Hardware-Enabled Security Primitives

Apr 27, 2016

Internet of Things (IoT) are expected to bring unprecedented impacts to many industrial sectors and people’s daily lives, creating trillion-dollar economic impacts. Most IoT applications (e.g. smart home/car/factory/city) require collecting, processing, and transmitting a huge amount of private, sensitive, or safety-critical data. Security and privacy issues are widely regarded as the most critical challenges to the adoption of IoT. Securing ubiquitous devices not only face new challenges at application and network layers due to new applications, heterogeneous networks, and the huge number of devices, but also face severe constraints on computing resources, power consumption, cost, and vulnerabilities to physical and firmware attacks in edge devices. Thus, holistically designing edge devices with specialized hardware for security is of paramount importance. Typically, a minimum set of trusted hardware and software dedicated to providing fundamental security primitives for a device, named Hardware Root of Trust (HRoT), is embedded to protect device authenticity, data confidentiality and integrity, system integrity, and network availability. A full-fledged HRoT (e.g. Pluton from Microsoft and Titan from Google) consists of a random number generator, secure key management, cryptographic protocol accelerators, and a tiny host processor. Desired features of HRoT include high energy efficiency, small area, low cost, alertness and resistance to side-channel and (semi-)invasive physical attacks.

Physically Unclonable Functions (PUF):

PUFs are among the most promising security primitives for low-cost solutions of key storage, chip authentication, and supply chain protection. We work on novel physical entropy extraction methods to provide better security protection with lower power and cost overhead.

Related Publication:
CICC22
ISSCC21
JSSC20
ISSCC19
VLSI17
ISSCC17
ISSCC15

True Random Number Generator (TRNG):

Silicon TRNGs harvesting entropy from physical sources are demanded for higher security level and system integration. We work on novel TRNG designs, as well as by designing new entropy extraction concepts and circuits.

Related Publication:
VLSI18
JSSC16
VLSI15
ISSCC14

Energy-/Memory-Efficient Network Intrusion Detection:

Today’s IoT systems are plagued with security problems: as evidenced by the infamous Mirai botnet, among other high-profile incidents, these devices are susceptible to a range of adversarial attacks, many of which gain entry by remote exploits. Compared to traditional computer networks, decentralized and distributed IoT systems face new vulnerabilities raised in drastically different networks and applications, as well as computing and energy bottlenecks, especially when the exponentially increasing network traffic is considered. Network intrusion detection systems (NIDS) are highly desirable for IoT networks to monitor and react to potential attacks by detecting known attack signatures and/or anomalies in the traffic. Signature-based NIDS identifies known attacks by regular expression matching like Snort, while anomaly-based NIDS is capable of alerting new and modified attacks by finding outliers from expected network traffic models. They are complementary and provide best coverage when used together. While the computing model for the two types of NIDS are quite different, deploying them in de- centralized IoT edge and gateway devices face similar bottlenecks on energy and memory usage.

To overcome these challenges, we work on algorithm/architecture/circuit co-designs to improve the computing efficiency by 10-100 times over microcontrollers, with the ultimate goal of making these NIDS affordable in IoT sensor nodes.

Related Publication:
SSCL20

Hardware Security

Related

Publications

Yan He, Kaiyuan Yang. A Synthesizable Design-Agnostic Timing Fault Injection Monitor Covering 2MHz to 1.26GHz Clocks in 65nm CMOS. 2024 IEEE International Solid-State Circuits Conference (ISSCC), 2024.

PDF Project DOI

Jacob T. Robinson, Joshua Woods, Kaiyuan Yang. Toward Exponential Growth of Therapeutic Neurotechnology. 2024 IEEE International Solid-State Circuits Conference (ISSCC), 2024.

Project DOI

Qiang Zhou, Yan He, Kaiyuan Yang, Taiyun Chi. Physical-Layer Identification of Wireless IoT Nodes Through PUF-Controlled Transmitter Spectral Regrowth. IEEE Transactions on Microwave Theory and Techniques, 2023.

PDF Project DOI

Yan He, Kaiyuan Yang. A Fully Synthesizable 100Mbps Edge-Chasing True Random Number Generator. 2023 IEEE Symposium on VLSI Circuits, 2023.

