A Non-invasive Technique to Detect Authentic/Counterfeit SRAM Chips

07/19/2021 ∙ by B. M. S. Bahar Talukder, et al. ∙ 0

Many commercially available memory chips are fabricated worldwide in untrusted facilities. Therefore, a counterfeit memory chip can easily enter into the supply chain in different formats. Deploying these counterfeit memory chips into an electronic system can severely affect security and reliability domains because of their sub-standard quality, poor performance, and shorter lifespan. Therefore, a proper solution is required to identify counterfeit memory chips before deploying them in mission-, safety-, and security-critical systems. However, a single solution to prevent counterfeiting is challenging due to the diversity of counterfeit types, sources, and refinement techniques. Besides, the chips can pass initial testing and still fail while being used in the system. Furthermore, existing solutions focus on detecting a single counterfeit type (e.g., detecting recycled memory chips). This work proposes a framework that detects major counterfeit static random-access memory (SRAM) types by attesting/identifying the origin of the manufacturer. The proposed technique generates a single signature for a manufacturer and does not require any exhaustive registration/authentication process. We validate our proposed technique using 345 SRAM chips produced by major manufacturers. The silicon results show that the test scores (F_1 score) of our proposed technique of identifying memory manufacturer and part-number are 93

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

With the globalization of the semiconductor supply chain and the growth of the semiconductor market value, counterfeit ICs have become an established threat to the semiconductor community. Recent studies show that the global market share of counterfeit integrated circuits (ICs) worth $169 billion [1, 2], and 17% of those counterfeited ICs are memory chips [1, 2, 3]. Moreover, another 28% of the counterfeit chips are contributed by memory-integrated FPGAs and microprocessors [3]

. Hence, identifying counterfeit memory elements might be able to eliminate counterfeit FPGAs and microprocessors as well. Counterfeit chips are classified into the following major categories

[1]: (i) recycled, (ii) remarked or forged documentation, (iii) tampered (iv) cloned, (v) reverse-engineered, (vi) out-of-spec/defective, and (vii) overproduced. A counterfeit chip suffers inferior quality and, therefore, can impact the safety, security, and reliability of a system [4]. For example, Russia’s recent Fobos-Grunt mission to Mars was canceled due to a counterfeit SRAM memory chip [5].

To combat the recent trend in the increasing of fake parts, the U.S. Government passed the National Defense Authorization Act (NDAA) in August 2018 [6]. Section 818 of this Act requires defense contractors to tighten supply chain trace-ability and parts procurement to minimize counterfeit risk [7]. Researchers and industries have developed several techniques to detect and avoid counterfeit electronic components, such as physical inspections, imaging techniques, electrical testings, etc. [1, 2, 8, 9, 10, 11, 12]. Unfortunately, most solutions focus on identifying a single type of counterfeit chips, e.g., detecting recycled memory chips [2, 8, 13]. Furthermore, many of those techniques require either hardware modification, complex supply chain management, complex authentication schemes, or unique laboratory facilities [11, 14, 15, 16, 17, 18]. Hence, those are not suitable for low-cost memory chips.

Our recent studies [19] show that analyzing latency-based error patterns can capture manufacturers’ information and DRAM module specifications. In this paper, we present a more generalized technique to detect and avoid major counterfeit SRAM types. In our proposed technique, we attest and identify the origin of SRAM chips (i.e., manufacturer and specification) by characterizing the start-up behavior of SRAM chips. Attesting and identifying memory manufacturers and specifications might be a powerful tool in avoiding the remarked, defective, tampered, forged documented, and cloned memory chips. We find that the start-up behavior of SRAM chips varies from one manufacturer to another manufacturer and from one set of specifications to another set specifications because of intentional architectural/layout differences and the manufacturing process variations. Furthermore, we show that a similar analysis of SRAM start-up data can be used to identify recycled SRAM chips as the SRAM start-up behavior is directly correlated with its usage time. We also explore the robustness of our proposed technique and provide a guideline for practical implementation. The major contributions of this paper include:

  • [leftmargin=*, topsep=0pt,itemsep=-1ex,partopsep=1ex,parsep=1ex]

  • We have extracted a set of features from the start-up state of SRAM chips to capture the architectural, layout, and process variations. We found that our proposed set of features can be used to identify the memory manufacturer and part-number111A unique part-number is usually assigned to a group of electronic components that possess a similar set of specifications..

  • We have tested the robustness of our proposed method by varying operating temperature and testing platforms.

  • We have also compared the extracted features between the fresh and aged (recycled) chips. The practical aging state of SRAM memory has been emulated by stressing the memory chip under high-temperature and supply-voltage conditions.

  • We have validated our proposed technique with the data collected from 345 commodity SRAM chips (manufactured by five major vendors).

  • We have provided a practical guideline to improve the accuracy of our proposed method with a realistic demonstration.

The rest of the paper is organized as follows- in Sec. II, we have briefly discussed SRAM structure, the aging effect on SRAM chips, and existing anti-counterfeit techniques. In Sec. III, we have proposed our method of extracting an appropriate set of features from SRAM start-up data. In Sec. IV, we have presented our experimental results and analyzed them. We have highlighted the limitation of this work along with the future work in Sec. V. We have concluded our work in Sec. VI.

Ii Background and Motivations

This section briefly describes SRAM architecture, the aging effect on SRAM cells, and the existing approach to detect counterfeit memory chips.

Ii-a SRAM, Process Variations, and Aging

Fig. 1: SRAM cell structure.

SRAM cell, volatile memory that stores one-bit data, consists of two cross-coupled inverters and two access transistors (see Fig. 1) [2, 20]. The cross-coupled inverters are symmetrically laid out to maximize the static noise margin () [2, 20]. is defined as the maximum allowable noise that can tolerate an SRAM cell without flipping its value [21]. However, the inevitable random dopant fluctuation (RDF) effect leads to threshold voltage variation and introduces asymmetricity between SRAM inverters [22]. Therefore, during power-up, these two inverters race each other and settle to “1” or “0” [2, 20]. A significant difference between inverters’ strength generates a strong “0” or a strong “1”. On the other hand, a smaller difference between the two inverters generates weak “0” or weak “1”. Furthermore, the smallest difference between the two inverters creates a noisy start-up value.

Moreover, two well-known phenomena, negative and positive bias temperature instability (NBTI, PBTI), can also cause transistor threshold voltage to shift [13]. NBTI and PBTI are the direct consequence of transistor aging [13]. Previous research suggests that the SNM of the SRAM decreases by 9% within three years of usages [23].

Ii-B Memory Supply Chain Vulnerabilities

Globalization of the semiconductor supply chain has allowed worldwide fabrication of authentic and counterfeit chips [1, 24]. In an established global semiconductor supply chain, several untrusted parties (foundry, assembly, third-party IPs, etc.) are involved, any of whom can pirate IP (intellectual property), insert hardware trojan, and/or include recycled, re-marked, overproduced, out-of-spec/defective, cloned, and forge-documented chips [24, 19]. In this global supply chain, the IC or memory manufacturer can (i) fabricate all memory chips or ICs in a single manufacturer-owned foundry or (ii) can send the Graphic Design System (GDSII) file (a file format that contains the final-layout information) to several foundries of their own (but in different geolocation) or third-party foundries to save on the cost per unit or to meet the target timeline [19]. A counterfeiter can sell fake memory chips as authentic ones, recycled or used memory chips as new ones through repackaging, low-quality chips as high-grade ones by mislabeling, and defective or out-of-spec chips without the manufacturer’s consent. An adversary in an untrusted foundry can insert a hardware trojan in the form of addition, deletion, or modification of memory cell, memory array, or peripheral logic [25], which changes the memory layout/architecture [25].

Ii-C Existing Countermeasures and Limitations

There have been several techniques to detect counterfeit chips. Some existing approaches rely on generating signatures from individual chips [2, 20, 26]. One chip can not be cloned to another chip because of the signatures’ uniqueness due to the process variation. These memory signatures vary from chip to chip, even if they are fabricated in the same silicon wafer. Such signatures are well-known as physical unclonable functions (PUF). The signature from the individual chip is collected and stored in the database during the registration process. During authentication, signatures are collected from the memory under test (MUT) and compared with the database. A device is considered authentic if its signature matches with the expected stored signature. The database can store memory fingerprints from a single measurement. However, the memory signatures are noisy and can be affected by operating conditions. Recently, Guo et al. proposed measuring memory signature at both room temperature and high temperature to compute a more robust signature [2]. However, the PUF-based method suffers from several limitations:

  • [leftmargin=*, topsep=0pt,itemsep=-1ex,partopsep=1ex,parsep=1ex]

  • Bit-aliasing: Bit-aliasing measures the uniqueness and correlation among signatures (PUFs) [27]. It quantifies the distribution of “0” or “1” on a specific memory cell. The bit aliasing can be quantified with Eq. 1.

