SACCI: Scan-Based Characterization Through Clock Phase Sweep for Counterfeit Chip Detection

Counterfeit chips in a supply chain have emerged as a major security concern in the semiconductor industry with serious potential consequences (such as performance degradation, revenue, and reputation loss). With rising incidences of this attack, wide-spread effort has been made in both industry and academia to develop effective countermeasures. However, existing solutions to protect against these attacks suffer from both robustness issue (in terms of detecting chips with minor functional/structural deviations) as well as design/area overhead and test cost. In addition, they cannot reliably detect different forms of cloning attacks. In this paper, we propose a novel characterization method to identify counterfeit chips - in particular, the cloned ones - based on extraction of scan path delay signatures of a chip. It uses the scan chain, a prevalent design-for-testability structure, to create a robust authentication signature. The proposed approach has two major advantages: 1) it comes at virtually zero design and hardware overhead, since it does not require any additional embedded structure; and 2) it alleviates the design house from characterizing each manufactured chip instance, thus mitigating test cost. In addition, a novel and practical method based on clock phase sweep is proposed to measure delay of short scan paths with high resolution. Using Monte Carlo simulation on the layouts of two ISCAS-89 benchmarks at 45-nm CMOS process, we observe that over 99% of counterfeit chips can be reliably identified even under large process variations. Effectiveness of the approach is also validated with delay measurements in field programmable gate array chips.