PDF Project DOI

Yan He, Dai Li, Zhanghao Yu, Kaiyuan Yang. ASCH-PUF: A “Zero” Bit Error Rate CMOS Physically Unclonable Function With Dual-Mode Low-Cost Stabilization. IEEE Journal of Solid-State Circuits (JSSC), 2023.

PDF Project DOI

Yan He, Qixuan Yu, Kaiyuan Yang. A Lossless and Modeling Attack-Resistant Strong PUF with <4E-8 Bit Error Rate. IEEE Custom Integrated Circuits Conference (CICC), 2022.

PDF Project DOI

Qiang Zhou, Yan He, Kaiyuan Yang, Taiyun Chi. 12.3 Exploring PUF-Controlled PA Spectral Regrowth for Physical-Layer Identification of IoT Nodes. 2021 IEEE International Solid- State Circuits Conference (ISSCC), 2021.

PDF Project DOI

Yan He, Dai Li, Zhanghao Yu, Kaiyuan Yang. 36.5 An Automatic Self-Checking and Healing Physically Unclonable Function (PUF) with textless3×10-8 Bit Error Rate. 2021 IEEE International Solid- State Circuits Conference (ISSCC), 2021.

PDF Project DOI

Dai Li, Kaiyuan Yang. A Dual-Port 8-T CAM-Based Network Intrusion Detection Engine for IoT. IEEE Solid-State Circuits Letters, 2020.

PDF Project DOI

Kaiyuan Yang. Custom CMOS and Post-CMOS Crossbar Circuits for Resource-Constrained Hardware Security Primitives. 2019 IEEE International Electron Devices Meeting (IEDM), 2019.

Project DOI

Dai Li, Kaiyuan Yang. A 562F2 Physically Unclonable Function with a Zero-Overhead Stabilization Scheme. 2019 IEEE International Solid- State Circuits Conference - (ISSCC), 2019.

PDF Project DOI

Dai Li, Kaiyuan Yang. A Self-Regulated and Reconfigurable CMOS Physically Unclonable Function Featuring Zero-Overhead Stabilization. IEEE Journal of Solid-State Circuits (JSSC), 2019.

PDF Project DOI

Kaiyuan Yang, Qing Dong, Zhehong Wang, Yi-Chun Shih, Yu-Der Chih, Jonathan Chang, David Blaauw, Dennis Svlvester. A 28nm Integrated True Random Number Generator Harvesting Entropy from MRAM. 2018 IEEE Symposium on VLSI Circuits, 2018.

Project DOI

Supreet Jeloka, Kaiyuan Yang, Michael Orshansky, Dennis Sylvester, David Blaauw. A Sequence Dependent Challenge-Response Puf Using 28nm SRAM 6T Bit Cell. 2017 Symposium on VLSI Circuits, 2017.

Project DOI

Kaiyuan Yang, Qing Dong, David Blaauw, Dennis Sylvester. A 553F2 2-Transistor Amplifier-Based Physically Unclonable Function (PUF) with 1.67% Native Instability. 2017 IEEE International Solid-State Circuits Conference (ISSCC), 2017.

Project DOI

Kaiyuan Yang, David Blaauw, Dennis Sylvester. An All-Digital Edge Racing True Random Number Generator Robust Against PVT Variations. IEEE Journal of Solid-State Circuits (JSSC), 2016.

Project DOI

Kaiyuan Yang, David Blaauw, Dennis Sylvester. A robust −40 to 120°C all-digital true random number generator in 40nm CMOS. 2015 Symposium on VLSI Circuits (VLSI Circuits), 2015.

Project DOI

Kaiyuan Yang, Qing Dong, David Blaauw, Dennis Sylvester. A Physically Unclonable Function with BER <10-8 for Robust Chip Authentication Using Oscillator Collapse in 40nm CMOS. 2015 IEEE International Solid-State Circuits Conference (ISSCC), 2015.

Project DOI

Kaiyuan Yang, David Fick, Michael B. Henry, Yoonmyung Lee, David Blaauw, Dennis Sylvester. A 23Mb/s 23pJ/b Fully Synthesized True-Random-Number Generator in 28nm and 65nm CMOS. 2014 IEEE International Solid-State Circuits Conference (ISSCC), 2014.

Project DOI