TY - JOUR
T1 - A Novel Attack Mode on Advanced Technology Nodes Exploiting Transistor Self-Heating
AU - Rangarajan, Nikhil
AU - Knechtel, Johann
AU - Limaye, Nimisha
AU - Sinanoglu, Ozgur
AU - Amrouch, Hussam
N1 - Publisher Copyright:
© 1982-2012 IEEE.
PY - 2022/11/1
Y1 - 2022/11/1
N2 - Self-heating (SH) is a phenomenon that can induce excessive heat inside the transistor channel. SH represents an emerging and serious concern, especially in advanced technology nodes, where excessive heat acting on elevated channel geometries will notably shift the critical transistor parameters (e.g., threshold-voltage $V_{\text {th}}$ and carrier mobility $\mu $ ). The underlying 3-D device structures (e.g., FinFET, nanowire, or nanosheet structures), along with newly employed materials such as silicon-germanium (SiGe), which show worse thermal conductivity than traditional materials, can considerably exacerbate SH. On top of that, quantum confinement, a phenomenon that becomes dominant at sub-10nm, further increases the intensity of SH. In this article, we are the first to explore SH effects from the perspective of hardware security, rather than the performance, reliability standpoints covered in state-of-the-art (SOTA) work. As proof of concept, we devise an SH-based hardware trojan (HT) that exploits the SH-induced $V_{\text {th}}$ change in 7-nm FinFET circuits. Leveraging $V_{\text {th}}$ -dependent reconfigurable logic, we design a reconfigurable HT payload that maliciously changes its functional behavior once the SH-induced $V_{\text {th}}$ change takes effect. Following SOTA work, we present a comprehensive modeling and analysis of SH effects at the device level and highlight its impact on transistor $V_{\text {th}}$. Next, we study how fabrication-time changes in the transistor doping and geometry can promote the SH-assisted degradation. We then describe various payload configurations for the proposed HT, quantify its overheads, and discuss its resilience against standard HT detection techniques. Finally, we demonstrate two case studies using the proposed HT, one to leak the secret key from a pipelined design of an advanced encryption standard (AES) circuit, and another to showcase denial-of-service for a Gaussian-blur filter circuit. Our work utilizes industry-standard models with parameters extracted from measurements and calibrated with experiments. Our results are obtained from meticulous study and optimization across the device-, circuit-, and system-levels.
AB - Self-heating (SH) is a phenomenon that can induce excessive heat inside the transistor channel. SH represents an emerging and serious concern, especially in advanced technology nodes, where excessive heat acting on elevated channel geometries will notably shift the critical transistor parameters (e.g., threshold-voltage $V_{\text {th}}$ and carrier mobility $\mu $ ). The underlying 3-D device structures (e.g., FinFET, nanowire, or nanosheet structures), along with newly employed materials such as silicon-germanium (SiGe), which show worse thermal conductivity than traditional materials, can considerably exacerbate SH. On top of that, quantum confinement, a phenomenon that becomes dominant at sub-10nm, further increases the intensity of SH. In this article, we are the first to explore SH effects from the perspective of hardware security, rather than the performance, reliability standpoints covered in state-of-the-art (SOTA) work. As proof of concept, we devise an SH-based hardware trojan (HT) that exploits the SH-induced $V_{\text {th}}$ change in 7-nm FinFET circuits. Leveraging $V_{\text {th}}$ -dependent reconfigurable logic, we design a reconfigurable HT payload that maliciously changes its functional behavior once the SH-induced $V_{\text {th}}$ change takes effect. Following SOTA work, we present a comprehensive modeling and analysis of SH effects at the device level and highlight its impact on transistor $V_{\text {th}}$. Next, we study how fabrication-time changes in the transistor doping and geometry can promote the SH-assisted degradation. We then describe various payload configurations for the proposed HT, quantify its overheads, and discuss its resilience against standard HT detection techniques. Finally, we demonstrate two case studies using the proposed HT, one to leak the secret key from a pipelined design of an advanced encryption standard (AES) circuit, and another to showcase denial-of-service for a Gaussian-blur filter circuit. Our work utilizes industry-standard models with parameters extracted from measurements and calibrated with experiments. Our results are obtained from meticulous study and optimization across the device-, circuit-, and system-levels.
KW - Advanced encryption standard (AES)
KW - hardware trojan (HT)
KW - reconfigurable logic
KW - self-heating (SH)
KW - transistor aging
UR - http://www.scopus.com/inward/record.url?scp=85136063696&partnerID=8YFLogxK
U2 - 10.1109/TCAD.2022.3197496
DO - 10.1109/TCAD.2022.3197496
M3 - Article
AN - SCOPUS:85136063696
SN - 0278-0070
VL - 41
SP - 4134
EP - 4144
JO - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
JF - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
IS - 11
ER -