By: Hossein Miri Lavasani (Case Western Reserve University) and Soumyajit Mandal (University of Florida)
Stage: IC Fabrication
Summary
DHIT (Defense of High-Speed Transceivers) uses waveform-level analog obfuscation to provide additional protection to ultra-high-speed I/O pins. DHIT uses a modified JTAG architecture for I/O encryption. It consists of two main components: (1) a key management unit (KMU) integrated within the test access port (TAP); and (2) decryption/encryption modules (which implement stream ciphers) integrated within the I/O pins. The KMU ensures (1) secure inter-chip communication; (2) key synchronization between multiple ICs; and (3) generation of keys. The KMU is implemented by modifying the TAP controller states specified by JTAG: by having certain states represent key bits, we can transition between different states in a certain order to securely transmit the key. Since a stream cipher is only secure if the key used for encryption constantly changes, the KMU constantly generates new keys, encodes/decodes the TAP states, and synchronizes them across chips. For this purpose, a seeding key is (1) securely generated on a sender chip using a physical unclonable function (PUF), and (2) synchronized with the receiver chips on start-up using key encoder/decoder modules within the modified TAP controllers. The encryption module for DHIT implements a stream cipher for each high-speed I/O pin by taking advantage of the physical time delay of the board-level link.
Contact
Soumyajit Mandal and Hossein Miri Lavasani
Input/Output Interface
- Input: Set of high-speed I/O pins
- Output: Modified high-speed I/O pins with encrypted transceivers
Dependencies
Cadence Virtuoso (for both schematic and layout)
Licensing Info
Open source
References
A Capacitively Coupled, Pseudo Return-to-Zero Input, Latched-Bias Data Receiver Journal Article
In: IEEE Journal of Solid-State Circuits, vol. 53, no. 9, pp. 2500-2511, 2018, ISSN: 1558-173X.