    (1)

    Here, N is the total number of devices needed to be identified uniquely, where each device is equipped with an l-bit PUF. is the PUF response recorded from the ith bit of the pth PUF. In an ideal case, the mean occurrence of logic “0” or “1” from a specific bit location should be 50% (i.e., bit-aliasing should be 50%). The ideal bit-aliasing of 50% minimizes the number of bits required to identify all devices uniquely. For example, in an ideal case, to identify 4 SRAM chips uniquely, we need only a 2-bit PUF response (i.e., “00”, “01”, “10”, and “11”). In such a case, the occurrence of “1” or “0” on the first-bit position or the second-bit position is 50%. However, if the average occurrence deviates from 50%, we might need more than 2-bits to authenticate those four SRAM chips. In practice, the bit-aliasing always deviates from 50% and requires more bits than it needed theoretically.

  • Exhaustive registration process: The signature-based chip authentication requires registering each memory chip before distributing them in the market. This extra step of registration increases both cost and lead time to market.

  • Robustness: Device signature also may vary depending on the operating condition. A slight variation on temperature or operating voltage might alter the device characteristics and flip some bits on the device signature. Although different Error Correcting Codes (ECC) [28, 29] are proposed as a solution; however, the ECC overhead increases quadratically with the number of errors [28].

Other countermeasures such as SST, hardware metering, blockchain-based traceability, split manufacturing, IC camouflaging, Electronic Chip ID (ECID), On-chip sensor, DNA marking, etc., might be used to prevent counterfeiters [1, 3, 14, 15, 16, 17, 18, 30, 31, 32, 33, 34, 35, 36, 37, 38]; however, these techniques suffer from different drawbacks. For example, SST and hardware metering techniques provide control over post-fabrication, but it requires a change in traditional fabrication flow. Furthermore, this technique requires exhaustive communication between the foundry and the manufacturer. On the other hand, ECID tags each chip with a unique ID by adding a one-time programmable (OTP) memory. Nevertheless, this method is not suitable for all kinds of chips. For an SRAM chip, the overhead of adding an extra memory component will be very high. With an on-chip sensor, each chip is equipped with an additional hardware component, which modifies its properties due to aging. These properties can be used to detect recycled chips. However, on-chip sensor-based countermeasures need additional hardware overhead and are not feasible for inexpensive systems. In DNA marking, each memory component is marked with a unique DNA sequence. DNA marking suffers from impracticality as it requires a complex authentication scheme. Other techniques, such as blockchain-based traceability, split manufacturing, IC camouflaging, etc., require modified fabrication flow or design techniques that are not suitable for low-cost memory chips.

Physical inspection-based schemes [1, 39, 40, 41], such as X-Ray imaging and scanning electron, can detect counterfeit/recycled chips. However, these techniques require expensive equipment and not viable for inexpensive chips. Moreover, Expensive equipment and complex authentication schemes are also not suitable for general users who want to verify their purchased products’ authenticity.

This paper proposed a technique to detect counterfeit SRAM chips that do not suffer from the above limitations.

Iii Proposed Method

By analyzing the internal signatures of the SRAM memory chips, our proposed technique will identify major types of counterfeit chips by- (i) attesting the origin of the memory chip manufacturer and the specification (i.e., the part-number) of each memory chip and (ii) detecting recycled memory chips. This section describes sources of distinguishable factors, unique features that isolate one part-number with another or identify the same part-number, and our proposed framework.

Iii-a Sources of Distinguishable Factors

Our proposed technique relies on the fact that SRAM chips of different specifications differ with architectural, layout, and process parameters, which leads to unique GDSII. All these factors can be used to generate a unique signature from each group of SRAMs.

  • [leftmargin=*, topsep=0pt,itemsep=-1ex,partopsep=1ex,parsep=1ex]

  • Architectural variations: Manufactures may optimize the SRAM structure in different ways to support the requirement [42, 43, 44, 45]. Among different structures, the symmetric 6-Transistor (6T) SRAM structure is the most common one (Fig. 1

    ) for on-chip SRAM array (e.g., processors cache). 4T SRAM cells are also common for off-chip SRAM memory. However, 4T SRAM chips can not be implemented on-chip as they need different technology and complex process. Theoretically, the symmetric structure of SRAM cells should produce a uniform distribution of logic “0” and logic “1”. On the other hand, to suppress the noise (e.g., read disturbance, half-select disturbance, etc.), other SRAM architecture such as 5T, asymmetric 6T, 7T, 8T, 9T, 10T structure is also available

    [42, 43, 44, 45]. However, due to these configurations’ asymmetric structure, each SRAM cell on the memory array may be biased to a specific logic at start-up. Furthermore, to reduce the bitline noise, the bitlines are often twisted in different configurations [46]. The difference in bitline configuration also may affect the start-up logic locality.

  • Layout Variations: The layout variation in SRAM cell structure may also cause a variation in start-up characteristics. For example, Apostolidis et al. [47] reported six different layout designs for symmetric 6T SRAM structure, and each of them has different pros and cons. For example, they have different power utilization, delay, and noise characteristics. In addition to this, some implementing and resource constrain may introduce some asymmetric nature in memory cells, leading to slight bias to a specific logic at device start-up. For example, using multiple metal layers may introduce unmatched wiring between the inverter pair. Moreover, the difference in CAD tools’ configurations may also introduce variations in memory layout.

  • Process variations: The intrinsic process variation can be either random or systematic [48, 49]. The random process variation can be considered the noise and can be varied among the chips fabricated in a single wafer. However, the systematic process variation can be introduced by the quality of the fabrication plant, microarchitectural locality, and pattern. For the symmetric layout design of the symmetric 6T SRAM cell, the layout of one inverter is the mirror to the other one. However, the fabrication plant may have different set of rules for mirrored patterns [50]. Hence, a mirrored layout may be reffed as a different pattern when fabricated. Hence, even with the perfectly symmetric layout design, the two coupled inverters may have slightly different characteristics after fabrication.

  • IC packaging: Chip die is encapsulated inside a protected “package” to prevent corrosion and physical damage. The difference in IC packaging may also alter some device characteristics. Usually, manufacturers introduce different kinds of packaging to trade-off among cost, noise immunity, and supporting different operating conditions [51].

  • Aging: Usually, the SRAM signature (PUF) can be characterized by (PUF noise) [20, 52]. The measures how easily an SRAM cell can be initiated to logic “0” or “1”. A larger value of ensures more robust SRAM signatures. However, the heavily depends on SRAM transistors’ threshold voltage [20]. Hence, the SRAM can be changed over its usages (see Sec. II-A) due to the change in its transistors’ threshold voltage.

    Depending on SRAM usage data pattern, the change in can affect the SRAM start-up signature: (i) a noisy signature bit might get biased to “0” or “1”, (ii) a weak “0” or “1” might become strong “0” or “1”, (iii) a stable signature bit can be flipped (stable “0” to stable “1” or stable “1” to stable “0”), and (iv) a stable signature bit can become a noisy one. Hence, the change in will affect the overall distribution of logic “0” and “1” on SRAM signature. The first three factors will increase the total number of stable signature bits; whereas, the fourth factor will produce more noisy signature bits. However, the cumulative impact of the first three factors dominates the fourth factor. Hence, the total number of noisy signature bits will reduce with device usage (which does not indicate the PUF will be more robust with aging [27]). Minimizing the mismatch between two inverters can strengthen the impact of the fourth factor, which is difficult to achieve. The equalization of transistors’ threshold voltage requires a calculative usage data pattern during the entire chip lifetime [23].

    In an ideal case, the percentage of 0’s or 1’s should be identical in a new symmetric SRAM chip. One of the recent methods suggests that the skewed distribution of 0’s and 1’s at power-up state can be used to detect recycled SRAM memory

    [13]. With a typical usage pattern, an SRAM cell experiences more logic “0” bits than the logic “1” bits [53]. Such usages pattern creates more stress on “M4” pMOS (Fig. 1). Hence, over time, the threshold voltage difference of “M4” and “M2” PMOS increases due to the NBTI effect and causes the SRAM cell to be biased with “1” at power-up state. Note that this method of detecting recycle memory is a special case of our proposed technique.

