image-based reverse engineering.
In addition, their primitive energy consumption is relatively high, and the ns-range delay consumes about 350uw.
In [5], the authors introduced spintronics-based reconfigurable look-up tables (LUTs) for design chaos.
However, these methods may not be as effective as expected in resisting SAT attacks. Note also that this approach is conceptually similar to utilizing traditional FPGA design obfuscation.
In [7] and [6,8], polystate and fuzzy logic were studied based on domain wall motion devices and in giant spin Hall effect (GSHE) devices, respectively.
An important benefit of the latter logic studies over the former is that each of their devices supports all 16 possible functions; this makes these devices superior to others in terms of SAT resilience.
In [9], the concept of “dynamic camouflage” based on multi-state electromagnetic spin-orbit (MESO) devices was proposed.
Unlike conventional camouflage, this concept also provides protection against “adversaries” in manufacturing plants and testing facilities, since the real function is only configured later in the polymorphic fabric.
Therefore, “dynamic masquerading” is also conceptually similar to logical locking.
However, unlike locks, no additional equipment or doors are required to achieve this security.
It has been noted that spintronics can provide some resilience against side-channel attacks. For example, the magnetoelectric switches of these devices do not emit photons; related attacks in the first can be ruled out.
Since spintronics is used for logic, fault injection and side-channel attacks based on magnetic field or temperature profiles may be more difficult to implement, unlike spintronics for memory.
Furthermore, in [10], the authors used spintronics to construct multi-state circuits and different circuit templates, which were switched randomly at runtime to shield power side channels.
In [11], the authors advocate a process variation for fabricating nanowires in domain wall memory in pufs. In [12], the authors exploited the inherent random spin-switching mechanism of nanomagnets in trng.
Through device-level simulations, the authors demonstrate that their TRNG devices can operate over a wide temperature range, are immune to process variations, and can be realized with significantly smaller layout costs than CMOS TRNGs.
In [13], the authors propose an antiferromagnetic-based secure memory scheme that provides protection against tampering, side-channel, and readout attacks, and guarantees lower bit energy than STT-RAM or PCM .
Most studies focus on circuit design and security analysis, while little research is done on the technical aspects.
Despite the rapid progress in applications of spintronics, it also seems important to consider technology exploration in related safety research.
2.2 Memristors
The potential of using memristors in hardware security schemes was recognized several years ago, for example in 2013 using memristors for process variation and randomly operated pufs.
Recently, another PUF concept has been proposed that exploits the nonlinear IV characteristics of memristors (“pinch lag”) and applies analog tuning of memristor conductance to improve the performance and practicality of such PUFs and reduce the peripheral complexity of the circuit.
The authors of [14] provide an experimental demonstration and measurement results for their PUF concept.
Memory cross bar array is the core of key security management.
The authors propose combining unique fingerprints of memristive devices with key-value storage within these devices.
They built the control circuit so that once the fingerprint (used to verify the chip’s authenticity) is extracted, the key is destroyed.
Thus, the secret key remains “alive” on the chip to enable its functionality (following the concept of a logical lock) until any read is performed.
The authors provide experimental proof of concept and measurements for their concept.
Such a concept is an important step towards the practicality of logical locking, which requires tamper-resistant memory to keep it secure against malicious end-users in the domain.
In [15], the authors also propose multi-state circuits for obfuscation in the context of memristors.
This is possible because, in principle, the function of memristive devices in such fuzzy logic can be reconfigured.
While the authors provide the first studies at the circuit and layout level – albeit without details of technology exploration and library description – they do not provide any experimental demonstrations.
Furthermore, other studies have raised caveats about the latency and power consumption of memristor-based logic unless the circuit structure is optimized, which seems to conflict with the confusion principle.
2.3 Carbon Nanotubes and Carbon Nanotube Field Effect Transistors
In [16], the authors proposed the concept of using carbon nanotubes to create variable pufs and Lorentzian chaotic systems.
The role of the latter is to enhance the decorrelation of the inputs and outputs of pufs, thus making them more resistant to machine learning attacks.
In [17], the authors performed a simulation-based study on Trojan detection, power side-channel leakage, and camouflage on cntfet, and found that cntfet is more promising in all aspects compared to traditional CMOS technology.
In [2], the authors reviewed the application of CNTS in puf, trng, and proposed that this technology can be used to detect microprobes or other novel sensors for invasive attacks.
Table 1: Selected works utilizing 2.5D/3D integration to improve hardware security
2.4 Carbon Nanotube and Nanowire Field Effect Transistors
In [18], the authors proposed silicon nanowire field-effect transistors for camouflage.
