This disclosure relates generally to printed circuit board authentication, such as for protecting printed circuit boards against counterfeiting.
A printed circuit board (PCB) mechanically supports and electrically connects electronic components using conductive tracks, pads and other features etched from copper sheets laminated onto a non-conductive substrate. PCBs can be single sided (one copper layer), double sided (two copper layers) or multi-layer. PCBs may be populated with components, such as capacitors, resistors or active devices (e.g., integrated circuit chips) attached to or embedded in the substrate.
The increasingly complex global semiconductor supply chain, spanning different countries and their legal systems to meet the ever-rising demand, provides ample opportunities for adversaries to insert counterfeit chips in the market. Prior to actual deployment, an IC is often bought and resold many times. Purchasers rely on brokers, who in turn may buy from untrustworthy entities including online forums.
This disclosure relates generally to printed circuit board authentication and counterfeit detection.
As one example, a method for authenticating a printed circuit board (PCB) includes measuring electrical parameters for each of a plurality of paths of the PCB. The method also includes determining values based on the measured electrical parameters for each of the plurality of paths of the PCB. The method also includes generating a signature for the PCB based on at least a portion of the determined values to uniquely identify the PCB.
As another example, a method includes, for a plurality of paths of a printed circuit board (PCB), selecting one of the plurality of paths of the PCB, connecting a pair of probes to spaced apart electrical conductors corresponding to the selected path, using the connected probes to measure electrical impedance for the selected path, and determining a value for the selected path based on the measured electrical impedance. The method also includes generating a signature based on at least a portion of the determined values for the plurality of paths to uniquely identify the PCB and storing the generated signature.
As yet another example, a method includes providing a populated printed circuit board (PCB) that includes a plurality of Joint Test Action Group (JTAG) compliant components mounted to the PCB. The PCB includes a plurality of electrically conductive paths between boundary scan cells within at least some of the components and paths connected between different ones of the components. The method also includes connecting a test probe to a JTAG port on the PCB. The method also includes measuring a temporal parameter for each of a plurality of paths based on signals detected at the JTAG port via the test probe. The method also includes generating a signature based on the measured temporal parameters for a selected set of the plurality of paths to uniquely identify the PCB.
a) is a side elevation depicting an example of a schematic of measurement setup for a PCB.
b) depicts an example of a measurement setup.
a) and 5(b) illustrate examples of inter-PCB hamming distance (HD) and intra-PCB HD that can be generated.
a) and 6(b) illustrate examples of inter-PCB HD and intra PCB HD for a different setup.
a) depicts an example of a JTAG based boundary scan architecture in a PCB that can be employed for PCB authentication.
b) depicts an example of a structure of a boundary scan cell.
a) illustrates an example of the connection of BSCs in state ‘SHIFT DR’.
b) illustrates an example creating a clock pulse with period tmeas for scan path delay measurements.
a) illustrates an example architecture of the proposed PSDM unit for BSC path delay characterization.
b) illustrates an example of clock generation procedure for PSDM.
This disclosure relates to authentication for printed circuit boards (PCBs), such as can be implemented to help reduce counterfeiting of PCBs. The authentication can be implemented as including a method, system and/or as machine readable instructions. As disclosed herein, the approach can be implemented by any number of PCB manufacturers or their associates to generate unique signatures to identify PCBs. The unique signature for each PCB can be generated based on measured electrical characteristics for a selected sequence of electrical paths in each respective PCB. The signatures can be stored in one or more databases, which are accessible to authorized users (e.g., via secure logon). Another entity in a supply chain for the PCB or devices utilizing such PCB as well as end users of such PCB or devices can measure electrical characteristics for the PCB (e.g., for the same sequence of paths) and generate a signature based on such measurements to evaluate the authenticity of the PCB. For example, if the generated signature matches (e.g., within a sufficient statistical certainty) a predetermined signature provided by the PCB manufacturers or another trusted source (e.g., stored in a database), the PCB can be categorized as authentic. If the user-generated signature does not match a predetermined signature, the PCB can be categorized as counterfeit.
As one example, a signature for a given PCB can be generated based on impedance measurements obtained from a plurality of electrically conductive traces of the given PCB. Since the impedance of the traces in the PCB vary for each PCB according to intrinsic properties and manufacturing process variations, the impedance measurements can individually as well as collectively correspond to physically unclonable functions (PUF) not practically reproducible by counterfeiters. The measurements can be made by readily available test equipment, such as including multimeter or ohm-meter, for example. A set of paths can be selected such that the same set of paths can used for generating signatures for subsequent authentication. The probes of the test system can be connected to electrical conductors to enable measuring the impedance of a given one of the selected paths. The probe placement and measurements can be done manually, semi-automatically or fully automatically by the test system. The measurements for the selected paths can also be made in a predefined sequence of measurements for generating the signature for the PCB. A value for each selected path can be determined based on the measured electrical impedance for each such path. A corresponding signature can be generated based on at least a portion of the determined impedance values for the plurality of paths to uniquely identify the PCB.