Iii-B Assumptions

Our proposed technique extracts a set of features from memory signatures and uses them to train a statistical model and identify manufacturer/part-number. Although our method uses a simple authentication protocol, we make the following set of assumptions which are practical for most usage scenarios.

  • [leftmargin=*, topsep=0pt,itemsep=-1ex,partopsep=1ex,parsep=1ex]

  • Defining features: Manufacturers/trusted third-parties are responsible for defining a set of features that defines their product best. Prior knowledge of memory architecture might enable them to define a better set of features.

  • Feature extraction:

    The feature extraction process should be independent and straightforward enough to be extracted on the user’s system; hence, it relaxes the requirement of any special tool or environment requirement. We also assume that the user does not have any knowledge of memory architecture; only general information available from manufacturers should enable a user to extract the features.

  • Memory Class: Two memories are from separate classes if they have a different manufacturer and/or a different set of specifications (i.e., speed, size, temperature range, power rating, data-width, die package, die generation, etc.). A change in specification and/or manufacturer lead to different GDSII and/or packaging; hence, it will impact start-up data, as discussed in Sec. III. Although a manufacturer may send the same GDSII to multiple fabrication facilities, we assume that fabrication plants with the same GDSII maintain the same design rule to keep uniformity. We also assume that a manufacturer may produce memories with a different specification but with the same set of fabrication plants or design memories with a slight change in specifications (for example, only change in the die package). In such a case, these memories may have two sets of features with subtle variation, which leads to a complex classification problem to identify the memory correctly.

  • Classification: Classifying memory (authentic vs. counterfeit) can be done in either manufacturer end or consumer end, depending on the application. For example, if the manufacturer is reluctant to release the statistical model publicly, it might ask for the features from memory under test (MUT) to verify the authenticity. On the other hand, to reduce the communication overhead and complexly, the manufacturer may release the statistical model publicly, and the MUT can be verified on the user’s system.

Iii-C Feature Selection

The accuracy and efficiency of any machine learning algorithm heavily rely on the features that are used for the algorithm. Hence, in this step, we proposed a set of SRAM start-up-based features that can effectively capture the architectural, layout, and process variations. A good feature should obtain (

i) the similarities of chips with the same specification and (ii) the discrepancy between chips manufactured with different specifications.

In our proposed method, we collected 20 sets of start-up data () from each SRAM chip. We constructed a unified data, , based on majority voting222In the majority voting technique, each PUF bit is sampled multiple times, and the value of that PUF bit is assigned as the majority of the samples [54]. cast by . SRAM memory cells are generally arranged in a 2-D array of size ( and ). If each word of a SRAM chip consists of bit data, then, for simplicity, we can assume that there is a total of 2-D array of single bit contributing 1-bit data to each data word. So, the data should be 3-D data of size . However, to reduce the complexity, we rearrange the whole data in a 2-D array of size (), where is the number of words in the memory. Now we extract the following seven features from the start-up data [19]:

  • [leftmargin=*, topsep=0pt,itemsep=-1ex,partopsep=1ex,parsep=1ex]

  • Feature 1 (): This feature quantifies the “cell biasness” by counting the number of logic “1” bits in the start-up data. The evaluation of is illustrated in Fig. 2. In this example, we presented start-up data from an 84 () SRAM chip containing eight 4-bit words. In this figure, 16 bits contain logic “1” out of 32 bits. Hence, according to our definition, . Cell bias qualitatively measures the asymmetricity of the cross-coupled inverters (see Sec. II-A). For an ideally symmetric SRAM cell structure, this value should be 0.5 (i.e., no “cell bais”). However, in practice, this value is usually deviated from 0.5 because of the different variations discussed previously (see Sec. III-A).

  • Feature 2 (): The fraction of logic bit “1” is counted in each word of data

    ; then, the standard deviation of those values was taken as the feature

    . is also illustrated using Fig. 2. In this figure, we first calculated the fraction of logic “1” from each word (along the row), and then

    is estimated by computing the standard deviation of those values. In an ideal case, the distribution of logic bit “1” from each data word should be normally distributed with a mean of 50%. Our experimental results demonstrate that the mean is close to

    . However, the standard deviation of distribution may vary from chip to chip depending on memory specification (i.e., for some memory chips, the distribution can be flatter than other chips of different specifications). quantifies the symmetricity of the SRAM cell array. For example, each SRAM cell might experience different systematic process variations due to the local layout patterns333Local layout patterns might be different from one cell to another, e.g., memory cells near the sense amplifier vs. memory cells at the middle of the SRAM array.; hence, data words from different address locations might experience different logic distribution at start-up. A larger variation on local logic distribution will result in a larger value of .

  • Feature 3 (): An SRAM chip of word size can be assumed as a series of 2-D SRAM arrays. We counted a fraction of “1” from each 2-D array for this feature and took the standard deviation as the feature . If each of the 2-D arrays follows similar data distribution, and the should be close to 0. In Fig. 2

    , each 2-D array is rearranged in a single-dimensional vector for visualization purposes and presented along each column. Now, to evaluate

    , we computed the fraction of logic “1” along each column, and then standard deviation is calculated using those values. can capture different physical properties of the SRAM chips. For example, if the area constraint is too tight, all 2-D memory arrays can be located in close proximity or may be fused together. In that case, they may have a smaller difference in logic distribution due to smaller process variations.

  • Feature 4 (): The compression ratio (, where, ) of the start-up data is selected as one of the features. A start-up data with regular patterns have larger data redundancy and can be significantly compressed without any information loss. However, start-up data with randomly distributed zeros and ones can be squeezed very little and causes a smaller value of compression ratio (closer to 1). can capture the impact of the random process variation on SRAM chips. The compression ratio is defined as Eq. 2.

    (2)

    Where,

    For data compression, we use the standard ZLIB library [55]. ZLIB library ensures the least resource utilization during data compression.

  • Feature 5 (): All data words from each SRAM chip are split into multiple blocks to extract this feature, where each block consists of consecutive data words. Then we compute the fractional value () of each block of data that exhibits logic “1”. We, then, calculate the standard deviation of calculated from each block. We select this standard deviation as feature . This feature captures the spatial locality of logic “0” and logic “1” of start-up data. A higher value of signifies a larger spatial locality. Although we select the block size of 512, the manufacture may wish to select a different size that describes the best structural granularity in memory space. A smaller value of the block size might capture more spatial details; however, the will also be largely influenced by the local noise if the block size is too small. We experimented with different block sizes and found that 512 provided the best result for memory classification. It is worth mentioning that is similar to , where the block size of is only one word. Hence, captures finer grain spatial information more effectively. However, may also capture the local noise information.

  • Feature 6 (): For each memory cell, we have collected SRAM data a total of 20 times and mark those memory cells as noisy if logic “1” is observed 8 to 12 times. We marked those cells as noisy signature bits. For this feature, we counted the percentage of noisy signature bits. In a well-designed SRAM memory cell, the coupled inverters are highly matched, and corresponding signature bits are largely affected by the external/internal noises (e.g., voltage fluctuation, thermal noise, etc.). Furthermore, we believe that this feature can contribute highly to detect recycled memory chips. Over the usage, there will be more cells with large threshold voltage mismatch in recycled memory chips [13] and will produce large (see Sec. III-A). Hence, a recycled SRAM chip should produce less noisy signature bits and reduce the value of over time.

  • Feature 7 (): This feature is similar to the . In this feature, instead of accounting for the theoretical normal data distribution, we made a ()-bin histogram. If a data-word () occupies a total bit of logic “1”, and then it is placed in th histogram bin. The standard deviation of the bin size quantifies as the feature . If the distribution is normal, then and should be approximately the same (also well-known as

    the normal approximation for probability histogram

    ). Hence, the measures the skewness on word () distribution from the normal distribution.

We extract all these seven features from both fresh (i.e., new) and aged (i.e., recycled) SRAM chips. Then we show that these features form visually separated clusters in feature space depending on the SRAM module type (manufacturer “A” vs. Manufacturer “B”, Part-number “X” vs. Part-number “Y”, fresh vs. aged/recycled).

In addition to above features, manufacturers may choose a different feature-set that describe their chips more concisely. Furthermore, the manufacturer may prefer a different set of data (e.g., error pattern by reducing latency parameters) to extract the more appropriate features [19]. However, when the manufacturer itself does not define the features and assign the responsibility to a third-party, one or few features might not obtain the exact electrical characteristics as intended due to the special modification at the architectural or layout level (which might not be known to the third-party). For example, bit-level scrambling in the data word may limit the usefulness of feature [56]. Nevertheless, as we are using multiple features, a well-trained statistical model (described in Sec. III-D) might still learn the difference between two groups of SRAM chips by utilizing other features available from the feature pool.

