In this work, template attacks that aimed to leak the nonce were performed on 256-bit ECDSA hardware to evaluate the resistance against side-channel attacks. The target hardware was an ASIC and was revealed to be vulnerable to the combination of template attacks and lattice attacks. Furthermore, the attack result indicated it was not enough to fix the MSB of the nonce to 1 which is a common countermeasure. Also, the success rate of template attacks was estimated by simulation. This estimation does not require actual hardware and enables us to test the security of the implementation in the design phase. To clarify the acceptable amount of the nonce leakage, the computational cost of lattice attacks was compared to that of ρ method which is a cryptanalysis method. As a result, the success rate of 2-bit leakage of the nonce must be under 62% in the case of 256-bit ECDSA. In other words, SNR must be under 2-4 in our simulation model.

Technological devices have become deeply embedded in people's lives, and their demand is growing every year. It has been indicated that outsourcing the design and manufacturing of integrated circuits, which are essential for technological devices, may lead to the insertion of malicious circuitry, called hardware Trojans (HTs). This paper proposes an HT detection method at gate-level netlists based on XGBoost, one of the best gradient boosting decision tree models. We first propose the optimal set of HT features among many feature candidates at a netlist level through thorough evaluations. Then, we construct an XGBoost-based HT detection method with its optimized hyperparameters. Evaluation experiments were conducted on the netlists from Trust-HUB benchmarks and showed the average F-measure of 0.842 using the proposed method. Also, we newly propose a Trojan probability propagation method that effectively corrects the HT detection results and apply it to the results obtained by XGBoost-based HT detection. Evaluation experiments showed that the average F-measure is improved to 0.861. This value is 0.194 points higher than that of the existing best method proposed so far.

This paper introduces an inverter-based true random number generator (I-TRNG). It uses a single CMOS inverter to amplify thermal noise multiple times. An adaptive calibration mechanism based on clock tuning provides robust operation across a wide range of supply voltage 0.5∼1.1V and temperature -40∼140°C. An 8-bit Von-Neumann post-processing circuit (VN8W) is implemented for maximum raw entropy extraction. In a 130nm CMOS technology, the I-TRNG entropy source only occupies 635μm2 and consumes 0.016pJ/raw-bit at 0.6V. The I-TRNG occupies 13406μm2, including the entropy source, adaptive calibration circuit, and post-processing circuit. The minimum energy consumption of the I-TRNG is 1.38pJ/bit at 0.5V, while passing all NIST 800-22 and 800-90B tests. Moreover, an equivalent 15-year life at 0.7V, 25°C is confirmed by an accelerated NBTI aging test.

Field Programmable Gate Array (FPGA) is gaining popularity because of their reconfigurability which brings in security concerns like inserting hardware trojan. Various detection methods to overcome this threat have been proposed but in the ASIC's supply chain and cannot directly apply to the FPGA application. In this paper, the authors aim to implement a structural feature-based detection method for detecting hardware trojan in a cell-level netlist, which is not well explored yet, where the nets are segmented into smaller groups based on their interconnection and further analyzed by looking at their structural similarities. Experiments show positive performance with an average detection rate of 95.41%, an average false alarm rate of 2.87% and average accuracy of 96.27%.

This brief presents a side-channel attack (SCA) technique on a high-speed asynchronous successive approximation register (SAR) analog-to-digital converter (ADC). The proposed dual neural network based on multiple noise waveforms separately discloses sign and absolute value information of input signals which are hidden by the differential structure and high-speed asynchronous operation. The target SAR ADC and on-chip noise monitors are designed on a single prototype chip for SCA demonstration. Fabricated in 40 nm, the experimental results show the proposed attack on the asynchronous SAR ADC successfully restores the input data with a competitive accuracy within 300 mV rms error.

Hardware oriented security and trust of semiconductor integrated circuit (IC) chips have been highly demanded. This paper outlines the requirements and recent developments in circuits and packaging systems of IC chips for security applications, with the particular emphasis on protections against physical implementation attacks. Power side channels are of undesired presence to crypto circuits once a crypto algorithm is implemented in Silicon, over power delivery networks (PDNs) on the frontside of a chip or even through the backside of a Si substrate, in the form of power voltage variation and electromagnetic wave emanation. Preventive measures have been exploited with circuit design and packaging technologies, and partly demonstrated with Si test vehicles.

Using third-party intellectual properties (3PIP) has been a norm in IC design development process to meet the time-to-market demand and at the same time minimizing the cost. But this flow introduces a threat, such as hardware trojan, which may compromise the security and trustworthiness of underlying hardware, like disclosing confidential information, impeding normal execution and even permanent damage to the system. In years, different detections methods are explored, from just identifying if the circuit is infected with hardware trojan using conventional methods to applying machine learning where it identifies which nets are most likely are hardware trojans. But the performance is not satisfactory in terms of maximizing the detection rate and minimizing the false positive rate. In this paper, a new hardware trojan detection approach is proposed where gate-level netlist is segmented into regions first before analyzing which nets might be hardware trojans. The segmentation process depends on the nets' connectivity, more specifically by looking on each fanout points. Then, further analysis takes place by means of computing the structural similarity of each segmented region and differentiate hardware trojan nets from normal nets. Experimental results show 100% detection of hardware trojan nets inserted on each benchmark circuits and an overall average of 1.38% of false positive rates which resulted to a higher accuracy with an average of 99.31%.

