-
Advancing Security with Digital Twins: A Comprehensive Survey
Authors:
Blessing Airehenbuwa,
Touseef Hasan,
Souvika Sarkar,
Ujjwal Guin
Abstract:
The proliferation of electronic devices has greatly transformed every aspect of human life, such as communication, healthcare, transportation, and energy. Unfortunately, the global electronics supply chain is vulnerable to various attacks, including piracy of intellectual properties, tampering, counterfeiting, information leakage, side-channel, and fault injection attacks, due to the complex natur…
▽ More
The proliferation of electronic devices has greatly transformed every aspect of human life, such as communication, healthcare, transportation, and energy. Unfortunately, the global electronics supply chain is vulnerable to various attacks, including piracy of intellectual properties, tampering, counterfeiting, information leakage, side-channel, and fault injection attacks, due to the complex nature of electronic products and vulnerabilities present in them. Although numerous solutions have been proposed to address these threats, significant gaps remain, particularly in providing scalable and comprehensive protection against emerging attacks. Digital twin, a dynamic virtual replica of a physical system, has emerged as a promising solution to address these issues by providing backward traceability, end-to-end visibility, and continuous verification of component integrity and behavior. In this paper, we present a comprehensive survey of the application of digital twins based on their functional role and application domains. We comprehensively present recent digital twin-based security implementations, including their role in cyber-physical systems, Internet of Things, and cryptographic systems, detection of counterfeit electronics, intrusion detection, fault injection, and side-channel leakage. To the best of our knowledge, it is the first study to consolidate these security use cases into a unified reference. The paper also explores the integration of large language models with digital twins for enhanced security and discusses current challenges, solutions, and future research directions.
△ Less
Submitted 22 May, 2025;
originally announced May 2025.
-
Understanding the Security Landscape of Embedded Non-Volatile Memories: A Comprehensive Survey
Authors:
Zakia Tamanna Tisha,
Ujjwal Guin
Abstract:
The modern semiconductor industry requires memory solutions that can keep pace with the high-speed demands of high-performance computing. Embedded non-volatile memories (eNVMs) address these requirements by offering faster access to stored data at an improved computational throughput and efficiency. Furthermore, these technologies offer numerous appealing features, including limited area-energy-ru…
▽ More
The modern semiconductor industry requires memory solutions that can keep pace with the high-speed demands of high-performance computing. Embedded non-volatile memories (eNVMs) address these requirements by offering faster access to stored data at an improved computational throughput and efficiency. Furthermore, these technologies offer numerous appealing features, including limited area-energy-runtime budget and data retention capabilities. Among these, the data retention feature of eNVMs has garnered particular interest within the semiconductor community. Although this property allows eNVMs to retain data even in the absence of a continuous power supply, it also introduces some vulnerabilities, prompting security concerns. These concerns have sparked increased interest in examining the broader security implications associated with eNVM technologies. This paper examines the security aspects of eNVMs by discussing the reasons for vulnerabilities in specific memories from an architectural point of view. Additionally, this paper extensively reviews eNVM-based security primitives, such as physically unclonable functions and true random number generators, as well as techniques like logic obfuscation. The paper also explores a broad spectrum of security threats to eNVMs, including physical attacks such as side-channel attacks, fault injection, and probing, as well as logical threats like information leakage, denial-of-service, and thermal attacks. Finally, the paper presents a study of publication trends in the eNVM domain since the early 2000s, reflecting the rising momentum and research activity in this field.
△ Less
Submitted 22 May, 2025;
originally announced May 2025.
