Secure Circuit with Low-power On-chip Temperature Sensor for Detection of Temperature Fault Injection Attacks

In this paper, we present a secure circuit with a low-power on-chip temperature sensor for the detection of temperature fault injection attacks. Such attacks stress an electronic circuit by heating it beyond the allowed operation temperature range, inducing random modifications of the data in the memory cell or limiting the function of the target device. The objective of the proposed secure circuit with an on-chip temperature sensor is to detect temperature-based fault injection attacks and protect the secure contents of the target device. The proposed secure circuit detects and allows the shutdown of the protected circuit when the temperature is below −10 °C or above 80 °C. The protected circuit operates normally in the operation temperature range from −10 to 80 °C and can be shut down by the control block of the secure circuit outside of this operation temperature range. The proposed secure circuit has a simple structure and a small active area, and consists of a low-power temperature sensor, two comparators, and an XOR gate. It is fabricated using a standard 0.18 μm complementary metal-oxide-semiconductor (CMOS) process with a small active area of 0.04 mm2 and consuming 19.72 μW with a 1.8 V power supply.


Introduction
Recently, hardware-level physical security has been highly required, as secure data exchange via various communication networks and devices, such as a wireless sensor network, is increased. (1,2) Physical attacks are threats to the integrated circuits (ICs) implemented in electronic devices containing the secure information of the user, such as smartcards and smartphones. They can be classified into two categories: invasive and noninvasive attacks. Invasive attacks can be defined as attacks causing the physical modification and deformation of the attacked chip, such as reverse engineering, focused ion beam (FIB) chip editing, and microprobing attacks. Noninvasive attacks are attacks that do not physically damage the attacked chip, such as side channel and fault injection attacks. Noninvasive attacks can be initiated by several methods such as timing attacks, power analysis, electromagnetic analysis (EMA), glitch attacks, and operation temperature change. Fault injection attacks are highly dangerous because of their effectiveness and low cost. They are a threat to data security as they can extract the secure information stored in the target device. Fault injection attacks can be made to occur by several approaches such as clock glitching, voltage glitching, overclocking, electromagnetic (EM) pulses, and temperature. (3) A temperature fault injection attack changes the environment temperature of the attacked chip, causing it to operate outside of the allowed operating temperature range, and extracts the secure information stored. Various studies of temperature attacks have been presented. (4)(5)(6)(7)(8)(9)(10)(11)(12)(13) Temperature attacks can be of two types: lowand high-temperature attacks. Low-temperature attacks are initiated by cooling the attacked chip and extracting the data under a freezing condition. (4)(5)(6)(7) In previous works, a static random access memory (SRAM) was cooled below −50 ℃ to freeze the data, but its data could be recovered after a power outage. (4,5) High-temperature attacks are caused by heating the attacked chip, generating errors in the function of the target under the heated condition. (8)(9)(10) A fault injection with a 71.4% probability of causing memory errors was reported to be achieved by heating an IBM JVM up to 100 ℃. (10) As shown in previous research, temperature fault injection attacks can result in severe problems in hardware security.
In this paper, a secure circuit with a low-power on-chip temperature sensor is presented for the detection of temperature fault injection attacks. The objective of the proposed secure circuit with the on-chip temperature sensor is to detect the temperature-based fault injection attacks and protect the secure contents of the target device. The proposed secure circuit detects and allows the shutdown of the protected circuit when the temperature is below −10 ℃ or above 80 ℃. The protected circuit operates normally in the operation temperature range from −10 to 80 ℃ and can be shut down by the control block of the secure circuit outside of this operating temperature range. The proposed secure circuit has a simple structure and a small active area, and consists of a low-power temperature sensor, two comparators, and an XOR gate. The lowpower temperature sensor generates two complementary to the absolute temperature (CTAT) characteristic voltages for comparison with the reference voltage through each of the two comparators. The XOR gate is implemented to detect and shut down the protected circuit when the temperature is below −10 ℃ or above 80 ℃ by using the two comparator output signals.

