FSM Inspired Unconventional Hardware Watermark Using Field-Assisted SOT-MTJ

The globalization of the Integrated Circuits supply chain has increased threats from untrusted entities involved in the process. Several mechanisms, such as logic locking, watermarking and split manufacturing, are widely used to ensure hardware security. This study describes a novel method for creating hardware watermarks inspired by finite-state machines. It makes use of the unique physical property of magnetic tunnel junctions that are based on spin-orbit torque. The design strategy is described in detail, including the use of an EDA tool to analyze and take advantage of the unique switching properties of MTJ, their non-volatility, and their reliance on an external magnetic field to direct information through a predetermined order of states in a manner akin to an FSM. Furthermore, the performance prospects are analyzed using Monte Carlo simulations. For the 5% and 10% of process variation in the key MTJ parameters, the accuracy of 100% and 99.80%, respectively, are achieved. In control signal voltage variation, a tolerance of 9% (0.91V) is observed. The required state transition is not altered, demonstrating a tolerable sensitivity to temperature variation from 250K to 350K. The security aspects and methodology for the approach are explained to ensure a more robust and practical application, and finally, a comparison is made with other FSM-based watermarks.


I. INTRODUCTION
Over the past decades, intellectual property (IP) based System-on-Chip (SoC) design has attracted significant attention in the semiconductor industry. IP cores are recycled to accelerate time-to-market while preserving low design costs. However, these benefits of the design-reuse paradigm have compromised security and raised severe concerns about IP infringements. Various untrusted and unreliable third-party agents, who participate at different stages of the SoC design cycle, often misuse these IPs. IP infringement can take various forms, such as overbuilding, IP cloning, and counterfeit ICs [1]. To address these security concerns, Design-for-Security (DfS) has emerged as a crucial and integral part of the IC design that can further be classified into two categories: (a) Active methods and (b) Passive methods. Logic locking, The associate editor coordinating the review of this manuscript and approving it for publication was Santosh Kumar . split-manufacturing, and IC camouflaging are active methods that can prevent IP piracy, while passive methods like Fingerprinting and Watermarking are employed to detect IP piracy.
Security measures come with an expense in some form, like different hardware/design changes. Intelligent attackers may decipher the security mechanism using several techniques like reverse engineering, Machine-Learning based attacks, and side-channel analysis [2]. Spintronics devices offer several security aspects for applications in hardware security [3], [4], and other important applications [5], [6], [7]. MTJ is a widely investigated spintronic device and has been used for different hardware security primitives in recent research [8], [9], [10], [11], [12]. The use of emerging beyond CMOS devices for watermark generation currently needs to be well explored and thus provides many opportunities for utilizing the unique physical characteristic of such devices for generating watermark solutions. In the context of 2D materials-based novel watermarking generation, photo-response of MoS 2 mem-transistor [13] is described. A timeline of the evolution of watermarking and anticounterfeiting techniques is mentioned in [14]. Passive methods like watermarking in hardware security are still in the early stages of research interest. This work provides a unique approach to generating the hardware watermark using the magnetic sensitivity of the SOT-MTJ device at the circuit level. This work explores a three-terminal SOT-MTJ device for secure watermark generation considering various design parameters, PVT variation, and security analysis. Instead of using spin-transfer torque (STT) current, an external magnetic field is used as a critical element for deterministic switching along with SOT current, which is usually not used because of the requirement of the magnetic fields.
The rest of the paper is organized as follows: Section II explains the background of watermarking and magnetic tunnel junctions. Section III discusses the circuit operation for the proposed secure watermarking generation. Experimental results are discussed in Section IV. Finally, Section V concludes the paper.