As another example, a signature for a given PCB can be generated based on time delay measurements for signals to propagate through a plurality of paths of the given PCB. For instance, the PCB can include a plurality of Joint Test Action Group (JTAG) compliant components mounted to the PCB configured to perform boundary-scan operations, thereby making the PCB itself JTAG compliant. As used herein, JTAG compliant can refer to the integrated circuit technologies that comply with the IEEE's standard entitled Boundary Scan Architecture—Standard Test Access and Boundary Scan Architecture WG P1149.1. Examples of such technologies are available from JTAG Technologies Inc. of Stevensville, Md.
The PCB thus can include a plurality of electrically conductive paths between boundary scan cells within JTAG compliant components as well as electrically conductive paths connected between different components. The various paths can be accessible by connecting a test probe to a JTAG port of the PCB. The test probe can be used to measure a temporal parameter for a plurality of the paths based on signals detected at the JTAG port. For example, the temporal parameter can be a time delay for signals to propagate through a respective path. A corresponding signature can be generated based on the temporal parameters for a selected set of the plurality of paths to uniquely identify the PCB. As in the previous example, the signature can be evaluated to determine the authenticity of the PCB. In some cases, multiple approaches disclosed herein can be combined to generate a signature based on a selected set of impedance values and temporal parameters.
At 110 to select a given path which extends between respective endpoints. As such, a collection of these paths selected at 110 can be utilized to generate a signature for uniquely identifying a PCB. For instance, the electrical properties or characteristics that are measured for each of the paths (at 130) can represent physical unclonable functions (PUF) for the PCB. As disclosed herein, the paths selected at 110 can each have corresponding electrical parameters or characteristics that depend on process variations and/or intrinsic properties of the particular materials utilized in the corresponding manufacturing process implemented by the manufacturer of such PCB.
At 120, one or more connections can be made to the PCB. For example, a test system can include probes that physically connect with electrical conductors on the PCB such as disclosed herein. The connection can be a manual connection performed by a person and/or automatically by a robot. At 130, an electrical parameter or parameters can be measured for a selected path of the PCB based upon the connection at 120. As an example, the electrical parameter can include impedance (e.g., resistance, capacitance and/or inductance), voltage, current as well as temporal parameters, such as timing and propagation of signals as an example. The measured electrical parameters for the selected path can be stored in memory accessible by the test system for subsequent processing, as disclosed herein.
As used herein, a path can include one or more electrical traces on the PCB, which may extend along a single layer or pass through multiple layers. Additionally or alternatively, a given path can also correspond to a path within an integrated circuit chip and/or other components that are mounted to the PCB. As an example, a path can include a path between boundary scan cells for a JTAG compliant device, which can be accessed via a JTAG test and programming port (TAP).
At 140, a determination can be made as to whether any additional paths in the selected paths 110 exist for obtaining measurements. As mentioned, the set of paths can be preselected so that measurements are obtained for a predetermined set of paths, which measurements may be acquired in a predefined sequence. If the determination is positive (YES), indicating that additional paths exists, the method can proceed to 150 in which the next path is identified. From 150 the method can return to 120 in which a connection can be made to the PCB corresponding to the next path that is identified at 150. In other examples, such as where the existing connection to the PCB at 120 is sufficiently configured to obtain information about the next path without reconnecting to the PCB, the method can proceed from 150 to 130 without physically modifying the connection to the PCB. An example where such connection can be sufficient is where the connection is made to a JTAG TAP interface of the PCB.
The method thus can loop between 120 and 150 for each of the plurality of selected paths to acquire measurements from the PCB. It is to be understood and appreciated that the order in which the selected paths are measured can be a predetermined sequence of such paths. After the measurements have been made for the entire set of selected paths, at 140, upon the determination indicating that no additional paths exist, the method can proceed to 160.
At 160 path values can be determined. In some examples, each of the path values determined at 160 can be determined for a single respective one of paths. Additionally or alternatively, some of the path values can correspond to an aggregate path value computed based on measurements for two or more paths. For example, a given path value can be computed as a difference (or another mathematical and/or combinatorial function) between measurements for adjacent paths according to a sequence in which the respective measurements at 130 are made. The path values can correspond to digitized values of the measured parameters at 130, such as can be normalized to a predefined scale. For example, impedance measurements can be scaled between zero and one. In another example, time delays for a single propagation between two electrical components over a corresponding one of the paths can be computed and converted to a digitized value representing the delay time.
