Your search keyword '"Hardware obfuscation"' showing total 188 results

1. Hardware Obfuscation for IP Protection of DSP Applications

Author

R, Naveenkumar, Sivamangai, N.M., A, Napolean, and Nissi, G. Akashraj

Published

2022

2. Hardware Obfuscation of Digital FIR Filters

Author

Aksoy, Levent, Hepp, Alexander, Baehr, Johanna, and Pagliarini, Samuel

Subjects

Computer Science - Cryptography and Security, Electrical Engineering and Systems Science - Signal Processing

Abstract

A finite impulse response (FIR) filter is a ubiquitous block in digital signal processing applications. Its characteristics are determined by its coefficients, which are the intellectual property (IP) for its designer. However, in a hardware efficient realization, its coefficients become vulnerable to reverse engineering. This paper presents a filter design technique that can protect this IP, taking into account hardware complexity and ensuring that the filter behaves as specified only when a secret key is provided. To do so, coefficients are hidden among decoys, which are selected beyond possible values of coefficients using three alternative methods. As an attack scenario, an adversary at an untrusted foundry is considered. A reverse engineering technique is developed to find the chosen decoy selection method and explore the potential leakage of coefficients through decoys. An oracle-less attack is also used to find the secret key. Experimental results show that the proposed technique can lead to filter designs with competitive hardware complexity and higher resiliency to attacks with respect to previously proposed methods.

Published

2022

3. ReTrustFSM: Toward RTL Hardware Obfuscation-A Hybrid FSM Approach

Author

M. Sazadur Rahman, Rui Guo, Hadi M. Kamali, Fahim Rahman, Farimah Farahmandi, and Mark Tehranipoor

Subjects

Hardware obfuscation, logic locking, FSM, RTL, structural analysis, BMC, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Hardware obfuscating is a proactive design-for-trust technique against IC supply chain threats, i.e., IP piracy and overproduction. Many studies have evaluated numerous techniques for obfuscation purposes. Nevertheless, de-obfuscation attacks have demonstrated their insufficiency. This paper proposes a register-transfer (RT) level finite-state-machine (FSM) obfuscation technique called ReTrustFSM that allows designers to obfuscate at the earliest possible stage. ReTrustFSM combines three types of secrecy: explicit external secrecy via an external key, implicit external secrecy based on specific clock cycles, and internal secrecy through a concealed FSM transition function. So, the robustness of ReTrustFSM relies on the external key, the external primary input patterns, and the cycle accuracy of applying such external stimuli. Additionally, ReTrustFSM defines a cohesive relationship between the features of Boolean problems and the required time for de-obfuscation, ensuring a maximum execution time for oracle-guided de-obfuscation attacks. Various attacks are employed to test ReTrustFSM’s robustness, including structural and machine learning attacks, functional I/O queries (BMC), and FSM attacks. We have also analyzed the corruptibility and overhead of design-under-obfuscation. Our experimental results demonstrate the robustness of ReTrustFSM at acceptable overhead/corruption while resisting such threat models.

Published

2023

4. SAIL: Machine Learning Guided Structural Analysis Attack on Hardware Obfuscation

Author

Chakraborty, Prabuddha, Cruz, Jonathan, and Bhunia, Swarup

Subjects

Computer Science - Cryptography and Security

Abstract

Obfuscation is a technique for protecting hardware intellectual property (IP) blocks against reverse engineering, piracy, and malicious modifications. Current obfuscation efforts mainly focus on functional locking of a design to prevent black-box usage. They do not directly address hiding design intent through structural transformations, which is an important objective of obfuscation. We note that current obfuscation techniques incorporate only: (1) local, and (2) predictable changes in circuit topology. In this paper, we present SAIL, a structural attack on obfuscation using machine learning (ML) models that exposes a critical vulnerability of these methods. Through this attack, we demonstrate that the gate-level structure of an obfuscated design can be retrieved in most parts through a systematic set of steps. The proposed attack is applicable to all forms of logic obfuscation, and significantly more powerful than existing attacks, e.g., SAT-based attacks, since it does not require the availability of golden functional responses (e.g. an unlocked IC). Evaluation on benchmark circuits show that we can recover an average of around 84% (up to 95%) transformations introduced by obfuscation. We also show that this attack is scalable, flexible, and versatile., Comment: 6 pages, 6 figures, 8 tables

Published

2018

5. Hardware Obfuscation Based Watermarking Technique for IPR Ownership Identification

Author

Priyanka Bagul and Vandana Inamdar

Subjects

Computer engineering. Computer hardware, TK7885-7895

Abstract

As the reuse of IP cores or the development of frequently used hardware modules is gaining more attention in the semiconductor industry, the misappropriation of the owner’s identity is a rising concern. Therefore, imprinting the owner’s identity in the form of a watermark or signature on the IP core is essential to avoid intellectual property right (IPR) infringement. In view of this, a watermarking technique is proposed in the present manuscript. A constraint-based dynamic watermarking method to generate the owner’s signature is proposed in conjunction with the logic encryption-based hardware obfuscation method. The method formulated in this manuscript consciously makes use of a basic switching component for embedding a watermark with IP core and hardware obfuscation, to achieve a lower overhead budget. Through the switching mechanism, the embedded watermark can be made detectable to legitimate end users off chip via test pin. The logic encryption-based method is set for accessing the watermark. Furthermore, an encrypted functionality is set as the signature generator module for generating owner’s signature. This provides hardware obfuscation and two-stage authentication mechanism for the generation of owner’s signature, and as a result of this, double-layer protection is achieved. Furthermore, a novel method to configure input key for signature generation module and to formulate owner’s signature is proposed. The viability of the present watermark technique for real-life application is checked on the ground of transparency, security, reliability, performance overhead, and robustness. Since the watermark in the proposed method is embedded outside the IP core, it does not cause any latency for the IP core functionality. Thus, even with significantly lower area overhead (∼

Published

2023

6. On the Difficulty of FSM-based Hardware Obfuscation

Author

Marc Fyrbiak, Sebastian Wallat, Jonathan Déchelotte, Nils Albartus, Sinan Böcker, Russell Tessier, and Christof Paar

Subjects

Hardware Reverse Engineering, Hardware Obfuscation, Hardware Nanomites, FSM-based Hardware Obfuscation, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

In today’s Integrated Circuit (IC) production chains, a designer’s valuable Intellectual Property (IP) is transparent to diverse stakeholders and thus inevitably prone to piracy. To protect against this threat, numerous defenses based on the obfuscation of a circuit’s control path, i.e. Finite State Machine (FSM), have been proposed and are commonly believed to be secure. However, the security of these sequential obfuscation schemes is doubtful since realistic capabilities of reverse engineering and subsequent manipulation are commonly neglected in the security analysis. The contribution of our work is threefold: First, we demonstrate how high-level control path information can be automatically extracted from third-party, gate-level netlists. To this end, we extend state-of-the-art reverse engineering algorithms to deal with Field Programmable Gate Array (FPGA) gate-level netlists equipped with FSM obfuscation. Second, on the basis of realistic reverse engineering capabilities we carefully review the security of state-of-the-art FSM obfuscation schemes. We reveal several generic strategies that bypass allegedly secure FSM obfuscation schemes and we practically demonstrate our attacks for a several of hardware designs, including cryptographic IP cores. Third, we present the design and implementation of Hardware Nanomites, a novel obfuscation scheme based on partial dynamic reconfiguration that generically mitigates existing algorithmic reverse engineering.

Published

2018

7. Protecting the Intellectual Property of Binary Deep Neural Networks With Efficient Spintronic-Based Hardware Obfuscation

Author

Mohseni, Alireza, Moaiyeri, Mohammad Hossein, Amirany, Abdolah, and Hadi Rezayati, Mohammad

Abstract

Well-trained deep neural network (DNN) models are considered valuable assets because they require large amounts of data, expertise, and resources to achieve desired performance. Hence, protecting the intellectual property of such hard-to-develop models against unauthorized usage or model leaking is a significant concern. This paper proposes a novel key-based obfuscation method that locks the model with a significant accuracy drop when the incorrect key is applied. Due to the importance and developments of binary neural networks (BNNs) in hardware implementation of state-of-the-art DNN models, we study our method on BNNs. The proposed model protection solution leads to a higher accuracy drop with even a lower perturbation rate across different binary neural network architectures and benchmark datasets than its state-of-the-art counterpart. Furthermore, we present an efficient spintronic-based in-memory computing structure for the hardware implementation of the proposed method. We validate the proposed design using post-layout simulations based on the TSMC 40nm technology. With the same approach for hardware implementation, our proposed design provides, on average, 18%, 41%, and 40% improvements regarding the area, average power consumption, and weight modification energy per filter in the neural network structure, respectively.

