True random number generators (TRNGs) are needed in cryptography for key generation, in challenge response authentication procedures and for countermeasures against power analysis attacks. Such true randomness requires to utilise random physical hardware effects. It is the goal to make the TRNG usable for different semi-conductor technologies (including field programmable gate arrays (FPGAs)). This approach is based on ring oscillators with multiple taps in combination with a simple post processing by exclusive OR antivalence (XOR) compression. Verifications with a test chip and several FPGA implementations showed that standard digital library elements and the digital design flow can be used without any constraints for compilation and special layout rules. A proper choice of sampling frequency and compression coefficient ensures a random output with extremely low bias for different technologies which can be checked on-line easily. It was shown that for passing the on-line test with a given bias limit the generated random data passes the statistical tests.

Hardware Trojans (HTs) are an emerging threat for integrated circuits integrity and their applications. Trying to find efficient HT detection methods is necessary. However, before detecting them, HTs need to be created with an efficient method and their effects need to be understood. There are very few studies which describe HTs implementation methods and the methods used are not convenient for systematic study of HTs effects. The Trust-Hub website, known for hardware security in general, had published a full HT implementation tutorial, which is not completely satisfying. This study proposes a stealthy and reusable HT implementation method on field programmable gate arrays at the layout level adapted for the study of different HTs with the same non-infected circuit. Created for a systematic study of the effects brought by different HTs, the proposed approach allows designers to insert stealthy HTs inside the same circuit in order to create different realistic infected circuits. HTs implementation results on an advance encryption standard system and detection experiments based on side-channel are also presented in this study. The implementation method the authors propose can be used with scripts in order to accelerate the insertions of HTs variants.

Security has been identified as a critical dimension in the design of embedded systems for almost a decade. A well-recognised critical threat against the security of embedded systems is represented by ‘side-channel attacks (SCAs)’, which mandate the application of specially tailored countermeasures. These countermeasures are significantly demanding in terms of computation effort, and have traditionally been applied by hand. The recent introduction of a methodology to gauge the security margins provided by software cipher implementations, allows the integration of the automated application of countermeasures into platform-based system-level design methodologies. The authors introduce in the design space of block cipher implementations a new metric concerning the resistance against SCAs, provide a systematic method for the selection of the most appropriate cipher given the security and performance trade-offs, and point out the performance requirements for the random number generator. Moreover, they discuss the implications of the design space extension on system runtime adaptivity. The experimental evaluation demonstrates that a single cipher does not cover optimally a range of convenient operating points and that ciphers like a Serpent, which are considered slow in non-protected implementations, can outperform primitives like the Advanced Encryption Standard when implementations with equal security guarantees against SCAs are considered.

More and more manufacturers outsource parts of the design and fabrication of integrated circuits (ICs) for cost reduction. Recent publications show that such outsourcing can pose serious threats to governments and corporations, as they lose control of the development process. Until now, the threat of hardware Trojans is mostly considered during fabrication. Third party intellectual properties (IPs) are also gaining importance as companies wish to reduce costs and shorten the time-to-market. Through this study, the authors argue that the threat of Trojans is spread throughout the whole IC development chain. They give a survey of both hardware Trojan insertion possibilities and detection techniques. Furthermore, they identify the key vulnerabilities at each stage of IC development and describe costs of hardware Trojan insertion and detection. This way, the threat level based on feasibility of Trojan insertion and the practicability of Trojan detection techniques is evaluated. Lately, detection techniques address the issue of including third party IP. However, those techniques are not sufficient and need more research to effectively protect the design. In this way, the authors’ analysis provides a solid base to identify the issues during IC development, which should be addressed with higher priority by all entities involved in the IC development.

This study reviews the current situation regarding design protection in the microelectronics industry. Over the past 10 years, the designers of integrated circuits (IC) and intellectual properties (IP) have faced increasing threats including counterfeiting, reverse-engineering and theft. This is now a critical issue for the microelectronics industry, mainly for fabless designers and IP designers. Coupled with increasing pressure to decrease the cost and increase the performance of ICs, the design of a secure, efficient, lightweight protection scheme for design data is a serious challenge for the hardware security community. However, several published works propose different ways to protect design data including functional locking, hardware obfuscation and IC/IP identification. This study presents a survey of academic research on the protection of design data. It concludes with the need to design an efficient protection scheme based on several properties.

Within-die variations in path delays are increasing with scaling. Although higher levels of within-die delay variations are undesirable from a design perspective, they represent a rich source of entropy for applications that make use of ‘secrets’, such as authentication, hardware metering and encryption. Physical unclonable functions or PUFs are a class of circuit primitives that leverage within-die variations as a means of generating random bitstrings for these types of applications. In this study, the authors present test chip results of a hardware-embedded delay PUF (HELP) that extracts entropy from the stability characteristics and within-die variations in path delays. HELP obtains accurate measurements of path delays within core logic macros using an embedded test structure called regional delay behaviour (REBEL). REBEL provides capabilities similar to an off-chip logic analyser, and allows very fast analysis of the temporal behaviour of signals emerging from paths in a core logic macro. Statistical characteristics related to the randomness, reproducibility and uniqueness of the bitstrings produced by HELP are evaluated across industrial-level temperature and supply voltage variations.

Field-programmable gate array (FPGA) reconfigurability creates the possibility of distributing hardware cores pretty much like software digital contents, possibly on payment or on a subscription basis. In this work, the authors propose an infrastructure for the secure distribution of such hardware digital contents (HDCs). Aimed at the practical realisation of the envisioned scenario, this study analyses the security-related features of the current FPGA devices, for example, (partial) bitstream encryption, and takes them as the underlying constraints for the definition of the infrastructure. This work clearly identifies the roles involved in the secure distribution process, including a trusted third-party entity, and introduces a cryptographic protocol ensuring the confidentiality and the trustworthiness of partial bitstreams dynamically downloaded to the user's device. This study also presents a detailed case-study application scenario, namely the secure distribution of image codec components, providing a few quantitative results and demonstrating the limited overhead incurred by the proposed solution in terms of time and area costs. The conclusive section of this study discusses the lesson learned from this work and draws a few proposals for the evolution of security-related FPGA features which may enable the full realisation of the secure HDC distribution concept.