At 170, a signature for the PCB can be generated based on at least a portion of the path values determined at 160. The generated signature can be stored in memory, locally or remotely via a network connection. For example, the signature for the PCB can be generated at 170 based on a selected subset of the path values determined at 160. Additionally, the signature generated at 170 can be based on the predetermined subset of path values for paths arranged in a predefined sequence of paths so that the generated signature corresponds to a particular sequence of paths and is derived based upon the measured parameters for each such paths. As an example, the generated signature can include 256 bits or another number of bits can be used. For instance, the value of each path can correspond to a corresponding bit or a predetermined number of bits concatenated together in a predetermined order to form the resulting signature. The order in which the path values are concatenated can be the order in which measurements were made or some other prescribed order to provide the signature. The order can be known a priori and will generally depend on whether the method 100 is being performed by the manufacturer for generating the initial signature values that will be the gold standard for evaluating authenticity or the method is performed by a user of the PCB (e.g., end user or user at any other stage in the PCB supply chain).
When the method is utilized by a manufacturer or other user with respect to a plurality of PCBs, the method can include another determination at 180 as to whether any additional PCBs exist for which the method is to be applied. If more PCB's exist the method can proceed to 190 where the next PCB is prepared and loaded for processing according to the method. From 190 the method can return to 110, and the method is repeated for such PCB. Where the PCB is the same type of PCB and includes the same paths, the method can proceed from 190 directly to 120 for processing and signature generation.
Once no additional PCBs exist, the method can proceed from 180 to 200 in which the signatures that have been generated can be stored in memory associated with each PCB. For example, where a manufacturer generates signatures for PCBs that it has generated, the signatures can be stored in a database that can be accessed by other users for determining the authenticity of each of the PCBs (see, e.g.,
As a further example,
The test system 212 can include an authentication module 216. The authentication module can be implemented as hardware and/or software, which is programmed to implement the method 100 of
While, in the example of
For example, the authentication module 214 of the test system 212 can be programmed to execute machine readable instructions from a provider (e.g., a manufacturer) of the PCB 210 to measure (or cause to be measured) electrical parameters (e.g., resistance, time delays or the like) for a set of circuit paths. In some examples, the test system can include a measurement system that performs the measurements of the electrical parameters. In other examples, the measurement system can be a separate system that interfaces with the test system to supply measurements made, which can be automated in response to machine readable instructions from the authentication module and/or manually implemented by a human operator. The authentication module 216 thus can aggregate a set of the electrical parameter measurements to provide a corresponding signature.
The authentication module 216 can evaluate the corresponding signature relative to a signature database 218 to confirm the authenticity of the PCB, such as disclosed herein. The signature database 218 can be local (e.g., in local memory or memory in a local network) or accessible via a communications link 220 (e.g., via one or more network). The test system 212 accesses the signature database to determine whether the signature generated for the PCB from the electrical measurements represents an authentic or counterfeit PCB (e.g., a cloned PCB or one that has been modified/tampered with). Since the signature can represent physically unclonable functions (PUFs) for the PCB, the signature database can be public, such as be made available over the internet. In other examples, the manufacturer who maintains the signature database 218 can employ encryption or other security mechanisms (e.g., provide a secure communications tunnel at 220) for accessing the signature database 218 by the test system 212. In some examples, the signature database can be implemented as a trusted service that can be configured to authenticate the signature generated by the authentication module. That is, the authentication function can be distributed between the test system and signature database 218.
For example, the authentication module 216 can generate the corresponding signature for the PCB, send it to a remote server (e.g., at a predefined resource location, such as a URL) via a secure link (e.g., implemented as https, SSL or other secure communications protocol) 220. The remote server employing the database 218 can evaluate the signature and send a response back to the test system via the link 220 specifying whether the PCB is authentic or not (e.g., if it has been tampered with or is counterfeit).
By way of further example, JTAG-based PCB authentication, which captures information about the intrinsic properties of the hardware encompassing both the chips and metal traces in a PCB while forming signature, is capable of performing remote authentication in field. Hence, it would allow identifying in-field tampering of PCB, e.g. tampering of interconnects (e.g., metal traces), chips, other active/passive components or ports. Such in-field tampering, for example, includes various instances of modchip (see, e.g., http://en.wikipedia.org/wiki/Modchip) that often requires soldering wires to select traces or pins of chips, thus affecting the property (such as resistance and propagation delay) of the traces. Once the signature is generated, the authentication module operating in the device can verify it itself by comparing it with a stored database or transmit it wirelessly (through radio signal or WiFi) to another device or service (e.g., comprising the signature database) for the purpose of integrity check. Such remote authentication of a PCB inside an electronic device, such as a set-top box, a gaming console, a drone, a home monitoring device or other internet-of-things (IoT) device, can be effective in verifying the integrity of an electronic hardware against physical attacks during field operation, such as the use of modchip mentioned above.
