Research Terms
This security mechanism for integrated circuits arranges near the transistors a layer of nanoscale silicon pyramids that scatter reflected light, disrupting the measurements necessary for optical probing attacks. Though greatly helpful for debugging circuitry failures, optical probing techniques allow attackers to access sensitive information in integrated circuits, such as personal data or intellectual property (IP). During an optical probing attack on an industry standard CMOS chip, the attacker must thin the chip’s backside silicon layer. Certain available countermeasures work by detecting this silicon thinning, but this requires additional components that are costly to integrate into standard CMOS fabrication. Other available countermeasures use sensors to detect signals from the laser probe in an attack, but the sensors must be located near the protected circuits and have significant area overhead. Furthermore, both of these defenses use active components that require additional power to detect an attack and trigger the destruction of sensitive data.
Researchers at the University of Florida have developed a silicon nanopyramid layer for integrated circuits that protects them from optical probing attacks. The nanopyramid countermeasure easily integrates into standard CMOS chip fabrication, has no area overhead, and works passively to consume no additional energy.
Silicon nanopyramids in integrated circuits that disrupt optical measurements to increase security against optical probing attacks
This countermeasure against optical probing attacks inserts randomly distributed silicon nanoscale pyramids into CMOS integrated circuits to disrupt standard light absorption, scattering, and reflection patterns. Since the nanostructures at the transistor layer have random size, placement, and spacing, measurements of reflection changes are not reliable for determining transistor activity and circuitry. By diffusing reflected light from the laser probe, the nanopyramids scramble the optical measurements essential for successful optical probing attacks, thereby protecting sensitive data or intellectual property in integrated circuits.
This protective framework prevents piracy and theft of the intellectual property of integrated circuits. Intellectual property theft is a prominent issue in the production process of integrated circuits. U.S. firms estimate that over $1.3 billion is lost annually from foreign patent infringements. Integrated circuits are subject to intellectual property threats, such as the cloning of design features and the sale of excess manufactured chips under different names, thus creating a need for increased protection. Researchers at the University of Florida have developed software that protects integrated circuits from intellectual property theft throughout the circuit’s production process. The chips are protected against intellectual property theft by combining an encrypted software function with methods of hardware obfuscation. This function enables manufacturing plants to test the chips without unlocking them, providing increased protection for the stored intellectual property contents. Additionally, the chips use a combination of asymmetric and symmetric key encryption to ensure secure tamper free transfer of chip unlock keys for activation. These protective functions keep the chips safe from theft at the system on chip design phase, the manufacturing and assembly stage, and the vending stage.
Software to protect integrated circuits from the theft of intellectual property during its integration into designs, during the manufacturing process, and during integrated circuit tests
University of Florida researchers have developed software that obfuscates and encrypts the intellectual property of integrated circuits through the process of design, manufacturing, and vending. This protective framework technology protects the intellectual property (IP) of the circuits at all vulnerable steps of the production process. The framework allows for the testing of the chips during manufacturing without being unlocked, verifies the integrity of the netlist using a secure cryptographic hash function at the design process, and ensures safe tamper-free transfer of chip unlock keys for the activation of chips. In combination, these protective methods prevent criminals from identifying key components of the integrated chips, thus preventing the capability to reverse engineer the chip’s functions and sell the technology as their own.
This cell camouflaging design leverages doping and dummy contacts to create camouflaged cells indistinguishable from regular standard cells to provide greater protection of integrated circuits in cyber-attacks. Available methods of integrated circuit camouflaging based on standard cells assuming Boolean functions are vulnerable to invasive and non-invasive attacks. Although more secure than integrated circuits without camouflaging, these readily identifiable camouflaged gates are easy to hack. By quickly testing each cell, hackers figure out which cells yield erroneous netlists vs. which hold the valuable information. Foreign theft of American intellectual property costs hundreds of billions of dollars annually , suggesting the need for better cybersecurity methods.