II. BACKGROUND A. WATERMARKING
Watermarking is a technique that allows the IP designer to conceal authorship information inside the design without affecting the functionality of the design. This watermark is used for IP ownership authentication against suspected IP infringements in legal proceedings [15]. An ideal watermarking method is simple to insert, verifiable, and well integrated into the design, and yet does not suffer from high overhead and removal attacks [16]. The following characteristics are necessary for a watermarking strategy [17], [18].
• The functionality of the original design must not be changed by the watermarked design.
• The overhead incurred should be minimal due to the watermark's insertion.
• The watermark needs to be resilient to various modification and removal attacks.
• Credible authorship proof is essential to be presented in the court as strong evidence for claiming the authorship.
IP watermarking techniques can be sub-divided into five categories: (a) Constrained-based watermarking, (b) Side channel-based watermarking, (c) Test structure-based watermarking, (d) Digital signal processing (DSP)-based watermarking, and (e) Finite state machine (FSM) watermarking. The constrained-based watermarking strategy consists of system-level, behavior-level, logic-level, and physical-level synthesis. It is a complex optimization problem with exponential growth in the acceptable solutions concerning the input size, and IP can be considered the solution to the optimization problem [19]. Side channel-based watermarking can exploit a cryptographic device that has leaked physical information and is widely used to recover the secret keys [20]. With a side-channel-based watermark, a watermarking signal is embedded within the side channel instead of secret information being leaked out. The central concept is to incorporate a watermark into an IP core using a side channel, such as power consumption. The verifier then extracts the watermark and certifies ownership using that side-channel information. Test structure-based watermarking embeds a watermark at the behavior level into a test sequence. The test signals must be traceable once the IPs have been integrated into the complete SOCs. Using this advantage, the authors combined the watermark generating circuit with this test sequence to observe and test any IP in the chip even after packaging the chip [21]. In the test mode, the watermark sequences and the output test patterns are sent by the selected IP, and the IP provider identity can be determined based on the watermark sequence. Digital signal processing (DSP)-based watermarking is implemented at the algorithmic or system level [22] to allow designers to slightly alter the decibel (dB) specifications of the filters without sacrificing their performance. A high-level digital filter encodes a single character (7 bits) as a watermark. The filter design is then divided into seven segments, each used as a modulation signal for one of the bits. The FSM-based watermark is incorporated at the behavioral level while remaining inoffensive to chip functionality courtesy of adding additional FSM transitions or states. FSM-based watermarking can be divided into two types: state-based watermarking [23] and transition-based watermarking [24]. State-based watermarking techniques require encoding a changing state or adding additional states. In contrast, transition-based watermarking techniques employ unused transitions or introduce new ones to the FSM.

B. MAGNETIC TUNNEL JUNCTION
In the SOT-MTJ device, an MTJ stack that consists of a barrier layer sandwiched between two ferromagnetic layers is placed on a heavy metal (HM), as shown in Fig. 1. Depending on the magnetization orientation of the free layer with respect to pinned layer, the state of MTJ is determined. Several switching mechanisms are possible, like STT switching, SOT-assisted STT switching, and thermally and field-assisted switching. Field-assisted switching is generally less used in MTJ-based memory and logic circuits because of the difficulty of generating a magnetic field; Therefore, magnetization control via electric current is preferred.  However, this work uses a magnetic field to generate a watermark because proof of authentication is not frequent. Magnetic field-assisted switching can enhance security to a very high degree against various threats generally encountered in watermark design. Equation 1 is the Landau-Lifshitz-Gilbert (LLG) equation that governs the magnetic dynamics of the free layer, and equation 2 provides the MTJ resistance [25].
Here, #» m and #» m r are the unit vector along with magnetization of the free layer and the pinned layer, respectively, γ is the Gyromagnetic ratio, µ 0 is the vacuum permeability, #» H eff is the effective magnetic field, α is the Gilbert damping coefficient, P is the polarization factor, J STT and J SOT are the STT and SOT current density and #» σ SOT is the polarization direction of the spin current injected in the free layer. TMR 0 is the TMR ratio at zero bias, V h is the bias when TMR is divided by half, θ is the spin hall angle, and R p is the parallel state resistance of the MTJ. J STT = 0 is set so that #» m is dependent upon J SOT and #» H eff as input parameters.