Such remote authentication is done here by exploiting the JTAG logic for autonomous on-demand signature generation from an electronic device in field. It can be accomplished by incorporating low-overhead delay measurement circuitry, such as the parallel scan delay measurement (PSDM) based low-overhead approach disclosed herein, inside and/or onto a PCB, which interfaces with the JTAG logic.
As mentioned, for example, the test system 212 and authentication module 214 of
Hence, in addition to static validation during system integration, such an approach can be used to dynamically detect tamper of system components on demand in the field during deployment. PSDM hardware can be employed to characterize trace resistance or path delay of traces. In order to prevent potential attack on such remote authentication (e.g., snooping and manipulation of authentication control/data signals), one can perform the authentication through a secure communication channel with a PCB under consideration, such as when circuitry on which the PCB is implemented is connected to network (e.g., via a wired or wireless communications link, such as a WLAN).
In view of the foregoing, a capability of remote authentication of PCB can provide an attractive technology platform for physical tamper detection during operation in many application areas. In particular, it would be beneficial in detecting a physical attack on the electronics of military equipments (e.g., drones) or distributed sensors or gaming consoles, all of which are vulnerable to ‘modchip’ type attacks. In case of the defense industry, for example, it can provide high-level of security against physical tampering of an electronic system during field operation. For vendors that sell gaming consoles, for example, the technology can enable detecting and in turn preventing copyright violation (e.g., illegally running unsupported games) and thereby help protect against unwanted revenue loss.
For purposes of simplicity of explanation, the following examples provide different approaches and implementations of systems and methods to authenticate a PCB and/or detect if a PCB is counterfeit. The disclosed examples, in some circumstances, refer to particular components and materials that may be used; although, the inventions disclosed herein are not limited to the components and materials disclosed herein. Those skilled in the art will understand and appreciate various other components, materials and/or features that may be implemented in practice based on this disclosure that fall within the scope of the invention set forth herein.
A method includes selecting which paths of a PCB to measure impedance or other electrical characteristics. As one example, the PCB can be pre-existing circuit boards or boards that are custom designed to identify paths had to be found that fit certain criteria. Most PCBs are made using an FR4 substrate with so-called“1 oz Thick Copper”. This is defined as 1 oz of copper spread over a square foot. Furthermore some PCBs are bathed in a bath of molten tin or gold after fabrication (known in the industry as plating). This will result in the difference in related parameters. For example, under room temperature, gold has a resistivity of 2.44×10−8 ohm-meters while tin has a resistivity of 1.09×10−7 ohm-meters, almost an order of magnitude higher.
For example, if the original specifications for a PCB called for gold plating and a counterfeit PCB used cheaper tin plating, the counterfeit PCB will have a higher trace resistance that can be measured. The difference between gold and tin cannot be detected visually because during the assembly of the PCB solder will cover up the gold plating and a PCB with gold plating will look indistinguishable from a PCB with tin plating. However, such differences can be detected by comparing signatures generated as disclosed herein.
While the use of 1 oz copper is standardized across many different manufactures some circuit boards require the use of much more copper, sometime approaching 10 oz copper pours. 10 oz copper is used in many motor drives, for example. If a counterfeiter were to produce a knock-off motor drive they might use 5 oz copper because it is cheaper. 10 oz copper has a much lower resistivity than 5 oz copper. That difference can be measured and would be evident from analysis of signatures generated based on this disclosure.
As disclosed herein, it can be determined whether a PCB is a counterfeit or not by measuring the impedance of a trace that passes through multiple vias. A via is a small hole drilled in a circuit board that, when plated with metal, connects the top layer of copper to the bottom layer of copper. For PCB with more than two layers there are two or more types of vias. A blind via is a via that connects one of the outer layers of the PCB to one of the inner layers. A buried via is a via that connects two of the inner layers together, never surfacing on the outer layers.
Each manufacturer of a PCB tends to start with a similar piece of copper clad and they use their knowledge and skill to make the finished product. Each board house has a different process for etching the copper off of the substrate as well as drilling and plating the vias. These different methods have different intrinsic resistances associated with them. For example, a via that is electrochemically plated onto the FR4 will have a lower resistance than a via that is riveted on, for example.
