A system-in-package (SiP) design takes advantage of cutting-edge packaging technology and heterogeneous integration (HI) in response to the growing need for aggressive time-to-market, high-performance, less expensive, and smaller systems. However, aggregating dies with different functionalities introduces new attack vectors with fault-injection attacks (FIA) that can effectively alter a circuit's data and control flow maliciously to cause disruptions of secure communication or sensitive information leakage. Additionally, traditional threat models associated with FIA on a 2D monolithic system-on-chip (SoC), and the corresponding mitigation techniques may not be compatible with modern 2.5D and 3D SiP architectures. To address these limitations, we propose system-aware fault injection attack detection for SiP architectures (SYSFID), a real-time and on-chip sensor-based fault monitoring approach integrated into a system-level design. SYSFID detects any fault-induced anomalous alterations in path delays of the components of inter-chiplet networks by strategically placing on-chip fault-to-time converter (FTC) sensors and controlling them efficiently to safeguard overall system security. To demonstrate the effectiveness of SYSFID, we detect several fault injection attempts on the FPGA implementation of a network-on-chip (NoC) based architecture during secure network packet transfers. Our experiments also illustrate that the SYSFID framework reliably senses both global and local FIAs with minimal overheads.

Intellectual property (IP) core reuse is a common practice for accelerating new product development in modern system-on-chip (SoC) architectures. However, reusing and sharing IP cores in today’s competitive market poses significant security risks. IP watermarking is a potential solution for detecting unauthorized IP duplication and overuse. In this paper, we propose GEM-Water, a robust IP watermark verification scheme that uses electromagnetic (EM) radiation of an IP in an SoC for watermark extraction during boot-up. This is accomplished by applying an n-bit challenge to the IP that triggers some certain state transition in a Finite State Machine (FSM) during boot-up. The FSM output is then mapped into an EM signature which can be extracted and processed to generate expected responses to prove IP ownership. GEM-Water has been implemented in a wide variety of benchmarks using several AMD Xilinx 7 series FPGAs, and the experimental results validate the robustness and viability of the suggested approach with >95% accuracy.

Hardware obfuscation is a proactive design-for- trust technique against integrated circuit (IC) supply chain threats, i.e., intellectual property (IP) piracy and overproduction. Many studies have evaluated numerous obfuscation techniques, broadly classified as IC camouflaging, logic locking, and split manufacturing. In split manufacturing, threats introduced by an untrusted foundry are eliminated by manufacturing only the front-end of line (FEOL) layers in the high-end untrusted foundry, and back-end of line (BEOL) layers in the design house’s trusted low-end foundry to hide BEOL connections from the untrusted foundry. However, researchers proposed several attacks based on physical layout design heuristic, network-flow model, and placement-routing proximity to extract missing back-end of line connections. Nevertheless, split manufacturing suffers from yield due to challenges in properly aligning FEOL connections with the BEOL. This paper proposes LLE, which protects ICs from piracy and reverse-engineering by untrusted foundries. In this approach, we perform layout-level obfuscation by creating an intermediate metal layer mesh to obscure the BEOL connections from the FEOL. After fabrication from an untrusted foundry, the mesh can be edited using a focused-ion beam (FIB) editing tool in a trusted facility (e.g., FIB lab) to realize the actual inter- connection. Hence, unlike split manufacturing, LLE eliminates the requirement of a separate trusted foundry and establishes trust in the microelectronic supply chain by lowering cost and yield loss. To validate the effectiveness of LLE, we fabricated a test chip in MITLL Low- Power FDSOI CMOS Process. In the silicon test chip, we demonstrate that LLE can prevent IC piracy and reverse engineering with low costs and yield losses in the semiconductor supply chain.

Laser-based fault injection (LFI) attacks are powerful physical attacks with high precision and controllability. Therefore, attempts have been in the literature to model and simulate the laser effect in pre-silicon digital designs. However, these efforts can only model the laser effect on small SPICE or TCAD circuits of individual standard cells. This paper proposes security properties and a machine-learning assisted layout signoff framework in verifying the full-chip layout's resiliency against LFI. In the framework, we leveraged the commercial SoC power integrity sign-off tool to inject the Gaussian laser current to any spot in the layout, by considering different layout features such as power distribution network, decoupling capacitor placement, metal geometry, instance switching power, etc. To avoid exhaustive analysis of all layout spots regardless of LFI criticality, we use security properties to drive the assessment and identify critical areas. We then use SPICE simulations and machine learning to develop cell-level laser fault models under different laser-induced transient current intensities. This laser cell library is used during full-chip LFI feasibility analysis for the cells inside laser illumination, enabling precise layout -level design fix for critical cells failing the fault injection threshold. Finally, we show the effectiveness of the proposed framework by analyzing the fully implemented AES design layout.