-
Reward-based Blockchain Infrastructure for 3D IC Supply Chain Provenance
Authors:
Sulyab Thottungal Valapu,
Aritri Saha,
Bhaskar Krishnamachari,
Vivek Menon,
Ujjwal Guin
Abstract:
In response to the growing demand for enhanced performance and power efficiency, the semiconductor industry has witnessed a paradigm shift toward heterogeneous integration, giving rise to 2.5D/3D chips. These chips incorporate diverse chiplets, manufactured globally and integrated into a single chip. Securing these complex 2.5D/3D integrated circuits (ICs) presents a formidable challenge due to in…
▽ More
In response to the growing demand for enhanced performance and power efficiency, the semiconductor industry has witnessed a paradigm shift toward heterogeneous integration, giving rise to 2.5D/3D chips. These chips incorporate diverse chiplets, manufactured globally and integrated into a single chip. Securing these complex 2.5D/3D integrated circuits (ICs) presents a formidable challenge due to inherent trust issues within the semiconductor supply chain. Chiplets produced in untrusted locations may be susceptible to tampering, introducing malicious circuits that could compromise sensitive information. This paper introduces an innovative approach that leverages blockchain technology to establish traceability for ICs and chiplets throughout the supply chain. Given that chiplet manufacturers are dispersed globally and may operate within different blockchain consortiums, ensuring the integrity of data within each blockchain ledger becomes imperative. To address this, we propose a novel dual-layer approach for establishing distributed trust across diverse blockchain ledgers. The lower layer comprises of a blockchain-based framework for IC supply chain provenance that enables transactions between blockchain instances run by different consortiums, making it possible to trace the complete provenance DAG of each IC. The upper layer implements a multi-chain reputation scheme that assigns reputation scores to entities while specifically accounting for high-risk transactions that cross blockchain trust zones. This approach enhances the credibility of the blockchain data, mitigating potential risks associated with the use of multiple consortiums and ensuring a robust foundation for securing 2.5D/3D ICs in the evolving landscape of heterogeneous integration.
△ Less
Submitted 11 December, 2024;
originally announced December 2024.
-
Beware of Discarding Used SRAMs: Information is Stored Permanently
Authors:
Joshua Hovanes,
Yadi Zhong,
Ujjwal Guin
Abstract:
Data recovery has long been a focus of the electronics industry for decades by security experts, focusing on hard disk recovery, a type of non-volatile memory. Unfortunately, none of the existing research, neither from academia, industry, or government, have ever considered data recovery from volatile memories. The data is lost when it is powered off, by definition. To the best of our knowledge, w…
▽ More
Data recovery has long been a focus of the electronics industry for decades by security experts, focusing on hard disk recovery, a type of non-volatile memory. Unfortunately, none of the existing research, neither from academia, industry, or government, have ever considered data recovery from volatile memories. The data is lost when it is powered off, by definition. To the best of our knowledge, we are the first to present an approach to recovering data from a static random access memory. It is conventional wisdom that SRAM loses its contents whenever it turns off, and it is not required to protect sensitive information, e.g., the firmware code, secret encryption keys, etc., when an SRAM-based computing system retires. Unfortunately, the recycling of integrated circuits poses a severe threat to the protection of intellectual properties. In this paper, we present a novel concept to retrieve SRAM data as aging leads to a power-up state with an imprint of the stored values. We show that our proposed approaches can partially recover the previously used SRAM content. The accuracy of the recovered data can be further increased by incorporating multiple SRAM chips compared to a single one. It is impossible to retrieve the prior content of some stable SRAM cells, where aging shifts these cells towards stability. As the locations of these cells vary from chip to chip due to uncontrollable process variation, the same cell has a higher chance of being unstable or stable against aging in any of the chips, which helps us recover the content. Finally, majority voting is used to combine a set of SRAM chips' data to recover the stored data. We present our experimental result using commercial off-the-shelf SRAMs with stored binary image data before performing accelerated aging. We demonstrate the successful partial retrieval on SRAMs that are aged with as little as 4 hours of accelerated aging with 85C.
△ Less
Submitted 4 August, 2022;
originally announced August 2022.