Finding a good path in a PCB to measure the resistance of is a process that can involve many variables and factors. One factor in choosing a good path is the ability to connect to ends of the path (e.g., can two probes could make good contact with the path). Often times PCB designers coat their PCB in solder mask (a typically green substance that helps keep solder where it belongs) and silkscreen (a typically white paint that helps designate areas of the PCB). Both silkscreen and solder mask have a very high electrical resistivity, preventing an accurate measurement of the trace resistance.
In some types of PCBs (e.g., Terasic DE0 boards) many traces run exclusively in the inner layers of the PCB, using blind and buried vias to travel through the PCB without ever touching the outer exposed layers. Such traces are unavailable for measurement because they are in accessible (without modification to the PCB).
Traces that go to edge connectors are especially useful. Almost all connectors used in products are still throughhole instead of surface mount because of the inherent greater mechanical stability through-hole parts offer compared to their surface mount brothers. It is simple to attach a probe to one of the holes drilled in the board for these connectors. At this point, another end of each selected connectors trace must be found, it will surface far enough from the connector to have a long trace full of vias and surface on a pad that a probe can be attached to.
Sometimes it is simply not possible to find enough connecting traces to gather enough data for a digital fingerprint (e.g., signature). Therefore, in some examples, systems and methods disclosed herein may measure the resistance for a path that comprises two traces that do not connect electrically directly. For example, the USB 2.0 specification states that the impedance between the D+ and D− differential par data lines should be exactly 90 ohms. This resistance is accomplished by routing the differential pair close together and identically through the PCB. For some applications that require tight tolerances on trace impedance matching, PCB manufactures offer a service called “Controlled Impedance”, which itself can operate as a path for the PCB authentication disclosed herein. This service increases the price of the boards drastically and counterfeit PCBs will oftentimes not even try to match the impedance of their differential pair traces.
In view of the foregoing, an example of a method 250 of signature generation is shown in
By way of illustration,
As a further example,
Referring back to the method 250 of
At 256, the impedance difference between the respective paths is normalized. For example, the normalization procedure is d(c)=(Δdi(c)−minΔd(c))/(maxΔd(c)−minΔd(c)). At 258 the normalized impedance difference is digitalized to a predetermined number of bits. At 260, a corresponding signature is generated from the aggregate bits of the n paths. For example, the signature can be generated by choosing binary bits in a particular range as the signature, such as digij(Δd(c)), where digij(•) is the function to digitalize the elements in Δd(c) and aggregate the bits between the ith and jth bit (i≦j) of each element. In some examples, the digitalized element can be integrated in sequence to generate a signature, which as a result, contains (j−i+1)n(n−1)/2 bits. At 262, the resulting signature can be evaluated for robustness and uniqueness.
While on the surface all PCBs seem identical, there are many areas where there are subtle differences between not only manufacturers but also production runs for a given manufacturer. The authentication approach disclosed herein provides a method in which counterfeit PCBs can be detected by electronic means.
In an example test, the method chosen to conduct this test was to measure the impedance of a plurality of traces on a given PCB to establish a baseline impedance measurement profile. Sixteen Arduino UNO R3 boards were bought to establish this baseline. Additionally twenty-five Terasic DE0 boards were bought to further refine the technique on. The measurements were conducted on a HP/Agilent 4663B LCR Meter set to 10 kHz, which was calibrated against a Keithley 2000 series Digital Multi-Meters and verified with a HP/Agilent 34401A Digital Multi-Meters. Both Digital Multi-Meters share almost identical performance specifications with the Agilent meter having a slightly lower temperature drift rating. Both meters cover the same market segment and have the same accuracy (six and a half digits). Keithley Model 5808 Gold-Plated Kelvin Probes were purchased to ensure the highest possible performance of the Digital Multi-Meters.