Fig. 2: Illustration of , , and (84 SRAM).

It is worth mentioning that the features described above only provide qualitative information of different physical properties of the SRAM chips; however, they do not provide any quantitative information. Furthermore, each feature described above might be impacted by combined information from multiple physical properties. For example, although primarily varies from one memory class to another due to spatial variation, might also be impacted by the address scrambling caused by the architectural difference in the address decoder [57].

Iii-D Identifying Authentic Memory Chips

Usually, memory chips with the same manufacturer and specification are labeled with a unique part-number; hence, to identify a memory authenticity, we need to identify the memory part-number. We propose a machine learning-based approach to classify the memory part-number after extracting features from the start-up data. However, the classification can be done with two different approaches- a) learning a binary classifier (positive vs. negative) for each class, and b) learning a one-class classifier for each class. In the first approach, we learn a binary classifier for each class to differentiate between positive samples and negative samples (i.e., authentic vs. counterfeit). This approach is only applicable when both positive and negative sample is available while training the classifier. Nonetheless, it is not a practical approach due to the enormous diversity in negative samples. Collecting negative samples from whole statistical distribution is not cost-effective and time-efficient. In the second approach, we do not need any samples from the negative class, and only positive samples are sufficient to learn the classifier. Recent studies show that [19, 40, 58, 59, 60], a one-class classifier is preferable for counterfeit IC detection as the statistical diversity of the counterfeit chips (negative class) is too large, and they can be introduced from a large number of sources (see Sec. II-B). Unfortunately, one-class classification is a complex statistical problem and might reduce the accuracy. Hence, we propose a two-step approach to solve this issue:

  1. Identifying manufacturer:

    Different vendors use different memory cell designs, design flow, and possibly fabrication facilities. Furthermore, they may integrate different peripheral inside the memory; for example, altering row-decoder may alter apparent start-up data locality seen from outside of the memory. Hence, multiple sources may contribute to start-up data variation among SRAMs manufactured by different vendors. In other words, SRAMs for different manufacturers appeared to have a larger difference in their features (large inter-manufacturer feature distance), which ease identifying the SRAM manufacturer (e.g., manufactured by vendor “A” or not). However, while training a binary-classifier, it is impossible to learn all the negative samples that the target vendor does not manufacture. Therefore, we propose a one-class learner (e.g., one-class Neural Network, one-class SVM, SVDD, etc.

    [19, 40, 58, 59, 60]) only to identify the manufacturer information. However, one may choose to train a binary-class classifier with all available negative samples along with a one-class classifier to improve the accuracy. Note that we only used a simple binary classifier for identifying memory manufacturers to reduce the complexity of our experiment.

  2. Identifying part-number: A manufacturer usually produces different memory chips with different specifications with different part-numbers. However, they may use the same design facility and similar peripherals for all of them, leading to a more subtle feature difference among memories. Fortunately, we can assume that a manufacturer can easily access all memories that they manufacture. Therefore, once the manufacturer is identified, the target manufacturer can easily provide a binary (target class vs. others) or a multi-class classifier to identify each memory part-number produced by them. As we mentioned earlier, the one-class classifier is a complex learning task; hence we should avoid it when we have access to the negative samples from the whole statistical distribution. In this particular scenario, one-class learning is more difficult as we have a smaller feature distance among part-numbers produced by the same manufacturer.

Iii-E Proposed Framework

We propose a machine learning-based algorithm that uses the device signature to verify the manufacturer and the part-number. Fig. 3 represents the detailed framework of our proposed technique. Using a golden set of sample memory chips, the manufacturer needs to extract a set of features as explained in Sec. III-C and train classifiers to identify counterfeit chips. The manufacturer can train the classifier in two steps: (i) learning manufacturer-specific property () and (ii) learning part-number-specific property (). Manufacturing-specific property can be learned by a one-class classifier (i.e., only learning the target manufacturer) and might be assisted by a binary classifier (i.e., target manufacturer vs. others). For the second step, the manufacturer can train either a multi-class classifier for all part-numbers or a multiple binary (one vs. all) classifier for each part-number. By using publicly available information provided by the manufacturer, a user should be able to collect the signature from his sample and extract the feature-set. If the classifier information is available, the user can verify the chip authenticity by himself. Otherwise, the user can send the extracted feature-set to the manufacture, and the manufacturer can verify the authenticity of the test memory chip.

Fig. 3: Proposed protocol to identify counterfeit SRAM.

Iii-F Identifying Recycled Memory Chips

Although identifying memory manufacturer and part-number can prevent many types of counterfeitings [19], identifying memory manufacturer and part-number does not capture the recycled memory chips. Fortunately, the features we described in Sec. III-C can also be used for identifying recycled memory chips. For example, the distribution of the 0’s and 1’s can be skewed over time due to the skewed distribution of 0’s and 1’s in functional memory usage, which can be easily captured by Feature 1 [13]. Additionally, we observe that the distribution of other features may help to identify recycled SRAM chips in extreme cases, i.e., when only the symmetric data patterns are used over functional memory usage (see Sec. IV-C).

Iv Result and Analysis

In our experiment, we have collected SRAM start-up signatures to demonstrate our proposed technique. Typically, the success of any machine learning (ML) model relies on the sample quality and sample size. However, it is difficult to collect data from a large set of sample chips in a lab environment and imitate all possible operating conditions. Therefore, we divide the data collection process into the following tasks:

  1. We used Arduino Due board [61] for collecting start-up data from SRAM chips. We have used 345 4-Mbit (256K16) SRAM chips from 5 different manufactures and 23 different part-numbers (i.e., 23 memory classes). All of these 23 part-numbers are tabulated in Table I. From now on, we will use the “tag” (specified in Table I) to recall a specific memory part-number/class. We have used 230 SRAM chips to train ML models (10 chips from each class) and 115 chips to test the model (5 chips from each class).

  2. We have collected data from both test chips and train chips at a nominal voltage (3.3V) and room temperature (C). We used two different Arduino boards to emulate the platform variation among different embedded systems and utilized them to collect start-up signatures from test samples. We found that the operating voltage of these two boards is within 35mV of the nominal voltage.

  3. We have used a one-vs-all binary classifier (positive vs. negative) for both manufacturer identification and part-number identification. As we explained in Sec. III-D, the one-classifier would be the best for the manufacturer identification. However, the one-class classification task is a complex statistical problem and might require a large number of samples to train the model.

  4. Data noise can impact the classification models severely. To reduce noise, we collected start-up data from the same SRAM chips 20 times. We maintained a constant sampling interval of 2 minutes. We have shorted the power pin () and other control pins of the SRAM chip with the ground within this time interval We maintained such settings using relay circuits (also controlled by the same Arduino Due board). This experimental setup should be sufficient to avoid the potential discharge inversion effect on the SRAM start-up state [62]. We combined those 20 sets of data in a single set using the majority voting technique [54].

    Vendor444CY: Cypress Semiconductor; IDT: Integrated Device Technology; ISSI: Integrated Silicon Solution, Inc.; AMI: Alliance Memory, Inc.; REA: Renesas Electronics.   CY   IDT   ISSI   AMI   REA
    Part-
    Number
     

    CY7C1041G30-10ZSXI

    CY7C1041CV33-20ZSXA

    CY7C1041G18-15ZSXI

    CY62147G30-55ZSXE

    CY62146EV30LL-45ZSXIT

     

    IDT71V416S10PHG8

    IDT71V416S12PHG8

    IDT71V416L15PHG8

    IDT71V416S10PHGI

    IDT71V416S12PHG

    IDT71V416L15PHG

     

    IS61LV25616AL-10TL

    IS61WV25616BLL-10TL

    IS61WV25616BLL-10TLI-TR

    IS61LV25616AL-10TLI

    IS61C25616AS-25TLI

     

    AS7C34098A-10TCN

    AS7C34098A-10TIN

    AS6C4016-55ZIN

     

    RMLV0414EGSB-4S2#AA1

    RMLV0414EGSB-4S2#HA1

    RMLV0416EGSB-4S2#AA1

    RMLV0416EGSB-4S2#HA1

    Tag  

    CY1

    CY2

    CY3

    CY4

    CY5

     

    IDT1

    IDT2

    IDT3

    IDT4

    IDT5

    IDT6

     

    ISSI1

    ISSI2

    ISSI3

    ISSI4

    ISSI5

     

    AMI1

    AMI2

    AMI3

     

    REA1

    REA2

    REA3

    REA4

    TABLE I: List of SRAM chips in experiment.
  5. The variance error is expected when the sample size is too small

    [63]

    . A model with high variance provides too much attention to the data that are trained with and prone to overfitting. Hence, to reduce the variance error in the trained model, we segmented the SRAM signature data in 16 chunks and virtually increased the sample count by treating each segment as an individual memory chip (i.e., extracting an individual set of features from each segment). However, in the inference phase, the class of a test sample is determined by the majority voting method using all 16 segments. If the same number of votes supports multiple class labels, the tie is broken by comparing the cumulative posterior probabilities

    555The posterior probability quantifies the confidence level of inferencing a sample to a particular class [64]. of all 16 segments.

