Pub Date : 2020-05-01DOI: 10.1109/ETS48528.2020.9131559
Lizhou Wu, M. Fieback, M. Taouil, S. Hamdioui
This paper introduces a new test approach: device-aware test (DAT) for emerging memory technologies such as MRAM, RRAM, and PCM. The DAT approach enables accurate models of device defects to obtain realistic fault models, which are used to develop high-quality and optimized test solutions. This is demonstrated by an application of DAT to pinhole defects in STT-MRAMs and forming defects in RRAMs.
{"title":"Device-Aware Test for Emerging Memories: Enabling Your Test Program for DPPB Level","authors":"Lizhou Wu, M. Fieback, M. Taouil, S. Hamdioui","doi":"10.1109/ETS48528.2020.9131559","DOIUrl":"https://doi.org/10.1109/ETS48528.2020.9131559","url":null,"abstract":"This paper introduces a new test approach: device-aware test (DAT) for emerging memory technologies such as MRAM, RRAM, and PCM. The DAT approach enables accurate models of device defects to obtain realistic fault models, which are used to develop high-quality and optimized test solutions. This is demonstrated by an application of DAT to pinhole defects in STT-MRAMs and forming defects in RRAMs.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122927186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-01DOI: 10.1109/ETS48528.2020.9131583
S. Masoumian, G. Selimis, Roel Maes, G. Schrijen, S. Hamdioui, M. Taouil
In this paper, we develop an analytical PUF model based on a compact FinFET transistor model that calculates the PUF stability (i.e. PUF static noise margin (PSNM)) for FinFET based SRAMs. The model enables a quick design space exploration and may be used to identify critical parameters that affect the PSNM. The analytical model is validated with SPICE simulations. In our experiments, we analyze the impact of process variation, technology, and temperature on the PSNM. The results show that the analytical model matches very well with the simulation model. From the experiments we conclude the following: (1) nFET variations have a larger impact on the PSNM than pFET (1.5% higher PSNM in nFET variations than pFET variations at 25°C), (2) high performance SRAM cells are more skewed (1.3% higher PSNM) (3) the reproducibility increases with smaller technology nodes (0.8% PSNM increase from 20 to 14 nm) (4) increasing the temperature from −10°C to 120°C leads to a PSNM change of approximately 1.0% for an extreme nFET channel length.
{"title":"Modeling Static Noise Margin for FinFET based SRAM PUFs","authors":"S. Masoumian, G. Selimis, Roel Maes, G. Schrijen, S. Hamdioui, M. Taouil","doi":"10.1109/ETS48528.2020.9131583","DOIUrl":"https://doi.org/10.1109/ETS48528.2020.9131583","url":null,"abstract":"In this paper, we develop an analytical PUF model based on a compact FinFET transistor model that calculates the PUF stability (i.e. PUF static noise margin (PSNM)) for FinFET based SRAMs. The model enables a quick design space exploration and may be used to identify critical parameters that affect the PSNM. The analytical model is validated with SPICE simulations. In our experiments, we analyze the impact of process variation, technology, and temperature on the PSNM. The results show that the analytical model matches very well with the simulation model. From the experiments we conclude the following: (1) nFET variations have a larger impact on the PSNM than pFET (1.5% higher PSNM in nFET variations than pFET variations at 25°C), (2) high performance SRAM cells are more skewed (1.3% higher PSNM) (3) the reproducibility increases with smaller technology nodes (0.8% PSNM increase from 20 to 14 nm) (4) increasing the temperature from −10°C to 120°C leads to a PSNM change of approximately 1.0% for an extreme nFET channel length.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124208647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-01DOI: 10.1109/ETS48528.2020.9131600
Zahra Paria Najafi-Haghi, Marzieh Hashemipour-Nazari, H. Wunderlich
Small Delay Faults (SDFs) are an indicator of reliability threats even if they do not affect the behavior of a system at nominal speed. Various defects may evolve over time into a complete system failure, and defects have to be distinguished from delays due to process variations which also change the circuit timing but are benign. Based on Monte-Carlo electrical simulation at cell level, in this work it is shown that a few measurements at different operating points of voltage and frequency are sufficient to identify a defect cell even if its behavior is completely within the specification range. The developed classifier is based on statistical learning and can be annotated to each element of a cell library to support manufacturing test, diagnosis and optimizing the burn-in process or yield.