Researchers at the University of Florida have created a camouflaging strategy that leverages the use of dummy contact cells to create a gate indistinguishable from regular logic gates in a design. These covert gates avoid giving erroneous information, preventing hackers from knowing which information is valuable when they attempt to reverse engineer the integrated circuit.
Non-obvious camouflaging of integrated circuits by the use of modified logic gates, in order to protect semiconductor intellectual property
Integrated circuit camouflaging has emerged as promising solution for protecting semiconductor IP against reverse engineering. Using this covert-gate camouflaging strategy leverages doping and dummy contacts to create camouflaged cells that are indistinguishable from regular standard cells under modern imaging techniques. In a comprehensive security analysis of covert gate, researchers have demonstrated these covert gates achieve high resiliency against SAT and test-based attacks at very low overheads.
This object localization algorithm and window search technique identifies and locates target objects from scanning electron microscope images of integrated circuits to assist detection of defects and malicious circuits. Integrated circuits play key roles in nearly all modern electronics and are valued at $391 billion globally. The integrated circuit supply chain is vulnerable to security breaches including the sale of substandard, counterfeited circuits that can lead to poor quality or entirely non-functional electronics. In the past, object localization algorithms identified target objects in other fields using optical images, but these did not assess the quality of integrated circuits due to limitations of the optical images themselves.
Researchers at the University of Florida have developed an object localization algorithm that identifies target objects in integrated circuits from scanning electron microscope images. This algorithm quickly identifies and locates problems such as defects in integrated circuits.
Object localization algorithm that identifies and locates target objects in integrated circuits from scanning electron microscope images
This object localization algorithm uses a 2D search-string algorithm in combination with the window search technique and a knowledge-based mask window to search for multiple target objects from scanning electron microscope images of integrated circuits.
This automated system detects various mounted printed circuit board components by analyzing images of printed circuit boards. Printed circuit boards are critical components of nearly all modern electronic devices, and the printed circuit board market is projected to reach $75.52 billion by 2026. Printed circuit boards are mass-produced following the validation of a printed circuit board prototype, but prototype components must be thoroughly validated and a bill of materials needs to be produced prior to mass-production. The most commonly used method for prototype validation requires human subject matter experts to manually validate components and produce a bill of materials, making this process time-consuming, labor-intensive, and expensive.
Researchers at the University of Florida have developed a computer-implemented system that automatically detects printed circuit board components, an essential step for generating a bill of materials in an optical assurance pipeline. This allows for faster and more accurate detection of components and bill of materials generation.
Automatically detects printed circuit board components useful for reverse engineering, hardware assurance, or industrial assessment
This automated system for detecting printed circuit board component defects and generating a bill of materials, uses an algorithm to assess images of the printed circuit board and then estimates component locations. This method uses an angled directed light source to cast shadows on the printed circuit board. The shadows are stored as binary images and a proximity threshold is used to ensure only one component is assigned one shadow. The components are extracted from the binary image and compared to an unlit reference picture to validate the location of the component. This process can be used to quickly and accurately generate a bill of materials and can detect printed circuit board component defects.
This UCR RFID tag, or unclonable, chipless, radio-frequency identification tag, is an environmentally-sensitive tag that replaces barcodes and quick response (QR) code. RFID tags use electromagnetic energy to send data to readers, allowing users to track and trace tagged items. Because RFID offers more security and utility than barcodes or QR codes, businesses and other institutions have begun to adopt it for tracking items. Recently, RFID tags without microchips have attracted a great deal of attention as an alternative to the traditional tags because they are much cheaper and less vulnerable to denial-of-service attacks than RFID tags with traditional chips. However, available chipless tag designs generate very simple IDs that are too easy to clone and limit utility. They also require post-processing, which can increase manufacturing time and cost.
Researchers at the University of Florida have developed an unclonable, environmentally-sensitive, low-cost, chipless tag that can be attached to packages, directly integrated onto printed circuit boards of electronic products, or be printed on products or packaging with conductive ink.