  6. To examine the temperature sensitivity of our proposed technique, we collected data from test samples at high temperatures (C) and validated the same trained model learned in task 3.

Iv-a Visualizing Features

The accuracy and efficiency of an ML algorithm largely depend on the quality of the features. Hence, to demonstrate the feature-merit (explained in Sec. III-C), we have presented the feature distribution of train chip across different manufacturers and different part-numbers in Fig.4. The figure shows that most features are normally distributed (median is centered), and in many cases, at least one feature distribution of a particular class produces a clear visible separation with other classes (i.e., manufacturer “A” vs. all and part-number “X” vs. all). For example, in Fig. 3(a), the SRAM chips manufactured by Renesas Electronics are readily separable by the distribution of feature . Similarly, Fig. 3(b) demonstrates that SRAM chips from CY4 are easily distinguishable from the distribution of feature . Unfortunately, in our case, many of the classes can not be separated from other classes based on their feature distribution due to the inter-dependency among those features. For example, feature (number of 1’s) and (compression ratio) might have a close relation; for instance, if the signature data is highly random, the should be close to 0.5, and should be close to 1.

(a) By Manufacturer.
(b) Cypress Semiconductor
(c) Integrated Silicon Solution, Inc.
(d) Integrated Silicon Solution, Inc.
(e) Renesas Electronics
(f) Alliance Memory
Fig. 4: Visualizing feature distribution by- (a) vendor, and (b)-(f) part-number.
(a) By Manufacturer
(b) Cypress Semiconductor
(c) Integrated Silicon Solution, Inc.
(d) Integrated Device Technology
(e) Renesas Electronics
(f) Alliance      Memory
Fig. 5: Representation of SRAM memory in feature-space, clustered by- (a) vendor, and (b)-(f) part-number.

For such cases, the class separability can still be visualized if the current feature-space (-space) is transferred to a new feature-space (-space), where the . If the are nonlinearly correlated, then the is a non-linear function. In our experiment, we have used generalized discriminant analysis (GDA) [65] to transform the -space to -space, where data points are linearly separable at -space. GDA666The reference implementation of GDA is available at: https://github.com/mhaghighat/gda is a supervised machine learning technique to find a reduced set of features that preserves the maximum separability among the classes. This reduced set of features is related to the old feature space by a non-linear kernel function. In our experiment, we have used an RBF kernel function [19]. The RBF functions’ parameter () is determined by the 10-fold cross-validation method and ensured minimum distance between samples and corresponding centroids. Fig. 5 represents the test memory chips in -space (in 2D projection) and demonstrates the manufacturer and part-number separability. Each dot in Fig. 5 represents each memory segment as explained in task-5. Those two figures demonstrate that memory classes (manufacturer “A” vs. “B” and part-number “X” vs. “Y”) are fairly distinguishable in at least one 2D projection of the -space. While transforming the feature-space of a -class problem, it is worth mentioning that at most dimensions are required in the new feature-space without losing any information of class separability [64]. However, for IDT, adding more than three dimensions (Fig. 5) only adds very small details on class separability (which is not recognizable from visual appearance). However, we have used dimensional new space for a -class problem for other cases in Fig. 5.

Note that some overlapping between multiple classes is still visible in the -space due to the random process variation. However, such overlapping can be reduced by further optimizing the RBF parameters, given that more train samples are available (we have only ten samples from each part-number). While classifying the test memory chips, the impact of such overlap is minimized by assigning equal weight on all 16 segments of the chip and casting a “vote” from each segment.

Iv-B Labeling Test Memory Chips

Although the GDA can be used for both visualization and classification tasks, GDA is not ideal for a small sample size. Fortunately, the ensemble learning technique can still perform reasonably better even with a small set of samples [66]. In the ensemble technique, multiple base models are learned with different configurations, and then the output label of the test sample is determined based on the vote cast by each model. Although several ensemble algorithms are available, we have used the bagging (bootstrap aggregating) method in our experiment. The bagging method is similar to other ensemble methods, except the base model is trained with a different set of train data (sampled with replacement). The bagging method has the inherent ability to reduce the variance error of the trained model and can out-perform other ML algorithms when the train sample size is small [67]. The detailed construction of the algorithm is out of the scope of this paper.

In our experiment, we have trained multiple ensemble models using different base classifiers (e.g., SVM, Decision Tree, Naive Bayes, Discriminant Analysis, Kernel, etc.), and the best model is chosen based on the 10-fold cross-validation score. Then we generated the test score based on our test samples. We represented the test score in Table

II. The table presents four types of test scores: Precision (), Recall (), score, and accuracy, which are defined by Eq. 3, 4, 5, and 6, respectively. quantifies the trained model’s accuracy out of all predicted positives, and the computes the fraction of positives that the model captures correctly. On the other hand,

score is the harmonic mean of the

and . For an ideal case, all of these test scores should be close to 1. Note that, the accuracy is not a very useful metric when the test samples from the positive and negative classes are not equal (unbalanced data). In our experimental setup, the number of test samples for binary (one vs. all) classifiers is unbalanced; hence, we emphasize the , , and score in our discussion.

(3)
(4)
(5)
(6)
Where, = True positive = True negative = False positive = False negative

We have trained our binary model by utilizing the samples from the target class and the samples from the outlier class (i.e., not belong to the target class). Target class implies manufacturer (or part-number), which is targeted to separate from other manufacturers (or part-numbers). Note that we can either consider the target class as the positive class or the outlier class as the positive class in Eq.

3, 4, 5, and 6; depending on the definition of positive class, the , , and score can be different for unbalanced test samples. We focus on the test scores produced by considering the target class as the positive class as it delivers the worse set of test scores.

Table II presents a single accuracy score and two sets of , , and score considering both objectives as discussed above. In Table II, the row represents the target manufacturer, and the row represents the corresponding accuracy score. Row 3, 4, and 5 represent the , , and score considering the target class as the positive class. Similarly, row 6, 7, and 8 represent the , , and score considering the outlier class as the positive class. Column 2–6 represents the classifier score for each manufacturer, and column 7 () represents the average classification score considering all manufacturers. The table shows that the average test scores are % (positive class = target class), which is promising considering such a small number of samples. However, the classification score is a little lower for CY and AMI than the other manufacturers, resulting from the fact that CY and AMI slightly overlap in feature space (blue and red dots in 5). However, the classification scores can be improved by adding more samples and further optimization of the classifiers.