Description of proposed secure circuit
The concept description of the proposed temperature detection secure circuit is shown in Fig. 1. It presents the operation of the proposed secure circuit when a temperature fault injection attack affects a chip. When a temperature fault injection attack is initiated to extract the secure data from the attacked chip, the fully integrated on-chip secure circuit detects the temperature of the attacking environment. Following this, the detected result is transmitted to the control block of the secure system on-chip (SoC) platform. The on-chip secure detection circuit selects a specific temperature range and detects whether the outside temperature is in the normal operation range. On the basis of the detection result transmitted by the secure circuit, the detection block determines whether the chip is attacked. When the control block assesses a nonattacking condition, the secured chip continues to operate its normal function. When the control block confirms an attacking condition, the operation of the attacked chip and power are shut down. By shutting down the operation of the attacked chip, the secure data is protected and prevented from being extracted by the temperature fault injection attack. The proposed temperature detection secure circuit is one of the functional blocks forming the secure SoC platform. In this paper, we focus on the secure detection circuit for detecting temperature fault injection attacks. The control block is in the main secure SoC core, which will not be discussed in this paper.

Proposed secure circuit with on-chip temperature sensor
The schematic of the proposed secure circuit is shown in Fig. 2. This circuit with the lowpower on-chip temperature sensor consists of a CTAT voltage generator, two comparators, an XOR gate, and two monitoring buffers. The CTAT voltage generator generates two CTAT characteristic voltages, VCTAT1 and VCTAT2. Both VCTAT1 and VCTAT2 are monitored by buffered output VCTAT1_MON and VCTAT2_MON signals. The generated VCTAT1 and VCTAT2 voltages are compared with the reference voltage (V REF ) by each comparator. The COMP_OUT1 signal of the first comparator detects the low-temperature range below −10 ℃, whereas the COMP_OUT2 signal of the second comparator detects the high-temperature range above 80 ℃. The outputs of both the comparators COMP_OUT1 and COMP_OUT2 are summed by the XOR gate. The output signal of the XOR gate, SENSOR_OUTPUT, is indicative of the detected temperature. When the output detection signal of the XOR gate is high, the chip operates under a normal condition and is not prone to any temperature fault injection attack. The proposed secure circuit allows the protected chip to operate over a specific temperature range from −10 to 80 ℃. When the output detection signal of the XOR gate is low, the chip operates under an attacked condition and is prone to temperature fault injection attacks. The detected attacked temperature range by the secure circuit is below −10 ℃ and above 80 ℃. The proposed secure circuit detects the specific temperature and transmits the output detection signal to the control block in the main secure SoC core, which blocks the secure data from being extracted by the attacker by shutting down the operation of the protected chip.
The schematic of the comparator of the secure circuit is shown in Fig. 3. The proposed secure circuit is aimed to detect the temperature attacks. The complexity of the circuit increases the malfunction probability of the circuit during a severe temperature attack. Therefore, the secure circuit should have a simple scheme. Such a scheme as a latched comparator with additional clock signals requires an additional clock generator circuit that increases the circuit complexity. In severe temperature attack environments, the clock signal may be distorted and could lead to malfunction. The hysteresis comparator scheme is less sensitive to temperature than the latched comparator scheme. The comparator is implemented with a hysteresis comparator with a self-biased scheme without additional bias circuits and clock generators. The current consumption of the comparator is 1.36 μA at 1.8 V power supply.
The CTAT voltage generator is illustrated Fig. 4. It is based on a conventional beta-multiplier current reference circuit. It consists of a start-up circuit, a beta-multiplier current reference circuit, current mirrors, polysilicon resistors, and pseudo-resistors. The beta-multiplier current reference generates current I 1 , which is the reference current (I REF ). This generated current is proportional to the absolute temperature (PTAT). The generated PTAT current of the betamultiplier current reference can be expressed as where n is the slope factor, K is the multiplier ratio of the n-channel metal-oxide-semiconductor (NMOS) device, U T is the thermodynamic voltage, and R 1 is the reference resistance of the betamultiplier current reference. (14) The generated I REF is copied to I 2 and I 3 by the diode-connected current mirrors MP2 and MP3. The CTAT voltages VCTAT1 and VCTAT2 are generated by the copied current and resistors. The temperature-dependent voltage change does not require a specific value and only needs to be detected when the temperature is below −10 ℃ and above 80 ℃. Therefore, the circuit design was carried out by setting the appropriate value through simulating the voltage change according to the temperature. The current consumption of the CTAT generator is 5.4 μA at 1.8 V power supply. The simulation result of the pseudo-resistor with temperature is exhibited in Fig. 5. It shows that the temperature increase corresponds to  a decrease in the resistance of the designed pseudo-resistor. The resistance of the polysilicon resistors also decreases with the increase in temperature. (15) Therefore, even if the reference current generated by the beta-multiplier current reference has a PTAT characteristic, the polysilicon resistors and designed pseudo-resistors have a higher factor corresponding to the resistance decrement with temperature. This enables the generation of the CTAT characteristic voltages VCTAT1 and VCTAT2. The generated VCTAT1 and VCTAT2 can be expressed as The monitoring buffer is implemented using a self-biased inverter-based amplifier. The selfbiased inverter-based amplifier scheme is implemented to not use an additional bias block. The phase margin of the buffer is 69.29° with 6.38 MHz bandwidth. The current consumption of the monitoring buffer is 1.42 μA at 1.8 V power supply.

