Journal of Institute of Smart Structures and Systems (ISSS) Journal name: JISSS JISSS, 4(1), pp. 18–37, March–September 2015. Article designation: Invited Paper Invited Paper Volume: 4 Issue: 1 Integrated circuit security: Month: March–September an overview Year: 2015

Ange Marie P. Fievrea,*, Al-Aakhir A. Rogersb, Shekhar Bhansalia aDept. of Electrical and Computer Engineering, Florida International University, Miami, FL bDept. of Electrical Engineering, University of South Florida, Tampa, FL *Corresponding author: [email protected]

Keywords Abstract Integrated circuits Integrated circuits security is surveyed. After the necessity of IC Security and protection protection, different security classification systems are presented: Anti tamper degree of invasion, IBM levels, and FIPS 104-2 standards. A new Authentication classification is proposed, based on protection location (chip itself Electronics packaging or package) and on protection aspect: anti-tamper or authentica- tion. The main feature of each protection method is explained, Received: 11-04-2015 advantages, drawbacks and current research challenges are dis- cussed. It is concluded that security techniques should aim at satisfying the requirements of emerging technologies such as 3D Heterogeneous Systems on a Chip and wearable devices: compact- ness, anti-tamper and authentication.

1 Introduction: the necessity of IC increase in tampering and counterfeiting activities security resulting from insufficient security for the related intellectual property. The conception and manufacture of complex inte- Indeed, IHS (formerly Information Handling grated circuits (ICs) and semiconductor devices Services), a market research firm, revealed in an entails a considerable amount of time as well as April 2012 publication that the five most com- sophisticated engineering skills, which makes monly counterfeited types of semiconductors creating such devices an expensive activity. represent $169 billion in potential annual risk for Additionally, ICs can contain software encoded the international electronics industry [Lineback, in memories or they can be employed for pur- 2012]. The International Chamber of Commerce poses necessitating encryption in order to main- (ICC) stated that fake and pirated manufactured tain the secrecy of valuable information. These goods will reach a total value of up to $1,770 ICs impact numerous sectors of the semiconduc- billion in 2015 [Frontier, 2011]. With technology tor industry, ranging from medical, to automo- and data positioned in combat zones, and origi- tive, to aeronautics, to communications and to nal critical military hardware replaced by coun- defense, which is why their tampering (interfer- terfeits, the danger to security and safety is as a ing with them so as to misuse, alter, or corrupt major concern by the United States Senate Armed them [Dictionary, 2015]) and counterfeiting (their Services Committee [Committee on Armed fraudulent imitation or forgery [Dictionary, 2015]) Services, 2012]. Another wake-up call was the represent a serious problem [Martin et al. 2010]. capture in December 2011 of the US RQ-170 The global investment on semiconductor research Sentinel surveillance drone fallen in Iran, with the and development (R&D) increased by 7% from Iranian government claiming to have extracted $48.7 billion in 2011 to $53.0 billion in 2012 secret information from the aircraft [Springer, [Yancey, 2013]. Therefore, one can foresee an 2013]. Aviation in general and medical devices

ISSS International Conference on Smart 18 JISSS, 4(1), 2015 Materials, Structures and Systems held on July 08-11, 2014 at IISc Bangalore Ange Marie P. Fievre et al. both are high-risk targets because of the potential generally applicable only to new chips because threat to human life. of modifications in the design or fabrication The challenges posed by counterfeits are steps. On the other hand, package-level solu- twofold. The first challenge is how to protect an tions are independent from the device and can IC chip against piracy (unauthorized copy), so be added to old as well as new chips. In each cat- that neither its physical structure, logical opera- egory, the security goal (anti-tamper or authen- tion, or informational content can be discovered tication) adds further subdivision. Additionally, and replicated by a non-authorized entity. The this paper presents security techniques that have second challenge is to verify chip integrity ver- been proposed over the years, following the new sus replicas. classification, and a summary of the research in IC security is given. The review is concluded with the current active areas of research in IC 1.1 Comparison with existing surveys security that address the requirements for pop- and organization ular emerging system-on-chip and wearable technologies. Many surveys have been written on the sub- ject of IC security. An early prominent pub- lication, [Anderson & Kuhn, 1996] provides 2 Types of attacks with a taxonomy of attackers, gives examples of non-invasive and physical attacks, and goes There are multiple approaches for counterfeiting over governmental and commercial protection a chip or accessing its sensitive data. As previ- techniques available at the time and their weak- ously mentioned [Guin et al. 2014], counterfeit nesses. Later, [Skorobogatov, 2005; 2012] add a integrated circuits can be old ICs that are recy- brief description of the security levels as defined cled, or new ICs that are overproduced, given by IBM (International Business Machine) false specifications or sold although defective; a and FIPS (Federal Information Processing counterfeit can also be a clone (copy). Standard), place attacks in non-invasive, invasive When layouts or masks are not readily and semi-invasive categories and also describe available for duplication purposes, or when several defense technologies against these types critical information is located inside the device, of attacks. Subsequently, [Koushanfar et al. some kind of probing becomes necessary. His- 2012] presents anti-counterfeiting approaches torically those means have often involved dam- and initiatives, discusses general research chal- age to at least part of the chip; hence, they lenges in that field, and describes several anti- are commonly termed “attacks.” The types of counterfeiting methods. More recently [Rostami attacks aimed at discovering the workings of a et al. 2013; 2014] give threat models, state- device or accessing information are classified of-the-art defenses and the defenses metrics as invasive, noninvasive, or semi-invasive by for different types of attacks, while [Guin et al. [Skorobogatov & Anderson, 2003]. 2013; 2014] classify components and counter- In an invasive attack, the packaging is feit types, expose supply chain vulnerabilities, removed in order to get immediate access to inter- identify avoidance and detection measures and nal components. The IC can then be studied either review the associated challenges. by microprobing or reverse engineering. Micropro- This review investigates answers to the bing involves placing a chip under a long-working- two challenges mentioned earlier: protecting distance optical microscope, whereas test signals chips against piracy and verifying their integ- are received and monitored by a computer. Using rity. This review will identify different types of a laser, the passivation layer (the inert layer pre- piracy methods used against ICs, the informa- venting corrosion) is ablated or removed, which tion obtained through tampering, and different allows probe access to the internal signal lines classifications of security techniques. How- [Anderson & Kuhn, 1996; Skorobogatov, 2012]. ever, a different classification is introduced, in A focused ion beam (FIB) can be used to etch/mill which the location of the protection measure, through multiple layers to access conductive lines. on the chip itself or in the package, is taken in After locating the conductive line, the FIB depos- consideration. On-chip security techniques are its a metal, such as platinum, to connect the signal

19 JISSS, 4(1), 2015 Integrated Circuit Security to the surface, making it more easily accessible to (3) Exploiting electromagnetic radiations that larger probes [Tsang, 2011]. leak information on different components In reverse engineering, the different lay- of a device. For one component these ema- ers of an IC are imaged using a high resolution nations are of various types, depend on the reflected-light microscope with camera to cre- operation being performed by the device, ate a three-dimensional map of the structure. As and are a result of the characteristics of the a result of this destructive invasion method, the component combined with its coupling with IC is often rendered unusable. However, if lay- other neighboring components. With sensors ers of an IC can be taken off without notably judiciously chosen and positioned, it is pos- altering trapped charges, the stored information sible to obtain multiple views of operations or software contained in the IC can be revealed, [Gandolfiet al. 2001]. This multidimension- and reproduced or modified [Anderson & Kuhn, ality makes electromagnetic side channels 1996; 1998]. even more effective than power analysis, With the continuing shrinkage of IC com- which is only cumulative [Quisquater & ponents, invasive attacks are becoming more dif- Samyde, 2001]. ficult, extremely time-consuming, and require sophisticated instruments and skills. Conversely, A semi-invasive attack is between non- noninvasive attacks constitute a lower-cost option invasive and invasive attacks. It can provide for the attacker, as minimal equipment is required an enormous amount of information on a cir- for that type of tampering. A noninvasive attack cuit without the cost or the time required by a is the study of the IC by indirect means, also full invasive attack. It is invasive to the device called side channels. This method generally con- packaging only, with no damage to the passi- sists of tapping the device wires for signal or vation layer. Physical contact is not made with radiations, or connecting the IC to an external test the internal lines and the IC remains functional. circuit. Analysis of the signals coming through For instance, exposure to ultraviolet light ren- side-channels has been successfully demonstrated dered security fuses on early erasable memory to obtain secret keys from secure devices easier, and microcontrollers inoperative [Skorobogatov, faster, and at lower cost than destructive attacks. 2005]. Other examples of semi-invasive meth- Noninvasive observations can reveal the logi- ods have used infrared light to provide a view cal functions of circuit modules [Skorobogatov, through the back surface of a chip [Wagner, 2005] and obtain stored information that is crucial 1999], or thermal imaging to locate active for circuit functionality [Standaert, 2010]. Addi- areas [Soden, 1997], or a pico-second imag- tionally, there are no signs of tampering, illustrat- ing circuit analysis (PICA) technique to detect ing the danger associated with this type of attack. optical emissions from the chip [Tsang, 2000]. Common noninvasive methods include: Other illustrations of semi-invasive methods are optical-beam-induced current (OBIC) [Richards & (1) Collecting timing information from opera- Footner, 1992] or light-induced voltage altera- tions associated with security: the time con- tion (LIVA) [Ajluni, 1995]; both of them utilize sumed by every input-output pair is recorded, laser scanning to detect the location and logic whether it is a single operation or an entire state of transistors. An outstanding semi-invasive function [Kocher, 1996; Dhem et al. 2000]. attack is fault injection, in which atypical envi- ronmental conditions are instigated during (2) Looking at current or power consumption cryptographic operation in order to uncover the during changes of states [Mangard et al. internal states, and which can breach a circuit 2007; Kocher et al. 1999]. Amongst these faster than noninvasive attacks [Mangard et al. methods, differential power analysis (DPA), 2007; Anderson et al. 2008; Boneh et al. 1997; extracts secret information from an inte- Kim & Quisquater, 2007]. Fault injection grated circuit as this IC performs the same employs power tampering, short clock sig- predictable operations, by applying statisti- nals, large temperature variations, external cal correlation and error correction methods electromagnetic fields, and light attacks such to data-dependent power traces collected at as pulsed lasers or ultraviolet lamps [Schmidt the supply pins [Kocher et al. 1999]. et al. 2009; van Woudenberg et al. 2011;