More specifically, they exploit the controllable bipolarity in the nwfet to build a camouflaged primitive that includes NAND, NOR, XOR, and XNOR functions.
The author also builds a multi-state NAND/NOR gate and gives the circuit simulation results.
However, in [6], it is shown that these primitives are vulnerable to SAT attacks.
In [19], the authors first explore how transistor-level reconfigurability can be exploited for logic locking and split fabrication in the context of silicon nanoFET models.
Second, they examine how reconfigurability can be exploited to induce short-circuit currents or open-circuit configurations, essentially eliminating the chip’s reliability and functional characteristics; the authors suggest that this key feature of reconfigurable nwfets could be exploited maliciously to make reliable Sex-centric Trojans can also be deliberately exploited as a “kill switch”.
In [20], optical detection using nanowire-plasmon interactions was proposed and experimentally demonstrated.
This idea applies to labeling and authentication of chips (or other commodities).
Since no nanowires are required, the authors propose the concept of plasmonic-enhanced optical PUFs in and provide physical simulation results and safety analysis.
3. 3D and 2.5D integration
The main benefits that 3D and 2.5D integration provide for increased hardware security are: physical separation of components, whether across interconnects, active devices, or both; physical enclosure of components to protect them from in-field adversarial activity Impact.
Other papers also review the benefits and disadvantages of 3D and 2.5D integration for hardware security, see, for example, [21].
3.1 Confidentiality and Integrity of Hardware: Logical Locking
3D and 2.5D integration has not been used for logical locking. In loosely related work, the locking principle is exploited to advance the concept of separate fabrication.
More specifically, they lock the FEOL and delegate the unlocking to an independent, trusted BEOL facility.
The authors point out that their scheme can also be unlocked at the package or board level, which is likely to be suggested as a 2.5D IC implementation.
3.2 Confidentiality and Integrity of Hardware: Masquerading
The first to come up with a camouflage specifically for 3D integration, was for the M3D IC. The authors develop and describe a custom M3D camouflage library and evaluate their scheme at the gate-level and chip-level.
This camouflage is achieved by virtual contact, which has been proposed in classical 2D integrated circuits. Thus, while conceptually not new, the work in [22] exploits the benefits provided by M3D ICs in an effort to improve the scalability of camouflage.
This is notable, as prior art camouflage can incur considerable layout costs. In practice, such a cost only considers a small number of camouflaged gates; and the limited camouflage scale in turn makes such schemes vulnerable to SAT attacks.
In contrast, the work reported in [22] consumes only 25% power, 15% latency cost, and 43% area savings on average compared to conventional 2D gates.
3.3 Confidentiality and Integrity of Hardware: Split Manufacturing
Advancing split manufacturing through 3D and 2.5D integration seems both simple and promising.
This is because 3D and 2.5D integration allows the design to be split into multiple chips that can maintain their FEOL and BEOL layers independently, while the entire 2.5D/3D stack can contain further parts of the system-level interconnect.
Furthermore, despite validation studies, concerns about the practicality of classical split fabrication are widespread, since individual chips do not have to be split, but only entire systems.
In 2008, Tezzaron Semiconductor outlined this “3D split manufacturing” concept.
Various studies are also hinting at 3D split manufacturing, but most have some limitations.
For example, study [23] only stays at the conceptual level, while study [24] utilizes 2.5D ensembles with “only” connections hidden by untrusted facilities.
The latter is basically equivalent to conventional split fabrication, but seems to be more practical; nevertheless, study [24] reported considerable layout costs.
Later, “native 3D split manufacturing” was promoted, i.e. logical splitting between trusted and untrusted facilities.
An important finding of these later studies is that both 3D partitioning and vertical interconnect structures play an important role, and define the cost-safety trade-off as follows: the more the design is split across multiple chips, the more layout costs Higher because more vertical interconnect links and associated circuitry are required, but more flexible and easier to “factor out” IP across the 3D stack.
Attention proposes 3D segmentation fabrication combined with camouflage. While study [25] applied conventional center camouflage, study [26] suggested that another camouflage method is more suitable for 3D split fabrication, i.e. obfuscating vertical interconnects.
Other studies also suggest camouflage at the system level. For example, [27] proposed to obscure the vertical interconnect structure of 3D ICs by rerouting within dedicated Network-on-Chip (NoC) chips “sandwiched” between conventional chips.
The idea is conceptually similar to that of random routing in [26], but more flexible, but also more expensive.
3.4 Confidentiality and Integrity of Hardware: Trojan Horse Defense
In [26], the authors leverage the benefits offered by 3D split fabrication to advance a formally safe but costly scheme to reduce Trojan insertion at fabrication.