Published

2024

8. On the Construction of Composite Finite Fields for Hardware Obfuscation

Author

Xinmiao Zhang and Yingjie Lao

Subjects

Computer science, business.industry, Cryptography, 02 engineering and technology, 020202 computer hardware & architecture, Theoretical Computer Science, Finite field, Computational Theory and Mathematics, Computer engineering, Hardware and Architecture, Logic gate, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Hardware obfuscation, Finite field arithmetic, business, Software, Decoding methods

Abstract

Hardware obfuscation is a technique that modifies the circuit to hide the functionality. Obfuscations through algorithmic modifications add protection in addition to circuit-level techniques, and their effects on the data paths can be analyzed and controlled at the architectural level. Many error-correcting coding and cryptography algorithms are based on finite field arithmetic. For the first time, this paper proposes a hardware obfuscation scheme achieved through varying finite field constructions and primitive element representations. Also the variations are effectively transformed to bit permuters controlled by obfuscation keys to achieve high level of security with very small complexity overheads. To illustrate the effectiveness, the proposed scheme is applied to obfuscate Reed-Solomon decoders, which are broadly used in communication and storage systems. For a (255, 239) RS decoder over finite field $GF(256)$GF(256), the proposed scheme achieves 1239 bits of independent obfuscation key with 4.4 percent area overhead, while yielding no penalty on the throughput and only one extra clock cycle of latency.

Published

2019

9. ReTrustFSM: Toward RTL Hardware Obfuscation-A Hybrid FSM Approach

Author

Rahman, M. Sazadur, primary, Guo, Rui, additional, Kamali, Hadi M., additional, Rahman, Fahim, additional, Farahmandi, Farimah, additional, and Tehranipoor, Mark, additional

Published

2023

10. Hardware Obfuscation Driven by QR Pattern using High Level Transformations

Author

Sharath Kumar D.R.V.A

Subjects

Computer science, business.industry, Embedded system, Computer Science (miscellaneous), Hardware obfuscation, Electrical and Electronic Engineering, business

Published

2019

11. Development and Evaluation of Hardware Obfuscation Benchmarks

Author

Xiaolin Xu, Yier Jin, Swarup Bhunia, Mark Tehranipoor, Bicky Shakya, Domenic Forte, and Sarah Amir

Subjects

Reverse engineering, business.industry, Computer science, Suite, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020207 software engineering, Context (language use), 02 engineering and technology, Benchmarking, computer.software_genre, 020202 computer hardware & architecture, Set (abstract data type), Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), Hardware obfuscation, Software engineering, business, computer

Abstract

Obfuscation is a promising solution for securing hardware intellectual property (IP) against various attacks, such as reverse engineering, piracy, and tampering. Due to the lack of standard benchmarks, proposed techniques by researchers and practitioners in the community are evaluated by existing benchmark suites such as ISCAS-85, ISCAS-89, and ITC-99. These open source benchmarks, though widely utilized, are not necessarily suitable for the purpose of evaluating hardware obfuscation techniques. In this context, we believe that it is important to establish a set of well-defined benchmarks, on which the effectiveness of new and existing obfuscation techniques and attacks on them can be compared. In this paper, we describe a set of such benchmarks obfuscated with some popular methods that we created to facilitate this need. These benchmarks have been made publicly available on Trust-Hub web portal. Moreover, we provide the first evaluation of several obfuscation approaches based on the metrics and existing attacks using this new suite. Finally, we discuss our observations and guidance for future work in hardware obfuscation and benchmarking.

Published

2018

12. Key Generation for Hardware Obfuscation Using Strong PUFs

Author

Md Shahed Enamul Quadir and John A. Chandy

Subjects

obfuscation, key generation, authentication, physically unclonable function, counterfeiting, Technology

Abstract

As a result of the increased use of contract foundries, intellectual property (IP) theft, excess production and reverse engineering are major concerns for the electronics and defense industries. Hardware obfuscation and IP locking can be used to make a design secure by replacing a part of the circuit with a key-locked module. In order to ensure each chip has unique keys, previous work has proposed using physical unclonable functions (PUF) to lock the circuit. However, these designs are area intensive. In this work, we propose a strong PUF-based hardware obfuscation scheme to uniquely lock each chip.

Published

2019

13. Hardware Obfuscation Based Watermarking Technique for IPR Ownership Identification.

Author

Bagul, Priyanka and Inamdar, Vandana

Subjects

DIGITAL watermarking, WATERMARKS, INTELLECTUAL property, SEMICONDUCTOR industry

Abstract

As the reuse of IP cores or the development of frequently used hardware modules is gaining more attention in the semiconductor industry, the misappropriation of the owner's identity is a rising concern. Therefore, imprinting the owner's identity in the form of a watermark or signature on the IP core is essential to avoid intellectual property right (IPR) infringement. In view of this, a watermarking technique is proposed in the present manuscript. A constraint-based dynamic watermarking method to generate the owner's signature is proposed in conjunction with the logic encryption-based hardware obfuscation method. The method formulated in this manuscript consciously makes use of a basic switching component for embedding a watermark with IP core and hardware obfuscation, to achieve a lower overhead budget. Through the switching mechanism, the embedded watermark can be made detectable to legitimate end users off chip via test pin. The logic encryption-based method is set for accessing the watermark. Furthermore, an encrypted functionality is set as the signature generator module for generating owner's signature. This provides hardware obfuscation and two-stage authentication mechanism for the generation of owner's signature, and as a result of this, double-layer protection is achieved. Furthermore, a novel method to configure input key for signature generation module and to formulate owner's signature is proposed. The viability of the present watermark technique for real-life application is checked on the ground of transparency, security, reliability, performance overhead, and robustness. Since the watermark in the proposed method is embedded outside the IP core, it does not cause any latency for the IP core functionality. Thus, even with significantly lower area overhead (∼<1.4%), the proposed method is able to provide higher robustness in terms of lower probability of coincidence (PC = 4.68 e − 97). [ABSTRACT FROM AUTHOR]

Published

2023

14. Hardware Obfuscation of Digital FIR Filters

Author

Levent Aksoy, Alexander Hepp, Johanna Baehr, and Samuel Pagliarini

Subjects

Signal Processing (eess.SP), FOS: Computer and information sciences, Computer Science - Cryptography and Security, FOS: Electrical engineering, electronic engineering, information engineering, Electrical Engineering and Systems Science - Signal Processing, Cryptography and Security (cs.CR)

Abstract

A finite impulse response (FIR) filter is a ubiquitous block in digital signal processing applications. Its characteristics are determined by its coefficients, which are the intellectual property (IP) for its designer. However, in a hardware efficient realization, its coefficients become vulnerable to reverse engineering. This paper presents a filter design technique that can protect this IP, taking into account hardware complexity and ensuring that the filter behaves as specified only when a secret key is provided. To do so, coefficients are hidden among decoys, which are selected beyond possible values of coefficients using three alternative methods. As an attack scenario, an adversary at an untrusted foundry is considered. A reverse engineering technique is developed to find the chosen decoy selection method and explore the potential leakage of coefficients through decoys. An oracle-less attack is also used to find the secret key. Experimental results show that the proposed technique can lead to filter designs with competitive hardware complexity and higher resiliency to attacks with respect to previously proposed methods.

Published

2022

15. SAIL: Machine Learning Guided Structural Analysis Attack on Hardware Obfuscation

Author

Swarup Bhunia, Jonathan Cruz, and Prabuddha Chakraborty

Subjects

FOS: Computer and information sciences, Structure (mathematical logic), Reverse engineering, Computer Science - Cryptography and Security, Computer science, business.industry, 0211 other engineering and technologies, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, computer.software_genre, Machine learning, 020202 computer hardware & architecture, Set (abstract data type), Scalability, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), Hardware obfuscation, Artificial intelligence, business, Cryptography and Security (cs.CR), computer, 021106 design practice & management, Vulnerability (computing)

Abstract

Obfuscation is a technique for protecting hardware intellectual property (IP) blocks against reverse engineering, piracy, and malicious modifications. Current obfuscation efforts mainly focus on functional locking of a design to prevent black-box usage. They do not directly address hiding design intent through structural transformations, which is an important objective of obfuscation. We note that current obfuscation techniques incorporate only: (1) local, and (2) predictable changes in circuit topology. In this paper, we present SAIL, a structural attack on obfuscation using machine learning (ML) models that exposes a critical vulnerability of these methods. Through this attack, we demonstrate that the gate-level structure of an obfuscated design can be retrieved in most parts through a systematic set of steps. The proposed attack is applicable to all forms of logic obfuscation, and significantly more powerful than existing attacks, e.g., SAT-based attacks, since it does not require the availability of golden functional responses (e.g. an unlocked IC). Evaluation on benchmark circuits show that we can recover an average of around 84% (up to 95%) transformations introduced by obfuscation. We also show that this attack is scalable, flexible, and versatile., 6 pages, 6 figures, 8 tables