20 JISSS, 4(1), 2015 Ange Marie P. Fievre et al.

Dehbaoui et al. 2012; Balasch et al. 2011; are fewer IC security techniques released to the Bar-El et al. 2006; Endo et al. 2011] to alter the point of implementation in an experimental set- state of chosen transistors in the IC, allowing a ting or for commercial or governmental purposes, pirate to figure out the operation of the IC and and this is evidence of the complexity of the task ways to bypass its security features. at hand. With the various types and evolution of Invasive, noninvasive and semi-invasive attacks, different classification approaches have attacks are conducted on devices that have been been offered, in regards to the first challenge already built. Another threat exists due to the posed by counterfeits, i.e. tamper resistance. worldwide distribution of IC production currently, One system simply follows the attack clas- and the involvement of often untrusted contrac- sification and considers which type of attack is tors. This makes it possible for a malicious party being counteracted [Skorobogatov & Anderson, to modify or insert stealth components in a circuit 2003], based on the fact that most anti-tampering during any step of the supply chain. These rogue techniques offer a countermeasure against components will either disable the IC, cause it to either invasive/semi-invasive or semi-invasive/ behave differently or allow stealing information noninvasive attacks; resistance against all three under specific conditions that will not happen dur- types of attacks usually comes from an integra- ing standard simulations and post-manufacturing tion of different solutions, each solution tackling tests. This type of attack is termed hardware one type of attack. Trojan [Anderson et al. 2008; Abramovici & Large companies are highly targeted, and as a Bradley, 2009; Adee, 2008; Agarwal et al. 2007; result put high-level solutions in place for protec- Bhunia et al. 2013; 2014; Chakraborty et al. tion. For example IBM, a leader in secure systems, 2009; Karri et al. 2010; Skorobogatov & Woods, lists six security levels for electronic systems in 2012; Tehranipoor & Koushanfar, 2010]. general, according to the amount of expertise, To summarize, the main features of the four time, and the equipment cost necessary to break types of attacks described above are compared in these levels of defense [Abraham et al. 1991]: Table 1. Ideally, an anti-tampering device would not only be impervious to all four, but it would (1) Level ZERO: no security features; no time, indicate if any attack were attempted against it. no cost; A desired feature that would allow a legitimate (2) Level LOW: little security; inexpensive and examiner to confidently ascertain that an IC is easy attack; not a counterfeit would be continued improve- ment in device integrity. However, in a nonideal (3) Level MODL: security against low-cost world, ideas for a completely tamper-proof and attacks; some expertise, cost up to $5,000; authenticatable IC are often well ahead of the (4) Level MOD: moderate security; some exper- technological means available to create such tise, time, cost up to $50,000; device, which is why security methods are classi- fied according to the type of protection they offer. (5) Level MODH: advanced security; much expertise and time, cost over $50,000; 3 Classification of security solutions (6) Level HIGH: security against all known attacks.

The number of patents filed on IC security is proof The US government, in the more specific that it is a constant preoccupation. However, there framework of cryptographic modules for sensitive

Table 1. Comparison of the main four types of integrated circuit attacks. Depackaging Physical contact with Fast Expensive Tamper- internal circuitry evident Invasive Yes Yes No Yes Yes Semi-invasive Yes No Yes No Yes Noninvasive No No Yes No No Hardware trojan No No Yes No No

21 JISSS, 4(1), 2015 Integrated Circuit Security

information, imposes the FIPS (Federal Informa- Fuses tion Processing Standard) 140-2 standard, estab- Change of lished by the National Institute of Standards and element Technology (NIST). This standard describes in characteristics Anti-tamper Component increasing order four levels of security, as well camouage as the active or passive nature of the protection [NIST, 2001], and any system performing crypto- Logic hardening graphic operations and used by the government or military must abide to it: Tiling Chip level Authentication Post- manufacture (1) Level 1, the lowest level of security, requires programming

typical passivation methods, for example a Silicon PUFs seal (protective) layer to counter environ- Anti-tamper + mental or other physical damage; SST authentication

(2) Level 2 enhances the physical security of Security Level 1 by making tamper evidence of the Aging seal mandatory; Anti-tamper Shielding (3) Level 3 intends to stop an unauthorized Signature Authentication party from obtaining access to key security DNA parameters stored inside the module, for Holograms example, by placing the module in a solid, Package level opaque, hermetic enclosure to discourage access to the contents or ensuring that tam- Optical PUF pering will destroy the module; Magnetic PUF Anti-tamper + (4) Level 4 offers the highest level of secu- authentication Nanorod/ rity. It calls for active anti-tampering tech- nanowire arrays nologies or a combination of passive and active tamper-resistant layers. With active RFID + COPUF anti-tampering, a targeted IC will take some action when subjected to any suspicious CSWGs activity. This event can be environmental conditions or variations outside of the nor- Figure 1. Security classification based on location and goal of the protection. mal working ranges of the module, such as voltage, photon detection, acceleration, strain, temperature, chemical reactions, or proximity. Typical reactions are erasure or address. The following examination of IC secu- destruction. Level 4 mechanisms are par- rity techniques uses this classification approach. ticularly helpful in physically unguarded settings. 4 IC security techniques

Another system of classification is pro- 4.1 Chip-level security posed in Figure 1. In a first division, it consid- ers the location of the countermeasures. This 4.1.1 Anti-tamper. One of the first security issues organization stems from the fact that protection tackled by IC manufacturers was attacks against can be implemented in the device packaging or, erasable programmable read-only memories more intimately, added to the chip. In order to (EPROM). To prevent unauthorized access, they integrate both challenges posed by counterfeits, placed security fuses shielded by a metal cover authentication is included in addition to tamper opaque to ultraviolet light. The objective was resistance, and the security solutions are further to make the fuses hard to find and if found, dif- partitioned according to which challenge they ficult to manipulate by a pirate. In electrically

22 JISSS, 4(1), 2015 Ange Marie P. Fievre et al. erasable programmable read-only memories 1996; Bhunia et al. 2013], but this is clearly at (EEPROM), inverted memory cells were made the cost of efficiency. Another technique with less more resistant to UV light. Furthermore, to coun- negative impact on performance and also used ter well-equipped and highly skilled entities that against electromagnetic leakage is to blind, i.e. could resort to laser cutting or FIB machines to to modify the way a computation is conducted take away the protective metal, multiple fuses so that it is uncorrelated to timing or electro- would be placed at different locations. This would magnetic radiations [Kocher, 1996]. Other tim- affect the data contained in the memory and make ing countermeasures eliminate cache or modify it useless [Skorobogatov, 2012]. the way data is cached [Skorobogatov & Woods, Some researchers have proposed changing 2012; Tehranipoor & Koushanfar, 2010; Page, the characteristics of the circuit elements. For 2003; Cohen & Aviv, 2005]. example, FIB implants could reduce the switch- One way to counter DPA is to make power ing speed of chosen logic gates, making the usual consumption constant. This can be achieved by low speed test methods useless in establishing using gates that consume power independently of their correct logic functions [Walden, 1993; 1994]. their input values, i.e. dual-rail logic, where the Also largely suggested has been camouflage. One logic is replicated using complement wires and example would make analog components look like gates [Ambrose et al. 2011; Bucci et al. 2011; digital components and hide the former amongst a Hoang & Fujino, 2014; Morrison & Ranganathan, digital IC [Ciccone & Yup, 2001]. Another illus- 2014; Saputra et al. 2003; Tiri & Verbauwhede, tration would be to configure false interconnec- 2004]. An on-chip signal suppression circuit can tion contacts in read-only memory (ROM) devices be added without alterations to the encryption or in flash memory cells [Vajana & Patelmo, circuitry to prevent information escaping through 2003; Vajana & Patelmo, 2003]. In other instances, the current supply pin side-channel to be acquired a lightly doped density (LDD) region called “chan- by differential power analysis. The total current nel block” would be placed between the active drawn from the supply is maintained at a defined areas, where the dopant type of the channel block level. Since DPA receives information resulting would determine if there is connection or not. from variations in the supply current, when these However, the density would be so small that usual variations are reduced, a pirate needs more power reverse engineering methods would not discover samples to differentiate information from noise. the presence or polarity of the implants [Baukus The number of necessary power traces can be et al. 2000; Chow et al. 2009; Clark et al. 2012]. made excessively large, rendering the attack very These connections would not be made of metal long and expensive for the attacker [Ratanpal wires, but instead they would be buried, making et al. 2004]. These countermeasures are accom- surface etch necessary [Baukus et al. 1999; 2001; plished at the price of higher power expenditure 2005; Clark et al. 2007]. Also, fake apparent metal and larger circuit area. connections and nonworking transistors looking Circuit-level solutions such as randomiza- like real ones would mislead a reverse engineer tion or update of keys during computation are [Baukus et al. 2012; Chow et al. 2004; 2007; 2008; used as well against timing attacks, power analy- 2011; 2012; Cocchi et al. 2013]. Another example sis or electromagnetic leakage. Signal strength uses fake features isolated by invisible etch stop reduction can also be effective against both elec- films [Hsu et al. 2013]. These methods do make tromagnetic and power analysis attacks [Agrawal reverse engineering harder by forcing the attacker et al. 2003]. into brute force, but at the cost of power, area and A great deal of research is also aimed at coun- delay overheads [Rajendran et al. 2013]. teracting fault attacks. Input parameters are com- Security fuses, FIB implants and camouflage monly protected using cyclic redundancy checks; seek mostly to protect against invasive attacks. processing parts by redundant computation, On the other hand, various protection methods checks on algorithm-specific properties, or blind- termed logic hardening have been proposed at the ing of exponentiation algorithms; and program circuit level specifically against noninvasive and flow by a signature. In these cases the security semi-invasive attacks. requirements have to be balanced with hardware A method against timing attack is to make all or time overhead. Inherent countermeasures, such operations take the same amount of time [Kocher, as the choice of parameters, can also be used.