Temperature-sensitive RFID tags that can trace and track items without risk of cloning by third parties
This chipless tag generates a unique ID based on both manufacturing variation and temperature variation, making it unclonable, as well as sensitive to temperature. The tag consists of two parts: a set of concentric ring slot resonators, whose resonance frequencies are sensitive to manufacturing variations, and a standalone circular ring slot resonator attached to a substrate that melts at high temperatures. The frequency signature of the first part of each tag serves as the identifier for that unique tag. The randomness of process variation means each frequency signature is unique and therefore unclonable. The frequency signature of the second part of the tag allows temperature tracking via the temperature-sensitive substrate used. The UCR tags can track and trace commodities (such as electronic products, foods, pharmaceuticals, etc.), including commodities susceptible to high temperatures, and enhance passports and driver licenses to help verify identities of people. Because the tags enable even non-electronic products to connect to a network, the UCR tags have the potential to expand the scope of the Internet of Things (IoT).
This obfuscation technique enhances the firmware security of internet-embedded systems in security-critical applications. The number of embedded systems is increasing exponentially globally with the advent of technology and the ever-growing demands for automation. However, the expanding deployment of embedded systems into many security-critical applications, such as medical devices, smart grids, and aerospace vehicles, makes the security of these embedded systems critical. With firmware being the “brain” of embedded systems and the difficulty of its implementation from scratch, it is the center of attention in adversarial attack scenarios, including tampering with the firmware to cause a denial of service (DOS), injection of malware, and authentication bypass. Encryption and obfuscation are the primary approaches for protecting firmware from adversarial attacks. While encryption protects firmware from cloning and reverse engineering, this approach leaks the control flow and firmware algorithm. Additionally, full-blown encryption requires more computational power along with maximum memory overhead. A hardware-assisted, dynamic obfuscation technique is necessary to achieve consistent performance without compromising the security of the firmware.
Researchers at the University of Florida have developed a dynamic obfuscation technique for mitigating adversarial attacks on the firmware of embedded systems. This technique eliminates the need for expensive encryptions and ensures the firmware cannot run correctly on illegitimate hardware. It also does not store any obfuscation key in the non-volatile memory (NVM), making it robust to memory probing attacks.
Hardware-assisted program execution-level dynamic obfuscation technique for internet-embedded systems in security-critical applications, ensuring firmware cannot run correctly on illegitimate hardware
This obfuscation technique has three stages of obfuscation to enhance firmware security. It runs in three stages, requiring some keys derived run-time securely from a Pseudo-Random Number Generator (PRNG), which has the device-intrinsic ID as the seed. The obfuscation technique does not involve computationally heavy encryptions, just simple XOR operations. In the first stage, this technique obfuscates opcodes only. Instructions remain in the program memory as block-wise, which then undergo obfuscation using block-wise obfuscation keys. In the third and final stage, the system randomly shuffles the memory blocks to conceal their layout. While the program is running, one block is de-obfuscated at a time in the cache. It is then obfuscated with a new key when it leaves the cache and another memory block to be brought in.
This dynamically obfuscated scan chain (DOSC) structure for electronic hardware protects intellectual property from theft, tampering or counterfeiting. By restricting access to the test/scan architecture, this technique prevents would-be thieves or saboteurs from reverse engineering or determining the roles each part of a device plays. In a 2018 revelation called the “Big Hack,” spies in China managed to insert chips into computer systems that would have allowed external control of those systems. The spies accomplished this because numerous entities typically take part in the design, fabrication and assembly of complex electronic devices (such as the motherboards the spies sabotaged at one point during their manufacture). This incident points to the potential for IP theft, piracy, tampering, or counterfeiting, as well as for integrated circuit overproduction during production. While logic obfuscation mechanisms aim to prevent these threats by establishing trust across the production process, they remain ineffective due to their vulnerability to Boolean satisfiability (SAT) based attacks, which grant unauthorized access to obfuscated design information. Available SAT-resistant logic obfuscation techniques suffer from their own critical vulnerabilities as they are susceptible to “bypass attacks” that can easily circumvent the effect of the SAT-resistant logic locking scheme.
