Electrical & Computer Engineering Theses and Dissertations

Permanent URI for this collectionhttp://hdl.handle.net/1903/2765

Browse

Filters

2021 - 20222

Settings

Subject: search.filters.subject.Integrated Circuit

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Intellectual Property Protection: From Integrated Circuits to Machine Learning Models
    (2022) Aramoon, Omid; Qu, Gang; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    The increasing popularity of intellectual property (IP) based design in the semiconductor and artificial intelligence (AI) industry has created a growing market for silicon and machine learning (ML) IPs. The emerging IP market in both sectors has facilitated the exchange of designs and ideas among entities, which in turn has helped speed up innovations, lower R&D costs, and shorten the time-to-market for new products. Nonetheless, two major concerns have been raised in the IP market that may overshadow these benefits and, consequently, discourage suppliers (IP vendors) and consumers (IP buyers) from entering the IP market. First, there is the issue of IP infringements, which negatively impact IP vendors. Given that IPs can easily be copied and distributed, sharing them with other entities in a market environment increases the risk of IP theft and copyright violations. Such infringements would erode the profit margins of IP vendors and discourage them from investing in further IP development. The second issue pertains to IP buyers, who are primarily concerned about how using third-party IPs might impact the safety and security (S&S) of their systems. Many real-world applications require designers to provide S&S assurance for their products. However, this becomes challenging for systems that make use of third-party IPs since IP buyers often lack the necessary knowledge about the core design features of commercial IPs to devise effective S&S measures. In this thesis, our goal is to develop technical solutions to address these two concerns in order to promote participation in the semiconductor and AI IP markets and thereby stimulate faster growth in both sectors. The first part of this thesis is dedicated to addressing vendors' concerns regarding IP infringements by proposing IP watermarking and IP fingerprinting solutions. Protecting IPs through legal means is passive and ineffective unless forensic means such as IP watermarking and IP fingerprinting are available to assist vendors in establishing ownership over pirated IPs and identifying the source of infringement. In this direction, we make four contributions: (1) Our first contribution is a dynamic watermarking scheme for silicon IPs that relies on the multi-functionality of polymorphic gates to hide ownership information in circuits. With the proposed watermarking method, the circuit functions as expected at normal operating temperature; however, when the circuit is heated, the hidden behavior of polymorphic gates is activated and the circuit's functionality changes to reveal the watermark. Experiment results demonstrate that our scheme can embed large multi-bit signatures while incurring low overhead in terms of performance, area, and power consumption. (2) The second contribution is a black-box watermarking method for ML IPs, particularly deep neural network (DNN) classifiers, which we call GradSigns. The proposed scheme embeds the ownership information as a set of stego-constraints on the gradients of model components. Our experiments suggest that GradSigns is extremely robust to counter-watermark attacks and is capable of embedding large multi-bit signatures without sacrificing the performance of the model, two properties that were lacking in the prior art. (3) The third contribution is a fingerprinting scheme for silicon IPs that replaces standard cells holding “Satisfiability Don’t Care” (SDC) conditions with signal-controlled polymorphic gates. With the proposed approach, each copy of the IP and its corresponding buyer can be identified based on the configuration of the polymorphic gates, i.e. the IP fingerprint. This attribute can help vendors trace the source of IP piracy if needed. Experiments demonstrate that our method can provide sufficiently strong fingerprints with about half the overhead of similar methods. (4) The fourth and final contribution in this direction is a fingerprinting technique where the standard testing infrastructure in system-on-chips (SoCs) design is repurposed to create unique fingerprints. To this end, we adopt the reconfigurable scan network (RSN) in SoCs and develop a fingerprinting protocol that configures a unique RSN for each sold copy by utilizing different connection styles between scan cells. Experiments show that the proposed method is capable of creating a large number of distinct fingerprints while incurring little overhead. The second part of this thesis is dedicated to addressing IP buyers’ concerns regarding the security and safety risks of using third-party IPs, with an emphasis on ML IPs. Commercial models are primarily marketed as black box oracles to reduce the risk of IP infringements. However, having little knowledge about the design details of commercial models can complicate IP buyers’ efforts in addressing various S&S threats that may arise in real-world applications of ML. In this thesis, we specifically discuss two of such concerns, namely (a) inaccuracy and overconfidence of DNN classifiers in the presence of anomalous inputs, and (b) the threat from model tampering (or model integrity) attacks, and explain why existing countermeasures aren't applicable to black-box commercial DNNs. The following two contributions are made to address this shortcoming: (1) Our first contribution is a tamper detection technique, called AID (Attesting the Integrity of DNNs). The proposed method generates a set of input-output test cases that can reveal whether a model has been tampered with. AID does not require access to parameters of models and thus is compatible with black-box commercial DNNs. Experimental results show that AID is highly effective and reliable, in that, with at most four test cases, AID is able to detect eight representative integrity attacks with zero false-positive. (2) The second contribution