The Internet of Things (IoT) is expected to connect our physical world with billions of sensors and actuators, transforming the way we live and work, as well as creating enormous business markets. Security and privacy are seen as the most critical challenges to IoT growth in the future. Because of the severe energy and cost constraints as well as physical exposure of the IoT devices, software-only security cannot meet the performance demands and faces a variety of new threats targeting hardware, such as cache attacks, side-channel attacks, and semiconductor supply chain attacks. Therefore, to meet the unique challenges of IoT security, hardware designs are in strong demand to complement software defenses for providing efficient roots of trust, cryptographic acceleration, and resistance against physical attacks.
In this talk, I will present integrated circuit designs for IoT security defenses and attacks, which cross analog and digital domains and incorporate system considerations. I will first introduce robust and portable true random number generators (TRNG) and physically unclonable functions (PUF) as roots of trusts for key generation and storage. Several of the designs employ commonly avoided higher order harmonics in multi-mode oscillators as entropy sources. Then, energy-efficient and programmable cryptographic engines will be described as another fundamental block to support secure IoT system. In addition to designing security primitives, I will also unveil the vulnerabilities of integrated circuits with a hardware Trojan attack leveraging analog behaviors of processors, which represents the first fabrication-time hardware attack that is small, stealthy, and attacker controllable.