23 JISSS, 4(1), 2015 Integrated Circuit Security

These solutions are reviewed in more detail by solutions were needed that would not be limited [Karaklajic et al. 2013; Marzouqi et al. 2014; to meter counterfeits, but would instead prevent Verbauwhede et al. 2011]. their creation and circulation. Methods allying Garbled circuits promise a general solu- anti-tamper and authentication at the chip level tion to all noninvasive and semi-invasive attacks, are reviewed next. with circuit area comparable to existing counter- 4.1.3 Anti-tamper with authentication. An measures [Goldwasser et al. 2008; Huang et al. innovative method to give a unique ID to each IC 2011; 2012; Järvinen et al. 2010; Yao et al. 1986; was the Integrated Circuit Identification Device Bellare et al. 2012]. (ICID). That technique required no unusual pro- 4.1.2 Authentication. The other challenge is cessing steps, and no post-manufacture encoding authenticating a chip, in other words determining was necessary. Identical transistors, forming an whether the chip is an original or not. For that the array, drove each a resistive load. Fabrication vari- IC has to be marked by a key that is impossible ations caused the current passing through this load or too costly to reproduce. Chip authentication to be random, and the corresponding voltage was data have traditionally been stored on nonvola- converted to a bit string [Lofstrom et al. 2000]. tile memory located on the chip itself. The basic ICID was the first example of a Physically measures to prevent unauthorized access to this Unclonable Function (PUF), before the name information are encryption of the data and/or was coined. This authentication method has been permanent disconnection of the fuses leading to gaining in popularity for the past decade and takes the section of the memory where it is written. advantage of unique characteristics that are inher- However, with the plurality of types of attacks ent to each IC. Two identically functional instances available, those precautions are no deterrent to of the same chip will have distinctive features that a skilled and determined pirate, thus prompting are due to uncontrollable random imperfections more sophisticated methods to encode the origin created during fabrication [Gassend­ et al. 2002]. and identity markers of ICs. This unique pattern is the key that identifies the One authentication method has been the chip, and cannot be duplicated. The key unlocks adaptation of watermarking to hardware, which a secret set of challenge (applied physical stimu- means embedding authentication information in lus) and response (unpredictable but repeatable the circuitry in a manner invisible to the user. device reaction), coming from an exponentially Researchers at UCLA utilized unused portions of large pool of possibilities, for authentication. In FPGA blocks to mark their circuits [Lach et al. addition, any probing attempt alters the PUF’s 1998]. The circuit was divided in tiles, each tile behavior, ruining the PUF and providing tamper having several possible instances. Two instances evidence of invasive attack. of the same tile had the same functionality and Other examples of integrated circuit-based were interchangeable, but with different layouts PUFs are silicon PUFs. The first PUFs of this with marking differently located. One circuit type were arbiter-based PUFs where a latch deter- instance was thus made up of a set of instances mines which of two racing signals going through of diverse tiles. In this fingerprinting technique, a sequence of MUX stages arrived first [Gassend although timing properties might vary from one et al. 2002; 2004]. Implemented for circuit tile instance to another, there was no effect on authentication, they make use of delay informa- global performance, timing, or power consump- tion as parameters. To achieve reliability of those tion. However, the technique cannot be employed PUFs in environmental variations, relative delay for application specific designs (ASICs), which comparisons are taken into account [Lee et al. use a single mask. A method suitable for ASICs 2004]. Security is further enforced by the fact that was the assignment of a unique ID to each chip the key is volatile and is only generated when the by appending a small section to the control path device is powered. However, arbiter-based PUFs that could be programmed after manufacture display weakness in front of model-building and [Koushanfar et al. 2001]. Besides incorporating emulation attacks [Lim et al. 2005; Majzoobi the unique ID into the functionality of the IC, this et al. 2008; Rührmair et al. 2010], and have technique was the first that would allow assess- low entropy, which limits their unpredictability ment of the number of counterfeits in the event [Katzenbeisser et al. 2012]. Reliability problems, that piracy would be discovered. However, new like the effects of aging, also need to be resolved.

24 JISSS, 4(1), 2015 Ange Marie P. Fievre et al.

More reliability and simplicity were brought In any case, settling-state-based PUFs in a modification of the arbiter PUFs, applicable such as SRAM and BPUFs lack the level of to both Application-Specific Integrated Circuits security expected from a PUF, as SRAM PUFs (ASICs) and Field-Programmable Gate Arrays have been characterized by FIB circuit edit and (FPGAs) [Suh & Devadas, 2007]. They use laser stimulation, and cloned [Helfmeier et al. delay loops to generate Ring Oscillator Physi- 2013; Nedospasov et al. 2013]. cal Unclonable Functions (ROPUFs), simple cir- More recent popular PUF developments at cuits that oscillate with a frequency affected by the chip level include the following: fabrication variations and hence would not be predictable, but could still easily be established (1) Glitch PUFs relying on delays, use glitches by a counter. ROPUFs have become one of the in combinatorial logic circuits [Anderson, most widespread physical unclonable functions, 2010; Suzuki & Shimizu, 2010; Shimizu seeking more security and smaller area [Bin et al. et al. 2012; Yamamoto et al. 2012]. 2011; Chen et al. 2011; Kumar et al. 2012; Maiti & (2) Secret Model PUFs associated with physical Schaumont, 2011; Maiti et al. 2012; Mansouri & PUFs, mimic the PUF challenge-response Dubrova, 2012; Merli et al. 2010; Qu & Yin, activities, lessening the required amount 2009; Vivekraja & Nazhandali, 2011; Yin, 2012], of storage for challenge-response pairs although the most recently proposed implemen- [Devadas, 2014; Kong et al. 2014; Majzoobi tation [Guin et al. 2014] is not universal and its et al. 2009; Majzoobi & Koushanfar, 2011]. structure must be adapted to the type (analog, dig- ital, or mixed) and size of the chip. Nonetheless, (3) Public PUFs or PPUFs, defined as “multiple- it seems that the security goal is still at a distance input–multiple-output systems that are much of being achieved, as a complete characterization faster to execute than they are to simulate, of arbiter PUFs was demonstrated in [Tajik et al. and whose security no longer relies on the 2014] using backside photonic emission analysis, secrecy of their physical parameters as PUFs with the claim that this method is applicable to all do” [Potkonjak & Goudar, 2014], can be mod- delay-based PUFs. eled, but the model evaluation requires much Several publications treat of SRAM-based more work and time than the evaluation of the Physical Unclonable Functions [Boehm & Hofer, PUF itself [Majzoobi et al. 2009; Potkonjak 2009; Bohm et al. 2011; Cortez et al. 2012; & Goudar, 2014; Beckmann & Potkonjak, Guajardo et al. 2007; 2008; Holcomb et al. 2007; 2009; Meguerdichian & Potkonjak, 2011; 2009; Kim et al. 2010; 2011; Koeberl et al. 2012; Rajendran et al. 2012; Wendt & Potkonjak, Maes et al. 2009; Saxena & Voris, 2011; Schrijen & 2011]. The same idea appears in SIMPL van der Leest, 2012; Selimis et al. 2011; van systems (Simulation Possible but Laborious der Leest et al. 2012]. This compact security systems) [Rührmair, 2009; Rührmair et al. method takes advantage of existing static ran- 2010; Rührmair, 2011; 2012]. dom access memory cells (cells that hold data as long as power is supplied) that take consistently A concept completely different from PUFs, at power-up one of two arbitrary stable states, 0 the Secure Split-Test (SST) [Contreras et al. 2013] and 1. One particular memory cell arrives at a proposes to place two blocks, a functional-locking state, always the same, determined by the manu- block to guarantee that only ICs unlocked by facture process. A challenge is a subset of these the intellectual property (IP) owner have correct memory cells; the response is their respective functionality and a scan-locking block to ensure power-up state. Not all FPGAs offer uninitialized that functional results cannot be scanned out and SRAM memory, and the idea is adapted with But- subsequently allow tampering with the protection terfly Physical Unclonable Functions (BPUFs) hardware. In addition to the area overhead created that use cross-coupled latches, do not require any by the additional blocks, the multiple exchanges power-up for assessment, and are appropriate for between the IP owner and the foundry will add to all sorts of FPGAs [Kumar et al. 2008]. However the SST cost. latch-based PUFs are less robust to temperature In the particular case of recycled ICs, i.e. variations than SRAM PUFs [Katzenbeisser components that are defective or used originals et al. 2012]. sold as new and working out of specification, the

25 JISSS, 4(1), 2015 Integrated Circuit Security natural course of action is to find a way to compare Richards et al. 2013]. In other models, top and them to non-defective, unused chips. The absence metal layers could be made more difficult and of functional defect is ascertained through exten- slower to etch than the passivation layer and the sive testing. Once established that an IC is fully active circuitry [Byrne, 1994], bonded ­substrates functional, the other parameter is its “length of could support memory detectors on their exter- service.” The circuit aging concept, first used for nal face [Mori, 1994], or an adhesive layer reliability assessment, has been recently applied covered with porous material could send an elec- to combat IC recovery by a research group in trical signal when torn [Chan et al. 2010]. Other Connecticut. First, they proposed a comparison examples would modify the packaging using a between two ring oscillators, the first a reference molding compound in which a change in capaci- free of stress and the second a stressed ring aging tance or impedance would be detected by some rapidly [Zhang et al. 2012]: the larger the differ- circuitry [Cole & Yakura, 1999; Thornley et al. ence between the rings frequency, the older the 2011], add magnetic components to produce a chip. The effects of temperature and inter-chip magnetic response in elements situated on the process variations are filtered out by data analy- target IC [Knudsen, 2010], or place reservoirs sis. The two rings create minimal overhead and containing fluid chemicals that would destroy because they are bound to each other their rela- a circuit under reverse engineering attack [Das tive frequency cannot be tampered with. Next, et al. 2012; Katti et al. 2014]. In another solu- using instead the delay distribution of paths, the tion, a conductor is tightly wound around the same researchers completely eliminate the area protected IC and a detection circuit, all pack- overhead [Zhang et al. 2012; Tuzzio et al. 2012]. aged together in a solid epoxy rendering the Indeed, the delay distribution being within a cer- wires invisible from the outside; the winding of tain range, a larger delay indicates an older IC. two devices is not exactly the same, even though This implementation is also applicable to legacy they come from the same fabrication process ICs and is completely tamper-proof, since it uses [Weingart, 1987]. However, this type of housing inherent properties of the circuit. However, with has the drawback of being complicated to build large process variations sufficient accuracy can and consequently expensive to produce. be difficult to attain. A third embodiment uses 4.2.2 Authentication. Active research has counters to record usage time and an embedded been conducted for the past few years to tag ICs antifuse memory block to store the recorded val- with biological deoxyribonucleic acid (DNA). ues [Zhang & Tehranipoor, 2014]. The memory According to its proponents, the DNA signature block cannot be reprogrammed, which makes it is practically impossible to replicate, is inex- tamper-evident. pensive, requires only minimal change in the Another group compares the aging between fabrication process, and is extremely accurate, similar parts of one circuit to create a signature the probability of a false positive authentication [Zheng et al. 2014], a method also applicable to being one in a trillion [Hayward & Meraglia, legacy chips. 2011]. It consists in an ink containing shuffled In the next subsection, we will consider plant DNA to produce a quaternary sequence package-specific security solutions. unique to each IC chip and kept in a database. This ink also fluoresces under certain light fre- quencies. The product derived from this research, 4.2 Package-level security SigNature® DNA, is marketed by Applied DNA Science and has been used on microchips by 4.2.1 Anti-tamper. Protection has been often the Department of Defense [Defense Logistics envisioned to be added as one or several sup- Agency, 2012; Applied DNA Sciences, 2013]. plementary layers, including extra circuitry However, DNA is known for its sensitivity to for a response to tampering. For example, harsh conditions [Lindahl, 1993], and the Semi- plates connected together and having serpen- conductor Industry Association (SIA) has shown tine or meandering conductor paths on them reluctance to accept this technology as a general could be used as protective shielding against IC marking solution. The SIA does not believe invasive or side-channel attacks [Cohen & SigNature DNA to be as reliable as presented, as Aviv, 2005; Farooq et al. 2007; Kleijne, 1986; it has not been independently evaluated or tested