Published

2018

16. On the Construction of Composite Finite Fields for Hardware Obfuscation.

Author

Zhang, Xinmiao and Lao, Yingjie

Subjects

*FINITE fields, *COMPOSITE construction

Abstract

Hardware obfuscation is a technique that modifies the circuit to hide the functionality. Obfuscations through algorithmic modifications add protection in addition to circuit-level techniques, and their effects on the data paths can be analyzed and controlled at the architectural level. Many error-correcting coding and cryptography algorithms are based on finite field arithmetic. For the first time, this paper proposes a hardware obfuscation scheme achieved through varying finite field constructions and primitive element representations. Also the variations are effectively transformed to bit permuters controlled by obfuscation keys to achieve high level of security with very small complexity overheads. To illustrate the effectiveness, the proposed scheme is applied to obfuscate Reed-Solomon decoders, which are broadly used in communication and storage systems. For a (255, 239) RS decoder over finite field $GF(256)$GF(256), the proposed scheme achieves 1239 bits of independent obfuscation key with 4.4 percent area overhead, while yielding no penalty on the throughput and only one extra clock cycle of latency. [ABSTRACT FROM AUTHOR]

Published

2019

17. Comparative Analysis of Hardware Obfuscation for IP Protection

Author

Bicky Shakya, Sarah Amir, Domenic Forte, Mark Tehranipoor, and Swarup Bhunia

Subjects

010302 applied physics, Reverse engineering, Engineering, business.industry, Supply chain, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, Integrated circuit, Multiple methods, Intellectual property, Computer security, computer.software_genre, Ip piracy, 01 natural sciences, 020202 computer hardware & architecture, law.invention, Obfuscation (software), law, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Hardware obfuscation, business, computer

Abstract

In the era of globalized Integrated Circuit (IC) design and manufacturing flow, a rising issue to the silicon industry is various attacks on hardware intellectual property (IP). As a measure to ensure security along the supply chain against IP piracy, tampering and reverse engineering, hardware obfuscation is considered a reliable defense mechanism. Sequential and combinational obfuscations are the primary classes of obfuscation, and multiple methods have been proposed in each type in recent years. This paper presents an overview of obfuscation techniques and a qualitative comparison of the two major types.

Published

2017

18. SAT-Attack Resistant Hardware Obfuscation using Camouflaged Two-Dimensional Heterostructure Devices

Author

Akshay Wali, Andrew Arnold, Shamik Kundu, Soumyadeep Choudhury, Kanad Basu, and Saptarshi Das

Subjects

Hardware_INTEGRATEDCIRCUITS, Hardware_PERFORMANCEANDRELIABILITY, Hardware_LOGICDESIGN

Abstract

Reverse engineering (RE) is one of the major security threats to the semiconductor industry due to the involvement of untrustworthy parties in an increasingly globalized chip manufacturing supply chain [1-5]. RE efforts have already been successful in extracting device level functionalities from an integrated circuit (IC) with very limited resources [6]. Camouflaging is an obfuscation method that can thwart such RE [7-9]. Existing work on IC camouflaging primarily uses fabrication techniques such as doping and dummy contacts to hide the circuit structure or build cells that look alike but have different functionalities. While promising these Si complementary metal oxide semiconductor (CMOS) based obfuscation techniques adds significant area overhead and are successfully decamouflaged by the Satisfiability solver (SAT)-based reverse engineering techniques [9-13]. Emerging solutions, such as polymorphic gates based on giant spin Hall effect (GSHE) are promising but adds delay overhead in hybrid CMOS-GSHE designs restricting the camouflaging to a maximum of 15% of all the gates in the circuit. Here, we harness the unique properties of two-dimensional (2D) transition metal dichalcogenides (TMDs) including MoS2, MoSe2, MoTe2, WS2, and WSe2 and their optically transparent transition metal oxides (TMOs) to demonstrate novel area efficient camouflaging solutions that are resilient to SAT-attack and automatic test pattern generation (ATPG) attacks. We show that resistors with resistance values differing by 8 orders of magnitude, diodes with variable turn-on voltages and reverse saturation currents, and field effect transistors (FETs) with adjustable conduction type, threshold voltages and switching characteristics can be optically camouflaged to look exactly similar by engineering TMO/TMD heterostructures allowing hardware obfuscation of both digital and analog circuits. Since this 2D heterostructure devices family is intrinsically camouflaged, NAND/NOR/AND/OR gates in the circuit can be obfuscated with significantly less area overhead allowing 100% logic obfuscation compared to only 5% for CMOS-based camouflaging. Finally, we demonstrate that the largest benchmarking circuit from ISCAS’85, comprised of more than 4000 logic gates when obfuscated with the CMOS-based technique are successfully decamouflaged by SAT-attack in less than 40 minutes; whereas, it renders to be invulnerable even in more than 10 hours, when camouflaged with 2D heterostructure devices thereby corroborating our hypothesis of high resilience against RE. Our approach of connecting unique material properties to innovative devices to secure circuits can be considered as one of its kind demonstrations, highlighting the benefits of cross-layer optimization.

Published

2020

19. Reports on Reverse Engineering from LNM Institute of Information Technology Provide New Insights (Hardware Obfuscation of Aes Ip Core Using Combinational Hardware Trojan Circuit for Secure Data Transmission In Iot Applications)

Subjects

Data security -- Technology application -- Reports, Intellectual property -- Reports -- Technology application, Semiconductor industry -- Reports -- Technology application, Semiconductor industry, Data security issue, Technology application, Intellectual property, Computers

Abstract

2022 JUN 7 (VerticalNews) -- By a News Reporter-Staff News Editor at Information Technology Newsweekly -- Research findings on Engineering - Reverse Engineering are discussed in a new report. According [...]

Published

2022

20. Anti-Counterfeit and Anti-Tamper Hardware Implementation using Hardware Obfuscation

Author

Desai, Avinash R. and Desai, Avinash R.

Abstract

Tampering and Reverse Engineering of a chip to extract the hardware Intellectual Property (IP) core or to inject malicious alterations is a major concern. First, offshore chip manufacturing allows the design secrets of the IP cores to be transparent to the foundry and other entities along the production chain. Second, small malicious modifications to the design may not be detectable after fabrication without anti-tamper mechanisms. Counterfeit Integrated Circuits (ICs) also have become an important security issue in recent years, in which counterfeit ICs that perform incorrectly or sub-par to the expected can lead to catastrophic consequences in safety and/or mission-critical applications, in addition to the tremendous economic toll they incur to the semiconductor industry. Some techniques have been developed in the past to improve the defense against such attacks but they tend to fall prey to the increasing power of the attacker. We present a new way to protect against tampering by a clever obfuscation of the design, which can be unlocked with a specific, dynamic path traversal. Hence, the functional mode of the controller is hidden with the help of obfuscated states, and the functional mode is made operational only on the formation of a specific interlocked Code-Word during state transition. A novel time-stamp is proposed that can provide the date at which the IC was manufactured for counterfeit detection. Furthermore, we propose a second layer of tamper resistance to the time-stamp circuit to make it even more difficult to modify. Results show that methods proposed offer higher levels of security with small area overhead. A side benefit is that any small alteration will be magnified via the obfuscated design proposed in these methods.

Published

2013

21. Key Generation for Hardware Obfuscation Using Strong PUFs

Author

Enamul Quadir, Md Shahed, primary and Chandy, John A., additional

Published

2019

22. Software and Critical Technology Protection Against Side-Channel Analysis Through Dynamic Hardware Obfuscation

Author

AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT, Bochert, John R., AIR FORCE INST OF TECH WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT, and Bochert, John R.

Abstract

Side Channel Analysis (SCA) is a method by which an adversary can gather information about a processor by examining the activity being done on a microchip though the environment surrounding the chip. Side Channel Analysis attacks use SCA to attack a microcontroller when it is processing cryptographic code, and can allow an attacker to gain secret information, like a crypto-algorithm's key. The purpose of this thesis is to test proposed dynamic hardware methods to increase the hardware security of a microprocessor such that the software code being run on the microprocessor can be made more secure without having to change the code. This thesis uses the Java Optimized Processor (JOP) to identify and _x SCA vulnerabilities to give a processor running RSA or AES code more protection against SCA attacks., The original document contains color images.