-
Complexity Analysis of the SAT Attack on Logic Locking
Authors:
Yadi Zhong,
Ujjwal Guin
Abstract:
Due to the adoption of horizontal business models following the globalization of semiconductor manufacturing, the overproduction of integrated circuits (ICs) and the piracy of intellectual properties (IPs) can lead to significant damage to the integrity of the semiconductor supply chain. Logic locking emerges as a primary design-for-security measure to counter these threats, where ICs become fully…
▽ More
Due to the adoption of horizontal business models following the globalization of semiconductor manufacturing, the overproduction of integrated circuits (ICs) and the piracy of intellectual properties (IPs) can lead to significant damage to the integrity of the semiconductor supply chain. Logic locking emerges as a primary design-for-security measure to counter these threats, where ICs become fully functional only when unlocked with a secret key. However, Boolean satisfiability-based attacks have rendered most locking schemes ineffective. This gives rise to numerous defenses and new locking methods to achieve SAT resiliency. This paper provides a unique perspective on the SAT attack efficiency based on conjunctive normal form (CNF) stored in SAT solver. First, we show how the attack learns new relations between keys in every iteration using distinguishing input patterns and the corresponding oracle responses. The input-output pairs result in new CNF clauses of unknown keys to be appended to the SAT solver, which leads to an exponential reduction in incorrect key values. Second, we demonstrate that the SAT attack can break any locking scheme within linear iteration complexity of key size. Moreover, we show how key constraints on point functions affect the SAT attack complexity. We explain why proper key constraint on AntiSAT reduces the complexity effectively to constant 1. The same constraint helps the breaking of CAS-Lock down to linear iteration complexity. Our analysis provides a new perspective on the capabilities of SAT attack against multiplier benchmark c6288, and we provide new directions to achieve SAT resiliency.
△ Less
Submitted 14 December, 2022; v1 submitted 5 July, 2022;
originally announced July 2022.
-
AFIA: ATPG-Guided Fault Injection Attack on Secure Logic Locking
Authors:
Yadi Zhong,
Ayush Jain,
M. Tanjidur Rahman,
Navid Asadizanjani,
Jiafeng Xie,
Ujjwal Guin
Abstract:
The outsourcing of the design and manufacturing of integrated circuits has raised severe concerns about the piracy of Intellectual Properties and illegal overproduction. Logic locking has emerged as an obfuscation technique to protect outsourced chip designs, where the circuit netlist is locked and can only be functional once a secure key is programmed. However, Boolean Satisfiability-based attack…
▽ More
The outsourcing of the design and manufacturing of integrated circuits has raised severe concerns about the piracy of Intellectual Properties and illegal overproduction. Logic locking has emerged as an obfuscation technique to protect outsourced chip designs, where the circuit netlist is locked and can only be functional once a secure key is programmed. However, Boolean Satisfiability-based attacks have shown to break logic locking, simultaneously motivating researchers to develop more secure countermeasures. In this paper, we present a novel fault injection attack to break any locking technique that relies on a stored secret key, and denote this attack as AFIA, ATPG-guided Fault Injection Attack. The proposed attack is based on sensitizing a key bit to the primary output while injecting faults at a few other key lines that block the propagation of the targeted key bit. AIFA is very effective in determining a key bit as there exists a stuck-at fault pattern that detects a stuck-at 1 (or stuck-at 0) fault at any key line. The average complexity of number of injected faults for AFIA is linear with the key size and requires only |K| test patterns to determine a secret key, K. AFIA requires a fewer number of injected faults to sensitize a bit to the primary output, compared to 2|K|-1 faults for the differential fault analysis attack [26].
△ Less
Submitted 12 October, 2022; v1 submitted 9 June, 2022;
originally announced June 2022.
-
A Comprehensive Test Pattern Generation Approach Exploiting SAT Attack for Logic Locking
Authors:
Yadi Zhong,
Ujjwal Guin
Abstract:
The need for reducing manufacturing defect escape in today's safety-critical applications requires increased fault coverage. However, generating a test set using commercial automatic test pattern generation (ATPG) tools that lead to zero-defect escape is still an open problem. It is challenging to detect all stuck-at faults to reach 100% fault coverage. In parallel, the hardware security community…
▽ More
The need for reducing manufacturing defect escape in today's safety-critical applications requires increased fault coverage. However, generating a test set using commercial automatic test pattern generation (ATPG) tools that lead to zero-defect escape is still an open problem. It is challenging to detect all stuck-at faults to reach 100% fault coverage. In parallel, the hardware security community has been actively involved in developing solutions for logic locking to prevent IP piracy. Locks (e.g., XOR gates) are inserted in different locations of the netlist so that an adversary cannot determine the secret key. Unfortunately, the Boolean satisfiability (SAT) based attack, introduced in [1], can break different logic locking schemes in minutes. In this paper, we propose a novel test pattern generation approach using the powerful SAT attack on logic locking. A stuck-at fault is modeled as a locked gate with a secret key. Our modeling of stuck-at faults preserves the property of fault activation and propagation. We show that the input pattern that determines the key is a test for the stuck-at fault. We propose two different approaches for test pattern generation. First, a single stuck-at fault is targeted, and a corresponding locked circuit with one key bit is created. This approach generates one test pattern per fault. Second, we consider a group of faults and convert the circuit to its locked version with multiple key bits. The inputs obtained from the SAT tool are the test set for detecting this group of faults. Our approach is able to find test patterns for hard-to-detect faults that were previously failed in commercial ATPG tools. The proposed test pattern generation approach can efficiently detect redundant faults present in a circuit. We demonstrate the effectiveness of the approach on ITC'99 benchmarks. The results show that we can achieve a perfect fault coverage reaching 100%.