As an example, the uniqueness and robustness of the signature can be evaluated (at 262) by determining Hamming Distance (HD). Assuming HDi,j stands for the Inter-PCB HD between PCBi and PCBj, the average inter HD for m PCBs, denoted by HDavg, may be calculated as follows:
In an example experiment, HDavg was determine to be about 50:24% based on 25 Terasic DE0 boards evaluated. As a further example
As an example, robustness of a signature can be evaluated at multiple different times at substantially constant temperature. Assuming HDp,q stands for the intra HD of all boards between the qth measurement and qth measurement, the average Intra-PCB HD for n times measurements, denoted by IntraHDavg was calculated by:
An example plot 294 of a distribution of intra-PCB HD is shown in
From the examples of
The security analysis is mainly focused on the cloned PCB problem. The signature is generated from measurements of paths (e.g., copper traces on PCB) with statistical variation inherent in manufacturing processes. To clone a PCB successfully, the attacker needs to have the same equipment and follow the same procedures and requirements as the authentic PCB manufacturer as well as having a similar quality of raw material including the copper foil, laminates substrates and the like. Considering the high cost of equipment and raw material, it is unacceptable for an attacker to clone the PCB using the same high quality materials as the genuine PCB. On the other hand, considering the large number of copper traces on a PCB, a more complex signature can be generated which will increase the difficulty that an attacker faces to get the same signature by cloning. Therefore, the trace impedance based authentication provides an effective and secure method. The end user can identify a cloned PCB by producing its signature and compare it with the manufacturer's database, such as disclosed herein (see, e.g.,
The methods described thus far in this paper have focused on identifying cloned or counterfeit PCBs that are already in production. However, the authentication and/or counterfeit detection approaches disclosed herein can be enhanced by integrating circuitry into new PCB designs. For example, it is possible to design a new PCB with traces (and access points) built in to help identify cloned boards in the future. It can be assumed that any cloned PCB will be made using a cheaper method then the original. If the copper in the original circuit board was milled away while the cloned circuit boards copper was etched away then a properly designed board would have traces that were well designed for a mill while being poorly designed for an etching process. For example, both processes of making a PCB will have issues in making a large obtuse angle. A milling process will have issues making the inner section of the angle while an etching process will have issues making the outer portion of the angle. This will affect the measurement properties of the trace when viewed as a micro strip. These and similar difference can be measured and be identifiable from signatures computed based on the teachings herein.
It has been determined that, using the example design in
As it can be seen each of the four traces in the designed Printed Circuit Board had a distinct signature that was able to be measured by the equipment. This is especially evident with the difference between Traces 2 and 2 (
Another approach to PCB authentication can be a JTAG based authentication, such as is disclosed herein with respect to
The BSCs are connected like a shift register in boundary scan register 356. A BSC can force signal onto pin, capture data from pin, adjacent BSC or core logics.
The other stage 384 of JTAG-based PCB authentication 380 includes procedures implemented end users. At 402, an end user configures the JTAG on the suspected PCB for measurement, which can be the same way. At 404, the delays for the selected BSC paths are measured. Then, at 406, the signature is computed for the PCB. The signature is also compared with the value stored in the database 386. The PCB is judged as counterfeit if the produced signature by the end user is not found in the database. In the following sub-sections, each step in
The basic idea of proposed authentication is to measure the delay of hard-wired BSC path, which is used to generate unique signature for each PCB. As a result, the TAP controller should be forced into a proper state with holding signal ‘ShiftDR’ in
An example, state machine diagram 410 of TAP controller 354 is shown in
An example of the timing of input and output pins for a JTAG system (e.g.,
a) demonstrates an example of a connection of BSCs 440 in the state ‘SHIFT DR’ and
The example approach disclosed herein can use two clocks with tunable phase difference to insert a delay measurement cycle and change tmeas as described below. Other methods can also be employed to incrementally or continuously adjust the clock signal during testing. Assume the resolution of tmeas is Δt and the initial period of measurement is tinit. k is called the switch point of path j, if tmeas=tint+kΔt and tint(k+1)Δt lead to Oi,j+1=0 and 1 respectively. The delay of path j is estimated as:
d
ij
=t
init(k+k+1)Δt/2=tinit(k+0.5)Δt
Note 0→1 transition occurs on the selected BSC paths to measure the delay in parallel, which reduces the test time significantly. The measurement can be repeated to average out the effect of environmental noise, such as temperature and supply fluctuations. An example procedure of PSDM (Algorithm A: PSDM Procedure) is shown below, which can include multiple iterations.
At the beginning, tinit should be set to a value that is less than all the BSC path delays to be measured in Algorithm A. As a result, the number of detected switch points, denoted as sw_num, is initialized as zero. In each iteration, the delay-measurement cycle of tmeas identifies sw switch points among Npath paths. The switch-point number sw_num is increased by sw. If sw_num is less than Npath, it goes into a next iteration with k k+1 and tmeas←tmeas+Δt; otherwise Algorithm A ends and computes the delays as above (di:j). In Section entitled FPGA EMULATION SETUP, PSDM is implemented in FPGA through sweeping the phase difference of two clocks of low frequency from a phase-locked loop (PLL).
Note the delay measurement of BSC paths in PSDM is much simpler than conventional at-speed scan testing on combinational paths. This is due to the following reasons: (1) it avoids the difficulty of test vector generation by an ATPG tool for combinational path sensitization; and (2) it eliminates the need of fast switching on the scan enable signal or enhanced-scan architecture in order to achieve high combinational path delay testability.
