Logic Locking Using Emerging 2T/3T Magnetic Tunnel Junctions for Hardware Security

With the advancement of beyond CMOS devices, a new approach to utilize the inherent physics of such emerging structures for various applications is of great interest in recent research. Spintronics-based devices offer key advantages like ease of fabrication with Si-substrate, non-volatile memory, low operational voltage, and non-linear device characteristics, which have shown potential for several emerging fields of study. Hardware security is one of the key interest areas which heavily relies on CMOS-based ICs, and the defense and attack mechanism is mostly based on CMOS-based structures. This work explores several emerging structures based on 2T/3T magnetic tunnel junctions (MTJ) for possible logic locking applications in hardware security systems. We demonstrate the effect of MTJ-based devices to implement logic locking even in the presence of process variations, and its ability of robustness to device imperfections has been evaluated using monte carlo simulations for practical applications.


I. INTRODUCTION
for logic devices and information storage due to its non-34 volatility, low power consumption, and high endurance [8]. 35 Researchers have investigated utilizing the unique inher-36 ent properties of the emerging devices (memristors, carbon 37 nanotubes (CNTs), and nanowire FETs (NWFETs), etc.) to 38 lower the performance overhead of CMOS-based security 39 approaches such as hardware obfuscation. References [9], 40 [10], [11], [12], [13], [14], [15], [16], [17] evaluate the per-41 formance and reliability of CNT bundles for on-chip intercon-42 nect applications due to their large conductivity and current 43 carrying capabilities. Authors in [18] report a comprehen-44 sive model for the resistance in graphene nanoribbon (GNR) 45 interconnects. One of our future goals is to explore spintron-46 ics devices for memory and/or logic applications and even 47 for interconnects due to their low-power consumption, non-48 volatility, and competitive bit area cell. A technique named 49 ''ProbLock'' in [19] can be applied to both combinational 50 and sequential circuits using a filtering process to select the 51 best location of key gates based on various constraints. The 52 algorithm is tested on 40 benchmarks from the ISCAS '85 53 and ISCAS '89 suites and the ProbLock is evaluated against 54 a SAT attack. The hardware obfuscation alters the structure or 55 description of a circuit to make it more difficult for an attacker 56 Fig. 1 shows a typical MTJ structure comprising two rela-87 tively thick ferromagnetic layers (a fixed layer and a free 88 layer) separated by a relatively thin tunnel barrier layer [28]. 89 When the fixed layer and the free layer have the same mag-90 netic direction (parallel, denoted by P), the MTJ shows a 91 lower resistance (R P If the difference between the resistances in parallel and 106 anti-parallel is larger, it shows higher TMR and higher 107 readability.
108 FIGURE 1. An MTJ structure and switching between the two states.
When a bidirectional current greater than the critical cur-109 rent (I C0 ) flows through an MTJ cell, it can switch between 110 parallel and anti-parallel states. The MTJ cell switches from 111 parallel to anti-parallel state when the passing current (>I C0 ) 112 flows from the fixed layer to the free layer. On the contrary, 113 when passing current flows from the free layer to the fixed 114 layer, the MTJ cell switches from anti-parallel to parallel 115 state. The magnetic dynamics of the free layer are governed 116 by modified Landau Lifshitz Gilbert (LLG) equation [34], 117 which is given by: Here, − → m is the magnetization of the free layer, γ is the 125 Gyromagnetic ratio, µ 0 is the vacuum permeability, − → H eff is 126 the effective magnetic field having different contribut-127 ing terms like perpendicular magnetic anisotropy (PMA), 128 voltage-controlled magnetic anisotropy (VCMA), demagne-129 tization field, exchange bias and thermal noise as shown in 130 equation (5). α is the Gilbert damping coefficient, P is the 131 polarization factor, J STT and J SHE are the STT and SOT cur-132 rent density applied to the MTJ device, − → m p is the polarization 133 direction of the spin current injected in the free layer by the 134 STT, H FL SOT and H DL SOT are respectively the current-dependent 135 proportionality constants for the FL torque and DL torque of 136 the SOT, − → m σ is the pure spin current induced by the spin-137 orbit coupling, θ SH is the spin Hall angle, T SL is the free layer 138 thickness and other symbols have their usual meaning. 139 The MTJ has been utilized in implementing many aspects 140 of hardware securities such as   requires both SOT and STT current. The requirement of STT 172 current passing through the MTJ stack is reduced, and thus 173 more reliability in operation is achieved. Furthermore, the 174 model developed in [28] does not require an external mag-175 netic field to change the state of the MTJ. On the other hand, 176 the VGSOT p-MTJ can also switch without needing a mag-177 netic field. Instead of the HM, the anti-ferromagnetic (AFM) 178 strip provides spin-orbit torque along with an exchange bias 179 and VCMA effect, allowing it to have reduced critical current 180 density for switching, as mentioned in Table 5, thus paving 181 the way for more practical applications.   resistance (R ON ) in k and OFF resistance (R OFF ) in G .