△ Less
Submitted 8 February, 2023; v1 submitted 24 April, 2022;
originally announced April 2022.
-
Special Session: Reliability Analysis for ML/AI Hardware
Authors:
Shamik Kundu,
Kanad Basu,
Mehdi Sadi,
Twisha Titirsha,
Shihao Song,
Anup Das,
Ujjwal Guin
Abstract:
Artificial intelligence (AI) and Machine Learning (ML) are becoming pervasive in today's applications, such as autonomous vehicles, healthcare, aerospace, cybersecurity, and many critical applications. Ensuring the reliability and robustness of the underlying AI/ML hardware becomes our paramount importance. In this paper, we explore and evaluate the reliability of different AI/ML hardware. The fir…
▽ More
Artificial intelligence (AI) and Machine Learning (ML) are becoming pervasive in today's applications, such as autonomous vehicles, healthcare, aerospace, cybersecurity, and many critical applications. Ensuring the reliability and robustness of the underlying AI/ML hardware becomes our paramount importance. In this paper, we explore and evaluate the reliability of different AI/ML hardware. The first section outlines the reliability issues in a commercial systolic array-based ML accelerator in the presence of faults engendering from device-level non-idealities in the DRAM. Next, we quantified the impact of circuit-level faults in the MSB and LSB logic cones of the Multiply and Accumulate (MAC) block of the AI accelerator on the AI/ML accuracy. Finally, we present two key reliability issues -- circuit aging and endurance in emerging neuromorphic hardware platforms and present our system-level approach to mitigate them.
△ Less
Submitted 29 March, 2021; v1 submitted 22 March, 2021;
originally announced March 2021.
-
A Novel Tampering Attack on AES Cores with Hardware Trojans
Authors:
Ayush Jain,
Ujjwal Guin
Abstract:
The implementation of cryptographic primitives in integrated circuits (ICs) continues to increase over the years due to the recent advancement of semiconductor manufacturing and reduction of cost per transistors. The hardware implementation makes cryptographic operations faster and more energy-efficient. However, various hardware attacks have been proposed aiming to extract the secret key in order…
▽ More
The implementation of cryptographic primitives in integrated circuits (ICs) continues to increase over the years due to the recent advancement of semiconductor manufacturing and reduction of cost per transistors. The hardware implementation makes cryptographic operations faster and more energy-efficient. However, various hardware attacks have been proposed aiming to extract the secret key in order to undermine the security of these primitives. In this paper, we focus on the widely used advanced encryption standard (AES) block cipher and demonstrate its vulnerability against tampering attack. Our proposed attack relies on implanting a hardware Trojan in the netlist by an untrusted foundry, which can design and implement such a Trojan as it has access to the design layout and mask information. The hardware Trojan's activation modifies a particular round's input data by preventing the effect of all previous rounds' key-dependent computation. We propose to use a sequential hardware Trojan to deliver the payload at the input of an internal round for achieving this modification of data. All the internal subkeys, and finally, the secret key can be computed from the observed ciphertext once the Trojan is activated. We implement our proposed tampering attack with a sequential hardware Trojan inserted into a 128-bit AES design from OpenCores benchmark suite and report the area overhead to demonstrate the feasibility of the proposed tampering attack.
△ Less
Submitted 7 August, 2020;
originally announced August 2020.