Fault Injection Attacks (FIAs) have become prolific and effective methods of violating the integrity and confidentiality of integrated circuits and electronic systems. FIAs can be accomplished using clock-glitch, voltage glitch, laser, optical instruments, and electromagnetic (EM) emanation. One promising solution to detect FIAs is to use on-chip sensors to capture the attacks’ impact. However, the variety of FIAs has led to numerous custom-designed sensors for each of them, challenging the feasibility of the implementation and introducing a large overhead. This paper proposes developing a universal Fault-to-Time Converter (FTC) sensor that can effectively detect all the aforementioned FIAs while requiring minimal overhead. The FTC sensor converts the effects of faults injected by an FIA method into “time” that is measurable. Then, the “time” difference can be analyzed further to identify whether an attack has been carried out successfully. The sensor design can be easily implemented in both FPGA and ASIC platforms. Our FTC sensor implementation in FPGA platforms demonstrates that the design can effectively differentiate various FIA attack scenarios with its encoded output. The FTC sensor can also be extended to cover other fault attacks that have a similar impact on the victim device (i.e., affecting circuit timing).

IC camouflaging has been proposed as a promising countermeasure against reverse engineering. Camouflaged gates contain multiple functional device structures, but appear as a single layout under microscope imaging, thereby concealing circuit functionality. The recent covert gate camouflaging design comes with a significantly reduced overhead cost, allowing numerous camouflaged gates in circuits which improves resiliency against invasive and semi-invasive attacks. Dummy inputs are used in the design, but SEM imaging analysis has only been performed on simplified contact structures so far. In this study, we fabricated real and dummy contacts in different structures and performed a systematic SEM analysis to investigate contact charging and passive voltage contrast. Machine learning based pattern recognition was also employed to examine the possibility of differentiating real and dummy contacts. Based on our experimental results, we found that the difference between real and dummy contacts is insignificant, which effectively prevents SEM-based reverse engineering.

Object localization is an essential step in image-based hardware assurance applications to navigate the view to the target location. Existing localization methods are well-developed for applications in many other research fields; however, limited study has been conducted to explore an accurate yet efficient solution in hardware assurance domain. To this end, this paper discusses the challenges of leveraging existing object localization methods from three aspects using the example scenario of IC Trojan detection and proposes a novel knowledge-based object localization method. The proposed method is inspired by the 2D string search algorithm; it also couples a mask window to preserve target topology, which enables multi-target localization. Evaluations are conducted on 61 test cases from five images of three node-technologies. The results validate the accuracy, time-efficiency, and the generalizability of the proposed method of locating multi-target from SEM images for hardware assurance applications.

A Bill of Materials (BoM) is the list of all components present on a Printed Circuit Board (PCB). BoMs are useful for multiple forms of failure analysis and hardware assurance. In this paper, we build upon previous work and present an updated framework to automatically extract a BoM from optical images of PCBs in order to keep up to date with technological advancements. This is accomplished by revising the framework to emphasize the role of machine learning and by incorporating domain knowledge of PCB design and hardware Trojans. For accurate machine learning methods, it is critical that the input PCB images are normalized. Hence, we explore the effect of imaging conditions (e.g. camera type, lighting intensity, and lighting color) on component classification, before and after color correction. This is accomplished by collecting PCB images under a variety of imaging conditions and conducting a linear discriminant analysis before and after color checker profile correction, a method commonly used in photography. This paper shows color correction can effectively reduce the intraclass variance of different PCB components, which results in a higher component classification accuracy. This is extremely desirable for machine learning methods, as increased prior knowledge can decrease the number of ground truth images necessary for training. Finally, we detail the future work for data normalization for more accurate automatic BoM extraction. Index Terms – automatic visual inspection; PCB reverse engineering; PCB competitor analysis; hardware assurance; bill of materials