{"title":"Variation-Aware Defect Characterization at Cell Level","authors":"Zahra Paria Najafi-Haghi, Marzieh Hashemipour-Nazari, H. Wunderlich","doi":"10.1109/ETS48528.2020.9131600","DOIUrl":"https://doi.org/10.1109/ETS48528.2020.9131600","url":null,"abstract":"Small Delay Faults (SDFs) are an indicator of reliability threats even if they do not affect the behavior of a system at nominal speed. Various defects may evolve over time into a complete system failure, and defects have to be distinguished from delays due to process variations which also change the circuit timing but are benign. Based on Monte-Carlo electrical simulation at cell level, in this work it is shown that a few measurements at different operating points of voltage and frequency are sufficient to identify a defect cell even if its behavior is completely within the specification range. The developed classifier is based on statistical learning and can be annotated to each element of a cell library to support manufacturing test, diagnosis and optimizing the burn-in process or yield.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126509768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-01DOI: 10.1109/ETS48528.2020.9131566
Pascal Raiola, Tobias Paxian, B. Becker
Reconfigurable Scan Networks (RSNs) allow flexible access to embedded instruments for post-silicon validation and debug or diagnosis. However, the increased observability and controllability can be exploited by an attacker to manipulate or read out sensitive data, if no adequate precautions are taken by the designer. For large RSNs taking those precautions without algorithmic support is virtually impossible. This work proposes a method to automatically generate “minimal witnesses” demonstrating security weaknesses w.r.t. data flow in RSNs. The method provides condensed information to the designer on how to prevent data flow attacks, e.g. by locally modifying the RSN or by preventing active scan paths which contain those minimal witnesses. Experimental results confirm the applicability of the proposed method to diverse benchmark sets, including large designs. Additionally, the benefit of generating “minimal witnesses” for security weaknesses is shown.
{"title":"Minimal Witnesses for Security Weaknesses in Reconfigurable Scan Networks","authors":"Pascal Raiola, Tobias Paxian, B. Becker","doi":"10.1109/ETS48528.2020.9131566","DOIUrl":"https://doi.org/10.1109/ETS48528.2020.9131566","url":null,"abstract":"Reconfigurable Scan Networks (RSNs) allow flexible access to embedded instruments for post-silicon validation and debug or diagnosis. However, the increased observability and controllability can be exploited by an attacker to manipulate or read out sensitive data, if no adequate precautions are taken by the designer. For large RSNs taking those precautions without algorithmic support is virtually impossible. This work proposes a method to automatically generate “minimal witnesses” demonstrating security weaknesses w.r.t. data flow in RSNs. The method provides condensed information to the designer on how to prevent data flow attacks, e.g. by locally modifying the RSN or by preventing active scan paths which contain those minimal witnesses. Experimental results confirm the applicability of the proposed method to diverse benchmark sets, including large designs. Additionally, the benefit of generating “minimal witnesses” for security weaknesses is shown.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128534130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-01DOI: 10.1109/ETS48528.2020.9131555
E. Larsson, Zehang Xiang, P. Murali
We address access control of reconfigurable scan networks, like IEEE Std. 1687 networks. We propose an on-chip test block to perform: (1) test for faulty scan-chains, (2) localization of faulty scan-chains and (3) repair by excluding faulty scan-chains, and an access control block to (1) control so scan-chains (instruments) are only accessed in allowed combinations, (2) detection of access attempts to instrument in not allowed combinations, and (3) monitoring how theses attempts are made. The key features are two-fold. First, in respect to operation and maintenance. If the physical implementation of an IEEE Std. 1687 network changes due to faults, the instrument connectivity language (ICL) and procedural description language (PDL) need to be updated. To avoid keeping track and updating ICL and PDL for each individual integrated circuit (IC), proposed test block, placed at each IC, makes adjustments of PDL according to the faults of the particular IC. Second, a centralized access control block with key information about the network to detect and handle unauthorized access.
