Utilizing Layout Effects for Analog Logic Locking

TL;DR

Protects analog IP by leveraging layout-dependent effects, specifically Well Proximity Effect and Length of Oxide Diffusion, to deterministically tune $V_{th}$ and $g_{m}$ behind key inputs. The method is demonstrated on 28nm and 65nm CMOS technologies using an Operational Transconductance Amplifier as a case study, with extensive key testing showing substantial performance degradation under incorrect keys. Results report dramatic reductions in open-loop gain up to 130 dB, phase margin up to 50 degrees, and variations in $3$ dB bandwidth and power, along with significant area overhead, highlighting the security-utility trade-off. Threat-model analyses for untrusted foundries and end-users indicate that traditional SMT, brute-force, and removal attacks are unlikely to succeed against multi-block LDE obfuscation, and the authors propose randomizing the arrangement order as an additional robustness measure, with silicon validation left as future work.

Abstract

While numerous obfuscation techniques are available for securing digital assets in the digital domain, there has been a notable lack of focus on protecting Intellectual Property (IP) in the analog domain. This is primarily due to the relatively smaller footprint of analog components within an Integrated Circuit (IC), with the majority of the surface dedicated to digital elements. However, despite their smaller nature, analog components are highly valuable IP and warrant effective protection. In this paper, we present a groundbreaking method for safeguarding analog IP by harnessing layout-based effects that are typically considered undesirable in IC design. Specifically, we exploit the impact of Length of Oxide Diffusion and Well Proximity Effect on transistors to fine-tune critical parameters such as transconductance (gm) and threshold voltage (Vth). These parameters remain concealed behind key inputs, akin to the logic locking approach employed in digital ICs. Our research explores the application of layout-based effects in two commercial CMOS technologies, namely a 28nm and a 65nm node. To demonstrate the efficacy of our proposed technique, we implement it for locking an Operational Transconductance Amplifier. Extensive simulations are performed, evaluating the obfuscation strength by applying a large number of key sets (over 50,000 and 300,000). The results exhibit a significant degradation in performance metrics, such as open-loop gain (up to 130dB), phase margin (up to 50 degrees), 3dB bandwidth (approximately 2.5MHz), and power consumption (around 1mW) when incorrect keys are employed. Our findings highlight the advantages of our approach as well as the associated overhead.

Figures (16)

• Figure 1: Cross section of the metal stack in an IC. Moving towards the base layer, the visibility decreases and the effort to reverse engineer increases.
• Figure 2: Layout-dependent effects. (a) Simplified transistor layout, baseline. (b) Different transistor arrangements, used for obfuscating analog circuits. OD is the oxide diffusion, and PO is the poly (gate). A and B are the distances between the poly and the OD edges, and X is the distance between the poly and the well edges. X relates to WPE, and A and B relate to LOD.
• Figure 3: Effects of LOD and both LOD and WPE on the absolute values of voltage threshold and transconductance of PMOS transistors with a minimum length and representative width. B is shown in Figure \ref{['transistor_layouts']}.
• Figure 4: Effects of PMOS width, WPE and LOD on the absolute values of voltage thresholds for all arrangements.
• Figure 5: Impact of layout-dependent effects on an LVT PMOS drain current in 65nm technology.