26 JISSS, 4(1), 2015 Ange Marie P. Fievre et al. on a wide variety of products of different origins variations would change the speckle pattern and [SIA, 2012]. result in a false alert. 4.2.3 Anti-tamper with authentication. Other A magnetic PUF has been applied for card package security methods are armed with protec- authentication, taking advantage of the noise-like tion devices offering both tamper evidence and permanent characteristics of magnetic stripes. authentication capability. The magnetic particles forming the stripes are of The most widely known electromagnetic different sizes and shapes, randomly assembled, protection is probably the hologram [Reynolds and emit an unchanging and unique background et al. 1989], a type of diffractive optically vari- signal [Hart et al. 2013; Indeck & Muller, 1997; able image device (DOVID), often seen on smart MagTek; Morley et al. 2007]. Card readers must cards. A hologram is a 3D picture showing differ- be adapted for the use of this magnetic PUF, ent perspectives depending on its position with which affects its cost. respect to the viewer, in an effect called parallax. Another type of PUF for package authen- Hidden and apparent authentication mechanisms tication might be created using an array of can cohabit on a hologram. When positioned at nanorods. During the development of an assem- the seal point of a package, a hologram also acts bling method to form gold nanorods on a nano- as a tamper-evidence device. However, available structured surface, it was noted that although the instruments are able to resolve conventional holo- same array pattern could be repeated, the indi- grams in a matter of days [Gale, 1997; McGrew, vidual nanorods varied slightly in length, orien- 1990] and more sophisticated added nanoscale fea- tation and separation with the previous nanorod tures, for example those operating in the near-field in the array. This translated into a shift in color regime [Naruse et al. 2012] will probably be at the and intensity in their far-field imaging [Slaughter reach of state-of-the-art cloning apparatus as well. et al. 2010; Kuemin et al. 2012]. Silver nanowires PUFs, intrinsically tamper-resistant, are also exhibit polarization-dependent surface-enhanced used for authentication at the package level. Raman scattering, that offers covert authenti- An optical PUF was suggested by Pappu, cation because encrypted in the nanostructure made of a transparent material, in which light [Zhang & Tehranipoor, 2014]. scattering particles were inserted at random in Radio-Frequency Identification (RFID) labels the course of fabrication. When hit by a laser [Tuyls & Batina, 2006] allow–as opposed to a con- beam, the device would produce a speckle pat- ventional bar code–automatic identification of a tag tern, and minor variations in the location of just from a distance with no line-of-sight necessary with a few particles from one device to another would the reader [Want, 2006; Shepard, 2005; ­Roberts, noticeably modify their whole interference pat- 2006]. The tag is an antenna/microchip assembly terns. In this implementation, the challenge set and the reader is a second antenna emitting radio- would be the position, angle amplitude and wave- frequency waves and receiving­ a response signal length of the laser, and the response would be with information from the tag. However, by itself the speckle pattern [Pappu et al. 2002]. Although the tag is subject to easy cloning, which is why it is fabrication of the light scattering token itself is being associated with Coating Physical Unclonable a low-cost process, the depicted PUF involved Functions (COPUFs) or delay-based PUFs [Tuyls pricey and sizeable equipment comprising a laser & Batina, 2006; Bolotnyy & Robins, 2007; Deva- and a precise mechanical positioning system. The das et al. 2008; Jin et al. 2012; Kulseng et al. 2010; relative position of the laser, token and image Ranasinghe et al. 2004] to form an “unclonable” sensor should be exactly the same every time tamper-evident RFID tag. COPUFs [Tuyls et al. the speckle pattern is recorded. Other authors 2006; Skoric et al. 2006; 2007], which use a pro- [Gassend, 2003]; [Tuyls & Škorić, 2006; Tuyls & tection layer shielding an IC, are attractive because Škorić, 2007; Rührmair et al. 2013] suggested an of their low manufacturing cost. The coating film integrated version of the optical PUF where the contains dielectric particles that are random as to incidence angle parameter would be replaced by their dimensions, shape, and location. Metal line the number of lasers that would be turned on or sensors arranged underneath the protective layer by switchable display pixels in a second embodi- like a comb are employed to determine the local ment. However in all cases, the smallest change in capacitance of the coating. These capacitances are the token due to normal usage or environmental random because of the random properties of the

27 JISSS, 4(1), 2015 Integrated Circuit Security particles in the coating, and constitute the responses waves, distinguishing one device from another. to voltage challenges, each of different frequency Although reminiscent of the optical PUF in and amplitude. Coating PUFs allow the detection [Pappu et al. 2002], this new optical implemen- of physical tampering, as a result of changes in the tation circumvents the misalignment challenges local responses, as well as device authentication. that would necessitate bulky positioning equip- An insulating layer between the COPUF aluminum ment. This is accomplished by the use of an opti- lines and the IC underneath, acts as a barrier against cal fiber as delivery medium. This solution also crosstalk between sensors and protected circuit. provides tamper evidence in addition to authenti- However, these additional metal and insulation cation, which is a step forward from the currently layers create a sizeable packaging overhead; and used DNA taggant [Hayward & Meraglia, 2011]. because the sensors have to be constantly active, The tamper evidence aspect is ensured by the power consumption is significantly increased. fact that the slightest intrusion attempt will either A method suggested by Fievre et al. uses break the original near-field coupling between coupled subwavelength gratings (CSWGs) the gratings or modify the far-field intensity map. [Rogers et al. 2009; 2011] in which engineering Table 2 provides a summary of the security defects are exploited to create “fingerprints” for solutions examined in this survey. device chips, and allow verification of identity in addition to tamper evidence [Fievre et al. 2014]. A slight variation of one of the grating patterns 5 Conclusion in the pair of coupled gratings differentiates this specific set of gratings from another one, Compiling the contribution of numerous research- while the general output of each system remains ers in the area of integrated circuit security, this essentially the same. This feature translates into paper explains the challenges with IC protection. variations in the intensity pattern of transmitted One may encounter different types of attacks:

Table 2. Summary of security solutions. Security solution Protection Fuses Counter advanced invasive attacks such as laser cutting or FIB Change of element characteristics Make usual invasive test methods useless and camouflage Logic hardening Hardens circuit against noninvasive and semi-invasive attacks Tiling Authenticates without effect on performance, timing or power of FPGA Post-manufacture programming Allows metering when counterfeiting is discovered Silicon PUFs Authenticate thanks to a unique volatile pattern that cannot be duplicated (or take too long to simulate in the case of PPUF), are destroyed by physical tampering Secure Split-Test (SST) Guarantees that only ICs unlocked by IP owner have correct functionality and prevents tampering with the protection hardware Aging Allows identification of recovered ICs, is tamper evident Shielding Protects the IC with a tamper-proof enclosure SigNature DNA Offers unique sequences for authentication Holograms Offer covert or overt authentication, are tamper-evident when placed at seal point of package Magnetic PUF Offers a unique fingerprint for authentication, is tamper evident Optical PUF Offers a unique pattern for authentication with complex output and hard modeling, is tamper evident Nanorod/nanowire arrays Translate into a possibly covert, unique shift in color and intensity in their far-field imaging for authentication, are tamper evident RFID + COPUF Allows identification from a distance, no line-of-sight necessary, is tamper evident CSWGs Provides tamper evidence and authentication without the need to open a package

28 JISSS, 4(1), 2015 Ange Marie P. Fievre et al. invasive, noninvasive, semi-invasive, or Trojan. With the stealth nature of the security desired, the This distinction in attack type constitutes one newer optical means such as nanowire arrays or basis for an anti-tamper classification system, but CSWGs might be of choice. others exist, and amongst them are the IBM secu- rity levels and the FIPS 104-2 standards. For this review, a new classification system is presented, References based on the location of the protection, which can be on the chip itself or on the package, and also on Abraham, D.G., et al. (1991) “Transaction security the aspect of protection: anti-tamper or authenti- system.” IBM Systems Journal. 30, 206–229. cation. IC security techniques for anti-tamper or Abramovici, M. and Bradley, P. “Integrated circuit authentication at chip level and at package level security: new threats and solutions,” in Proceedings are discussed and summarized. of the 5th Annual Workshop on Cyber Security and One’s outlook should consider the increased Information Intelligence Research: Cyber Security focus this past decade on 3D Heterogeneous Sys- and Information Intelligence Challenges and Strat- tems on a Chip (3D-HSoC) [Bhansali et al. 2004; egies, 2009, p. 55. Lewis & Lee, 2007; Jain et al. 2005; Chapman Adee, S. (2008) “The hunt for the kill switch.” Spec- et al. 2004; Lewis et al. 2009; Chapman et al. trum IEEE. 45, 34–39. 2005; Jain & Chapman, 2006; 2010; Bhansali Agrawal, D., et al. (2003) “The EM side—channel et al. 2005; Jain & Chapman, 2011; Jiang et al. (s),” in Cryptographic Hardware and Embedded 2009; Marinissen et al. 2010; Wu et al. 2010; Systems-CHES 2002, ed: Springer, pp. 29–45. Jiang et al. 2009] and the explosion of wearable Agrawal, D., et al. (2007) “Trojan detection using devices that carry a lot of personal information IC fingerprinting,” in Security and Privacy, 2007. SP′07. IEEE Symposium on, pp. 296–310. [Jovanov et al. 2005; Milenković et al. 2006; Li Ajluni, C. (1995) “2 New imaging techniques prom- et al. 2010; Ng et al. 2006; Al Ameen et al. 2012; ise to improve IC defect identification.” Electronic Cao et al. 2009; Patel & Wang, 2010; Huang et al. Design. 43, 37–38. 2009; Lim et al. 2010; Chen et al. 2011; Latré Al Ameen, M., et al. (2012) “Security and privacy et al. 2011; Hall & Hao, 2006; Ullah et al. 2012]. issues in wireless sensor networks for healthcare These chips are custom-produced in small quanti- applications.” Journal of Medical Systems. 36, ties and hence carefully controlled. A usual way 93–101. of inspecting them is to open the package, study Ambrose, J.A., et al. (2011) “Multiprocessor infor- individual chips, and then repackage the device mation concealment architecture to prevent power for reintegration into the supply chain. Neverthe- analysis-based side channel attacks.” IET comput- less, with the security and privacy issues entailed ers & digital techniques. 5, 1–15. with these systems, there has been a growing Anderson, J.H. “A PUF design for secure FPGA-based recognition of the need to burry passive covert embedded systems,” in Proceedings of the 2010 tamper-evident solutions in packages to provide Asia and South Pacific Design Automation Confer- clues in the instance the initial technologies would ence, 2010, pp. 1–6. be compromised. The prospect of generalized Anderson, M.S., et al. (2008) “Towards Countering use of Systems on a Chip (SOCs) and wearable the Rise of the Silicon Trojan,” Defence Science devices makes it useful to examine the research and Technology, Edinburgh (Australia). directions applicable to the security of these types Anderson, R. and Kuhn, M. “Tamper resistance-a cau- tionary note,” in Proceedings of the second Usenix of ICs. A mandatory attribute for SOCs and wear- workshop on electronic commerce, 1996, pp. 1–11. able devices is compactness. However, the most Anderson, R. and Kuhn, M. (1998) “Low cost attacks critical aspects of these chips being sensitive infor- on tamper resistant devices,” in Security Protocols, mation protection and reliability, it is paramount 1998, pp. 125–136. to ally anti-tampering with device authentication. Applied DNA Sciences, “Applied DNA Sciences A single solution offering both security features Successfully Marks Mission-Critical Microchips would be preferable to respect the compactness for the Department of Defense,” ed: applieddnas- requirement. Additionally, it would be very con- ciences, 2013. venient if one did not need to access the IC itself Balasch, J., et al. “An In-depth and Black-box Char- to check if it has been tampered with or to authen- acterization of the Effects of Clock Glitches on ticate it, the packaging giving all this information. 8-bit MCUs,” in Fault Diagnosis and Tolerance in

