Counterfeit integrated circuits (ICs) in a supply chain have emerged as a major threat to the semiconductor industry with serious potential consequences, such as reliability degradation of an end product and revenue/reputation loss of the original manufacturer. Counterfeit ICs come in various forms, including aged chips resold in the market, remarked/defective dies, and cloned unauthorized copies. In many cases, these ICs would have minor functional, structural and parametric deviations from genuine ones, which make them extremely difficult to isolate through conventional testing approaches. On the other hand, existing design approaches that aim at facilitating identification of counterfeit chips often incur unacceptable design and test cost. In this thesis, we present novel low-overhead and robust solutions for addressing various forms of counterfeiting attacks in ICs. The solutions presented here fall into two classes: (1) test methods to isolate counterfeit chips, in particular cloned or recycled ones; and (2) design methods to authenticate each IC instance with unique signature from each chip. The first set of solutions is based on constructing robust fingerprint of genuine chips through parametric analysis after mitigating the process variations. The second set of solutions is based on novel low-cost physical unclonable functions (PUFs) to create unique and random signature from a chip for reliable identification of counterfeit instances.
We propose two test methods with complementary capabilities. The first one primarily targets cloned ICs by constructing the fingerprint from scan path delays. It uses the scan chain, a prevalent design-for-testability (DFT) structure, to create a robust authentication signature. A practical method based on clock phase sweep is proposed to measure small delay of scan paths with high resolution. The second one targets isolation of aged chips under large inter- and intra-die process variations without the need of any golden chips. It is based on comparing dynamic current fingerprints from two adjacent and self-similar modules (e.g., different parts of an adder) which experience differential aging.
We propose two delay-based PUFs built in the scan chain which convert scan path delays into robust authentication signature without affecting testability. Another novel PUF structure is realized in embedded SRAM array, an integral component in modern processors and system-on-chips (SoCs), with virtually no design modification. It leverages on voltage-dependent memory access failures (during write) to produce large volume of high-quality challenge-response pairs. Since many modern ICs integrate SRAM array of varying size with isolated power grid, the proposed PUF can be easily retrofitted into these chips. Finally, we extend our work to authenticate counterfeit printed circuit boards (PCBs) based on extraction of boundary-scan path delay signatures from each PCB. The proposed approach exploits the standard boundary scan architecture based on IEEE 1149.1 standard to create unique signature for each PCB. The design and test approaches are validated through extensive simulations and hardware measurements, whenever possible. These approaches can be effectively integrated to provide nearly comprehensive protection against various forms of counterfeiting attacks in ICs and PCBs.