Simulation results
The simulation results of the proposed secure circuit consisting of an on-chip temperature sensor are shown in Fig. 6. The simulation results of VCTAT1 and VCTAT2 with temperature are exhibited in Fig. 6(a). They reveal that the generated VCTAT1 and VCTAT2 have different voltages and slopes with temperature for temperature detection over the temperature range. The simulation results of each comparator output are displayed in Fig. 6(b), showing the possibility of detecting the temperature. The generated VCTAT1 detects the lower range of temperature, i.e., below −10 ℃, by the first comparator by comparison with the VREF. The first comparator outputs a high signal in this temperature range but a low signal when the temperature is above −10 ℃. In addition, VCTAT2 detects a high temperature range above 80 ℃ by the second comparator by comparison with the V REF . The second comparator outputs a high signal when the temperature is below 80 ℃ and a low signal when the temperature is above 80 ℃. The outputs of the two comparators COMP_OUT1 and COMP_OUT2 are used for detecting the outside temperature. The output simulation result of the proposed secure circuit is shown in Fig. 6(c). The outputs of both the comparators COMP_OUT1 and COMP_OUT2 are transferred to the XOR gate that outputs SENSOR_OUTPUT signal, which is exclusive-or of COMP_OUT1 and COMP_OUT2. The detection output SENSOR_OUTPUT detects whether the temperature is in the normal operation range from −10 to 80 ℃. When the outside temperature is out of the normal operation range, the secure circuit detects an abnormal temperature and transmits the detected signal to the main secure SoC core to shut down the attacked chip and block the secure data from being extracted.

Prototype IC implementation
The prototype IC of the proposed secure circuit was fabricated with a standard 0.18 μm complementary metal-oxide-semiconductor (CMOS) process with a small active area of 0.04 mm2. The die photograph is shown in Fig. 7. The total power consumption is 19.72 μW with 1.8 V power supply.

Measurement environment
The measurement environment of the prototype IC of the proposed secure circuit is shown in Fig. 8. The evaluation of the prototype IC proceeds with the implementation of the IC into the printed circuit board (PCB) by a chip-on-board (COB) process. The temperature detection is tested by sweeping the temperature by using a temperature chamber. The output signals are acquired by using a digital oscilloscope.

Measurement results
The measurement results of the prototype IC of the proposed secure circuit are shown in Fig. 9. The measured VCTAT1 and VCTAT2 with temperature are shown in Fig. 9(a). The figure shows that the generated VCTAT1 and VCTAT2 results agree well with simulation results in Fig. 6(a). There are slight differences in voltage and slope as revealed by comparing the measurement and simulation results, but the overall tendency confirms that the designed CTAT voltages are generated as intended. The output measurement results of the proposed secure circuit are presented in Fig. 9(b). The detection output SENSOR_OUTPUT detects whether the temperature is in the normal operation range from −10 to 80 ℃. The measurement results indicate that the prototype IC detects the temperature range below −10 ℃ and above 80 ℃ as low signals, which is the attacking temperature range. The measurement results of the detection output SENSOR_OUTPUT show that the proposed secure circuit performs the functions as designed. A slight error in the temperature range is noted by comparing the measurement and simulation results because of the process variation; however, it is verified that the overall tendency and operation are identical to those of the designed circuit as intended. The performance summary of the secure circuit is presented Table 1.

Conclusions
In this paper, a secure circuit with a low-power on-chip temperature sensor for the detection of temperature fault injection attacks is presented. The proposed secure circuit detects and allows the protected circuit to shut down when the temperature is below −10 ℃ and above 80 ℃. The protected circuit operates normally in the operation temperature range from −10 to 80  ℃ and can be shut down by the control block of the secure circuit outside of this temperature range. The proposed scheme has the advantages of being simple without additional complex circuitry, having a small active area, and the ability to detect a temperature range below −10 ℃ and above 80 ℃ for protecting secure data from temperature-based attacks. The prototype IC is fabricated using a standard 0.18 μm CMOS process with a simple structure, a small active area of 0.04 mm 2 , and a consumption of 19.72 μW using a 1.8 V power supply including monitoring buffers.