29 JISSS, 4(1), 2015 Integrated Circuit Security

Cryptography (FDTC), 2011 Workshop on, 2011, 2007. PerCom’07. Fifth Annual IEEE International pp. 105–114. Conference on, 2007, pp. 211–220. Bar-El, H., et al. (2006) “The sorcerer’s apprentice Boneh, D., et al. “On the importance of checking guide to fault attacks.” Proceedings of the IEEE. 94, cryptographic protocols for faults,” in Advances in 370–382. Cryptology—EUROCRYPT’97, 1997, pp. 37–51. Baukus, J.P., et al. “Camouflaged circuit structure with Bucci, M., et al. (2011) “Delay-based dual-rail pre- step implants,” 5,973,375, 1999. charge logic.” Very Large Scale Integration (VLSI) Baukus, J.P., et al. “Digital circuit with transistor Systems, IEEE Transactions on. 19, 1147–1153. geometry and channel stops providing camouflage Byrne, R.C. “Tamper resistant integrated circuit struc- against reverse engineering,” US 6,064,110 A, 2000. ture,” 5,369,299, 1994. Baukus, J.P., et al. “Secure integrated circuit,” US Cao, H., et al. (2009) “Enabling technologies for wire- 6,294,816 B1, 2001. less body area networks: A survey and outlook.” Baukus, J.P., et al. “Programmable connector/isolator Communications Magazine, IEEE. 47, 84–93. and double polysilicon layer CMOS process with bur- Chakraborty, R.S., et al. “Hardware Trojan: Threats ied contact using the same,” US 6,893,916 B2, 2005. and emerging solutions,” in High Level Design Baukus, J.P., et al. “Camouflaging a standard cell Validation and Test Workshop, 2009. HLDVT 2009. based integrated circuit,” US 81,512,35 B2, 2012. IEEE International, 2009, pp. 166–171. Beckmann, N. and Potkonjak, M. “Hardware-based Chan, K., et al. “Tamper respondent system,” US public-key cryptography with public physically 7,787,256 B2, 2010. unclonable functions,” in Information Hiding, 2009, Chapman, G.H., et al. “Defect avoidance in a 3-D het- pp. 206–220. erogeneous sensor [acoustic/seismic/active pixel/IR Bellare, M., et al. “Foundations of garbled circuits,” imaging sensor array],” in Defect and Fault Toler- in Proceedings of the 2012 ACM conference on ance in VLSI Systems, 2004. DFT 2004. Proceed- Computer and communications security, 2012, ings. 19th IEEE International Symposium on, 2004, pp. 784–796. pp. 67–75. Belva Martin, A.-M.F., et al. (2010) “Mitigating the Chapman, G.H., et al. “Inter-plane via defect detection Risk of Counterfeit Parts.” Journal of the IEST. 53, using the sensor plane in 3D heterogeneous sensor 5–17. systems,” in Defect and Fault Tolerance in VLSI Bhansali, S., et al. “3D heterogeneous sensor system Systems, 2005. DFT 2005. 20th IEEE International on a chip for defense and security applications,” in Symposium on, 2005, pp. 158–166. Defense and Security, 2004, pp. 413–424. Chen, M., et al. (2011) “Body area networks: A survey.” Bhansali, S., et al. “Inter-layer vias and TESH inter- Mobile Networks and Applications. 16, 171–193. connection network for 3-D heterogeneous sen- Chen, Q., et al. “The bistable ring puf: A new archi- sor system on a chip,” in Proc. of SPIE Vol, 2005, tecture for strong physical unclonable functions,” p. 307. in Hardware-Oriented Security and Trust (HOST), Bhunia, S., et al. (2013) “Protection Against Hardware 2011 IEEE International Symposium on, 2011, Trojan Attacks: Towards a Comprehensive Solu- pp. 134–141. tion.” IEEE Design & Test. 30, 6–17. Chow, L.-W., et al. “Integrated circuits protected Bhunia, S., et al. (2014) “Hardware Trojan Attacks: against reverse engineering and method for fabri- Threat Analysis and Countermeasures.” Proceed- cating the same using vias without metal termina- ings of the IEEE. 102, 1229–1247. tions,” US 6,791,191 B2, 2004. Bin, H., et al. “A Multiple Bits Output Ring-Oscillator Chow, L.-W., et al. “Integrated circuits protected Physical Unclonable Function,” in Intelligent Sig- against reverse engineering and method for fabri- nal Processing and Communications Systems cating the same using an apparent metal contact line (ISPACS), 2011 International Symposium on, 2011, terminating on field oxide,” US 7,294,935 B2, 2007. pp. 1–5. Chow, L.-W., et al. “Use of silicon block process step to Boehm, C. and Hofer, M. “Using srams as physical camouflage a false transistor,” US 7,344,932 B2, 2008. unclonable functions,” in Proceedings of the 17th Chow, L.-W., et al. “Covert transformation of transis- Austrian Workshop on Microelectronics-Austrochip, tor properties as a circuit protection method,” US 2009, pp. 117–122. 7,541,266 B2, 2009. Bohm, C., et al. “A microcontroller sram-puf,” in Net- Chow, L.-W., et al. “Symmetric non-intrusive and work and System Security (NSS), 2011 5th Interna- covert technique to render a transistor permanently tional Conference on, 2011, pp. 269–273. non-operable,” US 8,049,281 B1, 2011. Bolotnyy, L. and Robins, G. “Physically unclonable Chow, L.-W., et al. “Conductive channel pseudo block function-based security and privacy in RFID sys- process and circuit to inhibit reverse engineering,” tems,” in Pervasive Computing and Communications, US Patent 8,258,583, 2012.

30 JISSS, 4(1), 2015 Ange Marie P. Fievre et al.

Ciccone, J.C. and Yup, B.L. “Standard cell power-on- Endo, S., et al. (2011) “An on-chip glitchy-clock gen- reset circuit,” US 6,173,436 B1, 2001. erator for testing fault injection attacks.” Journal of Clark, W.M. Jr., et al. “Implanted hidden intercon- Cryptographic Engineering. 1, 265–270. nections in a semiconductor device for preventing Farooq, M.G., et al. “Method and structure for imple- reverse engineering,” US 7,166,515 B2, 2007. menting secure multichip modules for encryption Clark, W.M. Jr., et al. “Programmable connection and applications,” USA Patent US7281667 B2, 2007. isolation of active regions in an integrated circuit Fievre, A.M.P., et al. (2014) “Effect of beam size, using ambiguous features to confuse a reverse engi- finite number of lines, and rotational misalignment neer,” US 8,168,487 B2, 2012. on coupled subwavelength gratings.” JOSA A, 31, Cocchi, R.P., et al. “Method and apparatus for camou- 2603–2609. flaging a standard cell based integrated circuit with Frontier, “Estimating the global economic and social micro circuits and post processing,” US 8,510,700 B2, impacts of counterfeiting and piracy,” Report Com- 2013. missioned by Business Action to Stop Counterfeit- Cohen, Y. and Aviv, A. “Anti-tampering enclosure for ing and Piracy (BASCAP) 2011. electronic circuitry,” USA Patent US 6,853,093 B2, Gale, M.T. (1997) “Replication techniques for diffrac- 2005. tive optical elements.” Microelectronic Engineering. Cole, R.K. and Yakura, J.P. “Method and apparatus for 34, 321–339. protecting functions imbedded within an integrated Gandolfi, K., et al. “Electromagnetic analysis: Concrete circuit from reverse engineering,” 5,861,652, 1999. results,” in Cryptographic Hardware and Embedded Committee on Armed Services, “Inquiry into Counter- Systems—CHES 2001, 2001, pp. 251–261. feit Electronic Parts in the Department of Defense Gassend, B., et al. “Silicon physical random func- Supply Chain,” United States Senate, Washington, tions,” in Proceedings of the 9th ACM conference DC2012. on Computer and communications security, 2002, Contreras, G.K., et al. “Secure split-test for prevent- pp. 148–160. ing ic piracy by untrusted foundry and assembly,” in Gassend, B., et al. (2004) “Identification and authenti- Defect and Fault Tolerance in VLSI and Nanotech- cation of integrated circuits.” Concurrency and Com- nology Systems (DFT), 2013 IEEE International putation: Practice and Experience. 16, 1077–1098. Symposium on, 2013, pp. 196–203. Gassend, B.L. “Physical random functions,” Massa- Cortez, M., et al. “Modeling SRAM start-up behavior chusetts Institute of Technology, 2003. for Physical Unclonable Functions,” in Defect and Goldwasser, S., et al. “One-time programs,” in Advan­ Fault Tolerance in VLSI and Nanotechnology Sys- ces in Cryptology–CRYPTO 2008, ed: Springer, 2008, tems (DFT), 2012 IEEE International Symposium on, pp. 39–56. 2012, pp. 1–6. Guajardo, J., et al. “FPGA intrinsic PUFs and their Das, R.N., et al. “Anti-tamper microchip package use for IP protection,” in Cryptographic Hardware based on thermal nanofluids or fluids,” US8288857 and Embedded Systems-CHES 2007, ed: Springer, B2, 2012. 2007, pp. 63–80. Defense Logistics Agency, “Dna authentication Guajardo, J., et al. “Brand and IP protection with phys- marking on items in fsc 5962,” D. o. Defense, Ed., ical unclonable functions,” in Circuits and Systems, ed. Columbus, OH, 2012. 2008. ISCAS 2008. IEEE International Symposium Dehbaoui, A., et al. “Electromagnetic transient faults on, 2008, pp. 3186–3189. injection on a hardware and a software implementa- Guin, U., et al. “Anti-Counterfeit techniques: from tions of aes,” in Fault Diagnosis and Tolerance in Cryp- design to resign,” Microprocessor test and verifica- tography (FDTC), 2012 Workshop on, 2012, pp. 7–15. tion (MTV), 2013. Devadas, S., et al. “Design and Implementation of PUF- Guin, U., et al. (2014) “Counterfeit Integrated Cir- Based “Unclonable” RFID ICs for Anti-Counterfeiting cuits: A Rising Threat in the Global Semiconduc- and Security Applications,” in RFID, 2008 IEEE tor Supply Chain.” Proceedings of the IEEE. 102, International Conference on, 2008, pp. 58–64. 1207–1228. Devadas, S. “Non-networked RFID-PUF authentica- Guin, U., et al. “Low-cost On-Chip Structures for tion,” US8683210 B2, 2014. Combating Die and IC Recycling,” in Proceed- Dhem, J.-F., et al. “A practical implementation of the ings of the The 51st Annual Design Automation timing attack,” in Smart Card Research and Appli- Conference on Design Automation Conference, cations, 2000, pp. 167–182. 2014, pp. 1–6. Dictionary, O.E. “‘tamper, v.1’ II.5,” in Oxford English Hall, P.S. and Hao, Y. “Antennas and propagation for Dictionary, ed: Oxford University Press, 2015. body centric communications,” in Antennas and Dictionary, O.E. “‘counterfeit, v.’ 1.b.,” in Oxford Eng- Propagation, 2006. EuCAP 2006. First European lish Dictionary, ed: Oxford University Press, 2015. Conference on, 2006, pp. 1–7.