A PCB manufacturer measures BSC path delays for all authentic PCBs. The experiment results shows that the value of switch point may be changed by 1 or −1 at the room temperature, which in turn results in a unstable delay value in Oi,j+1. As a result, we need to identify robust BSC paths under environmental noises by Algorithm B.
In the example of Algorithm B, the delay of the jth BSC path is measured n times according to Algorithm A. Then its delay di,j,1 (regarded as di,j) is obtained by decoding a (n, 1) repetition code. For example, if n=7 with the delay vector (1, 2, 1, 2, 2, 2, 2), the delay of path j is decoded as 2, since it has the largest probability. Such procedure is repeated one more time and we obtain di,j,2. If di,j,1≠di,j,2, it means path j is not stable in PCB i. Hence, the robust indicator is updated as a(j)←a(j)+1. When Algorithm B is completed on all the PCBs, we can obtain the delay matrix on each BSC path as {di,j}, as well as the vector. To ensure a stable signature, we only select path j with small value a(j) under room (and/or high) temperature. Based on {di,j}, we estimate the nominal delay Dj (j=1, 2, . . . , Npath) of path j by averaging as
The robust path locations and corresponding nominal delays are stored in the database, which are employed by both PCB manufacturer and end users to produce the signature.
The signature can be generated off-line after obtaining all the delay values. The PCB manufacture and end user calculate it based on the nominal value {D3} (j=1, 2, . . . , Npath). For PCB i (i=1, 2, . . . , Npcb), the delay di,j of path j is updated as
d
i,j
←d
i,j
−D
j
After (4), the mean value of di,j(j=1, 2, . . . , Npath) becomes zero. This means the differences of selected BSC paths on the nominal corner are eliminated. In addition, the remaining deviation from zero is due to the process variation during manufacturing. Hence, when generating signature bit s, path j and j′ can be treated as
Here, the comparison pair (j, j′) should be stored into database along with the signature of each PCB. One reason to choose off-line method is that the manufacturer can select those BSC paths to generate signatures with high quality and implement additional security in the selection of such paths, for example. The above generation of the signature bit s is similar to the signature generation of RO-PUF. The main difference is that the structure of each ring oscillator is required completely identical in RO-PUF, because of the requirement on the same nominal frequency. However, in our off-line signature generation method, all the stable BSC paths can be employed as the source of signature generation. As a result, it can incorporate more stable BSC paths to generate the signatures.
The authentication of a suspected PCB is completed by end user. First, the location of robust BSC paths is obtained from the database of manufacturer. The actual delay of each selected BSC path in the PCB is measured according to Algorithm A and the stable value is extracted after decoding the (n, 1) repetition code. Based on the same database, the delay update noted above (di,j←di,j−Dj) is carried out to eliminate the affect from nominal delay. At last, end user produces a signature (according to generation of signature bits s) with knowing the selected comparison pairs. The PCB is regarded as authentic, if the obtained signature matches the database. The PCB is considered counterfeit if the signatures do not match.
The structure of BSCs in
As part of the setup, for the example FPGA, the steps 432 and 434 of
b) is a timing diagram 500 showing example of timing for the 490 demonstrated in
In
Depending on implementation of the system 490, there is an achievable range of tmeas. Assume the delay between A0 and the time that ‘sel’ becomes ‘1’ (due to the red and blue line) is tmin. td<tmin should be satisfied to pass A1 to ‘TCK’ in the delay-measurement cycle, which requires tmeas>tmin in PSDM. Note the test results from ‘TDO’ are synchronized with the falling edge of ‘TCK’. The test results from ‘TDO’ are available on the first falling edge after A4. To store the results correctly into the memory under the rising edge of ‘c2’, tmeas should be less than tori during the phase sweep process.
As an example, the hardware resources of implementing PSDM in Cyclone III (3C16F484C6) includes 356 logic elements (2% total combinational functions), 208 register (1% dedicated logic registers) and 2048 memory bits(<1% memory bits). The memory bits are used to store the switch points in the post-processing module. Hence, PSDM has low-complexity implementation and is suitable to the JTAG-based authentication of PCBs.
Since each authentic PCB can generate a unique ID (e.g., signature) through measuring BSC path delays, as disclosed herein, the end user can identify a cloned PCB by producing its signature and comparing it with the database of signatures provided by manufacturer. For a recycled PCB, it can be detected from two methods based on unique signature. First, the aging effect due to Negative Biased Temperature Instability (NBTI) may lead to a big variation of signature that makes the signature unmatched with the database. Or the manufacturer can record the signatures of sold PCBs and publish them for end user's further evaluation.