-
ATPG-Guided Fault Injection Attacks on Logic Locking
Authors:
Ayush Jain,
Tanjidur Rahman,
Ujjwal Guin
Abstract:
Logic Locking is a well-accepted protection technique to enable trust in the outsourced design and fabrication processes of integrated circuits (ICs) where the original design is modified by incorporating additional key gates in the netlist, resulting in a key-dependent functional circuit. The original functionality of the chip is recovered once it is programmed with the secret key, otherwise, it…
▽ More
Logic Locking is a well-accepted protection technique to enable trust in the outsourced design and fabrication processes of integrated circuits (ICs) where the original design is modified by incorporating additional key gates in the netlist, resulting in a key-dependent functional circuit. The original functionality of the chip is recovered once it is programmed with the secret key, otherwise, it produces incorrect results for some input patterns. Over the past decade, different attacks have been proposed to break logic locking, simultaneously motivating researchers to develop more secure countermeasures. In this paper, we propose a novel stuck-at fault-based differential fault analysis (DFA) attack, which can be used to break logic locking that relies on a stored secret key. This proposed attack is based on self-referencing, where the secret key is determined by injecting faults in the key lines and comparing the response with its fault-free counterpart. A commercial ATPG tool can be used to generate test patterns that detect these faults, which will be used in DFA to determine the secret key. One test pattern is sufficient to determine one key bit, which results in at most |K| test patterns to determine the entire secret key of size |K|. The proposed attack is generic and can be extended to break any logic locked circuits.
△ Less
Submitted 20 July, 2020;
originally announced July 2020.
-
Benchmarking at the Frontier of Hardware Security: Lessons from Logic Locking
Authors:
Benjamin Tan,
Ramesh Karri,
Nimisha Limaye,
Abhrajit Sengupta,
Ozgur Sinanoglu,
Md Moshiur Rahman,
Swarup Bhunia,
Danielle Duvalsaint,
R. D.,
Blanton,
Amin Rezaei,
Yuanqi Shen,
Hai Zhou,
Leon Li,
Alex Orailoglu,
Zhaokun Han,
Austin Benedetti,
Luciano Brignone,
Muhammad Yasin,
Jeyavijayan Rajendran,
Michael Zuzak,
Ankur Srivastava,
Ujjwal Guin,
Chandan Karfa,
Kanad Basu
, et al. (11 additional authors not shown)
Abstract:
Integrated circuits (ICs) are the foundation of all computing systems. They comprise high-value hardware intellectual property (IP) that are at risk of piracy, reverse-engineering, and modifications while making their way through the geographically-distributed IC supply chain. On the frontier of hardware security are various design-for-trust techniques that claim to protect designs from untrusted…
▽ More
Integrated circuits (ICs) are the foundation of all computing systems. They comprise high-value hardware intellectual property (IP) that are at risk of piracy, reverse-engineering, and modifications while making their way through the geographically-distributed IC supply chain. On the frontier of hardware security are various design-for-trust techniques that claim to protect designs from untrusted entities across the design flow. Logic locking is one technique that promises protection from the gamut of threats in IC manufacturing. In this work, we perform a critical review of logic locking techniques in the literature, and expose several shortcomings. Taking inspiration from other cybersecurity competitions, we devise a community-led benchmarking exercise to address the evaluation deficiencies. In reflecting on this process, we shed new light on deficiencies in evaluation of logic locking and reveal important future directions. The lessons learned can guide future endeavors in other areas of hardware security.
△ Less
Submitted 11 June, 2020;
originally announced June 2020.