Published

2011

23. On the Difficulty of FSM-based Hardware Obfuscation

Author

Fyrbiak, Marc, primary, Wallat, Sebastian, additional, Déchelotte, Jonathan, additional, Albartus, Nils, additional, Böcker, Sinan, additional, Tessier, Russell, additional, and Paar, Christof, additional

Published

2018

24. New Data from Ohio State University Illuminate Findings in Computers (On the Construction of Composite Finite Fields for Hardware Obfuscation)

Subjects

School construction -- Reports -- Research -- Analysis, Error-correcting codes -- Reports -- Research -- Analysis, Algorithms, Editors, Cryptography, Computers, News, opinion and commentary, The Ohio State University -- Reports

Abstract

2019 SEP 4 (VerticalNews) -- By a News Reporter-Staff News Editor at Computer Weekly News -- Investigators publish new report on Computers. According to news reporting out of Columbus, United [...]

Published

2019

25. Software and Critical Technology Protection Against Side Channel Analysis Through Dynamic Hardware Obfuscation

Author

Bochert, John R.

Subjects

Information Security, Other Electrical and Computer Engineering, Software Engineering

Abstract

Side Channel Analysis (SCA) is a method by which an adversary can gather information about a processor by examining the activity being done on a microchip though the environment surrounding the chip. Side Channel Analysis attacks use SCA to attack a microcontroller when it is processing cryptographic code, and can allow an attacker to gain secret information, like a crypto-algorithm's key. The purpose of this thesis is to test proposed dynamic hardware methods to increase the hardware security of a microprocessor such that the software code being run on the microprocessor can be made more secure without having to change the code. This thesis uses the Java Optimized Processor (JOP) to identify and _x SCA vulnerabilities to give a processor running RSA or AES code more protection against SCA attacks.

Published

2011

26. LifeLine for FPGA Protection: Obfuscated Cryptography for Real-World Security

Author

Florian Stolz, Nils Albartus, Julian Speith, Simon Klix, Clemens Nasenberg, Aiden Gula, Marc Fyrbiak, Christof Paar, Tim Güneysu, and Russell Tessier

Subjects

FPGA Security, Hardware Obfuscation, Software Obfuscation, Reverse Engineering, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

Over the last decade attacks have repetitively demonstrated that bitstream protection for SRAM-based FPGAs is a persistent problem without a satisfying solution in practice. Hence, real-world hardware designs are prone to intellectual property infringement and malicious manipulation as they are not adequately protected against reverse-engineering. In this work, we first review state-of-the-art solutions from industry and academia and demonstrate their ineffectiveness with respect to reverse-engineering and design manipulation. We then describe the design and implementation of novel hardware obfuscation primitives based on the intrinsic structure of FPGAs. Based on our primitives, we design and implement LifeLine, a hardware design protection mechanism for FPGAs using hardware/software co-obfuscated cryptography. We show that LifeLine offers effective protection for a real-world adversary model, requires minimal integration effort for hardware designers, and retrofits to already deployed (and so far vulnerable) systems.

Published

2021

27. A Novel Probability-Based Logic-Locking Technique: ProbLock

Author

Michael Yue and Sara Tehranipoor

Subjects

hardware security, logic locking, hardware obfuscation, Chemical technology, TP1-1185

Abstract

Integrated circuit (IC) piracy and overproduction are serious issues that threaten the security and integrity of a system. Logic locking is a type of hardware obfuscation technique where additional key gates are inserted into the circuit. Only the correct key can unlock the functionality of that circuit; otherwise, the system produces the wrong output. In an effort to hinder these threats on ICs, we have developed a probability-based logic-locking technique to protect the design of a circuit. Our proposed technique, called “ProbLock”, can be applied to both combinational and sequential circuits through a critical selection process. We used a filtering process to select the best location of key gates based on various constraints. Each step in the filtering process generates a subset of nodes for each constraint. We also analyzed the correlation between each constraint and adjusted the strength of the constraints before inserting key gates. We tested our algorithm on 40 benchmarks from the ISCAS ’85 and ISCAS ’89 suites. We evaluated ProbLock against a SAT attack and measured how long the attack took to successfully generate a key value. The SAT attack took longer for most benchmarks using ProbLock which proves viable security in hardware obfuscation.

Published

2021

28. Software and Critical Technology Protection Against Side Channel Analysis Through Dynamic Hardware Obfuscation

Author

Bochert, John R. and Bochert, John R.

29. Doppelganger Obfuscation — Exploring theDefensive and Offensive Aspects of Hardware Camouflaging

Author

Max Hoffmann and Christof Paar

Subjects

Hardware Obfuscation, Camouflaging, Hardware Trojans, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

Hardware obfuscation is widely used in practice to counteract reverse engineering. In recent years, low-level obfuscation via camouflaged gates has been increasingly discussed in the scientific community and industry. In contrast to classical high-level obfuscation, such gates result in recovery of an erroneous netlist. This technology has so far been regarded as a purely defensive tool. We show that low-level obfuscation is in fact a double-edged sword that can also enable stealthy malicious functionalities. In this work, we present Doppelganger, the first generic design-level obfuscation technique that is based on low-level camouflaging. Doppelganger obstructs central control modules of digital designs, e.g., Finite State Machines (FSMs) or bus controllers, resulting in two different design functionalities: an apparent one that is recovered during reverse engineering and the actual one that is executed during operation. Notably, both functionalities are under the designer’s control. In two case studies, we apply Doppelganger to a universal cryptographic coprocessor. First, we show the defensive capabilities by presenting the reverse engineer with a different mode of operation than the one that is actually executed. Then, for the first time, we demonstrate the considerable threat potential of low-level obfuscation. We show how an invisible, remotely exploitable key-leakage Trojan can be injected into the same cryptographic coprocessor just through obfuscation. In both applications of Doppelganger, the resulting design size is indistinguishable from that of an unobfuscated design, depending on the choice of encodings.

Published

2020

30. LeGO: A Learning-Guided Obfuscation Framework for Hardware IP Protection

Author

Abdulrahman Alaql, Prabuddha Chakraborty, Swarup Bhunia, Tamzidul Hoque, and Saranyu Chattopadhyay

Subjects

Reverse engineering, business.industry, Process (engineering), Computer science, Overhead (engineering), computer.software_genre, Computer Graphics and Computer-Aided Design, Robustness (computer science), Scalability, Obfuscation, Hardware obfuscation, Key (cryptography), Electrical and Electronic Engineering, business, computer, Software, Computer hardware

Abstract

The security of hardware intellectual properties (IPs) has become a significant concern, as the opportunity for piracy, reverse engineering, and malicious modification is increasing. Hardware obfuscation has been studied as a potent method to protect against all these attack vectors. However, most of the existing obfuscation techniques have been successfully compromised, where many inherent functional or structural vulnerabilities in these techniques are utilized to reveal the obfuscation key or retrieve the original design. In this paper, we introduce LeGO, a learning-guided obfuscation framework that overcomes known vulnerabilities in a scalable and systematic manner, leading to a robust and lightweight locking mechanism. The proposed framework is guided by our security evaluation process that performs a thorough assessment of an obfuscated IP against various attacks and identifies the vulnerabilities. It then judiciously selects and applies a set of design modification steps or rules that can eliminate these vulnerabilities. Such a rule-based obfuscation process has the distinctive capability to address all existing as well as emerging attacks through the learning of appropriate design transformation steps that prevent these attacks. We present an efficient strategy to apply these rules on a design, while resolving any conflict. Our evaluation of the LeGO framework on a set of ISCAS85 and open-source IP benchmarks has shown promising results in terms of robustness against diverse attacks with an average of area, power and delay overhead of 39%, 45%, and 15%, respectively.

Published

2022

31. A New Optimal Method for the Secure Design of Combinational Circuits against Hardware Trojans Using Interference Logic Locking

Author

Zahra Mirmohammadi and Shahram Etemadi Borujeni

Subjects

logic locking, hardware obfuscation, key interference, convergence, Computer Networks and Communications, Hardware and Architecture, Control and Systems Engineering, Signal Processing, Electrical and Electronic Engineering, hardware Trojans

Abstract

Effective resistance to intellectual property theft, reverse engineering, and hardware Trojan insertion in integrated circuit supply chains is increasingly essential, for which many solutions have been proposed. Accordingly, strong attacks are also designed in this field. One way to achieve the above goal is obfuscation. The hardware obfuscation method hides the primary function of the circuit and the normal Netlist from the attacker by adding several key gates in the original Netlist. The functionality circuit is correct only if the correct key is applied; otherwise, the circuit is obfuscated. In recent years, various obfuscation methods have been proposed. One is logic locking, the most prominent hardware protection technique since it can protect against untrusted items. Logic locking induces functional and structural changes to a design even before the layout generation. We secured the circuit against hardware Trojan insertion with a secure logic locking method based on the insertion of key gates in interference mode. We call our proposed method Secure Interference Logic Locking, SILL. SILL is based on minimum controllability in paths with maximum fan-out. In this method, we have reduced the number of key gates required for circuit obfuscation and created the maximum Hamming distance between normal and obscure outputs. In addition, the key gates are added to the circuit’s complete interference, and the AES algorithm is used to generate the key. Our proposed method, SILL, was simulated in the Vivado simulation environment; the algorithms used in this method were prepared in VHDL language and designed to allow parallel execution, then applied on the original Netlist of the ISCAS85 benchmark circuits. By analyzing and comparing the results of this simulation to recent works, the amount of hardware consumption has decreased (about 5% space consumption and about a 0.15-nanosecond time delay). Then, the SAT attack algorithm was tested on ISCAS85 benchmark circuits that were obfuscated with SILL. The execution time of the attack in the second attempt was 0.24 nanoseconds longer compared to similar recent works, and it timed out in the fourth attempt. The resistance of our proposed method, having less hardware overhead and higher speed is more effective against SAT attacks than the existing conventional methods.