Globalization and complexity of the PCB supply chain has made hardware assurance a challenging task. An automated system to extract the Bill of Materials (BoM) can save time and resources during the authentication process, however, there are numerous imaging modalities and image analysis techniques that can be used to create such a system. In this paper we review different imaging modalities and their pros and cons for automatic PCB inspection. In addition, image analysis techniques commonly used for such images are reviewed in a systematic way to provide a direction for future research in this area. Index Terms —Component Detection, PCB, Authentication, Image Analysis, Machine Learning

Hardware Trojans are malicious changes to the design of integrated circuits (ICs) at different stages of the design and fabrication processes. Different approaches have been developed to detect Trojans namely non-destructive (electrical tests like run-time monitoring, functional and structural tests) and destructive (full chip reverse engineering). However, these methods cannot detect all types of Trojans and they suffer from a number of disadvantages such as slow speed of detection and lack of confidence in detecting all types of Trojans. Majority of hardware Trojans implemented in an IC will leave a footprint at the doping (active) layer. In this paper, we introduce a new version of our previously developed “Trojan Scanner” [1] framework for the untrusted foundry threat model, where a trusted GDSII layout (golden layout) is available. Advanced computer vision algorithms in combination with the supervised machine-learning model are used to classify different features of the golden layout and SEM images from an IC under authentication, as a unique descriptor for each type of gates. These descriptors are compared with each other to detect any subtle changes on the active region, which can raise the flag for the existence of a potential hardware Trojan. The descriptors can differentiate variation due to fabrication process, defects, and common SEM image distortions to rule out the possibility of false detection. Our results demonstrate that Trojan Scanner is more reliable than electrical testing and faster than full chip reverse engineering. Trojan Scanner does not rely on the functionality of the circuit rather focuses on the real physical structure to detect malicious changes inserted by the untrusted foundry.

Optical probing from the backside of an integrated circuit (IC) is a powerful failure analysis technique but raises serious security concerns when in the hands of attackers. For instance, attacks using laser voltage probing (LVP) allow direct reading of sensitive information being stored and/or processed in the IC. Although a few sensor-based countermeasures against backside optical probing attacks have been proposed, the overheads (fabrication cost and/or area) are considerable. In this paper, we introduce nanopyramid structures that mitigate optical probing attacks by scrambling the measurements reflected by a laser pulse. Nanopyramid structure is applied to selected areas inside an IC that requires protection against optical probing attacks. The fabrication of nanopyramids is CMOS compatible and well established for photovoltaic applications. We design the nanopyramid structure in ICs, develop the LVP attacking model, and perform optical simulations to analyze the impact of nanopyramids on LVP. According to the simulation results, the nanopyramid can disturb the optical measurements enough to make LVP attacks practically infeasible. In addition, our nanopyramid countermeasure has no area overheads and works in a passive mode without consuming any energy.

In the last decades, the supply chain of printed circuit boards (PCBs) becomes distributed with growing complexity of PCB designs and the economic trend of outsourcing the PCB manufacturing. This makes the PCBs more vulnerable to security attacks, such as tampering, snooping, and electromagnetic (EM) attacks. Because of the large feature size of PCBs (compared to integrated circuits), it is challenging to protect the PCBs from those attacks or proof the suspected attacks. For the same reason, PCBs are vulnerable to non-invasive reverse engineering by X-ray tomography as well. In this paper, we propose a novel silicon carbide (SiC) coating technique to provide passive protection for PCBs from in-field tampering, snooping and EM attacks. In addition, capacitive sensors are designed based on the SiC coating, offering active defense against those attacks. The coating and sensors can be implemented on PCBs in cost-efficient ways and the area overheads are minimized. The insulating coating also allows an extra tungsten-based painting to be applied to prevent the X-ray reverse engineering.

This paper discusses the development of an extensible programmatic workflow that leverages evolving technologies in 2D/3D imaging, distributed instrument control, image processing, and automated mechanical/chemical deprocessing technology. Initial studies involve automated backside mechanical ultra-thinning of 65nm node IC processor chips in combination with SEM imaging and X-ray tomography. Areas as large as 800μm x 800μm were deprocessed using gas-assisted plasma FIB delayering. Ongoing work involves enhancing the workflow with “intelligent automation” by bridging FIB-SEM instrument control and near real-time data analysis to establish a computationally guided microscopy suite.