-
A Novel Topology-Guided Attack and Its Countermeasure Towards Secure Logic Locking
Authors:
Yuqiao Zhang,
Ayush Jain,
Pinchen Cui,
Ziqi Zhou,
Ujjwal Guin
Abstract:
The outsourcing of the design and manufacturing of integrated circuits (ICs) in the current horizontal semiconductor integration flow has posed various security threats due to the presence of untrusted entities, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Properties (IPs). Consequently, logic locking emerged as one of the prominent design fo…
▽ More
The outsourcing of the design and manufacturing of integrated circuits (ICs) in the current horizontal semiconductor integration flow has posed various security threats due to the presence of untrusted entities, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Properties (IPs). Consequently, logic locking emerged as one of the prominent design for trust techniques. Unfortunately, these locking techniques are now inclined to achieve complete Boolean satisfiability (SAT) resiliency after the seminal work published in [47]. In this paper, we propose a novel oracle-less attack that is based on the topological analysis of the locked netlist even though it is SAT-resilient. The attack relies on identifying and constructing unit functions with a hypothesis key to be searched in the entire netlist to find its replica. The proposed graph search algorithm efficiently finds the duplicate functions in the netlist, making it a self-referencing attack. This proposed attack is extremely efficient and can determine the secret key within a few minutes. We have also proposed a countermeasure to make the circuit resilient against this topology-guided attack to progress towards a secure logic locking technique.
△ Less
Submitted 8 October, 2020; v1 submitted 10 June, 2020;
originally announced June 2020.
-
Yield Loss Reduction and Test of AI and Deep Learning Accelerators
Authors:
Mehdi Sadi,
Ujjwal Guin
Abstract:
With data-driven analytics becoming mainstream, the global demand for dedicated AI and Deep Learning accelerator chips is soaring. These accelerators, designed with densely packed Processing Elements (PE), are especially vulnerable to the manufacturing defects and functional faults common in the advanced semiconductor process nodes resulting in significant yield loss. In this work, we demonstrate…
▽ More
With data-driven analytics becoming mainstream, the global demand for dedicated AI and Deep Learning accelerator chips is soaring. These accelerators, designed with densely packed Processing Elements (PE), are especially vulnerable to the manufacturing defects and functional faults common in the advanced semiconductor process nodes resulting in significant yield loss. In this work, we demonstrate an application-driven methodology of binning the AI accelerator chips, and yield loss reduction by correlating the circuit faults in the PEs of the accelerator with the desired accuracy of the target AI workload. We exploit the inherent fault tolerance features of trained deep learning models and a strategy of selective deactivation of faulty PEs to develop the presented yield loss reduction and test methodology. An analytical relationship is derived between fault location, fault rate, and the AI task's accuracy for deciding if the accelerator chip can pass the final yield test. A yield-loss reduction aware fault isolation, ATPG, and test flow are presented for the multiply and accumulate units of the PEs. Results obtained with widely used AI/deep learning benchmarks demonstrate that the accelerators can sustain 5% fault-rate in PE arrays while suffering from less than 1% accuracy loss, thus enabling product-binning and yield loss reduction of these chips.
△ Less
Submitted 22 October, 2020; v1 submitted 8 June, 2020;
originally announced June 2020.
-
TAAL: Tampering Attack on Any Key-based Logic Locked Circuits
Authors:
Ayush Jain,
Ziqi Zhou,
Ujjwal Guin
Abstract:
Due to the globalization of semiconductor manufacturing and test processes, the system-on-a-chip (SoC) designers no longer design the complete SoC and manufacture chips on their own. This outsourcing of the design and manufacturing of Integrated Circuits (ICs) has resulted in several threats, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Prope…
▽ More
Due to the globalization of semiconductor manufacturing and test processes, the system-on-a-chip (SoC) designers no longer design the complete SoC and manufacture chips on their own. This outsourcing of the design and manufacturing of Integrated Circuits (ICs) has resulted in several threats, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Properties (IPs). Logic locking has emerged as a promising defense strategy against these threats. However, various attacks about the extraction of secret keys have undermined the security of logic locking techniques. Over the years, researchers have proposed different techniques to prevent existing attacks. In this paper, we propose a novel attack that can break any logic locking techniques that rely on the stored secret key. This proposed TAAL attack is based on implanting a hardware Trojan in the netlist, which leaks the secret key to an adversary once activated. As an untrusted foundry can extract the netlist of a design from the layout/mask information, it is feasible to implement such a hardware Trojan. All three proposed types of TAAL attacks can be used for extracting secret keys. We have introduced the models for both the combinational and sequential hardware Trojans that evade manufacturing tests. An adversary only needs to choose one hardware Trojan out of a large set of all possible Trojans to launch the TAAL attack.
△ Less
Submitted 11 December, 2020; v1 submitted 16 September, 2019;
originally announced September 2019.
