Title

Design Methodologies for Improving the Trustworthiness and Quality of Integrated Circuits

Date of Completion

January 2011

Keywords

Engineering, Computer|Engineering, Electronics and Electrical

Degree

Ph.D.

Abstract

Computer systems are woven into the human society, their applications ranging from critical infrastructures, such as health care systems and power plants, to ordinary usages, such as mobile phones and smart cards. Dependability of the applications heavily relies on the security of computer systems with Integrated Circuits (ICs) their main component. The IC design process is a complex task and engages different parties from intellectual property (IP) vendors to IC manufacturers to meet the time-to-market requirement and to offer with a competitive price. This horizontal process creates opportunities aplenty for adversaries to interfere with the design process and to undermine design characteristics. In this work, we introduce design-for-hardware-trust (DFHT) architectures. The architectures aim to reveal the malicious modifications of ICs, called hardware Trojan, at foundries where adversaries may add extra circuits to disable the main circuit at some specific time or to leak secret information. Hardware Trojans are small compared with the main design and so have a negligible impact on the design power consumption and its delay characteristics. Further, they are designed to become activated under rare conditions. We propose new methodologies to increase Trojan activity and to magnify Trojan impact in the circuit. Our first methodology removes the rare triggering conditions of hardware Trojans by increasing the transition probability of low transition nets which are mostly utilized for Trojan triggers. Low transition nets are restitched through dummy scan flip-flops which are accessible through input pins. While not changing the design functionality, dummy flip-flops deliver controllability over low transition nets and reduce Trojan activation time. The second methodology reduces the circuit activity as background noise to magnify Trojan impacts. It has been shown that there is a high correlation between switching in scan cells of a circuit and switching in the circuit. The design is divided into a number of regions and scan cells placed in a region are connected to each other in one or more scan chains. Activating one or few regions at a time significantly reduces the circuit activity as background noise while keeping the Trojan activity comparatively high. Beside the malicious modification of ICs, an adversary can over produce a chip for selling in the black market. Counterfeit products bring huge profit loss for brand owners and endanger customers' safety. Physical Unclonable Functions (PUFs) have been proposed to uniquely identify and authenticate fabricated chips. Designed based on unique variations in process parameters from chip to chip, PUF translates parameters, such as delay, into a unique binary signature. In this work, we proposed a new PUF based on dynamic logic, called Dynamic PUF, to identify chips with very low power and area overhead compared with previously developed PUFs. In addition to the design security, the design quality significantly determines its applicability in the field. Testing a chip after fabrication ensures its correct functionality. It has been shown that designs usually experience much higher switching activity in the test mode compared with the normal mode. This may lead to hot spot and electromigration phenomena that reduce the design reliability. In nanometer regime, delay fault testing is widely used for performance verification post-silicon and high test power can negatively impact the test results. In this work, we propose a new layout-aware pattern evaluation technique which can be seamlessly integrated into current automatic test pattern generators (ATPGs). The technique considers the location of transitions in the design layout, eliminating patterns generating high activity in a portion of the design to prevent performance degradation, and replaces them with low-transition patterns to keep the original fault coverage. ^