205
When the value of In is low, the resistance of the left branch 206 of PCSA is in G , and the resistance of the right branch is 207 in k . Therefore, the Out is pulled to 0V much faster than  In a 3-terminal MTJ structure, the switching can occur 236 because of STT as well as SOT switching mechanism. 237 Fig. 4(a) shows a logical implementation of the AND/NAND 238 gate based on a hybrid CMOS-MTJ approach. The circuit 239 outputs are analyzed in the same way as those for the 2T 240 MTJ circuit, as mentioned in section III-A. The gate can 241 be used in the logic locking mechanism for hardware secu-242 rity applications. The block diagram of the circuit is shown 243 in Fig. 4 Fig. 4(c) shows the plots of all input 252 and output pins of the 3T logic locking block (both SOT 253 and VG-SOT) for all the combinations of In and Key. The 254 W En signal is used to write the MTJ state with Key. It is 255 made high only when both Clk and Reset signals are low. 256 During process variation simulation, the reference point data 257 needs to be selected so that the introduced deviation must lie 258 between the allowed range of operation in the compact model. 259  realistic and scaled compact model will thus allow a bet-262 ter logic locking system using MTJ devices. Fig. 4(d)-(e)  Table 1. In logic locking-based hardware security, key management 275 is an important aspect as the attacker aims to obtain the key 276 by any means. Therefore, the key is stored in a tamper-proof 277 memory and fabricated on a chip in such a way that its value 278 is not known to the outside foundry [23]. However, even 279 with tamper-proof memory, attacks to obtain keys are known, 280 and the most significant one is by using Power Attack (PA) 281 analysis [27]. Spintronics-based tamper-proof memory is also 282 vulnerable to this attack because of the write and read cur-283 rent difference. Due to their specific advantages mentioned 284 earlier, they are also an ideal choice for storing the key. 285 to operate in AND operation, and the key value is marked 296 from 0-7, where 0 represents the pattern K 1 K 2 K 3 = 000 and 297 7 represents K 1 K 2 K 3 = 111. Fig. 5(b) represents the opera-  of a chip by using a microscopic image of the layout to deter-329 mine the netlist and type of logic being implemented and then 330 simulate it by using a test pattern. The possibility of obtaining 331 multiple logic functionality by using the same structure and 332 a select signal makes it extremely difficult to specify the 333 logic functionality of such multi-layer stacked nanopillars. 334 So, having the layout pattern itself will not be sufficient. The 335 complex switching mechanism applied needs to be decoded 336 for attacking multi-staged logic locking units, making it more 337 difficult to reverse engineer than CMOS-based logic locking. 338 The main disadvantage of such emerging beyond CMOS 339 devices is that conventional logic locking based mechanism 340 considers that the foundry and the user both are untrusted, 341 so the locking of the netlist and storing of a key is done 342 before sending to the foundry. Beyond CMOS devices are 343 limited currently since specialized fabrication techniques are 344 required to implement logic locking blocks. To overcome this 345 difficulty, either the foundry needs to be trusted, or the circuit 346 needs to contain a more significant number of such blocks 347   cause operation failure even in the activated chips. Fig. 6(c) 353 demonstrates the dependence of free layer magnetization 354 dynamics for the SOT MTJ model on temperature and mag-355 netic field. A parametric sweep needs to be performed to 356 obtain the critical value for them, and the design needs to be 357 optimized to operate below the critical values for any future 358 practical applications. Reference [36] analyzes the effect of 359 the magnetic field on the MOS device characteristics. The 360 reference concluded that the high Magnetic field of up to 7T 361 did not cause any significant performance degradation. So, 362 the CMOS-based structure is practically immune to magnetic 363 fields for general applications, and the logic locked circuit 364 needs to be designed in such a way as to ensure sufficient 365 tolerance to stray magnetic fields. The thermal stability factor 366 needs to be optimized to ensure proper operation during 367 temperature sweep tests in the system-on-chip (SoC) design 368 flow. In [29], a hybrid CMOS/MTJ circuit for low power 369 design has been discussed with significant improvement in 370 circuit parameters.

371
Adding a logic locking block using an MTJ-based AND 372 gate will cause an area overhead, but MTJ devices have 373 competitive bit area cell, and improvement in scaling for such 374 devices in the future may decrease the required area overhead. 375 Also, the ICs contain many transistors, and the requirement 376 of such MTJ-based logic locking block can be limited to a 377 few places; thus, a small area trade-off for higher security 378 can be achieved. Table 4    Ph.D. degree in micro and nano electronics spe-589 cialty from the Spintec-CEA Laboratory, Joseph 590 Fourier University. She has research and indus-591 trial experiences at different teams and has com-592 petences in nanofabrication in clean room, thanks 593 to Spintec Laboratory, which offers such a spe-594 cialized training of the nanofabrication. She has 595 taught some undergraduate and graduate courses 596 in physics: electronics, optics, magnetisms, and 597 mechanics. She was a Postdoctoral Researcher with the Novel Mag-598 netic Devices (NoMaDe) Group-A joint research team between Institut 599 d'Electronique Fondamentale (IEF), Paris Sud University, and the Ecole Nor-600 male Supérieure (ENS). She is currently working as a Postdoctoral Fellow 601 in nanofabrication of TMR sensors at KAUST. She has attended various 602 specialized international conferences and published articles in prestigious 603 international journals. Her main research interests include the spintronics and 604 related applications going from electrical engineering to biotechnology. Her 605 research interests include the design, implementation, electrical characteri-606 zation, preparation, and instrumental analysis of samples. He has published more than 400 papers in leading peer-reviewed 626 journals and conference publications. His research interests include design of 627 state-of-the-art innovative technological solutions that span a broad range of 628 technical areas including smart cities, autonomy, smart health, smart mobil-629 ity, embedded systems, nanophotonics, and spintronics. His research group 630 was responsible for developing the world's first realization of compressive 631 sensing systems for signals, which provided an unprecedented one order of 632 magnitude savings in power consumption and significant reductions in size 633 and cost and has enabled the implementation of self-powered sensors for 634 smart cities and ultra-low-power biomedical implantable devices.