31 JISSS, 4(1), 2015 Integrated Circuit Security

Hart, A.D., et al. “Card authentication system,” Jain, V.K. and Chapman, G.H. “Enhanced Defect Tol- US8447991 B2, 2013. erance Through Matrixed Deployment of Intelligent Hayward, J.A. and Meraglia, J. “DNA to Safe- Sensors for the Smart Power Grid,” in Defect and guard Electrical Components and Protect Against Fault Tolerance in VLSI and Nanotechnology Sys- Counterfeiting and Diversion,” in ISTFA 2011: Con- tems (DFT), 2011 IEEE International Symposium ference Proceedings from the 37th International on, 2011, pp. 235–242. Symposium for Testing and Failure Analysis, Järvinen, K., et al. “Garbled circuits for leakage-resil- ­November 13017, 2011, San Jose Convention Center, ience: Hardware implementation and evaluation of San Jose, California, USA, 2011, pp. 238–241. one-time programs,” in Cryptographic Hardware Helfmeier, C., et al. “Cloning physically unclonable and Embedded Systems, CHES 2010, ed: Springer, functions,” in Hardware-Oriented Security and Trust 2010, pp. 383–397. (HOST), 2013 IEEE International Symposium on, Jiang, L., et al. “Layout-driven test-architecture design 2013, pp. 1–6. and optimization for 3D SoCs under pre-bond test- Hoang, A.-T. and Fujino, T. (2014) “Intra-Masking pin-count constraint,” in Proceedings of the 2009 Dual-Rail Memory on LUT Implementation for International Conference on Computer-Aided SCA-Resistant AES on FPGA.” ACM Transac- Design, 2009, pp. 191–196. tions on Reconfigurable Technology and Systems Jiang, L., et al. “Test architecture design and optimiza- (TRETS). 7, 10:1–19. tion for three-dimensional SoCs,” in Proceedings of Holcomb, D.E., et al. “Initial SRAM state as a finger- the Conference on Design, Automation and Test in print and source of true random numbers for RFID Europe, 2009, pp. 220–225. tags,” in Proceedings of the Conference on RFID Jin, Y., et al. “PUF-Based RFID authentication protocol Security, 2007. against secret key leakage,” in Web Technologies and Holcomb, D.E., et al. (2009) “Power-up SRAM state Applications, ed: Springer, 2012, pp. 318–329. as an identifying fingerprint and source of true ran- Jovanov, E., et al. (2005) “A wireless body area net- dom numbers.” Computers, IEEE Transactions on. work of intelligent motion sensors for computer 58, 1198–1210. assisted physical rehabilitation.” Journal of Neuro- Hsu, L.L., et al. “Techniques for Impeding Reverse Engineering and rehabilitation. 2, 6. Engineering,” US Patent 20,130,052,822, 2013. Karaklajic, D., et al. (2013) “Hardware Designer’s Huang, Y., et al. “Faster Secure Two-Party Computa- Guide to Fault Attacks.” Very Large Scale Integra- tion Using Garbled Circuits,” in USENIX Security tion (VLSI) Systems, IEEE Transactions on. 21, Symposium, 2011. 2295–2306. Huang, Y., et al. “Private set intersection: Are garbled cir- Karri, R., et al. (2010) “Trustworthy hardware: Identi- cuits better than custom protocols?,” in 19th Network fying and classifying hardware trojans,” Computer. and Distributed Security Symposium, San Diego, 2012. 39–46. Huang, Y.-M., et al. (2009) “Pervasive, secure access Katti, R.R., et al. “Tamper-resistant MRAM utilizing to a hierarchical sensor-based healthcare monitor- chemical alteration,” US8730715 B2, 2014. ing architecture in wireless heterogeneous net- Katzenbeisser, S., et al. “PUFs: Myth, fact or busted? works.” Selected Areas in Communications, IEEE A security evaluation of physically unclonable Journal on. 27, 400–411. functions (PUFs) cast in silicon,” in Cryptographic Indeck, R.S. and Muller, M.W. “Method and appara- Hardware and Embedded Systems–CHES 2012, ed: tus for secure data storage and manipulation using Springer, 2012, pp. 283–301. magnetic media,” US5625689 A, 1997. Kim, C.H. and Quisquater, J.-J. (2007) “Faults, injec- Jain, V. and Chapman, G.H. “Defect tolerant and tion methods, and fault attacks.” Design & Test of energy economized DSP plane of a 3-D heteroge- Computers, IEEE. 24, 544–545. neous SoC,” in Defect and Fault Tolerance in VLSI Kim, J., et al. “Toward reliable SRAM-based device iden- Systems, 2006. DFT’06. 21st IEEE International tification,” in Computer Design (ICCD), 2010 IEEE Symposium on, 2006, pp. 157–165. International Conference on, 2010, pp. 313–320. Jain, V.K., et al. “A highly reconfigurable computing Kim, J., et al. “System accuracy estimation of SRAM- array: DSP plane of a 3D heterogeneous SoC,” in based device authentication,” in Design Automation SOC Conference, 2005. Proceedings. IEEE Inter- Conference (ASP-DAC), 2011 16th Asia and South national, 2005, pp. 243–246. Pacific, 2011, pp. 37–42. Jain, V.K. and Chapman, G.H. “Massively deploy- Kleijne, T.A. “Security device for the secure storage of able intelligent sensors for the smart power grid,” in sensitive data,” 4,593,384, 1986. Defect and Fault Tolerance in VLSI Systems (DFT), Knudsen, C.J. “Tamper-resistant packaging and 2010 IEEE 25th International Symposium on, 2010, approach using magnetically-set data,” US pp. 319–327. 7,685,438 B2, 2010.