Published

2023

32. Hybrid Protection of Digital FIR Filters

Author

Levent Aksoy, Quang-Linh Nguyen, Felipe Almeida, Jaan Raik, Marie-Lise Flottes, Sophie Dupuis, Samuel Pagliarini, Tallinn University of Technology (TTÜ), STMicroelectronics [Grenoble] (ST-GRENOBLE), Test and dEpendability of microelectronic integrated SysTems (TEST), Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier (LIRMM), Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM), This work has been partially conducted in the project 'ICT programme' which was supported by the European Union through the European Social Fund. It was also partially supported by European Union’s Horizon 2020 research and innovation programme under grant agreement No 952252 (SAFEST), ANR-18-CE39-0005,MOOSIC,Synthèse optimisée multi-objectifs pour améliorer la sécurité(2018), and European Project: 952252,SAFEST

Subjects

Signal Processing (eess.SP), FOS: Computer and information sciences, hardware obfuscation, Computer Science - Cryptography and Security, oracle-less and oracle-guided attacks, direct and transposed forms, logic locking, FIR filters, Hardware and Architecture, constant multiplications, FOS: Electrical engineering, electronic engineering, information engineering, [SPI.NANO]Engineering Sciences [physics]/Micro and nanotechnologies/Microelectronics, Electrical Engineering and Systems Science - Signal Processing, Electrical and Electronic Engineering, Cryptography and Security (cs.CR), Software

Abstract

International audience; A digital Finite Impulse Response (FIR) filter is a ubiquitous block in digital signal processing applications and its behavior is determined by its coefficients. To protect filter coefficients from an adversary, efficient obfuscation techniques have been proposed, either by hiding them behind decoys or replacing them by key bits. In this article, we initially introduce a query attack that can discover the secret key of such obfuscated FIR filters, which could not be broken by existing prominent attacks. Then, we propose a first of its kind hybrid technique, including both hardware obfuscation and logic locking using a point function for the protection of parallel direct and transposed forms of digital FIR filters. Experimental results show that the hybrid protection technique can lead to FIR filters with higher security while maintaining the hardware complexity competitive or superior to those locked by prominent logic locking methods. It is also shown that the protected multiplier blocks and FIR filters are resilient to existing attacks. The results on different forms and realizations of FIR filters show that the parallel direct form FIR filter has a promising potential for a secure design.

Published

2023

33. Graph Similarity and its Applications to Hardware Security

Author

Nicolai Bissantz, Marc Fyrbiak, Sebastian Wallat, Sascha Reinhard, and Christof Paar

Subjects

Hardware security module, Theoretical computer science, Computer science, Graph theory, 02 engineering and technology, 020202 computer hardware & architecture, Theoretical Computer Science, Computational Theory and Mathematics, Hardware and Architecture, Hardware Trojan, Logic gate, 0202 electrical engineering, electronic engineering, information engineering, Hardware obfuscation, Netlist, Adjacency matrix, Heuristics, Software

Abstract

Hardware reverse engineering is a powerful and universal tool for both security engineers and adversaries. From a defensive perspective, it allows for detection of intellectual property infringements and hardware Trojans, while it simultaneously can be used for product piracy and malicious circuit manipulations. From a designer's perspective, it is crucial to have an estimate of the costs associated with reverse engineering, yet little is known about this, especially when dealing with obfuscated hardware. The contribution at hand provides new insights into this problem, based on algorithms with sound mathematical underpinnings. Our contributions are threefold: First, we present the graph similarity problem for automating hardware reverse engineering. To this end, we improve several state-of-the-art graph similarity heuristics with optimizations tailored to the hardware context. Second, we propose a novel algorithm based on multiresolutional spectral analysis of adjacency matrices. Third, in three extensively evaluated case studies, namely (1) gate-level netlist reverse engineering, (2) hardware Trojan detection, and (3) assessment of hardware obfuscation, we demonstrate the practical nature of graph similarity algorithms.

Published

2020

34. High-level Intellectual Property Obfuscation via Decoy Constants

Author

Samuel Pagliarini, Marie-Lise Flottes, Jaan Raik, Levent Aksoy, Sophie Dupuis, Felipe Almeida, Quang-Linh Nguyen, Tallinn University of Technology (TTÜ), TEST (TEST), Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier (LIRMM), and Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)

Subjects

FOS: Computer and information sciences, hardware obfuscation, Computer Science - Cryptography and Security, Computer science, IP obfuscation, Integrated circuit, Automatic test pattern generation, digital FIR filter design, Satisfiability, law.invention, reverse engineering, Computer engineering, law, Logic gate, Obfuscation, Hardware obfuscation, Multiplication, [SPI.NANO]Engineering Sciences [physics]/Micro and nanotechnologies/Microelectronics, Cryptography and Security (cs.CR), Block (data storage), SAT attack

Abstract

International audience; This paper presents a high-level circuit obfuscation technique to prevent the theft of intellectual property (IP) of integrated circuits. In particular, our technique protects a class of circuits that relies on constant multiplications, such as filters and neural networks, where the constants themselves are the IP to be protected. By making use of decoy constants and a key-based scheme, a reverse engineer adversary at an untrusted foundry is rendered incapable of discerning true constants from decoy constants. The time-multiplexed constant multiplication (TMCM) block of such circuits, which realizes the multiplication of an input variable by a constant at a time, is considered as our case study for obfuscation. Furthermore, two TMCM design architectures are taken into account; an implementation using a multiplier and a multiplierless shift-adds implementation. Optimization methods are also applied to reduce the hardware complexity of these architectures. The well-known satisfiability (SAT) and automatic test pattern generation (ATPG) attacks are used to determine the vulnerability of the obfuscated designs. It is observed that the proposed technique incurs small overheads in area, power, and delay that are comparable to the hardware complexity of prominent logic locking methods. Yet, the advantage of our approach is in the insight that constants-instead of arbitrary circuit nodes-become key-protected. Index Terms-hardware obfuscation, reverse engineering, IP obfuscation, SAT attack, digital FIR filter design.

Published

2021

35. Security of Microfluidic Biochip

Author

Farinaz Koushanfar, Seetal Potluri, and Huili Chen

Subjects

Reverse engineering, 0303 health sciences, Exploit, Computer science, business.industry, Microfluidics, Overhead (engineering), 02 engineering and technology, computer.software_genre, Computer Graphics and Computer-Aided Design, Automation, 020202 computer hardware & architecture, Computer Science Applications, 03 medical and health sciences, Hardware Trojan, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Hardware obfuscation, Hardware_ARITHMETICANDLOGICSTRUCTURES, Electrical and Electronic Engineering, Biochip, business, computer, 030304 developmental biology

Abstract

With the advancement of system miniaturization and automation, Lab-on-a-Chip (LoC) technology has revolutionized traditional experimental procedures. Microfluidic Biochip (MFB) is an emerging branch of LoC with wide medical applications such as DNA sequencing, drug delivery, and point of care diagnostics. Due to the critical usage of MFBs, their security is of great importance. In this article, we exploit the vulnerabilities of two types of MFBs: Flow-based Microfluidic Biochip (FMFB) and Digital Microfluidic Biochip (DMFB). We propose a systematic framework for applying Reverse Engineering (RE) attacks and Hardware Trojan (HT) attacks on MFBs as well as for practical countermeasures against the proposed attacks. We evaluate the attacks and defense on various benchmarks where experimental results prove the effectiveness of our methods. Security metrics are defined to quantify the vulnerability of MFBs. The overhead and performance of the proposed attacks as well as countermeasures are also discussed.

