Using Emerging Technologies for Hardware Security Beyond Pufs an Chen1, X
Total Page:16
File Type:pdf, Size:1020Kb
Using Emerging Technologies for Hardware Security Beyond PUFs An Chen1, X. Sharon Hu2, Yier Jin3, Michael Niemier2, Xunzhao Yin2 (1) ITRS ERD, (2) University of Notre Dame, (3) University of Central Florida Abstract—We discuss how the unique I-V characteristics The first category of I-V characteristics of interest (Sec. offered by emerging, post-CMOS transistors can be used to III) are those exhibiting tunable polarity, which appear in enhance hardware security. Different from most existing work devices such as carbon nanotube [5], graphene [6], silicon that exploits emerging technologies for hardware security, we (i) focus on transistor characteristics that either do not exist nanowire (SiNW) transistors [7], and most recently transition in, or are difficult to duplicate with MOSFETs, and (ii) aim to metal dichalcogenide (TMD) tunnel FETs (TFETs) [8], all of move beyond hardware implementations of physically unclonable which have already been fabricated experimentally. Tunable functions (PUFs) and random number generators (RNGs). polarity could be exploited for IP protection and hence would help prevent the counterfeiting of IC components. I. INTRODUCTION The second category of I-V characteristics (Sec. IV) can be Like performance, power, and reliability, hardware security broadly classified as devices with atypical switching behaviors. is becoming a critical design consideration. Hardware security We consider I-V curves that either have tunable hysteresis threats in the IC supply chain, include counterfeiting of semi- or are bell shaped. Devices such as the negative capacitance conductor components, side-channel attacks, invasive/semi- FETs (NCFETs) [9] and ionic FETs [10] display tunable invasive reverse engineering, and IP piracy. A rapid growth hysteresis behavior. Bell-shaped I-V characteristics have been in the “Internet of Things” (IoT) only exacerbates problems. observed experimentally in double-layer graphene FETs [11], While hardware security enhancements and circuit protection [12] and ThinTFETs [13]. Such atypical switching behaviors methods can mitigate security threats in protected components, are candidates for implementing novel circuits to prevent they often incur a high cost with respect to performance, power tampering via power supply or other side-channel attacks. and/or cost. Raising the resilience of hardware systems with Specific security threats addressed in this paper include IC minimal compromise to other metrics is a daunting challenge. counterfeiting, side channel attacks (e.g., differential power Advances in emerging, post-CMOS technologies may pro- analysis), memory leakage, and unauthorized access. vide hardware security researchers with new opportunities to change the passive role that CMOS technology currently plays II. BACKGROUND in security applications. While many emerging technologies Here, we review hardware security needs and challenges, aim to sustain Moore’s Law-based performance scaling and/or and the transistor technologies that form the basis of our work. to improve energy efficiency [1], emerging technologies also demonstrate unique features that could drastically simplify A. Hardware security needs and challenges circuit structures for protection against hardware security To reduce design costs and increase profits, IC manufactur- threats. Security applications could not only benefit from the ers are continuing to outsource low-profit services (manufac- non-traditional I-V characteristics of some emerging devices, turing, assembling, etc.) to offshore vendors. Only higher profit but also help shape research at the device level by raising endeavors (design, service, etc.) are likely to remain state-side. security measures to the level of other design metrics. Ironically, while globalization has helped to reduce total cost, At present, most emerging technologies being studied in the it has exacerbated security concerns. Below, we briefly review context of hardware security applications are related to de- areas in which emerging technologies might help to alleviate signing physically unclonable functions (PUFs). Post-CMOS security concerns/threats. devices such as domain-wall memories (DWM) [2], mem- Hardware fingerprinting and authentication can protect ristors [3], carbon nanotubes (CNTs) [4], etc. have all been hardware intellectual property (IP) cores against reverse en- suggested as a pathway to a PUF design. While intriguing, gineering toolsets [14]. Hardware authentication can create a these approaches (i) only cover a small part of the hardware piracy-proof design flow, where only the authorized end-user security landscape, and (ii) PUF designs often depend on can activate IP designs. Researchers have proposed using