Reverse engineering of electronic hardware has been performed for decades for two broad purposes: (1) honest and legal means for failure analysis and trust verification; and (2) dishonest and illegal means of cloning, counterfeiting, and development of attacks on hardware to gain competitive edge in a market. Destructive methods have been typically considered most effective to reverse engineer Printed Circuit Boards (PCBs) – a platform used in nearly all electronic systems to mechanically support and electrically connect all hardware components. However, the advent of advanced characterization and imaging tools such as X-ray tomography has shifted the reverse engineering of electronics toward non-destructive methods. These methods considerably lower the associated time and cost to reverse engineer a complex multi-layer PCB. In this paper, we introduce a new anti–reverse engineering method to protect PCBs from non-destructive reverse engineering. We add high-Z materials inside PCBs and develop advanced layout algorithms, which create inevitable imaging artifacts during tomography, thereby making it practically infeasible for an adversary to extract correct design information with X-ray tomography.

Counterfeiting is an increasing concern for businesses and governments as greater numbers of counterfeit integrated circuits (IC) infiltrate the global market. There is an ongoing effort in experimental and national labs inside the United States to detect and prevent such counterfeits in the most efficient time period. However, there is still a missing piece to automatically detect and properly keep record of detected counterfeit ICs. Here, we introduce a web application database that allows users to share previous examples of counterfeits through an online database and to obtain statistics regarding the prevalence of known defects. We also investigate automated techniques based on image processing and machine learning to detect different physical defects and to determine whether or not an IC is counterfeit.

Bond pull testing, a well-known method in the failure analysis community, is used to evaluate the integrity of an electronic microchip as well as to detect counterfeit ICs. Existing bond pull tests require that the microchip be de-capsulated in order to obtain physical access to the bond wires in the IC package. Bond pull analysis based on simulation and finite element methods also exists but relies on the original model for a bond wire from a CAD design. In this work, we introduce X-ray tomography imaging with 700nm imaging resolution to acquire the 3D geometry details of bond wires non-destructively. Such information can be used to develop more accurate models for finite element analysis based on real size and structure. Therefore, one can test the bond wire strength as a proof of concept for virtual mechanical testing and counterfeit detection in microchips.

X-ray tomography is a promising technique that can provide micron level, internal structure, and three dimensional (3D) information of an integrated circuit (IC) component without the need for serial sectioning or decapsulation. This is especially useful for counterfeit IC detection as demonstrated by recent work. Although the components remain physically intact during tomography, the effect of radiation on the electrical functionality is not yet fully investigated. In this paper we analyze the impact of X-ray tomography on the reliability of ICs with different fabrication technologies. We perform a 3D imaging using an advanced X-ray machine on Intel flash memories, Macronix flash memories, Xilinx Spartan 3 and Spartan 6 FPGAs. Electrical functionalities are then tested in a systematic procedure after each round of tomography to estimate the impact of X-ray on Flash erase time, read margin, and program operation, and the frequencies of ring oscillators in the FPGAs. A major finding is that erase times for flash memories of older technology are significantly degraded when exposed to tomography, eventually resulting in failure. However, the flash and Xilinx FPGAs of newer technologies seem less sensitive to tomography, as only minor degradations are observed. Further, we did not identify permanent failures for any chips in the time needed to perform tomography for counterfeit detection (approximately 2 hours).

Reverse engineering of electronics systems is performed for various reasons ranging from honest ones such as failure analysis, fault isolation, trustworthiness verification, obsolescence management, etc. to dishonest ones such as cloning, counterfeiting, identification of vulnerabilities, development of attacks, etc. Regardless of the goal, it is imperative that the research community understands the requirements, complexities, and limitations of reverse engineering. Until recently, the reverse engineering was considered as destructive, time consuming, and prohibitively expensive, thereby restricting its application to a few remote cases. However, the advents of advanced characterization and imaging tools and software have counteracted this point of view. In this paper, we show how X-ray micro-tomography imaging can be combined with advanced 3D image processing and analysis to facilitate the automation of reverse engineering, and thereby lowering the associated time and cost. In this paper, we demonstrate our proposed process on two different printed circuit boards (PCBs). The first PCB is a four-layer custom designed board while the latter is a more complex commercial system. Lessons learned from this effort can be used to both develop advanced countermeasures and establish a more efficient workflow for instances where reverse engineering is deemed necessary. Keywords: Printed circuit boards, non-destructive imaging, X-ray tomography, reverse engineering.