Published

2020

36. Key-Based Dynamic Functional Obfuscation of Integrated Circuits Using Sequentially Triggered Mode-Based Design

Author

Keshab K. Parhi, Chris H. Kim, and Sandhya Koteshwara

Subjects

021110 strategic, defence & security studies, Hardware security module, Theoretical computer science, Computer Networks and Communications, Computer science, business.industry, 0211 other engineering and technologies, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, Encryption, 020202 computer hardware & architecture, Obfuscation (software), Computer engineering, Hardware Trojan, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Hardware obfuscation, Safety, Risk, Reliability and Quality, business, Key size

Abstract

This paper proposes a novel technique for hardware obfuscation termed dynamic functional obfuscation . Hardware obfuscation refers to a set of countermeasures used against IC counterfeiting and illegal overproduction. Traditionally, obfuscation encrypts semiconductor circuits using key inputs which must be set to a correct value to operate the circuit correctly. By keeping the key values secret during the manufacturing process, any attempt by unauthorized parties to overproduce chips or pirate designs is thwarted. The proposed dynamic technique differs from existing fixed obfuscation schemes as the obfuscating signals change over time. This results in inconsistent circuit behavior upon input of incorrect key, where the chip operates correctly sometimes and fails sometimes. The advantage of dynamic obfuscation is that it results in stronger obfuscation by increasing the time complexity of deciphering the correct key using brute-force attack, even with shorter keys. Moreover, the dynamic nature of these circuits also makes them resistant to reverse engineering and SAT solver-based attacks. To achieve dynamic obfuscation, ideas from hardware Trojan literature and sequentially triggered counters are utilized. A demonstration of obfuscation on sequential circuits implementing fast Fourier transform (FFT) algorithm and Ethernet IP shows low overall area and power overheads of less than 1%. Security in terms of time to attack for the FFT circuit (for a key size of 30 bits and a system operating at 100 MHz) is increased to 1 021,055 years using dynamic obfuscation compared with only 5.36 s using fixed obfuscation schemes. For the Ethernet IP core, time to attack of dynamic obfuscation with a key size of 32 bits is 1 046,423, 135 years compared with 21.47s with fixed obfuscation. It is also shown that for a key size of $K$ bits, the lower bound for time to attack using brute-force is proportional to $K 2^{K}$ and $K 2^{2K}$ for the proposed design using one and two random number generators, respectively.

Published

2018

37. Doppelganger Obfuscation — Exploring theDefensive and Offensive Aspects of Hardware Camouflaging

Author

Christof Paar and Max Hoffmann

Subjects

010302 applied physics, lcsh:Computer engineering. Computer hardware, lcsh:T58.5-58.64, Computer science, lcsh:Information technology, Offensive, lcsh:TK7885-7895, 02 engineering and technology, Camouflaging, Computer security, computer.software_genre, 01 natural sciences, 020202 computer hardware & architecture, Obfuscation (software), Hardware Obfuscation, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Hardware Trojans, computer

Abstract

Hardware obfuscation is widely used in practice to counteract reverse engineering. In recent years, low-level obfuscation via camouflaged gates has been increasingly discussed in the scientific community and industry. In contrast to classical high-level obfuscation, such gates result in recovery of an erroneous netlist. This technology has so far been regarded as a purely defensive tool. We show that low-level obfuscation is in fact a double-edged sword that can also enable stealthy malicious functionalities.In this work, we present Doppelganger, the first generic design-level obfuscation technique that is based on low-level camouflaging. Doppelganger obstructs central control modules of digital designs, e.g., Finite State Machines (FSMs) or bus controllers, resulting in two different design functionalities: an apparent one that is recovered during reverse engineering and the actual one that is executed during operation. Notably, both functionalities are under the designer’s control.In two case studies, we apply Doppelganger to a universal cryptographic coprocessor. First, we show the defensive capabilities by presenting the reverse engineer with a different mode of operation than the one that is actually executed. Then, for the first time, we demonstrate the considerable threat potential of low-level obfuscation. We show how an invisible, remotely exploitable key-leakage Trojan can be injected into the same cryptographic coprocessor just through obfuscation. In both applications of Doppelganger, the resulting design size is indistinguishable from that of an unobfuscated design, depending on the choice of encodings.

Published

2020

38. Novel Dynamic State-Deflection Method for Gate-Level Design Obfuscation

Author

Jaya Dofe and Qiaoyan Yu

Subjects

Finite-state machine, Computer science, 020208 electrical & electronic engineering, Code coverage, Hamming distance, 02 engineering and technology, Integrated circuit, Computer Graphics and Computer-Aided Design, 020202 computer hardware & architecture, law.invention, Computer engineering, law, Logic gate, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Hardware obfuscation, Electrical and Electronic Engineering, Software

Abstract

The emerging security threats in the integrated circuit supply chain do not only challenge the chip integrity, but also raise serious concerns on hardware intellectual property (IP) piracy. Hardware design obfuscation is a promising countermeasure to resist reverse engineering attacks and IP piracy. The majority of existing hardware obfuscation methods modify the original finite state machine (FSM) by adding additional state transitions and utilizing a key sequence to lock the transition from the nonfunctional states to the functional reset state. Those methods are effective to prevent attackers from entering the normal functional mode but they lack resilience if the FSM is already in the normal mode. This paper proposes to protect all the states with a low-cost state-deflection-based obfuscation method, which dynamically deflects state transitions from the original transition path to a black hole cluster if a wrong key is applied. Unlike other works that use static transitions between legal states to black hole states at the design time, this method utilizes a state rotation function (Rotatefunc) and selective register flipping function (Mapfunc) to dynamically control the state deflection paths. Hence, the difficulty of reverse engineering and thwarting register overwrite attacks is increased. Simulations performed on ISCAS’89 benchmark circuits show that the proposed method significantly reduces the difference of the net toggle activities between the correct and wrong key scenarios, and achieves up to 56% higher code coverage than the most efficient obfuscation method. Thanks to the dynamic deflection feature, on average, this method generates about 100 more unique state register patterns than other methods with moderate power increase. Moreover, the proposed method achieves the Hamming distance of primary outputs and state registers close to 50%.

Published

2018

39. A Low Cost MST-FSM Obfuscation Method for Hardware IP Protection.

Author

Zhang, Yuejun, Pan, Zhao, Wang, Pengjun, and Zhang, Xiaowei

Subjects

*FINITE state machines, *HAMMING distance, *SPANNING trees, *ENCRYPTION protocols, *ALGORITHMS

Abstract

Effective resistance to intellectual property (IP) piracy, overproduction and reverse engineering are becoming more and more necessary in the integrated circuit (IC) supply chain. To protect the hardware, the obfuscation methodology hides the original function by adding a large number of redundant states. However, existing hardware obfuscation approaches have hardware overhead and efficiency of obfuscation limitations. This paper proposed a novel methodology for IP security using the minimum spanning tree finite state machine (MST-FSM) obfuscation. In the minimum spanning tree (MST) algorithm, the Hamming distance defines the cost of obfuscated states. The Kruskal algorithm optimizes the connection relationship of obfuscated states by computing the Hamming distance of the MST-FSM. The proposed MST-FSM is automatically generated and embedded in the hardware IP with the self-building program. Finally, the MST-FSM is applied on the itc99 benchmark circuits and encryption standard IP cores. Compared with other state-of-the-arts, the obfuscation potency is improved by 3.57%, and the average hardware cost is decreased by about 6.01%. [ABSTRACT FROM AUTHOR]

Published

2020

40. IP protection through gate-level netlist security enhancement

Author

Yier Jin, Travis Meade, and Shaojie Zhang

Subjects

021110 strategic, defence & security studies, Engineering, Finite-state machine, business.industry, Formal equivalence checking, Design flow, 0211 other engineering and technologies, Hardware_PERFORMANCEANDRELIABILITY, 02 engineering and technology, 020202 computer hardware & architecture, Hardware and Architecture, Embedded system, Hardware_INTEGRATEDCIRCUITS, 0202 electrical engineering, electronic engineering, information engineering, Netlist, Hardware obfuscation, Electronic design automation, Electrical and Electronic Engineering, Control logic, business, Hardware_REGISTER-TRANSFER-LEVELIMPLEMENTATION, Software, Hardware_LOGICDESIGN, Register-transfer level

Abstract

In modern Integrated Circuits (IC) design flow, from specification to chip fabrication, various security threats are emergent. These range from malicious modifications in the design, to the Electronic Design Automation (EDA) tools, during layout or fabrication, or to the packaging. Of particular concern are modifications made to third-party IP cores and commercial off-the-shelf (COTS) chips where no Register Transfer Level (RTL) code or golden models are available. While chip level reverse engineering techniques can help rebuild circuit gate-level netlist from fabricated chips, there still lacks a netlist reverse engineering tool which can recover the full functionality of the rebuilt netlist. Toward this direction, we develop a tool, named Reverse Engineering Finite State Machine (REFSM), that helps end-users reconstruct a high-level description of the control logic from a flattened netlist. We demonstrate that REFSM effectively recovers circuit control logic from netlists with varying degrees of complexity. Experimental results also show that the REFSM can easily identify malicious logic from a flattened (or even obfuscated) netlist. Supported by REFSM, another tool, called Reverse Engineering Hardware Obfuscation for Protection (REHOP), is developed to enhance gate-level netlist security without learning the RTL code.