PUFs device characteristics that a designer would like to eliminate for the authentication process [15]. The challenge-response when considering utility for logic or memory (e.g., pinning in pair based protocols are verified between the manufacturer and domain wall memory [2]). Given the many emerging devices end-users, limiting utility of the device to the authentic user. being studied [1] and that few if any devices were proposed However, modeling attack methods have been developed to with hardware security as a “killer application”, we explore predict the PUF responses that diminishes the security level how the unique I-V characteristics of emerging transistors that of PUF-based authentication [16]. are not found in traditional MOSFETs could benefit hardware Camouflaging [17] relies on layout-level obfuscation that security applications. makes it difficult to decipher a circuit’s structure via reverse 1 engineering [18]. However, the overhead of CMOS camou- [24], carbon nanotubes [25] and graphene [26]. By control- flaging gates is often significant – especially as the level ling ambipolarity, device polarity can be adjusted/tuned post- of protection increases. (A XOR+NAND+NOR camouflaging deployment. Transistors with a configurable polarity – e.g., gate has 5.1X-5.5X higher power, 1.1X-1.6X higher delay, carbon nanotubes [5], graphene [6], silicon nanowires (SiNWs) and 4X higher area compared to a conventional NAND or [7], and transition metal dichalcogenides (TMDs) [8] – have NOR gate [18].) Furthermore, SAT-based methods have shown already been experimentally demonstrated. While this work to be able to “de-camouflage” a circuit under protection in primarily focuses on SiNWFETs and TFETs built with TMDs, minutes [19]. Design-level obfuscation or logic encryption is both devices may serve as a “proxy” for other device concepts. the other well-studied solution that could prevent attackers SiNW FETs have an ultra-thin body structure and lightly- from easily recovering/reproducing circuit designs without the doped channel which provides the ability to change the carrier authentication key [20]. While these methods have proven to type in the channel by means of a gate. FET operation is en- be robust to attacks (IP piracy could only occur if attackers abled by the regulation of Schottky barriers at the source/drain know both the netlist and the keys), performance overhead and junctions. The control gate (CG) acts conventionally by turning layout re-design present significant challenges. the device on and off via a gate voltage. The polarity gate Counterfeit ICs – i.e., recycled, remarked, cloned, tampered, (PG) acts on the side regions of the device, in proximity overproduced, or out-of-spec integrated circuits – have re- to the source/drain (S/D) Schottky junctions, switching the cently found their way into safety-critical and military appli- device polarity dynamically between n- and p-type. The input cations [21]. Solutions for detecting counterfeit products are and output voltage levels are compatible, enabling directly- limited. While PUFs and aging sensors have been proposed as cascadable logic gates [27]. solutions [21], drawbacks include high power and area costs. Ambipolarity is an inherent property of TFETs due to the Other threats include side-channel analysis and fault in- use of different doping types for drain and source if an n/i/p jections. Without physical intrusion, attackers can recover doping profile is employed [28]. By properly biasing the n- internal signals leveraging static/differential analyses on side doped and p-doped regions as well as the gate, a TFET can channels such as timing, power consumption, and electromag- function either as an n- or p-type device. No polarity gate netic emissions. Cryptographic circuits are also vulnerable to is needed in this case. Furthermore, as the magnitude of power supply-based fault injections. To counter these attacks, ambipolar current can be tuned (i.e., reduced) via doping or researchers have developed various logic circuitry and on- by increasing the drain extension length [28] one can envision chip sensors to balance the side-channel signals and to detect fabricating devices that could be better suited for logic as well signal anomalies [22]. However, even with design optimization as security-related applications. Given that screening length in methods, the existing MOSFET based countermeasures still TMD devices scales with their body thickness, one can achieve incur high performance overhead [23]. substantial tunneling currents. 2) Bell-Shaped I-Vs: Emerging transistor technologies may B. Device characteristics of interest also exhibit bell-shaped I-V curves. Symmetric graphene FETs In Fig. 1 we present an initial mapping from post-CMOS (SymFETs) and ThinTFETs are representatives of this group devices to hardware