32 JISSS, 4(1), 2015 Ange Marie P. Fievre et al.

Kocher, P., et al. “Differential power analysis,” in Lim, D., et al. (2005) “Extracting secret keys from inte- Advances in Cryptology—CRYPTO’99, 1999, grated circuits.” Very Large Scale Integration (VLSI) pp. 388–397. Systems. IEEE Transactions on. 13, 1200–1205. Kocher, P.C. “Timing attacks on implementations of Lim, S., et al. “Security issues on wireless body area Diffie-Hellman, RSA, DSS, and other systems,” network for remote healthcare monitoring,” in in Advances in Cryptology—CRYPTO’96, 1996, Sensor Networks, Ubiquitous, and Trustworthy pp. 104–113. Computing (SUTC), 2010 IEEE International Con- Koeberl, P., et al. (2012) “A practical device authen- ference on, 2010, pp. 327–332. tication scheme using SRAM PUFs.” Journal of Lindahl, T., (1993) “Instability and decay of the pri- Cryptographic Engineering. 2, 255–269. mary structure of DNA.” Nature. 362, 709–715. Kong, J., et al. “PUFatt: Embedded Platform Attes- Lineback, R. (2012) “Semiconductor R&D Spend- tation Based on Novel Processor-Based PUFs,” in ing to Hit Record-High $53.4 Billion in 2012,” IC Proceedings of the The 51st Annual Design Auto- Insights September 4, 2012. mation Conference on Design Automation Confer- Lofstrom, K., et al. “IC identification circuit using ence, 2014, pp. 1–6. device mismatch,” in Solid-State Circuits Confer- Koushanfar, F., et al. (2001) “Intellectual property ence, 2000. Digest of Technical Papers. ISSCC. metering,” in Information Hiding. 81–95. 2000 IEEE International, 2000, pp. 372–373. Koushanfar, F., et al. “Can EDA combat the rise of Maes, R., et al. “Low-overhead implementation of electronic counterfeiting?,” in Proceedings of the a soft decision helper data algorithm for SRAM 49th Annual Design Automation Conference, 2012, PUFs,” in Cryptographic Hardware and Embedded pp. 133–138. Systems-CHES 2009, ed: Springer, 2009, pp. 332–347. Kuemin, C., et al. (2012) “Oriented Assembly of Gold MagTek. Available: http://www.magneprint.com/ Nanorods on the Single‐Particle Level.” Advanced Maiti, A. and Schaumont, P. (2011) “Improved ring Functional Materials. 22, 702–708. oscillator PUF: an FPGA-friendly secure primi- Kulseng, L., et al. “Lightweight mutual authentication tive.” Journal of cryptology. 24, 375–397. and ownership transfer for RFID systems,” in INFO- Maiti, A., et al. (2012) “A robust physical unclonable COM, 2010 Proceedings IEEE, 2010, pp. 1–5. function with enhanced challenge-response set.” Kumar, R., et al. “On Design of Temperature Invari- Information Forensics and Security, IEEE Transac- ant Physically Unclonable Functions Based on Ring tions on. 7, 333–345. Oscillators,” in VLSI (ISVLSI), 2012 IEEE Computer Majzoobi, M. and Koushanfar, F. (2011) “Time-bounded Society Annual Symposium on, 2012, pp. 165–170. authentication of FPGAs.” Information Forensics Kumar, S.S., et al. “The butterfly PUF protecting IP on and Security, IEEE Transactions on. 6, 1123–1135. every FPGA,” in Hardware-Oriented Security and Majzoobi, M., et al. (2008) “Testing techniques for Trust, 2008. HOST 2008. IEEE International Work- hardware security,” in Test Conference, 2008. ITC shop on, 2008, pp. 67–70. 2008. IEEE International, pp. 1–10. Lach, J., et al. (1998) “Fingerprinting digital circuits Majzoobi, M., et al. (2009) “Techniques for design and on programmable hardware,” in Information Hid- implementation of secure reconfigurable PUFs.” ing. 16–31. ACM Transactions on Reconfigurable Technology Latré, B., et al. (2011) “A survey on wireless body area and Systems (TRETS). 2, 5:1–33. networks.” Wireless Networks. 17, 1–18. Mangard, S., et al. Power analysis attacks: Revealing Lee, J.W., et al. “A technique to build a secret key in the secrets of smart cards Vol. 31: Springer, 2007. integrated circuits for identification and authentica- Mansouri, S.S. and Dubrova, E. (2012) “Ring oscil- tion applications,” in VLSI Circuits, 2004. Digest lator physical unclonable function with multi level of Technical Papers. 2004 Symposium on, 2004, supply voltages,” in Computer Design (ICCD), pp. 176–179. 2012 IEEE 30th International Conference on, Lewis, D.L. and Lee, H.-H. (2007) “A scanisland based pp. 520–521. design enabling prebond testability in die-stacked Marinissen, E.J., et al. (2010) “A structured and scal- microprocessors,” in Test Conference, 2007. ITC able test access architecture for TSV-based 3D 2007. IEEE International, pp. 1–8. stacked ICs,” in VLSI Test Symposium (VTS), 2010 Lewis, D.L., et al. (2009) “High performance 28th, pp. 269–274. non-blocking switch design in 3D die-stacking Marzouqi, H., et al. (2014) “Review of gate-level dif- technology,” in VLSI, 2009. ISVLSI’09. IEEE Com- ferential power analysis and fault analysis counter- puter Society Annual Symposium on, pp. 25–30. measures.” Information Security, IET. 8, 51–66. Li, M., et al. (2010) “Data security and privacy in McGrew, S.P. (1990) “Hologram counterfeiting: prob- wireless body area networks.” Wireless Communi- lems and solutions,” in OE/LASE’90, Los Angeles, cations, IEEE. 17, 51–58. CA, pp. 66–76.

33 JISSS, 4(1), 2015 Integrated Circuit Security

Meguerdichian, S. and Potkonjak, M. “Matched public Rajendran, J., et al. (2012) “Nano-PPUF: A Memristor- PUF: ultra low energy security platform,” in Proceed- based Security Primitive,” in VLSI (ISVLSI), 2012 ings of the 17th IEEE/ACM international symposium IEEE Computer Society Annual Symposium on, on Low-power electronics and design, 2011, pp. 45–50. pp. 84–87. Merli, D., et al. “Improving the quality of ring oscil- Rajendran, J., et al. (2013) “Security analysis of inte- lator PUFs on FPGAs,” in Proceedings of the 5th grated circuit camouflaging,” in Proceedings of the Workshop on Embedded Systems Security, 2010. 2013 ACM SIGSAC conference on Computer & Milenković, A., et al. (2006) “Wireless sensor net- communications security, pp. 709–720. works for personal health monitoring: Issues and an Ranasinghe, D., et al. “Security and privacy: Modest implementation.” Computer communications. 29, proposals for low-cost RFID systems,” in Auto-ID 2521–2533. Labs Research Workshop Zurich, Switzerland, 2004. Mori, R. “Tamper resistant module with logical ele- Ratanpal, G.B., et al. (2004) “An on-chip signal sup- ments arranged on a substrate to protect information pression countermeasure to power analysis attacks.” stored in the same module,” 5,309,387, 1994. Dependable and Secure Computing, IEEE Transac- Morley, R.E. Jr., et al. “Method and apparatus for tions on. 1, 179–189. authenticating a magnetic fingerprint signal using Reynolds, G.O., et al. The new physical optics note- an adaptive analog to digital converter,” US7210627 book: Tutorials in Fourier optics Vol. 61: SPIE B2, 2007. Optical Engineering Press New York, 1989. Morrison, M. and Ranganathan, N. (2014) “Synthesis Richards, B. and Footner, P. The Role of microscopy in of Dual-Rail Adiabatic Logic for Low Power Secu- semiconductor failure analysis: Oxford University rity Applications.” Computer-Aided Design of Inte- Press, 1992. grated Circuits and Systems, IEEE Transactions on. Richard, H., et al. “Point of sale terminal having 33, 975–988. enhanced security,” USA Patent, 2013. Naruse, M., et al. (2012) “Optical security based on Roberts, C.M. (2006) “Radio frequency identification near-field processes at the nanoscale.” Journal of (RFID).” Computers & Security. 25, 18–26. Optics. 14, 094002–94014. Rogers, A.-A., et al. (2011) “Verification of evanes- Nedospasov, D., et al. (2013) “Invasive PUF analysis,” cent coupling from subwavelength grating pairs.” in Fault Diagnosis and Tolerance in Cryptography Applied Physics B. 105, 833–837. (FDTC), 2013 Workshop on, pp. 30–38. Rogers, A.-A.A., et al. (2009) “Far-field evanescent Ng, H., et al. (2006) “Security issues of wireless sen- wave propagation using coupled subwavelength grat- sor networks in healthcare applications.” BT Tech- ings for a MEMS sensor.” JOSA A. 26, 2526–2531. nology Journal. 24, 138–144. Rostami, M., et al. (2013) “Hardware security: NIST, “FIPS 140-2: Security requirements for cryp- Threat models and metrics,” in Proceedings of tographic modules,” in Information Technology the International Conference on Computer-Aided Laboratory, National Institute of Standards and Design, pp. 819–823. Technology, ed, 2001. Rostami, M., et al. (2014) “A Primer on Hardware Page, D. (2003) “Defending against cache-based Security: Models, Methods, and Metrics.” Proceed- side-channel attacks.” Information Security Techni- ings of the IEEE. 102, 1283–1295. cal Report. 8, 30–44. Rührmair, U., et al. (2010) “Modeling attacks on Pappu, R., et al. (2002) “Physical one-way functions.” physical unclonable functions,” in Proceedings of Science. 297, 2026–2030. the 17th ACM conference on Computer and com- Patel, M. and Wang, J. (2010) “Applications, chal- munications security, pp. 237–249. lenges, and prospective in emerging body area net- Rührmair, U., et al. “Towards electrical, integrated working technologies.” Wireless Communications, implementations of SIMPL systems,” in Information IEEE. 17, 80–88. Security Theory and Practices. Security and Pri- Potkonjak, M. and Goudar, V. (2014) “Public physi- vacy of Pervasive Systems and Smart Devices, ed: cal unclonable functions.” Proceedings of the IEEE. Springer, 2010, pp. 277–292. 102, 1142–1156. Rührmair, U., et al. “Optical PUFs Reloaded,” IACR Qu, G. and Yin, C.-E. (2009) “Temperature-aware coop- Cryptology ePrint Archive, Report 2013/2152013. erative ring oscillator PUF,” in Hardware-Oriented Rührmair, U. “SIMPL Systems: On a Public Key Vari­ Security and Trust, 2009. HOST’09. IEEE Interna- ant of Physical Unclonable Functions,” IACR Cryp­ tional Workshop on, pp. 36–42. tology ePrint Archive, 2009, Vol. 2009. Quisquater, J.-J. and Samyde, D. “Electromagnetic Rührmair, U. “SIMPL systems, or: can we design analysis (ema): Measures and counter-measures cryptographic hardware without secret key informa- for smart cards,” in Smart Card Programming and tion?,” in SOFSEM 2011: Theory and Practice of Security, ed: Springer, 2001, pp. 200–210. Computer Science, ed: Springer, 2011, pp. 26–45.