Published

2017

41. Survey of Security Issues in Memristor-Based Machine Learning Accelerators for RF Analysis.

Author

Lillis, Will, Hoffing, Max Cohen, and Burleson, Wayne

Subjects

MEMRISTORS, MACHINE learning, RADIO frequency, SUPPLY chains, CRYPTOGRAPHY

Abstract

We explore security aspects of a new computing paradigm that combines novel memristors and traditional Complimentary Metal Oxide Semiconductor (CMOS) to construct a highly efficient analog and/or digital fabric that is especially well-suited to Machine Learning (ML) inference processors for Radio Frequency (RF) signals. Analog and/or hybrid hardware designed for such application areas follows different constraints from that of traditional CMOS. This paradigm shift allows for enhanced capabilities but also introduces novel attack surfaces. Memristors have different properties than traditional CMOS which can potentially be exploited by attackers. In addition, the mixed signal approximate computing model has different vulnerabilities than traditional digital implementations. However both the memristor and the ML computation can be leveraged to create security mechanisms and countermeasures ranging from lightweight cryptography, identifiers (e.g., Physically Unclonable Functions (PUFs), fingerprints, and watermarks), entropy sources, hardware obfuscation and leakage/attack detection methods. Three different threat models are proposed: (1) Supply Chain, (2) Physical Attacks, and (3) Remote Attacks. For each threat model, potential vulnerabilities and defenses are identified. This survey reviews a variety of recent work from the hardware and ML security literature and proposes open problems for both attack and defense. The survey emphasizes the growing area of RF signal analysis and identification in terms of commercial space, as well as military applications and threat models. We differ from other recent surveys that target ML, in general, neglecting RF applications. [ABSTRACT FROM AUTHOR]

Published

2024

42. UNSAIL: Thwarting Oracle-Less Machine Learning Attacks on Logic Locking

Author

Ozgur Sinanoglu, Baker Mohammad, Satwik Patnaik, Hani Saleh, Mahmoud Al-Qutayri, Johann Knechtel, and Lilas Alrahis

Subjects

Combinational logic, FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, business.industry, Computer science, OpenRISC, Machine learning, computer.software_genre, Oracle, Obfuscation (software), Logic gate, Hardware obfuscation, Redundancy (engineering), Artificial intelligence, Safety, Risk, Reliability and Quality, business, computer, Cryptography and Security (cs.CR)

Abstract

Logic locking aims to protect the intellectual property (IP) of integrated circuit (IC) designs throughout the globalized supply chain. The SAIL attack, based on tailored machine learning (ML) models, circumvents combinational logic locking with high accuracy and is amongst the most potent attacks as it does not require a functional IC acting as an oracle. In this work, we propose UNSAIL, a logic locking technique that inserts key-gate structures with the specific aim to confuse ML models like those used in SAIL. More specifically, UNSAIL serves to prevent attacks seeking to resolve the structural transformations of synthesis-induced obfuscation, which is an essential step for logic locking. Our approach is generic; it can protect any local structure of key-gates against such ML-based attacks in an oracle-less setting. We develop a reference implementation for the SAIL attack and launch it on both traditionally locked and UNSAIL-locked designs. In SAIL, a change-prediction model is used to determine which key-gate structures to restore using a reconstruction model. Our study on benchmarks ranging from the ISCAS-85 and ITC-99 suites to the OpenRISC Reference Platform System-on-Chip (ORPSoC) confirms that UNSAIL degrades the accuracy of the change-prediction model and the reconstruction model by an average of 20.13 and 17 percentage points (pp) respectively. When the aforementioned models are combined, which is the most powerful scenario for SAIL, UNSAIL reduces the attack accuracy of SAIL by an average of 11pp. We further demonstrate that UNSAIL thwarts other oracle-less attacks, i.e., SWEEP and the redundancy attack, indicating the generic nature and strength of our approach. Detailed layout-level evaluations illustrate that UNSAIL incurs minimal area and power overheads of 0.26% and 0.61%, respectively, on the million-gate ORPSoC design., IEEE Transactions on Information Forensics and Security (TIFS)

Published

2020

43. Threats on Logic Locking: A Decade Later

Author

Houman Homayoun, Avesta Sasan, Kimia Zamiri Azar, and Hadi Mardani Kamali

Subjects

Reverse engineering, FOS: Computer and information sciences, Computer Science - Cryptography and Security, Exploit, Computer science, Supply chain, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, computer.software_genre, Computer security, 020202 computer hardware & architecture, Obfuscation (software), Ic manufacturing, 0202 electrical engineering, electronic engineering, information engineering, Hardware obfuscation, Key (cryptography), Logic locking, 020201 artificial intelligence & image processing, computer, Cryptography and Security (cs.CR)

Abstract

To reduce the cost of ICs and to meet the market's demand, a considerable portion of manufacturing supply chain, including silicon fabrication, packaging and testing may be pushed offshore. Utilizing a global IC manufacturing supply chain, and inclusion of non-trusted parties in the supply chain has raised concerns over security and trust related challenges including those of overproduction, counterfeiting, IP piracy, and Hardware Trojans to name a few. To reduce the risk of IC manufacturing in an untrusted and globally distributed supply chain, the researchers have proposed various locking and obfuscation mechanisms for hiding the functionality of the ICs during the manufacturing, that requires the activation of the IP after fabrication using the key value(s) that is only known to the IP/IC owner. At the same time, many such proposed obfuscation and locking mechanisms are broken with attacks that exploit the inherent vulnerabilities in such solutions. The past decade of research in this area, has resulted in many such defense and attack solutions. In this paper, we review a decade of research on hardware obfuscation from an attacker perspective, elaborate on attack and defense lessons learned, and discuss future directions that could be exploited for building stronger defenses.

Published

2019

44. A Low Cost MST-FSM Obfuscation Method for Hardware IP Protection

Author

Xiaowei Zhang, Zhao Pan, Yuejun Zhang, and Pengjun Wang

Subjects

Reverse engineering, Computer science, computer.internet_protocol, Supply chain, 0211 other engineering and technologies, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 02 engineering and technology, Integrated circuit, Intellectual property, computer.software_genre, law.invention, Kruskal's algorithm, law, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, 021110 strategic, defence & security studies, business.industry, General Medicine, 020202 computer hardware & architecture, Obfuscation (software), Hardware and Architecture, Embedded system, IPsec, Hardware obfuscation, business, computer

Abstract

Effective resistance to intellectual property (IP) piracy, overproduction and reverse engineering are becoming more and more necessary in the integrated circuit (IC) supply chain. To protect the hardware, the obfuscation methodology hides the original function by adding a large number of redundant states. However, existing hardware obfuscation approaches have hardware overhead and efficiency of obfuscation limitations. This paper proposed a novel methodology for IP security using the minimum spanning tree finite state machine (MST-FSM) obfuscation. In the minimum spanning tree (MST) algorithm, the Hamming distance defines the cost of obfuscated states. The Kruskal algorithm optimizes the connection relationship of obfuscated states by computing the Hamming distance of the MST-FSM. The proposed MST-FSM is automatically generated and embedded in the hardware IP with the self-building program. Finally, the MST-FSM is applied on the itc99 benchmark circuits and encryption standard IP cores. Compared with other state-of-the-arts, the obfuscation potency is improved by 3.57%, and the average hardware cost is decreased by about 6.01%.

Published

2020

45. A New Optimal Method for the Secure Design of Combinational Circuits against Hardware Trojans Using Interference Logic Locking.