in this direction is PAD-Lock, a Power side-channel-based Anomaly Detection framework for black-box DNN classifiers. The proposed method uses the power side-channel information during DNN inference operation as a proxy for the model's inner computation and discovers patterns that can be used to detect anomalous inputs such as adversarial and out-of-distribution samples based on this information. Upon preliminary examination, PAD-Lock appears to be a practical and effective framework for detecting anomalies in black-box commercial DNNs. In summary, the methods presented in this dissertation fortify the protection of semiconductor and ML IPs against IP infringement activities and assist IP buyers in ensuring the safety and security of systems containing commercial IPs. We believe these technical solutions constitute a major step toward addressing concerns raised in the semiconductor and AI IP markets, and will ultimately encourage more entities to participate in both markets.
  • Thumbnail Image
    Item
    THERMAL CHARACTERIZATION and FEEDBACK DRIVER CIRCUIT DESIGN of INTEGRATED 2D NANOPHOTONIC PHASED ARRAYS for VR and LIDAR APPLICATIONS
    (2021) Huang, Po-Chun; Peckerar, Martin; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Nanophotonic phased array (NPA) technology has been an active topic of research for many years. This is due to its widespread applicability in the emerging fields of virtual reality (VR) and light detection and ranging (LIDAR). This thesis describes an integrated NPA system consisting of an optical phased array and its electrical driver circuit. These two components are realized in two separate “chips”: an optical chip (OC) for generating and routing light; and, a “motherboard chip” (MB) for creating the current drivers for the individual elements of the array. The driver circuit sources voltage or current to modulate the phase or amplitude (or both) of the optical output beams of each unit in the phased array. The output beams interfere with each other either constructively or destructively in such a way as to replicate the light field of a portrayed scene (forming a VR image) or to form a steerable beam (LIDAR). This dissertation centers on the realization of a scalable thermo-optic based NPA system. The thermo-optic based system changes the phase of the output beam emerging from an individual emitter by locally heating the optical path through which the beam emerges from the array. To realize a large NPA system with pixel-level independent phase control, the size of a driver circuit unit must be matched to the size of the individual phased array element, or pixel. This must be accomplished, while at the same time avoiding interconnection congestion issues. This poses a critical design challenge for the driver circuit limiting its functionality. Also, a large amount of heat is generated in the thermo-optic system. Unintentional spreading of this heat through the array (known as proximity effect) not only introduces phase errors across the array, but it also causes reliability issues in the densely integrated electronic elements of the array. To overcome these issues, my thesis was divided into the following tasks.First, I conducted a comprehensive simulation based thermal study of our proposed integrated NPA system using the COMSOL finite element method (FEM) solver. The study includes detailed single pixel simulations characterizing the thermo-electrical properties of the system. This helped guide the driver circuit design. It further enabled small array simulation for quantifying thermal spread blurring (proximity effect) and phase errors. The thesis includes transient simulations to show the response speed of the system. I show that our system requires less than 50 µs to reach a target temperature. I introduce a model simplification method to reduce the computation resource requirement of system-level simulations. These calculations tell us how large the array can be without incurring thermal damage. This thesis further discloses a unique broken-loop feedback control system to achieve pixel-level temperature regulation for phase error minimization. The control system uses an integrated thin-film thermocouple/heater device to sense the temperature feedback signal and to source a current for providing the required phase shift. This device requires but a single contact post between each phase array pixel and its control circuit. In this way, the OC and the MB chips can be integrated by most available flip-chip bonding technologies. Two design implementations of the driver circuit sourcing 4.8 mW per pixel from a 2.5 V supply voltage are provided. One design can be realized in an area of 15 µm x 15 µm per pixel with pixel-level independent phase control using the TSMC 65 nm technology node. This exactly matches the size of the NPA pixel. The other design can meet the same area constraint using a more advanced technology node. This thesis also provides an experimental characterization of the driver circuit designed and fabricated on the TSMC foundry’s 65nm product line. Experimental results of characterizing each component of the driver circuit are provided. The broken-loop feedback control method was electrically evaluated independent of the optical system by using a resistor to generate a simulated feedback signal. The circuit achieves a maximum 3.6% (0.07π) and average 1% (0.02 π) introduced by a ±20% variation of the load resistance. I provide a comparison of the performance of both VR image quality and LIDAR steering accuracy using either the direct control method or our broken loop feedback control method. This was done using the structure similarity index (SSIM) method. This method ranks image quality in a range from 0 to 1 (0 the poorest image and 1 the best image.) On average, the images studied improved their SSIM index from 0.45 to 0.9 using the broken-loop method. In beam steering, our feedback control method achieves less than 0.05° angle deviation and constant main beam intensity as compared to a 0.9° angle deviation and more than 90% reduction in main beam intensity using direct control. This demonstrates that our feed-back controlled driver circuit is essential for NPA systems to achieve high performance.