III. CIRCUIT OPERATION A. WATERMARK GENERATION CIRCUIT
The proposed watermark is embedded in the design, and it is suggested to insert post-synthesis to avoid optimization constraints. The working operation of watermark generation does not interfere with regular circuit operation and provides credible and secure proof of ownership. The watermark is designed in such a way that even with a machine learningbased approach employing trial and error, the likelihood of the watermark being detected and generated by an untrusted entity is very low. The block diagram of the overall strategy adopted in this work is shown in Fig. 2. It consists of a 64-bit sequence detector (SD), which receives input from the IP block to ensure the watermark inputs are distributed in the design. A trigger signal (T) is generated, with a very low probability of triggering, i.e., 2 −64 . The signal T=0 disables the watermark generation process, and T=1 provides specific input to the MTJ block (3 bits) with different values. The control block consists of different control signals to guide the state of the MTJs. Comparators with reference at 0 V are used to ensure proper selection of logic levels (Z 2 (MSB) to Z 0 ). Finally, the watermark extraction block in each state stores a specific image, and the correct watermark image is stored in one of the states from S 0 to S 7 . The IP owner designed the watermark extraction block, and information related to the watermark is confidential and can be used as a 'golden model' during proof of ownership. The watermark extraction block and comparators can also be inserted before the I/O access interface. With intelligent design, it will be possible to avoid I/O access, which is currently a disadvantage. However, inserting the watermark extraction block and comparators before the I/O access will increase the fabrication cost for all the chips, reduce security advantage by becoming more prone to revealing information for reverse engineering-based attacks, and increase area consumption on a silicon substrate as a trade-off for removing the I/O access.

B. MTJ BLOCK OPERATION
In the MTJ block described in Fig. 3, the Verilog-A-based behavioral compact model of MTJ is used [19]. Three MTJ is applied as the control signal to erase the magnetization information as shown in Fig. 4. This allows the designer to control the magnetization of the MTJ individually. The non-volatile nature of MTJ devices enables them to retain information once written, thus allowing controlled transitions between different states. The MTJ used here is a perpendicular magnetic anisotropy (PMA) MTJ, and thus its magnetic orientation is perpendicular (along the z-axis) to the x-y plane. B Ext is applied along the +z direction to influence the magnetization. Table 1 contains the MTJ parameter used during the electrical simulations. All parameters are selected as the default values of the developed compact model. All the simulations are performed in a cadence spectre simulator in TSMC 40 nm technology with W/L = 3 and temperature at 300 K. State S 5 stores the watermark image, and Fig. 4 shows the transitions implemented to converge to S 5 . T S ≈ 3.36 ns is the settling time after erasing the data. The designer provides the control signals, and B Ext = 22 mT is used as the magnetic key for this specific transition. Any other transition sequence will be invalid during the proof of authentication. It is also important to note that the term fac fl mentioned in Table 1, which indicates the field-like torque effect, will significantly affect the magnetization dynamics. More details about this are present in [26]. The default value fac fl = 0.8 is used in this work; however, the state transition is correct from 0.5 to 1.25, as obtained by parametric analysis.

A. EFFECT OF PVT
This section includes design robustness for the intended successful transition concerning different conditions. Firstly, the effect of process variation (PV) in specific MTJ parameters such as TMR ratio, free layer thickness, and oxide layer       Fig. 6. To see the effect of temperature variation, a temperature sweep from 250 K to 350 K is applied, and R MTJ = 0.334 k change is observed. However, no change in desired state transition is observed, indicating acceptable tolerance to temperature variation. The PVT simulation showed that the MTJ block has an acceptable tolerance to variation in various parameters. Thus, from the circuit design perspective, it shows possible practical applications.

B. SECURITY ANALYSIS
This section discusses some of the security aspects of the proposed work. Firstly, let us define some of the symbols used. Let the applied external magnetic field (B Ext ) lies in , where 0 ∈ (-∞, 0 mT), 1 ∈ [0 mT, 6mT), 2 ∈ (7 mT,  12mT), 3 ∈ (13 mT, 17mT), 4 ∈ (18 mT, 25mT) and 5 ∈ (25 mT, ∞). Let S ̸ = 0 be a finite set of states, S i , S n ∈ S, where S i is the current state with S 0 being the initial reset state and S n being the next state, τ represents the overall time required in the correct state transition as designed and shown in Fig. 4, and χ represents the allowed control signals set by the designer. Let ψ represent the transition function which governs S i → S n under some specific condition.