Furthermore, 3D and 2.5D ICs appear to be more vulnerable to Trojan insertion than 2D ICs during design and manufacturing.
For example, the study in [27] identified the negative bias temperature instability (NBTI) effect as a covert Trojan trigger, motivated by the fact that thermal management is a well-known challenge in 3D ICs.
More generally, the broader outlook of vendors and players related to 3D and 2.5D integration may present new opportunities for attackers to embed Trojans.
With the widespread adoption of wafer-level chip-scale packaging (WLCSP), it is also facing such security risks.
The hypothetical attack here is that some malicious integration tool can place a thin Trojan chip between the target chip and the packet microcollision, and that Trojan chip will contain the tsv, which can access all these signals at will through and into these external connections.
To avoid detection by visual or x-ray inspection, it was suggested that it might be sufficient to align these TSVs with the microbump locations.
However, Trojan detection at runtime can benefit from the integration of 3D and 2.5D.
This is because the relevant security features can be implemented separately using a trusted manufacturing process and later integrated/stacked with commodity chips to be monitored.
3.5 Confidentiality and integrity of hardware: puf
Integrating multiple chips into a 3D/2.5D stack seems to be beneficial for understanding the concept of pufs, since each chip is an independent process change.
Therefore, multiple independent sources of entropy can be used to build pufs. In [28, 29], two such schemes are proposed to further exploit the process variation of tsv.
While these studies are promising in principle, they do not take into account state-of-the-art machine learning attacks, and their practical resilience remains to be demonstrated.
3.6 Data Security at Runtime: Unauthorized Access or Modification of Data
3D and 2.5D integration enables physical separation of components and thus enables robust security functions such as runtime monitors or verifiers.
The actual implementation of these schemes can become a vulnerability in itself. For example, the introspection interface, which requires additional logic to be added to the commodity chip being monitored.
It is easy to see that once these interfaces are modified by a malicious actor designed or manufactured by that commodity chip, it will fail.
As a result, unwelcome dependencies were created that could hinder the plan entirely.
For example, the 2.5D root of trust, which integrates untrusted commodity chips and chips onto an active intermediate that includes security features, and further forms the backbone of system-level communication between chips.
Thus, there is a clear physical separation between commodity components and secure components, avoiding any security-breaking dependencies.
3.7 Runtime Data Security: Side Channel and Fault Injection Attacks
In general, for 3D and 2.5D ICs, side-channel attacks that result in noisier side-channel attacks are much more difficult given the higher density of active devices and more complex circuit structures and architectures.
For example, the authors of [30] studied power side-channel attacks on 3D ICs, and they observed that the power noise distributions from different chips within a 3D IC are superimposed.
They also propose a random cross-linking scheme for the voltage supply of cryptographic modules to make attacks on such modules more difficult.
Some prior art has also studied side-channel attacks explicitly targeting 3D integrated circuits.
For example, [32] and [31] demonstrate that thermal side-channel attacks on 3D ICs can be mitigated at runtime and design time, respectively.
However, the approach in [32] seems less practical; in order to reduce information leakage through thermal patterns, it exploits the dynamic generation of additional virtual activities, which further exacerbates the thermal management challenges of 3D integrated circuits.
In contrast, the authors of [31] modeled the effect of TSVs and module placement on heat distribution and thermal leakage during floor planning, thereby reducing leakage while reducing peak temperatures.
In addition, some studies utilize 3D and 2.5D integration to advocate safety schemes, which are considered too expensive.
For example, the research in [33] utilizes random eviction and heterogeneous latency as the cache architecture.
The authors demonstrate that this technique incurs a high performance overhead in 2D ICs, but is achievable even in 3D ICs.
Like side-channel attacks, fault injection attacks may be made more difficult due to the physical packaging of 3D/2.5D ICs.
Nevertheless, in [34] it was recently shown that laterally rearranging laser devices is sufficient to enable such fault injection attacks, also for backside-protected 2D ICs, and possibly 2.5D and 3D ICs as well.
However, if the 3D IC adopts a dedicated physical design, such as densely placing TSVs at the chip boundary, forming a “vertical shielding” structure, while using conventional shielding and backside protection in BEOL.
3.8 Data Security at Runtime: Physical Readout and Detection Attacks
Similar to fault injection attacks, the concept of a physical box enabled by 3D/2.5D integration may hinder read and probe attacks. In [35], the authors assert that 3D ICs support “omnidirectional shielding”.