Vendor   CY IDT ISSI AMI REA     0.93 1.00 0.99 0.97 0.99 0.98   Target Class     0.87 1.00 1.00 0.87 1.00 0.95   0.80 1.00 0.96 0.87 0.95 0.92   0.83 1.00 0.98 0.87 0.97 0.93   Outlier     0.98 1.00 0.99 0.98 0.99 0.98   0.98 1.00 1.00 0.98 1.00 0.99   0.98 1.00 0.99 0.98 0.99 0.99
(a) Identifying SRAMmanufacturer.
Vendor   CY   IDT   ISSI   AMI   REA     Tag   CY1 CY2 CY3 CY4 CY5   IDT1 IDT2 IDT3 IDT4 IDT5 IDT6   ISSI1 ISSI2 ISSI3 ISSI4 ISSI5   AMI1 AMI2 AMI3   REA1 REA2 REA3 REA4       0.88 1.00 0.88 1.00 1.00 0.95   0.87 0.87 1.00 0.77 0.90 0.77 0.86   1.00 0.92 0.92 1.00 1.00 0.97   0.73 0.73 1.00 0.82   0.65 0.65 0.85 0.90 0.76   0.88   Target Class     0.75 1.00 0.67 1.00 1.00 0.88   1.00 1.00 1.00 0.33 1.00 0.42 0.79   1.00 0.80 0.80 1.00 1.00 0.92   0.56 1.00 1.00 0.85   0.33 0.33 1.00 0.71 0.60   0.81   0.60 1.00 0.80 1.00 1.00 0.88   0.20 0.20 1.00 0.40 0.40 1.00 0.53   1.00 0.80 0.80 1.00 1.00 0.92   1.00 0.20 1.00 0.73   0.40 0.40 0.40 1.00 0.55   0.72   0.67 1.00 0.73 1.00 1.00 0.88   0.33 0.33 1.00 0.36 0.57 0.59 0.53   1.00 0.80 0.80 1.00 1.00 0.92   0.71 0.33 1.00 0.68   0.36 0.36 0.57 0.83 0.53   0.71   Outlier     0.90 1.00 0.95 1.00 1.00 0.97   0.86 0.86 1.00 0.88 0.89 1.00 0.92   1.00 0.95 0.95 1.00 1.00 0.98   1.00 0.71 1.00 0.90   0.79 0.79 0.83 1.00 0.85   0.93   0.95 1.00 0.90 1.00 1.00 0.97   1.00 1.00 1.00 0.84 1.00 0.72 0.93   1.00 0.95 0.95 1.00 1.00 0.98   0.60 1.00 1.00 0.87   0.73 0.73 1.00 0.87 0.83   0.92   0.95 1.00 0.92 1.00 1.00 0.97   0.93 0.93 1.00 0.86 0.94 0.84 0.91   1.00 0.95 0.95 1.00 1.00 0.98   0.75 0.83 1.00 0.86   0.76 0.76 0.91 0.93 0.84   0.92
(b) Identifying SRAM part-number.
TABLE II: Accuracy, precision, recall, and score (at nominal temperature)

In Table II, we have presented the classification score for the part number identification, where the row represents the target part-number. Note that, represents the average classification score over the corresponding manufacturer, and the columns represents the average classification score over all manufacturers. Similar to Table II, rows 4–9 of table II represent two sets of , , and scores. Unlike manufacturer identification, the part-number classification score for some manufactures is not up to the mark; especially, the or the (and corresponding score) scores to identify a few part-numbers of IDT, REA, and AMI are unacceptably low (shown in red). Nevertheless, such low test scores can be explained from multiple perspectives. For example, the model used to classify manufacturers trained based on 40–60 samples per class; however, due to the extremely limited number of samples from each part-number (10 from each), it is harder to learn part-number classifiers. Besides, the differences among a few memory part-numbers, especially from IDT, REA, and AMI, are not well-understood from their electrical characteristics mentioned in the datasheets. For example, the only noticeable difference between IDT2 and IDT5 is how they are packed during shipping (tube/tray vs. tape/reel). Hence, these two part-numbers might be equivalent based on their electrical characteristics. Similarly, the following pair of the part-numbers- (IDT3, IDT6), (REA1, REA2), and (REA3, REA4) do not have any recognisable difference other than their packing method. Hence, to extract the perfect set of features to differentiate those chips (IDT2 vs. IDT5, IDT3 vs. IDT6, REA1 vs. REA2, and REA3 vs. REA4), we might require more detailed information about the chip characteristics. On the other hand, the IDT1 and IDT4 memory chips are only differed by the temperature grade, and possibly have only difference in their die packaging along with some minor fabrication imperfections [68]. Hence IDT1 and IDT4 may have very subtle differences due to the possible similarity in die architectural, layout, and systematic process variation. We found the similar problem for AMI1 and AMI2, which are also only differed by the temperature grade. Note that, the difference between IDT1 and IDT4 (or, between AMI1 and AMI2) might be still captured by using more train samples.

In Table III, we have also presented the summary result (only average test score) by changing the operating temperature of the test samples to C. The and last row of Table III represents the average score for the manufacturer and part-number detection (respectively) from all manufacturers. On the other hand, rows 3–7 represent the average score for part-number detection from the corresponding manufacturer and the row 8 represents the average score for part-number detection over all manufacturers. From Table II and III, it is apparent that our proposed technique is not very sensitive to temperature. The temperature insensitivity of our selected features is reasonable; previous work shows that varying C only changes the SRAM start-up data by % [69].

Classification
goal
 
  Target Class   Outlier
     

 

Manufacturer ()   0.97   0.93 0.94 0.93   0.99 0.98 0.98

 

Part-number
CY ()   0.97   0.93 0.96 0.93   0.99 0.97 0.98
IDT ()   0.81   0.54 0.47 0.43   0.90 0.88 0.88
ISSI ()   0.95   0.93 0.88 0.87   0.97 0.97 0.97
AMI ()   0.82   0.76 0.73 0.72   0.89 0.87 0.86
REA ()   0.73   0.58 0.55 0.48   0.85 0.78 0.81
  0.86   0.74 0.71 0.68   0.92 0.90 0.91
TABLE III: Arithmetic mean of accuracy, precision, recall, and score (at high temperature)

With the temperature increase, the average test score for manufacturer identification almost retain the same score as of the nominal temperature. However, the average part-number identification across all manufacturers is slightly degraded (presented in red in Table III); for example, the score to identify the target class reduced from 0.71 to 0.67 (presented in cyan in Table III). Especially, the SRAM chips from IDT and REA are affected most while we have increased the temperature. For IDT, the average score for part-number identification is reduced by 19% (0.53 to 0.43), and for REA, the score is degraded by 9%. For IDT and REA, we expected such results as the features associated with those part-numbers are very closely distributed (as explained in the previously). Hence, a slight thermal noise on start-up data impacted the corresponding classifiers heavily. Interestingly, the classification score improved by a little margin for AMI, although chips from AMI1 and AMI2 are closely located in feature-space (Fig. 5). With closer observation, we have found that the features from AMI1 impacted heavily at higher temperatures and shifted away from the AMI2, which provided a relatively better separation between AMI1 and AMI2. The temperature sensitivity of AMI1 is not surprising as AMI1 possesses a lower temperature grade than AMI2.

In Table II and III, we trained the classifier using only one entropy source (i.e., all features are extracted from start-up data at nominal voltage). Our proposed technique can be further improved if more features can be extracted from different entropy sources. For example, we collected three sets of start-up data at low voltage (3.0V), nominal voltage (3.3V), and high voltage (3.6V) from all IDT chips. Then, we only extracted feature , , , and from all of those three datasets and concatenated them in a single feature set (total 12 features). We trained ML models from train samples as we have done earlier and used the model to identify part-numbers from IDT. The outcome of the experiment was aligned with our expectation; The average score of part-number identification is improved to 0.6 from 0.53 (presented in cyan in Table III).

Iv-C Identifying Recycled Memory Chips

As we explained in Sec. III, the recycled (aged) and fresh (aged) SRAM chip can be distinguished by only observing the number of 1’s in start-up data [13]. As our method also uses the number of 1’s as a feature (), our method is more generalized. Moreover, identifying the recycled chips by observing the number of 1’s is only possible if the SRAM chips experience more logic “1” than the logic “0” (skewed data distribution). Although such a scenario is practical over the natural usage of the SRAM chips, we conducted an experiment without making the assumption of skewed data distribution.

(a) Cypress Semiconductor (CY)
(b) Integrated Device Technology (IDT)
Fig. 6: Visualizing feature distribution: fresh vs. aged.

Our experiment used the “accelerated aging” [2] method by continuously writing random bits on SRAM chips. In accelerated aging, we exposed the memory chips in high voltage (3.6V) and high temperature (C) for 1 hour and continuously wrote different random numbers (with the normal distribution of 0’s and 1’s). The temperature of the chip was controlled by a thermostream system [70]. We collected start-up data before and after the aging process and extracted features from them. The aging process is time-consuming, and we had limited access to the thermostream system; hence, we were only able to experiment with a limited number of chips. Our experiment used used 2 SRAM chips from each part-number of CY and IDT (10 CY chips and 12 from IDT). Although this small number of chips is not sufficient for the ML algorithm, our experiment demonstrates the impact of the aging process on features that are selected in Sec. III-C.

We presented the distribution of the features from fresh chips and aged chips in Fig. 6. Fig. 5(a) and 5(b) represent feature distribution for CY and IDT, respectively. Because of using random numbers (uniform distribution of 0’s and 1’s) to age the device, we have an unpredictable shift on the (number of 1’s) distribution, which is used in previously proposed method to identify recycled SRAM chips [13]. However, we observed some other features might be extremely useful even with the presence of the uniform data pattern. For example, the distribution of (number of noisy signature bits) always tends to shift towards 0. With sufficient aging, the distribution of from the fresh and aged chips will be completely separable. During the aging process with the random data pattern, the number of 0’s or 1’s experienced by each memory cell will be a normal distribution. Hence, some of the noisy signature bits (located at distribution tail) will experience more 0’s or 1’s than others. With the same argument presented in [13], we can argue that this will bias those noisy signature bits either toward “1” or “0” and reduce the total number of noisy signature bits (see Sec. III-A for details). Note that, even with the biased data pattern (dominate by “0” or “1”), the number of the noisy signature bits will also be reduced (noisy signature bits will achieve either stable “1” or “0”).