34 JISSS, 4(1), 2015 Ange Marie P. Fievre et al.

Rührmair, U. “SIMPL systems as a keyless crypto- Slaughter, L.S., et al. (2010) “Effects of symmetry graphic and security primitive,” in Cryptography breaking and conductive contact on the plasmon and Security: From Theory to Applications, ed: coupling in gold nanorod dimers.” Acs Nano. 4, Springer, 2012, pp. 329–354. 4657–4666. Saputra, H., et al. (2003) “Masking the energy behav- Soden, J.M., et al. (1997) “IC failure analysis: Magic, ior of DES encryption [smart cards],” in Design, mystery, and science.” Design & Test of Computers, Automation and Test in Europe Conference and IEEE. 14, 59–69. Exhibition, 2003, pp. 84–89. Springer, P.J. Military robots and drones: ABC-CLIO, Saxena, N. and Voris, J. (2011) “Data remanence 2013. effects on memory-based entropy collection for Standaert, F.-X. “Introduction to side-channel attacks,” RFID systems.” International Journal of Informa- in Secure Integrated Circuits and Systems, ed: tion Security. 10, 213–222. Springer, 2010, pp. 27–42. Schmidt, J.-M., et al. (2009) “Optical fault attacks on Suh, G.E. and Devadas, S. “Physical unclonable func- AES: A threat in violet,” in Fault Diagnosis and tions for device authentication and secret key gen- Tolerance in Cryptography (FDTC), 2009 Work- eration,” in Proceedings of the 44th annual Design shop on, pp. 13–22. Automation Conference, 2007, pp. 9–14. Schrijen, G.-J. and van der Leest, V. “Comparative anal- Suzuki, D. and Shimizu, K. “The glitch PUF: a ysis of SRAM memories used as PUF primitives,” in new delay-PUF architecture exploiting glitch Proceedings of the Conference on Design, Automa- shapes,” in Cryptographic Hardware and Embed- tion and Test in Europe, 2012, pp. 1319–1324. ded Systems, CHES 2010, ed: Springer, 2010, Selimis, G., et al. “Evaluation of 90 nm 6T-SRAM as pp. 366–382. Physical Unclonable Function for secure key gen- Tajik, S., et al. “Physical Characterization of Arbiter eration in wireless sensor nodes,” in Circuits and PUFs,” in Cryptographic Hardware and Embed- Systems (ISCAS), 2011 IEEE International Sympo- ded Systems–CHES 2014, ed: Springer, 2014, sium on, 2011, pp. 567–570. pp. 493–509. Shepard, S. RFID: radio frequency identification: Tehranipoor, M. and Koushanfar, F. (2010) “A McGraw-Hill New York, 2005. Survey of Hardware Trojan Taxonomy and Detec- Shimizu, K., et al. (2012) “Glitch PUF: extract- tion.” Design & Test of Computers, IEEE. 27, 10–25. ing information from usually unwanted glitches.” Thornley, R.Q., et al. “Intrusion detection using a con- IEICE Transactions on Fundamentals of Electron- ductive material,” US 8,004,419 B2, 2011. ics, Communications and Computer Sciences. 95, Tiri, K. and Verbauwhede, I. “A logic level design meth- 223–233. odology for a secure DPA resistant ASIC or FPGA SIA, “Public Comments – DNA Authentication Mark- implementation,” in Proceedings of the conference ing on Items in FSC5962,” Semiconductor Industry on Design, automation and test in Europe-Volume Association, 2012. 1, 2004, pp. 246–251. Skoric, B., et al. (2006) “Information-theoretic analy- Tsang, J.C., et al. (2000) “Picosecond imaging circuit sis of capacitive physical unclonable functions.” analysis.” IBM Journal of Research and Develop- Journal of Applied physics. 100, 024902. ment. 44, 583–603. Skoric, B., et al. “Experimental hardware for coating Tsang, Y.L. “Identification of Extension Implant Defect PUFs and optical PUFs,” in Security with Noisy in Sub-Micron CMOS ICs-Analysis Technique, Data, ed: Springer, 2007, pp. 255–268. Model, and Solution,” in ISTFA 2011: Conference Skorobogatov, S. and Woods, C. (2012) “Breakthrough Proceedings from the 37th International Symposium Silicon Scanning Discovers Backdoor in Military for Testing and Failure Analysis, November 13–17, Chip,” Cryptographic Hardware and Embedded 2011, San Jose Convention Center, San Jose, Systems–CHES 2012, pp. 23–40. California, USA, 2011, pp. 212–217. Skorobogatov, S. “Physical Attacks and Tamper Tuyls, P. and Škorić, B. “Physical Unclonable Func- Resistance,” in Introduction to Hardware Security tions for enhanced security of tokens and tags,” in and Trust, ed: Springer, 2012, pp. 143–173. ISSE 2006—Securing Electronic Busines Processes, Skorobogatov, S.P. and Anderson, R.J. “Optical fault ed: Springer, 2006, pp. 30–37. induction attacks,” in Cryptographic Hardware Tuyls, P. and Škorić, B. “Strong authentication with and Embedded Systems-CHES 2002, ed: Springer, physical unclonable functions,” in Security, Pri- 2003, pp. 2–12. vacy, and Trust in Modern Data Management, ed: Skorobogatov, S.P. “Semi-invasive attacks-a new Springer, 2007, pp. 133–148. approach to hardware security analysis,” Technical Tuyls, P. and Batina, L. “RFID-tags for report, University of Cambridge, Computer Labo- Anti-Counterfeiting,” in Topics in Cryptology– ratory, 2005. CT-RSA 2006, ed: Springer, 2006, pp. 115–131.

35 JISSS, 4(1), 2015 Integrated Circuit Security

Tuyls, P., et al. “Read-proof hardware from protective Yao, A.C.-C. (1986) “How to generate and exchange coatings,” in Cryptographic Hardware and Embed- secrets,” in Foundations of Computer Science, ded Systems-CHES 2006, ed: Springer, 2006, 1986., 27th Annual Symposium on, pp. 162–167. pp. 369–383. Yin, C.-E. “A Group-Based Ring Oscillator Physical Tuzzio, N., et al. “A zero-overhead IC identification Unclonable Function,” Doctoral Dissertation, Elec- technique using clock sweeping and path delay trical Engineering, University of Maryland, College analysis,” in Proceedings of the great lakes sympo- Park, 2012. sium on VLSI, 2012, pp. 95–98. Zhang, X. and Tehranipoor, M. (2014) “Design of Ullah, S., et al. (2012) “A comprehensive survey of on-chip lightweight sensors for effective detec- wireless body area networks.” Journal of medical tion of recycled ICs.” Very Large Scale Integra- systems. 36, 1065–1094. tion (VLSI) Systems, IEEE Transactions on. 22, Vajana, B. and Patelmo, M. “Anti-deciphering con- 1016–1029. tacts,” US 6,528,885 B2, 2003. Zhang, X., et al. “Identification of recovered ICs using Vajana, B. and Patelmo, M. “Mask programmed ROM fingerprints from a light-weight on-chip sensor,” in inviolable by reverse engineering inspections and Proceedings of the 49th Annual Design Automation method of fabrication,” US 6,614,080 B2, 2003. Conference, 2012, pp. 703–708. van Woudenberg, J.G., et al. “Practical optical fault Zhang, X., et al. (2012) “Path-delay fingerprinting injection on secure microcontrollers,” in Fault for identification of recovered ICs,” in Defect and Diagnosis and Tolerance in Cryptography (FDTC), Fault Tolerance in VLSI and Nanotechnology Sys- 2011 Workshop on, 2011, pp. 91–99. tems (DFT), 2012 IEEE International Symposium van der Leest, V., et al. “Efficient implementation of on, pp. 13–18. true random number generator based on sram pufs,” Zheng, Y., et al. “CACI: Dynamic Current Analysis in Cryptography and Security: From Theory to Towards Robust Recycled Chip Identification,” in Applications, ed: Springer, 2012, pp. 300–318. Proceedings of the The 51st Annual Design Auto- Verbauwhede, I., et al. “The fault attack jungle-a clas- mation Conference on Design Automation Confer- sification model to guide you,” in Fault Diagno- ence, 2014, pp. 1–6. sis and Tolerance in Cryptography (FDTC), 2011 Workshop on, 2011, pp. 3–8. Shekhar Bhansali, Ph.D., Vivekraja, V. and Nazhandali, L. “Feedback based sup- is Alcatel Lucent Professor ply voltage control for temperature variation tolerant and Chair of the Department pufs,” in VLSI Design (VLSI Design), 2011 24th of Electrical and Com- International Conference on, 2011, pp. 214–219. puter Engineering at Florida Wagner, L.C. Failure analysis of integrated circuits: International University. His tools and techniques: Springer, 1999. research interests are in the Walden, R.H. “Dynamic circuit disguise for microelec- area of nano-enabled biosensors and imped- tronic integrated digital logic circuits,” 5,202,591, 1993. ance based microsystems. Prof. Bhansali has Walden, R.H. “Method for disguising a microelec- invented numerous room temperature sensors tronic integrated digital logic,” 5,336,624, 1994. for both biomolecules and gases. He has con- Want, R. (2006) “An introduction to RFID technol- ceptualized and led numerous interdisciplinary ogy.” Pervasive Computing, IEEE. 5, 25–33. graduate research-training programs, including Weingart, S.H. (1987) “Physical security for the IGERT, NSF Bridge to Doctorate and Alfred P. pABYSS system.” System. 1, 3. Sloan Doctoral Fellowship Programs to increase Wendt, J.B. and Potkonjak, M. “Nanotechnology-based diversity, retention and graduation rates of doc- trusted remote sensing,” in Sensors, 2011 IEEE, toral students in STEM. These programs have 2011, pp. 1213–1216. matriculated over 180 graduate students. He is Wu, X., et al. (2010) “Test-access mechanism opti- the recipient of the NSF CAREER Award (2003), mization for core-based three-dimensional SOCs.” Outstanding Researcher award (2004) Alfred P. Microelectronics Journal. 41, 601–615. Yamamoto, D., et al. “Performance and security evalu- Sloan Foundation Outstanding Mentor Award ation of AES s-box-based glitch PUFs on FPGAs,” (2009), William R jones Outstanding Mentor in Security, Privacy, and Applied Cryptography Award (2004, 2009), FEF Outstanding Mentor Engineering, ed: Springer, 2012, pp. 45–62. Award (2009) and FIU top Scholar Award (2013) Yancey, T. (2013) Semiconductor R&D Spending He holds 24 patents and has published over 200 Rises 7% Despite Weak Market. Research Bulletin. peer-reviewed publications.

36 JISSS, 4(1), 2015 Ange Marie P. Fievre et al.

Ange Marie P. Fievre, Ph.D., Al-Aakhir A. Rogers, Ph.D., received the B.S. degree in received the B.S. and M.S. electronics engineering from degrees in electrical engineer- Université d’Etat d’Haïti, Port- ing from North Carolina Agri- au-Prince, Haiti in 2003, and cultural and Technical State the M.S. degree in computer University, Greensboro, in engineering and the Ph.D. 2003 and 2005, and the Ph.D. degree in electrical engineering from Florida degree in electrical engineering from the Univer- International University, Miami, respectively in sity of South Florida, Tampa, in 2011. 2006 and 2015. Since 2011, he has been a Senior Member From 2005 to 2009, she was a Research Assis- of Technical Staff with Draper Laboratory tant with the Nanophotonics Group, Department in St. Petersburg, FL. His research interests of Electrical and Computer Engineering (ECE), include nanolithography, subwavelength optical Florida International University (FIU), Miami. structures, MEMS, and microsystem electronics. In 2012, she became a Research Assistant with He has two U.S. patents. the BioMEMS and Microsystems Group, ECE Dr. Rogers was the recipient of the NSF East Department, FIU. Her research interests include Asia Pacific Summer Institute (EAPSI) Fellow- dielectric structures for high-power applications, ship, the NSF Bridge to the Doctorate Fellowship, nano-apertures, subwavelength grating structures the Alfred P. Sloan Minority Ph.D. Fellowship, and optical solutions for hardware security. and the FEF McKnight Fellowship. He was Dr. Fievre was a recipient of the two-year recipient of the 2010 Diversity Honor Roll Award Latin American and Caribbean center (LACC) and of the 2011 Golden Bull Award, from the scholarship in 2004, and of the SPIE Educational University of South Florida. Scholarship in 2010. She is a member of SPIE, of the National Society of Black Engineers (NSBE), and is a McKnight fellow.

37 JISSS, 4(1), 2015