Similar protections against detection have been discussed previously.
references
[1] J. Rajendran et al., “Nano meets security: Exploring nanoelectronic devices for security applications,” Proc. IEEE, vol. 103, no. 5, pp. 829–849, 2015. https: //doi.org/10.1109/JPROC.2014.2387353
[2] S. Ghosh, “Spintronics and security: Prospects, vulnerabilities, attack models, and preventions,” Proc. IEEE, vol. 104, no. 10, pp. 1864–1893, 2016. https://doi. org/10.1109/JPROC.2016.2583419
[3] F. Rahman et al., “Security beyond CMOS: Fundamentals, applications, and roadmap,” Trans. VLSI Syst., vol. PP, no. 99, pp. 1–14, 2017. https://doi.org/10. 1109/TVLSI.2017.2742943
[4] Q. Alasad, J. Yuan, and D. Fan, “Leveraging all-spin logic to improve hardware security,” in Proc. Great Lakes Symp. VLSI, 2017, pp. 491–494. https://doi.org/10. 1145/3060403.3060471
[5] T. Winograd et al., “Hybrid STT-CMOS designs for reverse-engineering prevention,” in Proc. Des. Autom. Conf., 2016, pp. 88–93. https://doi.org/10.1145/ 2897937.2898099
[6] S. Patnaik et al., “Spin-orbit torque devices for hardware security: From deterministic to probabilistic regime,” Trans. Comp.-Aided Des. Integ. Circ. Sys., vol. 39, pp. 1591–1606, 2019. https://doi.org/10.1109/TCAD.2019.2917856
[7] F. Parveen, Z. He, S. Angizi, and D. Fan, “Hybrid polymorphic logic gate with 5-terminal magnetic domain wall motion device,” in Proc. Comp. Soc. Symp. VLSI, 2017, pp. 152–157. https://doi.org/10.1109/ISVLSI.2017.35
[8] S. Patnaik et al., “Advancing hardware security using polymorphic and stochastic spin-hall effect devices,” in Proc. Des. Autom. Test Europe, 2018, pp. 97–102. https://doi.org/10.23919/DATE.2018.8341986
[9] N. Rangarajan et al., “Opening the doors to dynamic camouflaging: Harnessing the power of polymorphic devices,” Trans. Emerg. Top. Comp., vol. Early Access, 2020. https://doi.org/10.1109/TETC.2020.2991134
[10] A. Roohi and R. F. DeMara, “PARC: A novel design methodology for power analysis resilient circuits using spintronics,” Trans. Nanotech., vol. 18, pp. 885– 889, 2019. https://doi.org/10.1109/TNANO.2019.2934887
[11] A. S. Iyengar, S. Ghosh, and K. Ramclam, “Domain wall magnets for embedded memory and hardware security,” J. Emerg. Sel. Topics Circ. Sys., vol. 5, no. 1, pp. 40–50, 2015. https://doi.org/10.1109/JETCAS.2015.2398232
[12] N. Rangarajan, A. Parthasarathy, and S. Rakheja, “A spin-based true random number generator exploiting the stochastic precessional switching of nanomagnets,” J. Appl. Phys., vol. 121, no. 22, p. 223905, 2017. https://doi.org/10.1063/1.4985702
[13] N. Rangarajan et al., “SMART: A secure magnetoelectric antiferromagnet-based tamper-proof non-volatile memory,” vol. 8, pp. 76 130–76 142, 2020. https://doi. org/10.1109/ACCESS.2020.2988889
[14] H. Nili et al., “Hardware-intrinsic security primitives enabled by analogue state and nonlinear conductance variations in integrated memristors,” Nature Electronics, vol. 1, no. 3, pp. 197–202, 2018. https://doi.org/10.1038/s41928-018-0039-7
[15] A. Rezaei, J. Gu, and H. Zhou, “Hybrid memristor-CMOS obfuscation against untrusted foundries,” in Proc. Comp. Soc. Symp. VLSI, 2019, pp. 535–540. https: //doi.org/10.1109/ISVLSI.2019.00102
[16] L. Liu, H. Huang, and S. Hu, “Lorenz chaotic system-based carbon nanotube physical unclonable functions,” Trans. Comp.-Aided Des. Integ. Circ. Sys., vol. 37, no. 7, pp. 1408–1421, 2018. https://doi.org/10.1109/TCAD.2017.2762919
[17] C. K. H. Suresh, B. Mazumdar, S. S. Ali, and O. Sinanoglu, “A comparative security analysis of current and emerging technologies,” Micro, vol. 36, no. 5, pp. 50–61, 2016. https://doi.org/10.1109/MM.2016.87