We also observe a shift in the distribution of other features. For example, now the compression ratio is closer to 1 (distribution of ). This is also understandable as the random distribution on the data pattern biased the SRAM cells randomly and randomizes the start-up data. However, this distribution might shift upward if the usage data pattern is biased towards either “0” or “1” (i.e., start-up data will have more “1” or “0” after usages). Hence, imposing a boundary condition on distribution might also be helpful to identify recycled SRAMs.

Iv-D Evaluation Time

Our proposed method is aimed to identify counterfeit memory chips from the consumer end (or at least start-up signature should be collected at consumers’ end (See Fig. 3)). Nevertheless, our proposed method can also be scaled up for bulk testing. A single FPGA or high-speed embedded system can be used to collect and analyze data for bulk testing purposes. The average access time for a Commercial off-the-shelf (COTS) SRAM is 15ns/word. Hence the total access time for a 4Mb (256K16) SRAM is 4ms (15ns256K). In our experiment, we have collected start-up data 20 times. Additionally, to avoid the discharge inversion effect, the sampling interval of 10s should be more than sufficient [62]. The inference time of the machine learning model is very negligible compared to the data collection process (order of s). Hence, the total time required to test an SRAM chips’ authenticity is 3min (1910s204ms), which is the time required for collecting the SRAM start-up data.

V Limitation and Future Work

Identifying memory manufacturer and part-number are useful for identifying many counterfeitings, which might be introduced at a different supply chain stage. However, our feature-based manufacturer and part-number detection technique will not be effective for overproduced memory chips introduced by a malicious foundry (i.e., the chip produced beyond the IP owner’s consent with original GDSII and package in the same foundry facility).

In our future work, we aim to explore more entropy sources robust across the temperature and voltage variation but sensitive to the usage. Additionally, ML model accuracy largely dependent on feature selection/extraction techniques; hence to improve our algorithm, we urge to explore more features. For instance, many well-known features that work well with the binary image classification

[71] might also be used extract features from binary memory signature.

Vi Conclusion

This article presents a non-invasive and low-cost technique to (i) identify the memory manufacturer and part-number and (ii) recycled SRAM chips without requiring any additional hardware. This proposed framework has potential to use for other volatile and nonvolatile memory chips and help stop spreading them in the supply chain. Finally, to train a more practical and accurate ML model, we need more train samples which might require an industry scale setup and crowd-sourcing.

