Today, electronic systems are part of our daily lives, various infrastructures, transportation, medical facilities, national defense system, and many more applications. Security, trust, and safety have become critical aspects of these electronic systems because of the growing number of threats against them. Modern SoCs contains many sensitive assets that need to be protected from unauthorized access and malicious attacks. Multiple design blocks can be affected by the security policies because of the involvement of subtle interactions among hardware, firmware, OS kernel, and applications. It requires end-to-end, layered security beginning at the device level to protect a device/system from potential attacks and threats. Cryptographic hardware unit is used to protect critical assets of a SoC from many forms of attacks. It also assures that the code running on the board is authentic and unmodified. Major components of a cryptographic hardware unit include Physical Unclonable Functions (PUFs), TRNG, the accelerator of cryptographic algorithms (i.e., a hardware implementation of cryptographic algorithms such as RSA, AES, SHA, etc.).

More recently, the hardware security community has helped to shift industry's attention towards the design of hardware-based security primitives to replace the more expensive and vulnerable software-based primitives (e.g. latest Xilinx and Altera FPGAs now have built-in PUF). A PUF can provide volatile, tamper-resistant solutions to key storage. PUFs have been proposed as critical components in several security applications including identification and authentication, hardware metering, certified execution, and key generation for encryption. TRNGs are used to generate random numbers to be used in cryptographic algorithms for secure communication and privacy.

To be useful in the above applications, the fingerprint or key generated by a PUF should be reliable (i.e., it should not change over time within an acceptable range of operating conditions). The quality of PUF/TRNG depends on the entropy source and internal non-deterministic noise. A current challenge in hardware-based security primitives is their sensitivity to temperature and voltage variations as well as aging. Post-processing techniques (such as error-correcting codes for PUF and privacy amplifications for TRNGs) are traditionally used to achieve high-quality security primitives but come at a cost of high area, power and performance overhead. In this article, we present different techniques to make the hardware-based security primitives more robust. More specifically, we focus on design and enrollment techniques for hardware security primitives, which are being actively sought both for authentication and as roots-of-trust for higher level cryptographic protocols.

Furthermore, the globalization of semiconductor design and fabrication has led to many well-documented issues associated with untrusted foundries and assemblies, including IC overproduction, cloning, and the shipping of improperly or insufficiently tested chips. Besides the economic loss, such chips entering the supply chain can have catastrophic consequences for critical applications. We present a method called Secure Split-Test (SST) for securing the manufacturing process to prevent counterfeits, allowing intellectual property (IP) owners to protect and meter their IPs. This is done by requiring test results to be verified by the IP owner and by requiring the IP owner to provide a "key" to unlock the IPs correct functionality. The results and analysis demonstrate that SST can adequately prevent counterfeited ICs from untrusted foundries or assemblies as well as its resilience to attacks and circumvention.