[18] Y. Bi et al., “Emerging technology-based design of primitives for hardware security,” J. Emerg. Tech. Comp. Sys., vol. 13, no. 1, pp. 3:1–3:19, 2016. https: //doi.org/10.1145/2816818
[19] S. Rai et al., “Security promises and vulnerabilities in emerging reconfigurable nanotechnology-based circuits,” Trans. Emerg. Top. Comp., vol. Early Access, 2020. https://doi.org/10.1109/TETC.2020.3039375
[20] Y. Cui et al., “Encoding molecular information in plasmonic nanostructures for anti-counterfeiting applications,” Nanoscale, no. 6, pp. 282–288, 2014. https: //doi.org/10.1039/C3NR04375D
[21] J. Knechtel, S. Patnaik, and O. Sinanoglu, “3D integration: Another dimension toward hardware security,” in Proc. Int. On-Line Test Symp., 2019, pp. 147–150. https://doi.org/10.1109/IOLTS.2019.8854395
[22] C. Yan et al., “Hardware-efficient logic camouflaging for monolithic 3D ICs,” Trans. Circ. Sys., vol. 65, no. 6, pp. 799–803, 2018. https://doi.org/10.1109/TCSII. 2017.2749523
[23] J. Dofe et al., “Security threats and countermeasures in three-dimensional integrated circuits,” in Proc. Great Lakes Symp. VLSI, 2017, pp. 321–326. https: //doi.org/10.1145/3060403.3060500
[24] Y. Xie, C. Bao, and A. Srivastava, “Security-aware 2.5D integrated circuit design flow against hardware IP piracy,” Computer, vol. 50, no. 5, pp. 62–71, 2017. https://doi.org/10.1109/MC.2017.121
[25] P. Gu et al., “Cost-efficient 3D integration to hinder reverse engineering during and after manufacturing,” in Proc. Asian Hardw.-Orient. Sec. Trust Symp., 2018, pp. 74–79. https://doi.org/10.1109/AsianHOST.2018.8607176
[26] S. Patnaik, M. Ashraf, O. Sinanoglu, and J. Knechtel, “A modern approach to IP protection and trojan prevention: Split manufacturing for 3D ICs and obfuscation of vertical interconnects,” Trans. Emerg. Top. Comp., vol. Early Access, 2019. https://doi.org/10.1109/TETC.2019.2933572
[27] J. Dofe, Q. Yu, H. Wang, and E. Salman, “Hardware security threats and potential countermeasures in emerging 3D ICs,” in Proc. Great Lakes Symp. VLSI, 2016, pp. 69–74. https://doi.org/10.1145/2902961.2903014
[28] M. Wang, A. Yates, and I. L. Markov, “SuperPUF: Integrating heterogeneous physically unclonable functions,” in Proc. Int. Conf. Comp.-Aided Des., 2014, pp. 454–461. https://doi.org/10.1109/ICCAD.2014.7001391
[29] C. Wang et al., “TSV-based PUF circuit for 3DIC sensor nodes in IoT applications,” in Proc. Electron. Dev. Solid State Circ., 2015, pp. 313–316. https://doi.org/10.1109/ EDSSC.2015.7285113
[30] J. Dofe and Q. Yu, “Exploiting PDN noise to thwart correlation power analysis attacks in 3D ICs,” in Proc. Int. Worksh. Sys.-Level Interconn. Pred., 2018. https: //doi.org/10.1145/3225209.3225212
[31] J. Knechtel and O. Sinanoglu, “On mitigation of side-channel attacks in 3D ICs: Decorrelating thermal patterns from power and activity,” in Proc. Des. Autom. Conf., 2017, pp. 12:1–12:6. https://doi.org/10.1145/3061639.3062293
[32] P. Gu et al., “Thermal-aware 3D design for side-channel information leakage,” in Proc. Int. Conf. Comp. Des., 2016, pp. 520–527. https://doi.org/10.1109/ICCD. 2016.7753336
[33] C. Bao and A. Srivastava, “3D integration: New opportunities in defense against cache-timing side-channel attacks,” in Proc. Int. Conf. Comp. Des., 2015, pp. 273–280. https://doi.org/10.1109/ICCD.2015.7357114
[34] J. Rodriguez, A. Baldomero, V. Montilla, and J. Mujal, “LLFI: Lateral laser fault injection attack,” in Proc. Worksh. Fault Diag. Tol. Cryptogr., 2019, pp. 41–47. https://doi.org/10.1109/FDTC.2019.00014
[35] J. Knechtel, S. Patnaik, and O. Sinanoglu, “3D integration: Another dimension toward hardware security,” in Proc. Int. On-Line Test Symp., 2019, pp. 147–150. https://doi.org/10.1109/IOLTS.2019.8854395