Unclonability of signatures in a PCB can further be analyzed. First, it can be assumed that an attacker can only buy the chips to clone a PCB, since the design and manufacture of a chip by himself means an unacceptably high cost. The signature is generated from the BSC path delay of chips with statistical variation inherent in manufacturing processes. To clone the authentic PCB successfully, an attacker should find all the chips used on the PCB, which have the identical delays of BSC paths to those on an authentic PCB. Nowadays, each chip may have more than 1000 BSC paths, the probability that the chip manufacturer can produce two authentic chips with identical delay for all the BSC paths is extremely low (e.g., 2−1100). Moreover, with the increased number of chips on a PCB, such cloning work becomes more and more infeasible. Hence, the JTAG-based authentication is an effective and secure method.
When implementing the JTAG-based authentication, there are some notes for PCB manufacturer and end user. First, the clock ‘TCK’ should not be fixed on the board. Instead, it incorporates a wire jumper to support the change of ‘TCK’ by end user. Such change is very minor on the layout of PCB with negligible cost. During the authentication, end user should control ‘TCK’ to provide the tunable delay measurement cycle from outside. Note PSDM is a low-overhead method to measure the delay on the scan. Other methods can also be applied to complete the same task, such as the clock frequency sweeping. No matter what methods they employ, the overhead on the side of end user is virtually zero, since PSDM can be implemented on an FPGA development board. As discussed above, the robustness of signature can be improved significantly from the two phases. First, the authentication by end user can be proceeded in a room with a constant temperature (e.g., 25 degrees Celsius), which is the same to the environment that PCB manufacturer has already done. Second, with a better resolution of delay measurement cycle, the change of path delay due to temperature can be traced better, which reduces the number of flipped bits significantly. As a result, JTAG-based authentication would have a wide application in the area of PCB authentication due to its low overhead and robustness.
Possible Extension to PCBs without BSC
The delay measurement on BSC paths is the source for JTAG-based authentication. However, JTAG may not be existing on a PCB; we can obtain other information for authentication in that case. For example, the post-manufacturing resistance and capacitance of wires on the PCBs would be different due to the process variation, such as disclosed herein. If the delay of signal propagation on wire or other parameters (e.g., resistance) is characterized accurately, the proposed off-line signature generation method can still be applied in such scenario to generate a unique signature for each PCB.
The approaches disclosed in the second example provide a novel low-overhead approach for counterfeit PCB detection. It utilizes random variations in boundary-scan path delay in the industry-standard JTAG-based DFT structure. The approach disclosed herein scheme can produce high-quality signatures (with good uniqueness and reproducibility) for PCBs and can be used to reliably authenticate them. The approach disclosed herein also provides an efficient low-overhead method to measure the BSC path delays at fine resolution. The approach disclosed herein can be used to adjust the quality of signature can be improved through choice of BSC paths, which can be done during off-line signature generation. Since the authentication approach does not require specialized hardware resources or design modifications, it can be applied to any legacy PCB that incorporates boundary scan. Hence, the proposed authentication approach provides an effective way to mitigate supply chain risk associated with counterfeit PCBs. Future work will include further validation with experiment using commercial PCBs equipped with JTAG and enhancement of PSDM to improve its resolution.
What have been described above are examples. It is, of course, not possible to describe every conceivable combination of components or methods, but one of ordinary skill in the art will recognize that many further combinations and permutations are possible. Accordingly, the invention is intended to embrace all such alterations, modifications, and variations that fall within the scope of this application, including the appended claims. Where the disclosure or claims recite “a,” “an,” “a first,” or “another” element, or the equivalent thereof, it should be interpreted to include one or more than one such element, neither requiring nor excluding two or more such elements. As used herein, the term “includes” means includes but not limited to, the term “including” means including but not limited to. The term “based on” means based at least in part on.
From the above description of the invention, those skilled in the art will perceive improvements, changes and modifications. Such improvements, changes and modifications within the skill of the art are intended to be covered by the appended claims. All references, publications, and patents cited in the present application are herein incorporated by reference in their entirety.
This application claims the benefit of U.S. provisional patent application No. 62/037,959 filed on Aug. 15, 2014 and entitled PCB AUTHENTICATION AND COUNTERFEIT DETECTION, and U.S. provisional patent application No. 62/081,732 filed on Nov. 19, 2014 and entitled PCB AUTHENTICATION AND COUNTERFEIT DETECTION, each of which is incorporated herein by reference in its entirety.
Number | Date | Country | |
---|---|---|---|
62037959 | Aug 2014 | US | |
62081732 | Nov 2014 | US |