Researchers at the University of Florida have developed a dynamically obfuscated scan chain structure that improves obfuscated circuit design encryption by eliminating the threat of SAT attacks. Rather than directly making logic locking more resilient, this system prevents SAT attacks by denying unauthorized access to the scan chain and testing architecture of an integrated circuit, thereby rendering reverse engineering by SAT infeasible.
Logic obfuscation technique that makes integrated circuits resilient to IP piracy and modification by untrusted entities in the production process
This logic obfuscation technique takes scan chain length, obfuscation key length, permutation rate, and other factors as input parameters and automatically produces a dynamically obfuscated scan chain (DOSC) design that resists SAT and bypass attacks. The DOSC architecture employs of a feedback shift register that takes a trusted control vector as input and dynamically generates an obfuscation key as output, protecting it via a shadow chain. After generating scan cells based on the obfuscation key and shadow chains, the system combines test patterns and responses to confuse attackers as to the original obfuscated logic. This DOSC architecture in an integrated circuit denies unauthorized users access to the circuit’s testing infrastructure, eliminating vulnerability to SAT attacks.
This quantitative algorithm uses information about the layout of an integrated circuit to evaluate the circuit's design for vulnerabilities to microprobing attacks. Microprobing is a type of physical attack on an integrated circuit that circumvents encryption and probes at signal wires to extract secure information. If successful, these attacks can compromise sensitive information such as personal data, encryption keys, and code format intellectual property. The most common reinforcement against microprobing attacks is active shielding, wherein meshes of trigger wires that surround the signal wires detect breaches and prevent the extraction of secure information. This protection has significant problems, however, as it requires additional routing layers that may be too costly or otherwise unavailable within the integrated circuit design. Additionally, certain designs of active shields are simply ineffective against microprobing attacks.
Researchers at the University of Florida have developed a framework for evaluating a microprobing prevention design based on an analysis of the circuit’s layout structure and its protection against known exploits. By quantifying the vulnerability to microprobing of an integrated circuit, the algorithm enables more effective development and management of anti-probing systems.
An algorithm to verify and assess microprobing vulnerabilities on integrated circuits
This algorithm quantifies the vulnerability of integrated circuits to microprobing attacks by using information drawn from the circuit's layout. The algorithm uses the nets of signaling pathways that are likely targets for a microprobing attack to analyze the layout of the integrated circuit, determining the areas that are not sufficiently protected from potential attacks. This framework for identifying the vulnerabilities of integrated circuits, establishes a quantitative relationship between different assessed layouts, enabling designers to develop anti-probing hardware arrangements with better resistances to security breaches.
This computer-implemented algorithm identifies printed circuit board (PCB) components for quality control. Printed circuit board (PCB) component detection is essential for PCB manufacturing. Color image processing provides a rough estimate of a component’s location, and superpixel segmentation further refines the approximate location. While these techniques distinguish the background board color from components of interest, they do not always distinguish components from the background and may detect undesirable background areas as components of interest. A more efficient and effective printed circuit board (PCB) design and manufacturing process is needed; automated PCB component estimation solutions can address this.
Researchers at the University of Florida have developed an image-processing algorithm for identifying printed circuit board (PCB) components. This computer-implemented method comprises chromaticity-based image background subtraction via one or more processors, generating a noise-removed PCB image for AI-assisted component identification. Automating component detection increases the efficiency of printed circuit board manufacturing processes.
Reduces printed circuit board (PCB) image visual noise and unnecessary textures, efficiently locating PCB components
This computer-implemented algorithm uses chromaticity-based background noise subtraction to eliminate visual noise from printed circuit board (PCB) images to identify components. The printed circuit board images are first processed using a chromaticity-based algorithm, subtracting background noise, and enhancing the visual quality. An AI model trained to identify PCB components processes the images for fast and efficient identification. The accuracy of component identification is improved by reducing visual noise and using AI-assisted techniques. This algorithm applies to manufacturing settings to enhance the quality control of printed circuit boards and improve the reliability of electronic devices using them.