1) PROOF OF OWNERSHIP
The strength is ascertained by the probability of obtaining the same watermark while simultaneously having a low probability of false triggering. Here the triggering probability is very low and approximated as: P<Correct State> ≈ 2 −64 * <Analog Magnetic Key ( 4 )> * <Correct Control Block Signals (χ) > which has a very low probability of triggering as an external field is also used with specific control signal sequences. In Fig. 7 and Fig. 8, the control signal is applied at different instances of time, and different state transitions are observed; this behavior is per equation (1)- (2) and demonstrates that the state transition is also a function of the time instance of the control sequence. Algorithm 1 contains the methodology to obtain the desired operation.

2) REMOVAL ATTACKS AND TAMPERING
If the attacker removes the watermark block and replaces it with its watermark, proof of authentication can be easily verified; in the worst case, the attacker can implement the same hardware configuration to converge to the same state. To counter such rare cases, an Eye-Diagram test is performed  with a Unit interval (UI) of = 5 ns and a Period of 2 * UI to create a centered eye diagram, as shown in Fig. 9. Eye diagram tests are used to test the signal integrity at a high data speed rate. It is challenging to clone the signal behavior of such an emerging device with great accuracy due to the complex and non-linear device characteristics. Table 3 contains eye-diagram results for each MTJ bit, and Table 4 contains information related to the transient behavior of the MTJs used here. These data can be used as a reference against cloningbased attacks. The approach used here is FSM inspired and not entirely based on the FSM watermarking approach used conventionally. Attacks like state re-encoding, circuit VOLUME 11, 2023  Re-timing, State Reduction [21] etc., are inefficient and can be easily detected.

3) TOLERANCE AGAINST MACHINE LEARNING (ML) BASED ATTACK AND REVERSE ENGINEERING
The complex device characteristic and dependence on different designs and external parameters to obtain the specific state is very unconventional, thus posing a solid resilience to conventional ML-based attacks. To demonstrate this idea, mathematical reasoning is provided where ML-based brute force attack will be computationally expensive compared to well-known binary decision diagrams to show this concept (BDD) [28], [29]. The state-transition diagrams (STGs) can be manipulated via ML-based attack if the transition relation and output functions are compromised by computing the image and pre-image of a set defined by its characteristic function and obtaining the set of reachable states. However, a detailed discussion on BDD properties, characteristics, and attacks on them is outside the scope of the work. However, a similar trend in Fig. 10 presents the STG diagram of this work. Where the highlighted states (S 0 , S 2 , S 5 , and S 7 ) are the states of interest, and arrows highlighted in blue represents the desired state transition. The transition relation ψ for the STG shown in Fig. 10 is defined as follows: where C 1 -C 3 are some constants. The ML-based attack thus will have to solve a highly non-linear vector-timedifferential equation along with information related to other devices, circuits, and confidential watermark design parameters, which is computationally extremely expensive. In case no design information is leaked except for ψ and basic state transition information. Still, other parameters like the actual values of , χ , and physical device dimension will be difficult to decipher using brute force ML algorithms compared to much simpler BDD-based FSM hardware watermarks. Thus this method, in general, is more robust to ML-based attacks. Another approach that an attacker can use is to deploy reverse-engineering attacks to obtain the device structure dimensions and material composition and then use an ML-based algorithm in conjugation. This method will be compelling, but Reverse Engineering is a destructive, time-consuming, and costly method, and de-packaging the chip can cause an error in the watermark structure. Also, keeping the comparator block and watermark extraction block described in section III-A outside the IC provides a counter against ML and reverse engineering-based attacks. These blocks are confidential property and add an extra layer of security at the cost of providing I/O access.

