Design techniques for safe, reliable, and trustworthy analog circuits
Is Version Of
Electrical and Computer Engineering
Rapid developments in communication, automation, and smart technologies continue to drive the trend of increasingly large-scale integration of electronics. The number of ICs embedded in various systems continues to rise to realize more sophisticated functions and capabilities, and as a result we rely more and more on the smooth, safe, and secure operation of ICs. Quality assurance of ICs is of paramount importance in critical missions because faults can incur heavy consequences. To ensure reliability, IC designs undergo a thorough verification process prior to fabrication and comprehensive testing and measurements before distribution. These steps provide confidence in parts shortly after their deployment into operation. Many critical ICs also embed functions to detect abnormal or faulty behavior in the field and add another layer of safety to the operation. The methodology for creating these built-in self-tests (BISTs) for digital circuits is fairly mature, yet analog and mixed signal (AMS) circuits still present a significant challenge for verification and testing. The development of in-field tests for AMS circuits is relatively new. Part of the difficulty is the many constraints that define satisfactory function. Complicated signal generators and observers are usually required to stimulate the circuit and measure its response in order to accurately determine if it meets specifications. These are available in a production test environment in the form of external equipment, but the amount of hardware, power, and other resources required for these tests make it impractical for in-field operation. To address this issue, some simple, low-resource test circuits have been developed to test some fundamental AMS blocks. The test results allow one to infer faulty behavior of circuit rather than explicitly confirming specifications are not met, which makes the design of test inputs and observers significantly easier. These test circuits use simple analog-digital interfaces which aid the integration of the designs into existing digital test architectures. The AMS test circuits were implemented on a PCB to demonstrate their feasibility. For ICs targeting high reliability, the parts are designed such that the probability of a fault occurring is extremely low, at least for a time. BISTs for in-field testing are intended to detect faults originating from a single source because of a defect or some other unpredictable event. But every IC will reach a time when devices start to fail independently of each other because of normal wear from use. The physical mechanisms causing transistor degradation, called transistor aging, have a predictable trend for a given history of use. On-chip monitors that track device aging over the life of a part can provide warnings before widespread failure occurs and allow confident operation of IC right up to its effective end of life (EOL). A bias and temperature instability (BTI) monitor was designed to estimate the evolving probability of BTI degradation in a device or devices during its operation. In addition to the chance of random failures in critical ICs, designers and customers must also concern themselves with intentionally induced failures. The important role these parts play in their respective systems makes them potential targets of attack by third parties whose goal is contrary to the parts’ primary missions. One potential class of threats is the hardware Trojan horse, a hidden and malicious function physically embedded in the design. These are high- risk/high-reward attacks because insertion of the Trojan is generally considered difficult but successful activation is potentially devastating. Much research and resources have been dedicated to developing threat models, identifying potential means of insertion and operation, and detection of Trojans during production tests. However, these efforts are almost entirely focused on the security of digital circuits while threats to AMS circuits have been ignored. One of the main reasons for this is the inherent sensitivity of AMS circuits, which leads to the assumption that any tampering would be obvious. This assumption falls short when a well- known problem in AMS circuit design is considered: multi-stable operation. A definitive taxonomy of this sub-class of hardware Trojans was constructed to complement existing definitions and efforts on Trojan classification. An example of an AMS circuit with such a Trojan is provided to validate the threat this class of Trojans poses.