In IoT (Internet-of-Things) era, the number and variety of hardware devices becomes continuously increasing. Several IoT devices are utilized at infrastructure equipments. How to maintain such IoT devices is a serious concern. Capacitance measurement is one of the powerful ways to detect anomalous states in the structure of the hardware devices. Particularly, measuring capacitance while the hardware device is running is a major challenge but no such researches proposed so far. This paper proposes a capacitance measuring device which measures device capacitance in operation. We firstly combine the AC (alternating current) voltage signal with the DC (direct current) supply voltage signal and generates the fluctuating signal. We supply the fluctuating signal to the target device instead of supplying the DC supply voltage. By effectively filtering the observed current in the target device, the filtered current can be proportional to the capacitance value and thus we can measure the target device capacitance even when it is running. We have implemented the proposed capacitance measuring device on the printed wiring board with the size of 95mm × 70mm and evaluated power consumption and accuracy of the capacitance measurement. The experimental results demonstrate that power consumption of the proposed capacitance measuring device is reduced by 65% in low-power mode from measuring mode and proposed device successfully measured capacitance in 0.002μF resolution.

This paper presents a low-power small-area-overhead physical random number generator utilizing SAR ADC embedded in sensor SoCs. An unpredictable random bit sequence is produced by an existing comparator in typical SAR ADCs, which results in little area overhead. Unlike the other comparator-based physical random number generator, this proposed technique does not require an offset calibration scheme since SAR binary search algorithm automatically converges the two input voltages of the comparator to balance the differential circuit pair. Although the randomness slightly depends on an quantization error due to sharing AD conversion scheme, the input signal distribution enhances the quality of random number bit sequence which can use for various security countermeasures such as masking techniques. Fabricated in 180nm CMOS, 1Mb/s random bit generator achieves high efficiency of 0.72pJ/bit with only 400μm2 area overhead, which occupies less than 0.5% of SAR ADC, while remaining 10-bit AD conversion function.

An ASIC crypto processor optimized for the 254-bit prime-field optimal-ate pairing over Barreto-Naehrig (BN) curve is proposed. The data path of the proposed crypto processor is designed to compute five Fp2 operations, a multiplication, three addition/subtractions, and an inversion, simultaneously. We further propose a design methodology to automate the instruction scheduling by using a combinatorial optimization solver, with which the total cycle count is reduced to 1/2 compared with ever reported. The proposed crypto processor is designed and fabricated by using a 65nm silicon-on-thin-box (SOTB) CMOS process. The chip measurement result shows that the fabricated chip successfully computes a pairing in 0.185ms when a typical operating voltage of 1.20V is applied, which corresponds to 2.8× speed up compared to the current state-of-the-art pairing implementation on ASIC platform.

A 256-bit $mathbb{F}_p$ ECDSA crypto processor featuring low latency, low energy consumption and capability of changing the Elliptic curve parameters is designed and fabricated in SOTB 65nm CMOS process. We have demonstrated the lowest ever reported signature generation time of 31.3 μs at 238MHz clock frequency. Energy consumption is 3.28 μJ/signature-generation, which is same as the lowest reported till date. We have also derived addition formulae on Elliptic curve useful for reduce the number of registers and operation cycles.

Hardware Trojan or any other kind of unwanted hardware modifications has been thought as a major challenge in many commercial and secure applications. Currently, detection and prevention of hardware Trojans appeared as an important requirement in such systems. In this paper, a new concept, Trojan Vulnerability Map, is introduced to model the immunity of various regions of hardware against hardware attacks. Then, placement and routing algorithms are proposed to improve the immunity of hardware using the Trojan Vulnerability Map. Experimental results show that the proposed placement and routing algorithm reduces the hardware vulnerability by 25.65% and 4.08%, respectively. These benefits are earned in cost of negligible total wire length and delay overhead.

Hardware Trojan (HT) has emerged as an impending security threat to hardware systems. However, conventional functional tests fail to detect HT since Trojans are triggered by rare events. Most of the existing side-channel based HT detection techniques just simply compare and analyze circuit's parameters and offer no signal calibration or error correction properties, so they suffer from the challenge and interference of large process variations (PV) and noises in modern nanotechnology which can completely mask Trojan's contribution to the circuit. This paper presents a novel HT detection method based on subspace technique which can detect tiny HT characteristics under large PV and noises. First, we formulate the HT detection problem as a weak signal detection problem, and then we model it as a feature extraction model. After that, we propose a novel subspace HT detection technique based on time domain constrained estimator. It is proved that we can distinguish the weak HT from variations and noises through particular subspace projections and reconstructed clean signal analysis. The reconstructed clean signal of the proposed algorithm can also be used for accurate parameter estimation of circuits, e.g. power estimation. The proposed technique is a general method for related HT detection schemes to eliminate noises and PV. Both simulations on benchmarks and hardware implementation validations on FPGA boards show the effectiveness and high sensitivity of the new HT detection technique.

This article analyzes the internal mechanism of fault attacks on microcontrollers and proposes a cost-effective hardware and software countermeasure design policy. Reliable branch operations are essential to DFA-resistant hardware. Our method is based on a logical fault attack simulation to find the minimum set of signals that contribute to faults in the branch operations and is also based on applying partially redundant logic.