4) GENERAL SECURITY AND PERFORMANCE CONCERN
Application of a small amount of magnetic field (B Ext ≈ 22 mT) does not affect the MOS transistors and can tolerate applied field up to 7T [31]. Thus, applying a magnetic key will not hinder the regular IP blocks. Even if a certain amount of information related to the design is leaked, it is still complicated for the attacker to copy the proof of authentication process. With the advancement of fabrication technology, the area overhead can be reduced significantly in the future, which is currently a clear disadvantage, along with the invisibility of the hardware watermark block, especially for smaller IP/ICs. Also, the complexity of design and fabrication compared to other methods is a significant concern for this approach. This approach of Hardware watermarking is not robust against several other threat models effectively, such as the insertion of Hardware Trojans, and can not detect skillfully inserted Trojans unless the Trojan changes the 64-bit input sequence required to trigger the watermarking operation. Table 5 gives a comparison with other FSM-based watermarking techniques. Emerging beyond CMOS devices for watermark generation is not well explored. Table 5 compares this work with other FSM-based approaches. This work has a clear disadvantage in overhead and needs to perform better in terms of invisibility.

V. CONCLUSION
SOT-MTJ is a non-volatile device with non-linear characteristics dependent on several external parameters. This article uses the external magnetic field as a passive method of generating the watermark. The designed circuit allows the user to converge and obtain the watermark, which helps to provide proof of authentication. This approach works satisfactorily with a higher security advantage but requires complex design, fabrication methodology, and extra hardware. Using an external magnetic field to guide the MTJ in an actual IP core properly and inserting the MTJ block with other CMOS devices in the SoC design is complex. Many aspects 8156 VOLUME 11, 2023 of hardware reliability, like aging and time dependent dielectric breakdown (TDBB), need to be ascertained for practical application. A detailed fabricated attempt for such analysis is currently out of the scope of this work. SELMA AMARA (Member, IEEE) received the Ph.D. degree in micro and nano electronics specialty from the Spintec-CEA Laboratory, Joseph Fourier University. She has research and industrial experiences at different teams and has competences in nanofabrication in clean room thanks to Spintec Laboratory which offers such a specialized training of the nanofabrication. She has taught some undergraduate and graduate courses in physics: electronics, optics, magnetism, and mechanics. She was a Postdoctoral Researcher within the Novel Magnetic Devices (NoMaDe) Group-a joint research team between Institut d'Electronique Fondamentale, Paris Sud University (IEF) and Ecole Normale Supérieure (ENS). She is currently working as a Postdoctoral Fellow at KAUST in nanofabrication of TMR sensors. She has attended various specialized international conferences and published articles in prestigious international journals. Her main research interests include the spintronics and related applications going from electrical engineering to biotechnology. Her research interests include design, implementation, electrical characterization, preparation, and instrumental analysis of samples. He has been a PI or a Co-PI on more than 30 Million dollar of funded research from the NSF, DOD, SRC, and the industry. He has published more than 400 papers in leading peer-reviewed journals and conference publications. His research interests include design of state-of-the-art innovative technological solutions that span a broad range of technical areas including smart cities, autonomy, smart health, smart mobility, embedded systems, nanophotonics, and spintronics. His research group was responsible for developing the world's first realization of compressive sensing systems for signals, which provided an unprecedented one order of magnitude savings in power consumption and significant reductions in size and cost and has enabled the implementation of self-powered sensors for smart cities and ultra-low-power biomedical implantable devices.
Dr. Massoud was selected as one of ten MIT Alumni Featured by MIT's Electrical Engineering and Computer Science Department, in 2012. He was a recipient of the Rising Star of Texas Medal, the National Science Foundation CAREER Award, the DAC Fellowship, the Synopsys Special Recognition Engineering Award, and several best paper awards. He has served on the IEEE CAS Award Nomination Committee, IEEE Mac Valkenburg Award Committee, IEEE CAS Fellow Committee, IEEE Rebooting Computing Steering Committee, and IEEE Nanotechnology Council. He also served as