{"title":"IEEE Std. P1687.1 for Access Control of Reconfigurable Scan Networks","authors":"E. Larsson, Zehang Xiang, P. Murali","doi":"10.1109/ETS48528.2020.9131555","DOIUrl":"https://doi.org/10.1109/ETS48528.2020.9131555","url":null,"abstract":"We address access control of reconfigurable scan networks, like IEEE Std. 1687 networks. We propose an on-chip test block to perform: (1) test for faulty scan-chains, (2) localization of faulty scan-chains and (3) repair by excluding faulty scan-chains, and an access control block to (1) control so scan-chains (instruments) are only accessed in allowed combinations, (2) detection of access attempts to instrument in not allowed combinations, and (3) monitoring how theses attempts are made. The key features are two-fold. First, in respect to operation and maintenance. If the physical implementation of an IEEE Std. 1687 network changes due to faults, the instrument connectivity language (ICL) and procedural description language (PDL) need to be updated. To avoid keeping track and updating ICL and PDL for each individual integrated circuit (IC), proposed test block, placed at each IC, makes adjustments of PDL according to the faults of the particular IC. Second, a centralized access control block with key information about the network to detect and handle unauthorized access.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128849975","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-01DOI: 10.1109/ETS48528.2020.9131580
Md Toufiq Hasan Anik, Rachit Saini, J. Danger, S. Guilley, Naghmeh Karimi
Timely notification of abnormal behaviors is essential in strategic systems requiring a high level of safety and security. Sensing environmental conditions to ensure that the device is not operating out-of-specifications is highly useful in detecting anomalies caused by failures or malevolent actions. Digital sensors consider the operating environmental conditions as a whole, i.e. they are sensitive to temperature, voltage and process altogether, without precise knowledge about each. This paper proposes a low-cost digital sensor that can detect system failures accurately in the designer's preferable range of operating conditions. Our experimental results show the high accuracy of this sensor in detecting circuits failure which occurred due to change of the operating temperature and supply voltage.
{"title":"Failure and Attack Detection by Digital Sensors","authors":"Md Toufiq Hasan Anik, Rachit Saini, J. Danger, S. Guilley, Naghmeh Karimi","doi":"10.1109/ETS48528.2020.9131580","DOIUrl":"https://doi.org/10.1109/ETS48528.2020.9131580","url":null,"abstract":"Timely notification of abnormal behaviors is essential in strategic systems requiring a high level of safety and security. Sensing environmental conditions to ensure that the device is not operating out-of-specifications is highly useful in detecting anomalies caused by failures or malevolent actions. Digital sensors consider the operating environmental conditions as a whole, i.e. they are sensitive to temperature, voltage and process altogether, without precise knowledge about each. This paper proposes a low-cost digital sensor that can detect system failures accurately in the designer's preferable range of operating conditions. Our experimental results show the high accuracy of this sensor in detecting circuits failure which occurred due to change of the operating temperature and supply voltage.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121532704","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-01DOI: 10.1109/ets48528.2020.9131561
Anonymous
{"title":"Half Title","authors":"Anonymous","doi":"10.1109/ets48528.2020.9131561","DOIUrl":"https://doi.org/10.1109/ets48528.2020.9131561","url":null,"abstract":"","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"30 25","pages":""},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"141207530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-01DOI: 10.1109/ETS48528.2020.9131596
Jiho Park, Virinchi Roy Surabhi, P. Krishnamurthy, S. Garg, R. Karri, F. Khorrami
We propose multi-modal anomaly detection in embedded systems using time-correlated measurements of power consumption and memory accesses. Time series of power consumption of the processor and memory accesses between L2 cache and memory bus under known-good conditions are used to train one-class support vector machine (SVM) and isolation forest classifiers. These side channels have complementary anomaly detection capabilities. Experiments on a high-fidelity processor emulator show that the method accurately detects anomalies.