This protective framework prevents piracy and theft of the intellectual property of electronic devices. Intellectual property theft is a prominent issue in the electronic hardware industry. U.S. firms estimate that over $1.3 billion is lost annually from foreign patent infringements. Electronic hardware is subject to intellectual property threats, such as the cloning of design features and the sale of excess manufactured chips under different names.
Researchers at the University of Florida have developed integrated circuit chips that protect hardware from intellectual property theft. The protection uses disappearing “vias” (the interconnections in electronic devices) within the integrated circuit to disguise the design of the hardware. These vanishing vias are impossible to locate without the necessary encryption keys, effectively disguising the structure of the circuits and protecting the hardware from intellectual property theft.
Circuit design for electronic devices to protect against reverse engineering, intellectual property theft, and hardware Trojan insertion
This hardware design applies vanishing vias to integrated circuit chips and printed circuit boards (PCB) to protect electronic devices from reverse engineering, such as cloning, IP infringement, or hardware Trojan insertion. Vias are informational pathways vital in the functioning of multi-layered circuits. This framework requires a configuration key to correctly set the vias' statuses and enable the device's functions. Once the desired operation is finished, the vias will be set as disconnected, making the interconnection "vanished," thereby concealing the chip’s logic function. Furthermore, dummy vias can provide additional obfuscation so that it is extremely difficult, if even possible, for an IP thief to understand the device's structure. These protective methods prevent criminals from identifying key components of the chips, thus preventing their ability to reverse engineer the chip’s functions and sell the technology as their own.
This unclonable chipless RFID (UCR) tag enables pharmaceutical companies to trace products at the pill level through their supply chains. Today's pharmaceutical industry suffers from product theft and counterfeiting. These issues not only damage the profit and reputation of pharmaceutical companies, but also cause a serious threat to public health. Counterfeit drugs alone generate an estimated $75 billion in revenue each year and have caused over 100,000 deaths across the globe. Available track-and-trace techniques, such as barcodes and QR codes, require individual scanning via direct line of sight and are easy to duplicate. RFID track-and-trace systems, on the other hand, are much more effective because they do not require direct line-of-sight scanning, they can accommodate batch scanning, and they are more difficult to duplicate. However, available chip-based RFID tags are expensive to manufacture, making them impractical for tracking low-cost items. Alternatively, chipless RFID tags offer several benefits including low-cost manufacturing, ability to print directly onto the packaging, and insusceptibility to ambient temperature changes. While these benefits improve pharmaceutical tracking, available chipless RFID tags are both complex to manufacture and vulnerable to cloning.
Researchers at the University of Florida have developed an unclonable chipless RFID tag that traces pharmaceutical products at the pill level. This UCR tag utilizes a layered track-and-trace system to improve product security and quality assurance. The system includes an external tag on each cavity of a tablet blister pack and another tag inside the pill itself. This pill-level tag creates an inseparable connection between RFID tags and the products, eliminating the effectiveness of attempted counterfeit drug substitutions. This UCR technology can be adapted to track other small valuable products, such as microprocessors and fully programmed FPGAs.
Unclonable, chipless RFID tags to track and trace pharmaceuticals at the pill level
These pill-level, chipless, unclonable RFID tags comprise a cross-registration approach to ensure greater security. The tags secure to both a product and its packaging, generating a unique ID from multiple entropic sources that can't be removed. One component distributes a specific number of concentric-ring-slot resonators onto the exterior surface of each pill cavity in a blister pack. When the RFID reader transmits a plane wave to the packaged product, the copper concentric-ring-slot resonators introduce a number of resonance points into the response spectrum equal to the number of rings present. The second component works with a random quantity of nontoxic silver particles inserted into each pharmaceutical tablet. The randomness of the silver particles affects the electromagnetic field distribution when the plane wave is transmitted, further altering the frequency signature. The combined effects of the two components create unique IDs for each package and pill it contains.