References

  • [1] U. Guin et al., “Counterfeit integrated circuits: A rising threat in the global semiconductor supply chain,” Proceedings of the IEEE, vol. 102, no. 8, pp. 1207–1228, 2014.
  • [2] Z. Guo et al., “Scare: An sram-based countermeasure against ic recycling,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 26, no. 4, pp. 744–755, 2018.
  • [3] D. Forte and R. Chakraborty, “Counterfeit integrated circuits: Threats, detection, and avoidance,” in Conference on Cryptographic Hardware and Embedded Systems, 2018.
  • [4] C. Levin and J. McCain, “Senate armed services committee releases report on counterfeit electronic parts,” Senate Committee On Armed Services, 2012. [Online]. Available: www.armed-services.senate.gov/press-releases/senate-armed-services-committee-releases-report-on-counterfeit-electronic-parts
  • [5] J. Oberg, “Did bad memory chips down russia’s mars probe?” IEEE Spectrum, 2012. [Online]. Available: nssdc.gsfc.nasa.gov/nmc/spacecraft/display.action?id=2011-065A
  • [6] U. Congress, “Hr 5515–john s. mccain national defense authorization act for fiscal year 2019,” in 115th Congress, August, vol. 13, 2018. [Online]. Available: www.congress.gov/bill/115th-congress/house-bill/5515/text
  • [7] M. Hartzell, “Counterfeit parts have real consequences,” COMPUTERWORLD, 2012. [Online]. Available: www.computerworld.com/article/2473854
  • [8] Z. Guo, M. T. Rahman, M. M. Tehranipoor, and D. Forte, “A zero-cost approach to detect recycled soc chips using embedded sram,” in 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2016, pp. 191–196.
  • [9] K. Xiao et al., “Bit selection algorithm suitable for high-volume production of sram-puf,” in 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2014, pp. 101–106.
  • [10] X. Xu et al., “Reliable physical unclonable functions using data retention voltage of sram cells,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 6, pp. 903–914, 2015.
  • [11] U. Guin, D. DiMase, and M. Tehranipoor, “Counterfeit integrated circuits: Detection, avoidance, and the challenges ahead,” Journal of Electronic Testing, vol. 30, no. 1, pp. 9–23, 2014.
  • [12] M. Goetz and R. Varma, “Counterfeit electronic components identification: A case study,” I-Connect007, 2017. [Online]. Available: smt.iconnect007.com/article/105495
  • [13] U. Guin, W. Wang, C. Harper, and A. D. Singh, “Detecting recycled socs by exploiting aging induced biases in memory cells,” in 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2019, pp. 72–80.
  • [14] M. T. Rahman et al., “Csst: Preventing distribution of unlicensed and rejected ics by untrusted foundry and assembly,” in 2014 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2014, pp. 46–51.
  • [15] J. Rajendran, O. Sinanoglu, and R. Karri, “Is split manufacturing secure?” in 2013 Design, Automation Test in Europe Conference Exhibition (DATE), 2013, pp. 1259–1264.
  • [16] F. Koushanfar, G. Qu, and M. Potkonjak, “Intellectual property metering,” in International Workshop on Information Hiding.   Springer, 2001, pp. 81–95.
  • [17] N. E. C. Akkaya, B. Erbagci, and K. Mai, “Secure chip odometers using intentional controlled aging,” in 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2018, pp. 111–117.
  • [18] U. Guin, D. Forte, and M. Tehranipoor, “Design of accurate low-cost on-chip structures for protecting integrated circuits against recycling,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 24, no. 4, pp. 1233–1246, 2016.
  • [19] B. M. S. B. Talukder et al., “Towards the avoidance of counterfeit memory: Identifying the dram origin,” in 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2020, pp. 111–121.
  • [20] M. Cortez et al., “Modeling sram start-up behavior for physical unclonable functions,” in 2012 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2012, pp. 1–6.
  • [21] D. Mukherjee, H. K. Mondal, and B. Reddy, “Static noise margin analysis of sram cell for high speed application,” International Journal of Computer Science Issues (IJCSI), vol. 7, no. 5, p. 175, 2010.
  • [22] J. Kwon et al., “Heterogeneous sram cell sizing for low-power h.264 applications,” IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 59, no. 10, pp. 2275–2284, 2012.
  • [23] S. P. Park, K. Kang, and K. Roy, “Reliability implications of bias-temperature instability in digital ics,” IEEE Design Test of Computers, vol. 26, no. 6, pp. 8–17, 2009.
  • [24] A. Basak and S. Bhunia, “P-val: Antifuse-based package-level defense against counterfeit ics,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 35, no. 7, pp. 1067–1078, 2016.
  • [25] X. Wang et al., “Hardware trojan attack in embedded memory,” ACM Journal on Emerging Technologies in Computing Systems (JETC), vol. 17, no. 1, pp. 1–28, 2021.
  • [26] D. E. Holcomb, W. P. Burleson, and K. Fu, “Power-up sram state as an identifying fingerprint and source of true random numbers,” IEEE Transactions on Computers, vol. 58, no. 9, pp. 1198–1210, 2009.
  • [27] M. T. Rahman et al., “Systematic correlation and cell neighborhood analysis of sram puf for robust and unique key generation,” Journal of Hardware and Systems Security, vol. 1, no. 2, pp. 137–155, 2017.
  • [28] M. T. Rahman, D. Forte, J. Fahrny, and M. Tehranipoor, “Aro-puf: An aging-resistant ring oscillator puf design,” in 2014 Design, Automation Test in Europe Conference Exhibition (DATE), 2014, pp. 1–6.
  • [29] M. Bhargava, C. Cakir, and K. Mai, “Attack resistant sense amplifier based pufs (sa-puf) with deterministic and controllable reliability of puf responses,” in 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2010, pp. 106–111.
  • [30] X. Zhang and M. Tehranipoor, “Design of on-chip lightweight sensors for effective detection of recycled ics,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 22, no. 5, pp. 1016–1029, 2014.
  • [31] K. He, X. Huang, and S. X.-D. Tan, “Em-based on-chip aging sensor for detection and prevention of counterfeit and recycled ics,” in 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 2015, pp. 146–151.
  • [32] K. Huang, J. M. Carulli, and Y. Makris, “Counterfeit electronics: A rising threat in the semiconductor manufacturing industry,” in 2013 IEEE International Test Conference (ITC), 2013, pp. 1–4.
  • [33] Y. M. Alkabani and F. Koushanfar, “Active hardware metering for intellectual property protection and security,” in 16th USENIX Security Symposium (USENIX Security 07).   Boston, MA: USENIX Association, aug 2007.
  • [34] X. Zhang, N. Tuzzio, and M. Tehranipoor, “Identification of recovered ics using fingerprints from a light-weight on-chip sensor,” in DAC Design Automation Conference 2012, 2012, pp. 703–708.
  • [35] J. A. Hayward and J. Meraglia, “Dna marking and authentication: A unique, secure anti-counterfeiting program for the electronics industry,” in International Symposium on Microelectronics, vol. 2011, no. 1.   International Microelectronics Assembly and Packaging Society, 2011, p. 000.
  • [36] K. Elkhiyaoui, E.-O. Blass, and R. Molva, “Checker: On-site checking in rfid-based supply chains,” in Proceedings of the fifth ACM conference on security and privacy in wireless and mobile networks, 2012, pp. 173–184.
  • [37] M. N. Islam, V. C. Patii, and S. Kundu, “On ic traceability via blockchain,” in 2018 International Symposium on VLSI Design, Automation and Test (VLSI-DAT), 2018, pp. 1–4.
  • [38] J. Rajendran, M. Sam, O. Sinanoglu, and R. Karri, “Security analysis of integrated circuit camouflaging,” in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 2013, pp. 709–720.
  • [39] J. B. Wendt, F. Koushanfar, and M. Potkonjak, “Techniques for foundry identification,” in 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC), 2014, pp. 1–6.
  • [40] A. Ahmadi et al., “A machine learning approach to fab-of-origin attestation,” in 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 2016, pp. 1–6.
  • [41] R. L. Helinski et al., “Electronic forensic techniques for manufacturer attribution,” in 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2016, pp. 139–144.
  • [42] R. Rollini, J. Sampson, and P. Sivakumar, “Comparison on 6t, 5t and 4t sram cell using 22nm technology,” in 2017 IEEE International Conference on Electrical, Instrumentation and Communication Engineering (ICEICE), 2017, pp. 1–4.
  • [43] V. Asthana et al., “Circuit optimization of 4t, 6t, 8t, 10t sram bitcells in 28nm utbb fd-soi technology using back-gate bias control,” in 2013 Proceedings of the ESSCIRC (ESSCIRC), 2013, pp. 415–418.
  • [44] C.-T. Chuang et al., “High-performance sram in nanoscale cmos: Design challenges and techniques,” in 2007 IEEE International Workshop on Memory Technology, Design and Testing, 2007, pp. 4–12.
  • [45] L. Chang et al., “An 8t-sram for variability tolerance and low-voltage operation in high-performance caches,” IEEE Journal of Solid-State Circuits, vol. 43, no. 4, pp. 956–963, 2008.
  • [46] N. H. Weste and D. Harris, CMOS VLSI design: a circuits and systems perspective.   Pearson Education India, 2015.
  • [47] G. Apostolidis, D. Balobas, and N. Konofaos, “Design and simulation of 6t sram cell architectures in 32nm technology,” Journal of Engineering Science and Technology Review, vol. 9, no. 5, pp. 145–149, 2016.
  • [48] Y. Cao et al., “Design sensitivities to variability: extrapolations and assessments in nanometer vlsi,” in 15th Annual IEEE International ASIC/SOC Conference, 2002, pp. 411–415.
  • [49] K. J. Kuhn et al., “Process technology variation,” IEEE Transactions on Electron Devices, vol. 58, no. 8, pp. 2197–2208, 2011.
  • [50] M. Maniatakos, I. A. M. Elfadel, M. S. Reorda, H. F. Ugurdag, J. Monteiro, and R. Reis, VLSI-SoC: Opportunities and Challenges Beyond the Internet of Things.   Springer, 2019. [Online]. Available: www.springer.com/gp/book/9783030156626
  • [51] R. Khazaka, L. Mendizabal, D. Henry, and R. Hanna, “Survey of high-temperature reliability of power electronics packaging components,” IEEE Transactions on Power Electronics, vol. 30, no. 5, pp. 2456–2464, 2015.
  • [52] S. Masoumian et al., “Modeling static noise margin for finfet based sram pufs,” in 2020 IEEE European Test Symposium (ETS), 2020, pp. 1–6.
  • [53] D. Wei et al., “Nrc: A nibble remapping coding strategy for nand flash reliability extension,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 35, no. 11, pp. 1942–1946, 2016.
  • [54] Y. Shifman et al., “A method to improve reliability in a 65-nm sram puf array,” IEEE Solid-State Circuits Letters, vol. 1, no. 6, pp. 138–141, 2018.
  • [55] P. Deutsch and J.-L. Gailly, “Zlib compressed data format specification version 3.3,” RFC 1950, May, Tech. Rep., 1996. [Online]. Available: www.ietf.org/rfc/rfc1950.txt
  • [56] P. Ehlig and S. Pezzino, “Error detection in sram,” Nov 2017. [Online]. Available: www.ti.com/lit/an/spracc0a/spracc0a.pdf
  • [57] A. J. van de Goor and I. Schanstra, “Address and data scrambling: causes and impact on memory tests,” in Proceedings First IEEE International Workshop on Electronic Design, Test and Applications ’2002, 2002, pp. 128–136.
  • [58] M. T. Rahman and B. M. S. B. Talukder, “Systems and methods for identifying counterfeit memory,” Nov. 26 2020, US Patent App. 16/879,599.
  • [59] O. Sinanoglu et al., “Reconciling the ic test and security dichotomy,” in 2013 18th IEEE European Test Symposium (ETS), 2013, pp. 1–6.
  • [60]

    K. Huang, J. M. Carulli, and Y. Makris, “Parametric counterfeit ic detection via support vector machines,” in

    2012 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2012, pp. 7–12.
  • [61] Arduino Due, Arduino. [Online]. Available: store.arduino.cc/usa/due
  • [62] Z. Liao, G. T. Amariucai, R. K. W. Wong, and Y. Guan, “The impact of discharge inversion effect on learning sram power-up statistics,” in 2017 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), 2017, pp. 31–36.
  • [63] P. V. D. Putten and M. V. Someren, “A bias-variance analysis of a real world learning problem: The coil challenge 2000,” Machine learning, vol. 57, no. 1, pp. 177–195, 2004.
  • [64] T. Hastie, R. Tibshirani, and J. Friedman, The elements of statistical learning: data mining, inference, and prediction.   Springer Science & Business Media, 2009.
  • [65] G. Baudat and F. Anouar, “Generalized discriminant analysis using a kernel approach,” Neural computation, vol. 12, no. 10, pp. 2385–2404, 2000.
  • [66] T. G. Dietterichl, “Ensemble learning,” in The Handbook of Brain Theory and Neural Networks, M. Arbib, Ed.   MIT Press, 2002, pp. 405–408.
  • [67] S. Yılmaz Isıkhan, E. Karabulut, and C. R. Alpar, “Determining cutoff point of ensemble trees based on sample size in predicting clinical dose with dna microarray data,” Computational and mathematical methods in medicine, 2016.
  • [68] R. Mishra, M. Keimasi, and D. Das, “The temperature ratings of electronic parts,” Electronics Cooling, vol. 10, no. 1, p. 20, 2004.
  • [69] C. Premalatha, K. Sarika, and P. M. Kannan, “A comparative analysis of 6t, 7t, 8t and 9t sram cells in 90nm technology,” in 2015 IEEE International Conference on Electrical, Computer and Communication Technologies (ICECCT), 2015, pp. 1–5.
  • [70] ATS-605 Thermostream, Temptronic ThermoStream. [Online]. Available: www.intestthermal.com/temptronic/thermostream
  • [71] A. Humeau-Heurtier, “Texture feature extraction methods: A survey,” IEEE Access, vol. 7, pp. 8975–9000, 2019.