{"title":"Anomaly Detection in Embedded Systems Using Power and Memory Side Channels","authors":"Jiho Park, Virinchi Roy Surabhi, P. Krishnamurthy, S. Garg, R. Karri, F. Khorrami","doi":"10.1109/ETS48528.2020.9131596","DOIUrl":"https://doi.org/10.1109/ETS48528.2020.9131596","url":null,"abstract":"We propose multi-modal anomaly detection in embedded systems using time-correlated measurements of power consumption and memory accesses. Time series of power consumption of the processor and memory accesses between L2 cache and memory bus under known-good conditions are used to train one-class support vector machine (SVM) and isolation forest classifiers. These side channels have complementary anomaly detection capabilities. Experiments on a high-fidelity processor emulator show that the method accurately detects anomalies.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114633427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-01DOI: 10.1109/ETS48528.2020.9131594
David Knichel, Thorben Moos, A. Moradi
Side-channel analysis (SCA) attacks - especially power analysis - are powerful ways to extract the secrets stored in and processed by cryptographic devices. In recent years, researchers have shown interest in utilizing on-chip measurement facilities to perform such SCA attacks remotely. It was shown that simple voltage-monitoring sensors can be constructed from digital elements and put on multi-tenant FPGAs to perform remote attacks on neighbouring cryptographic co-processors. A similar threat is the unsuspecting integration of third-party IP-Cores into an IC design. Even if the function of an acquired IP-Core is not security critical by itself, it may contain an on-chip sensor as a Trojan that can eavesdrop on cryptographic operations across the whole device. In contrast to all FPGA-based investigations reported in the literature so far, we examine the efficiency of such on-chip sensors as a source of information leakage in an ASIC-based case study for the first time. To this end, in addition to a cryptographic core (lightweight block cipher PRESENT) we designed and implemented a voltage-monitoring sensor on an ASIC fabricated by a 40 nm commercial standard cell library. Despite the physical distance between the sensor and the PRESENT core, we show the possibility of fully recovering the secret key of the PRESENT core by processing the sensor's output. Our results imply that the hidden insertion of such a sensor - for example by a malicious third party IP-Core vendor - can endanger the security of embedded systems which deal with sensitive information, even if the device cannot be physically accessed by the adversary.
{"title":"The Risk of Outsourcing: Hidden SCA Trojans in Third-Party IP-Cores Threaten Cryptographic ICs","authors":"David Knichel, Thorben Moos, A. Moradi","doi":"10.1109/ETS48528.2020.9131594","DOIUrl":"https://doi.org/10.1109/ETS48528.2020.9131594","url":null,"abstract":"Side-channel analysis (SCA) attacks - especially power analysis - are powerful ways to extract the secrets stored in and processed by cryptographic devices. In recent years, researchers have shown interest in utilizing on-chip measurement facilities to perform such SCA attacks remotely. It was shown that simple voltage-monitoring sensors can be constructed from digital elements and put on multi-tenant FPGAs to perform remote attacks on neighbouring cryptographic co-processors. A similar threat is the unsuspecting integration of third-party IP-Cores into an IC design. Even if the function of an acquired IP-Core is not security critical by itself, it may contain an on-chip sensor as a Trojan that can eavesdrop on cryptographic operations across the whole device. In contrast to all FPGA-based investigations reported in the literature so far, we examine the efficiency of such on-chip sensors as a source of information leakage in an ASIC-based case study for the first time. To this end, in addition to a cryptographic core (lightweight block cipher PRESENT) we designed and implemented a voltage-monitoring sensor on an ASIC fabricated by a 40 nm commercial standard cell library. Despite the physical distance between the sensor and the PRESENT core, we show the possibility of fully recovering the secret key of the PRESENT core by processing the sensor's output. Our results imply that the hidden insertion of such a sensor - for example by a malicious third party IP-Core vendor - can endanger the security of embedded systems which deal with sensitive information, even if the device cannot be physically accessed by the adversary.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114893796","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-05-01DOI: 10.1109/ETS48528.2020.9131595
M. Portolan, J. Rearick, Martin Keim
This paper introduces a standards-based framework which enables two types of test re-use: direct re-use of test patterns written for low-level components of a system, and access by high-level tests of test features embedded within the low-level components. The underlying mechanism for both is the encapsulation, retargeting, and transformation of test procedures through successive layers of hardware interfaces, as codified in two standards being developed by IEEE Working Groups (P1687.1 and P2654). Examples demonstrate the steps in the process and illustrate both the challenges and opportunities of this approach.
{"title":"Linking Chip, Board, and System Test via Standards","authors":"M. Portolan, J. Rearick, Martin Keim","doi":"10.1109/ETS48528.2020.9131595","DOIUrl":"https://doi.org/10.1109/ETS48528.2020.9131595","url":null,"abstract":"This paper introduces a standards-based framework which enables two types of test re-use: direct re-use of test patterns written for low-level components of a system, and access by high-level tests of test features embedded within the low-level components. The underlying mechanism for both is the encapsulation, retargeting, and transformation of test procedures through successive layers of hardware interfaces, as codified in two standards being developed by IEEE Working Groups (P1687.1 and P2654). Examples demonstrate the steps in the process and illustrate both the challenges and opportunities of this approach.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122372973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: