ECE 459/559 Secure & Trustworthy Computer Hardware Design Nanoelectronics Meets Security Garrett S. Rose Spring 2016 Outline ● A Nano Overview ● Memristors and Memristive Systems ● Hardware Security using Memristors A Brick Wall for Scaling ● ● ● CMOS scaling expected to hit “the red brick wall” within a decade... so we've been told for decades Scaling limits come as device feature size scales beyond 22nm (at one point this slide said 90nm) Some challenges: increased leakage, parameter variations, dominant quantum effects and lithography limitations CMOS = Complimentary Metal Oxide Semiconductor A Brick Wall for Scaling ● ● ● CMOS scaling expected to hit “the red brick wall” within a decade... so we've been told for decades Scaling limits come as device feature size scales beyond 22nm (at one point this slide said 90nm) Some challenges: increased leakage, parameter variations, dominant quantum effects and lithography limitations CMOS = Complimentary Metal Oxide Semiconductor Must Uphold Moore's Law! Processing power, measured in millions of instructions per second (MIPS), has risen because of increased transistor counts. Applications Drive Architecture Source: J. Davis, “Exploring NanoComputing,” USC Nano Center Symposium, 2003 Beyond Faster Computers: Novel Applications Emerge ● ● Many novel nanotechnologies are emerging --similar to the many species that emerged in Cambrian Era We can expect one (or a few) technologies will prevail Charles Lieber’s Nanosensors “Buckyballs” Medical Imaging Drug Delivery Lab-on-Chip (STMicro) Beyond Faster Computers: Novel Applications Emerge ● ● Many novel nanotechnologies are emerging --similar to the many species that emerged in Cambrian Era We can expect one (or a few) technologies will prevail And if you like computers? Charles Lieber’s Nanosensors … maybe novel forms of computing ... “Buckyballs” Medical Imaging Drug Delivery Lab-on-Chip (STMicro) A Nanoelectronic Device: Memristor ● ● ● A “recently discovered device property”: memristance A memristor (“memory resistor”) similar to variable resistor that can be made to operate in one of many states Many interesting applications: nanoscale digital logic, memory (next-gen Flash), neuromorphic computing Memristor Device Theory ● ● ● Ex.: TiO2 based memristors consist of two regions: – TiO2 or “undoped” region – TiO2-x or “doped” region Ions migrate between regions with applied E-field – Moves the barrier at w Typical model consists of two series resistors, Ron and Roff M (w)= w w R on +(1− ) Roff D D Ref.: D. B. Strukov, et al., “The missing memristor found,” Nature, May 2008. Memristor Device Theory ● For simplicity, I-V characteristics assume linear drift diffusion NOTE: Experimental results suggest drift velocity is non-linear* R on dw v = =uE=u i(t) dt D ● Integrating above and substituting into M(w), memristance found as a function of charge q: uR on M (q)=R on−(Roff −R on)⋅ 2 q (t) D *Ref.: D. B. Strukov, et al., “Exponential ionic drift,” Appl. Phys. A,2009. †Ref.: Y. N. Joglekar et al., “The elusive memristor: prop. of basic elect. Circuits,” arXiv, 2009. Memristors and Hardware Security What do memristors have to do with hardware security? Memristors and Hardware Security ● ● Potential security advantages of memristors: – Low-power operation may mitigate power analysis attacks – Filament formation requirement could be useful for simple tamper detection – was the device formed or not? – High degree of variability useful for unique signatures Potential security concerns of memristors: – Depending of use, non-volatility of memristive memory may reveal secrets Potential Security Uses of Memristors • Anti-Tamper or Tamper Detection: – Memristors require “burn-in” to function properly – If a new circuit has memristors already functioning from fab, it is likely the circuit has been tampered with • Unique Identifiers and PUFs: – PUF (Physical Unclonable Function) is hardware that produces function easy to evaluate but hard to predict – High variability of nanoscale memristors can be leveraged for dense, nanoscale PUF circuits • Side-Channel Attack Mitigation: – Many nanoscale memristors exhibit low active power such that activity can be obscured by standby power of CMOS Potential Security Uses of Memristors • Anti-Tamper or Tamper Detection: – Memristors require “burn-in” to function properly – If a new circuit has memristors already functioning from fab, it is likely the circuit has been tampered with • Unique Identifiers and PUFs: – PUF (Physical Unclonable Function) is hardware that produces function easy to evaluate but hard to predict – High variability of nanoscale memristors can be leveraged for dense, nanoscale PUF circuits • Side-Channel Attack Mitigation: – Many nanoscale memristors exhibit low active power such that activity can be obscured by standby power of CMOS Tamper Detection with Memristors: “Trust, But Verify” • • Various forms of RRAM (including memristors) typically require initialization or “burn-in” before they can switch Consider a memristor with voltage Vappl applied across it – Vappl > Vburn triggers burn-in, after it can switch – Vappl > Vtog,p switches from high to low resistance – Vappl < Vtog,n switches from low to high resistance I Before Burn-In: + Memristor Vappl - memristor = resistor (doesn’t switch) Vtog,n V Vtog,p Vburn Tamper Detection with Memristors: “Trust, But Verify” • • Various forms of RRAM (including memristors) typically require initialization or “burn-in” before they can switch Consider a memristor with voltage Vappl applied across it – Vappl > Vburn triggers burn-in, after it can switch – Vappl > Vtog,p switches from high to low resistance – Vappl < Vtog,n switches from low to high resistance I Burn-In: + Memristor Vappl - Onset of memristive behavior Vtog,n Vtog,p Vburn Tamper Detection with Memristors: “Trust, But Verify” • • Various forms of RRAM (including memristors) typically require initialization or “burn-in” before they can switch Consider a memristor with voltage Vappl applied across it – Vappl > Vburn triggers burn-in, after it can switch – Vappl > Vtog,p switches from high to low resistance – Vappl < Vtog,n switches from low to high resistance I After Burn-In: + Memristor Vappl - Memristor for life Vtog,n V Vtog,p Vburn A Tamper Detection Strategy • Write memristor(s) with known value A (e.g., all 0’s) by exceeding Vtog,p or Vtog,n but not Vburn • • Read value of memristor(s), store in temporary memory Write memristor(s) with complementary known value not(A) (e.g., all 1’s) Read value of memristor(s), store in temporary memory Compare, probably XOR, results of two reads • • • If XOR comparison, a result other than 0 suggests the circuit has been tampered with Potential Security Uses of Memristors • Anti-Tamper or Tamper Detection: – Memristors require “burn-in” to function properly – If a new circuit has memristors already functioning from fab, it is likely the circuit has been tampered with • Unique Identifiers and PUFs: – PUF (Physical Unclonable Function) is hardware that produces function easy to evaluate but hard to predict – High variability of nanoscale memristors can be leveraged for dense, nanoscale PUF circuits • Side-Channel Attack Mitigation: – Many nanoscale memristors exhibit low active power such that activity can be obscured by standby power of CMOS N-bit Memristive PUF ● ● ● ● ● N-bit PUF similar to arrayed memory Much of the selection circuitry is shared Performance estimated via Monte Carlo simulations M-PUF simulation based on 7.1 us write-time Uniqueness, uniformity, & bitaliasing compared to results for CMOS PUF circuits G.S. Rose et al., “A Write-Time based Memristive PUF for HW Security,” ICCAD, 2013. *Ref.: A. Maiti and P. Schaumont, “Improved Ring Oscillator PUF,” J. of Cryptology, 2011. “Racing” Memristive Write-Time ● ● ● ● Avoid response based on absolute write-time The write-times of pairs of memristors compared Arbiter used determines which memristor written to first Multiple pairs can “race” in parallel to generate multiple response bits Determining Relative Write-Time for Generating Responses ● ● ● ● Fast clock nudges memristors toward low resistance Desire write-times that require multiple cycles Half-cycle write, other half used to read and compare Process stops when at least one memristor in all pairs has reached low resistance state Crossbar-based Memristive PUF ● ● ● ● Memristors in column considered as unit Challenge bits directly involved in write process Of N rows, N/2 rows write while other hold steady -- based on challenge Response generated when effective resistance of column is reduced G.S. Rose & C.A. Meade, “Performance of Memristive Crossbar PUF Design,” DAC 2015. Security Performance ● ● ● Security considered for different circuit parameters: write voltage, read voltage and load resistance Different memristor device threshold voltages also considered Entropy, uniqueness and uniformity near ideal for different conditions G.S. Rose & C.A. Meade, “Performance of Memristive Crossbar PUF Design,” DAC 2015. Fundamental Security Limits for von Neumann Architectures? • • • von Neumann computer architecture: unified memory for instructions and data Simplicity is key – practically all modern computers based on this Simplicity could also lead to security vulnerabilities Memory Control Unit Arithmetic Logic Unit Input Output Generic von Neumann Architecture Unconventional, non-von Neumann architectures may provide improved security due to increased functional complexity Non-Traditional Approaches • • Nanoelectronics expected enabler for novel computer architectures Example: Neuromorphic Computing – Memristors explored as synapses in dense, low-power neural networks • Another example: Chaos Computing – Harness evolutionary nature of nanoscale devices to build chaotic oscillators – Use chaotic oscillators for chaotic architectures • Some non-von Neumann Architectures may be particularly well suited for improved security – Neuromorphic – naturally obscured operations – Chaos Computing – chaotic side-channel signals A “Nano-Enabled” Architecture: Neuromorphic Computing • • We have yet to completely decipher the functionality and data stored in a human brain Why is this? – Training, not programming – Simultaneous sensitivity and tolerance to variations – Data stored stochastically? – Each brain is unique • Memristors are being explored as potential nanoscale artificial synapses for dense neural networks J. Rajendran et al., “Memristor programmable threshold logic array,” NANOARCH 2010. G. Rose et al., “Memristive Sys. in Constr. of Logic & Architectures,” Proc of IEEE, 2012. Summary ● Nanoelectronic devices (e.g. memristors) and circuits exhibit several features that can leveraged in secure systems: – – – ● ● ● Low-power operation – mitigate side-channel attacks Required burn-in – tamper detection Variability – unique identifiers Simple write-read-write-read strategies can be employed to use memristive devices to detect tamper events Memristive physical unclonable functions (PUFs) harness intrinsic process variations to produce IC “fingerprint” Emerging secure computing systems can be integrated with mix of various CMOS-nano security strategies