Author

Mirmohammadi, Zahra and Etemadi Borujeni, Shahram

Subjects

COMBINATIONAL circuits, INTELLECTUAL property theft, HAMMING distance, REVERSE engineering, INTEGRATED circuits, LOGIC

Abstract

Effective resistance to intellectual property theft, reverse engineering, and hardware Trojan insertion in integrated circuit supply chains is increasingly essential, for which many solutions have been proposed. Accordingly, strong attacks are also designed in this field. One way to achieve the above goal is obfuscation. The hardware obfuscation method hides the primary function of the circuit and the normal Netlist from the attacker by adding several key gates in the original Netlist. The functionality circuit is correct only if the correct key is applied; otherwise, the circuit is obfuscated. In recent years, various obfuscation methods have been proposed. One is logic locking, the most prominent hardware protection technique since it can protect against untrusted items. Logic locking induces functional and structural changes to a design even before the layout generation. We secured the circuit against hardware Trojan insertion with a secure logic locking method based on the insertion of key gates in interference mode. We call our proposed method Secure Interference Logic Locking, SILL. SILL is based on minimum controllability in paths with maximum fan-out. In this method, we have reduced the number of key gates required for circuit obfuscation and created the maximum Hamming distance between normal and obscure outputs. In addition, the key gates are added to the circuit's complete interference, and the AES algorithm is used to generate the key. Our proposed method, SILL, was simulated in the Vivado simulation environment; the algorithms used in this method were prepared in VHDL language and designed to allow parallel execution, then applied on the original Netlist of the ISCAS85 benchmark circuits. By analyzing and comparing the results of this simulation to recent works, the amount of hardware consumption has decreased (about 5% space consumption and about a 0.15-nanosecond time delay). Then, the SAT attack algorithm was tested on ISCAS85 benchmark circuits that were obfuscated with SILL. The execution time of the attack in the second attempt was 0.24 nanoseconds longer compared to similar recent works, and it timed out in the fourth attempt. The resistance of our proposed method, having less hardware overhead and higher speed is more effective against SAT attacks than the existing conventional methods. [ABSTRACT FROM AUTHOR]

Published

2023

46. Deep RNN-Oriented Paradigm Shift through BOCANet: Broken Obfuscated Circuit Attack

Author

Mehran Mozaffari Kermani, Fatemeh Tehranipoor, Nima Karimian, and Hamid Mahmoodi

Subjects

Reverse engineering, FOS: Computer and information sciences, Computer Science - Cryptography and Security, business.industry, Computer science, Deep learning, 02 engineering and technology, Encryption, computer.software_genre, 020202 computer hardware & architecture, Attack model, Embedded system, Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Hardware obfuscation, 020201 artificial intelligence & image processing, Artificial intelligence, business, computer, Cryptography and Security (cs.CR), Key size

Abstract

This is the first work augmenting hardware attacks mounted on obfuscated circuits by incorporating deep recurrent neural network (D-RNN). Logic encryption obfuscation has been used for thwarting counterfeiting, overproduction, and reverse engineering but vulnerable to attacks. There have been efficient schemes, e.g., satisfiability-checking (SAT) based attack, which can potentially compromise hardware obfuscation circuits. Nevertheless, not only there exist countermeasures against such attacks in the state-of-the-art (including the recent delay+logic locking (DLL) scheme in DAC'17), but the sheer amount of time/resources to mount the attack could hinder its efficacy. In this paper, we propose a deep RNN-oriented approach, called BOCANet, to (i) compromise the obfuscated hardware at least an order-of magnitude more efficiently (>20X faster with relatively high success rate) compared to existing attacks; (ii) attack such locked hardware even when the resources to the attacker are only limited to insignificant number of I/O pairs (< 0.5\%) to reconstruct the secret key; and (iii) break a number of experimented benchmarks (ISCAS-85 c423, c1355, c1908, and c7552) successfully.

Published

2018

47. On Improving the Security of Logic Locking

Author

Jeyavijayan Rajendran, Ozgur Sinanoglu, Ramesh Karri, and Muhammad Yasin

Subjects

Engineering, Hardware security module, business.industry, 020208 electrical & electronic engineering, Design flow, Logic family, 02 engineering and technology, Computer Graphics and Computer-Aided Design, 020202 computer hardware & architecture, Embedded system, Logic gate, 0202 electrical engineering, electronic engineering, information engineering, Hardware obfuscation, Netlist, Electrical and Electronic Engineering, business, Software, Vulnerability (computing), Register-transfer level

Abstract

Due to globalization of integrated circuit (IC) design flow, rogue elements in the supply chain can pirate ICs, overbuild ICs, and insert hardware Trojans. EPIC locks the design by randomly inserting additional gates; only a correct key makes the design to produce correct outputs. We demonstrate that an attacker can decipher the locked netlist, in a time linear to the number of keys, by sensitizing the key-bits to the output. We then develop techniques to fix this vulnerability and make an attacker’s effort truly exponential in the number of inserted keys. We introduce a new security metric and a method to deliver strong logic locking.

Published

2016

48. Solving the Third-Shift Problem in IC Piracy With Test-Aware Logic Locking

Author

Igor L. Markov and Stephen M. Plaza

Subjects

Hardware security module, Engineering, business.industry, Design for testing, Cryptography, Business model, Computer security, computer.software_genre, Chip, Computer Graphics and Computer-Aided Design, Outsourcing, Embedded system, Logic gate, Hardware_INTEGRATEDCIRCUITS, Hardware obfuscation, Electrical and Electronic Engineering, business, computer, Software

Abstract

The increasing IC manufacturing cost encourages a business model where design houses outsource IC fabrication to remote foundries. Despite cost savings, this model exposes design houses to IC piracy as remote foundries can manufacture in excess to sell on the black market. Recent efforts in digital hardware security aim to thwart piracy by using XOR-based chip locking, cryptography, and active metering. To counter direct attacks and lower the exposure of unlocked circuits to the foundry, we introduce a multiplexor-based locking strategy that preserves test response allowing IC testing by an untrusted party before activation. We demonstrate a simple yet effective attack against a locked circuit that does not preserve test response, and validate the effectiveness of our locking strategy on IWLS 2005 benchmarks.

Published

2015

49. Fault Analysis-Based Logic Encryption

Author

Garrett S. Rose, Youngok Pino, Chi Zhang, Ozgur Sinanoglu, Jeyavijayan Rajendran, Huan Zhang, and Ramesh Karri

Subjects

Hardware security module, Computer science, business.industry, Hamming distance, Integrated circuit, Automatic test pattern generation, Encryption, Theoretical Computer Science, law.invention, Computational Theory and Mathematics, Hardware and Architecture, law, Logic gate, Embedded system, Hardware obfuscation, business, Random logic, Software, Computer hardware

Abstract

Globalization of the integrated circuit (IC) design industry is making it easy for rogue elements in the supply chain to pirate ICs, overbuild ICs, and insert hardware Trojans. Due to supply chain attacks, the IC industry is losing approximately $4 billion annually. One way to protect ICs from these attacks is to encrypt the design by inserting additional gates such that correct outputs are produced only when specific inputs are applied to these gates. The state-of-the-art logic encryption technique inserts gates randomly into the design, but does not necessarily ensure that wrong keys corrupt the outputs. Our technique ensures that wrong keys corrupt the outputs. We relate logic encryption to fault propagation analysis in IC testing and develop a fault analysis-based logic encryption technique. This technique enables a designer to controllably corrupt the outputs. Specifically, to maximize the ambiguity for an attacker, this technique targets 50% Hamming distance between the correct and wrong outputs (ideal case) when a wrong key is applied. Furthermore, this 50% Hamming distance target is achieved using a smaller number of additional gates when compared to random logic encryption.

Published

2015

50. Hybrid Obfuscation to Protect against Disclosure Attacks on Embedded Microprocessors

Author

Marc Fyrbiak, Russell Tessier, Christof Paar, Simon Rokicki, Nicolai Bissantz, Ruhr-Universität Bochum [Bochum], Energy Efficient Computing ArchItectures with Embedded Reconfigurable Resources (CAIRN), ARCHITECTURE (IRISA-D3), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Bretagne Sud (UBS)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National des Sciences Appliquées (INSA)-Université de Rennes (UNIV-RENNES)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Rennes (ENS Rennes)-Centre National de la Recherche Scientifique (CNRS)-Université de Rennes 1 (UR1), Université de Rennes (UNIV-RENNES)-CentraleSupélec-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Bretagne Sud (UBS)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria), Department of Electrical and Computer Engineering - University of Massachusetts (ECE), University of Massachusetts [Amherst] (UMass Amherst), University of Massachusetts System (UMASS)-University of Massachusetts System (UMASS), CNS-1318497, CNS-1421352, SFB823 (sub-project C4), INRIA Associate Team HARDIESSE, ERC Advanced Grant 695022, Inria Rennes – Bretagne Atlantique, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-ARCHITECTURE (IRISA-D3), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), and Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)

Subjects

[INFO.INFO-AR]Computer Science [cs]/Hardware Architecture [cs.AR], Computer science, 0211 other engineering and technologies, Access control, Cryptography, 02 engineering and technology, computer.software_genre, Computer security, Theoretical Computer Science, Instruction set, software obfuscation, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Obfuscation, 0202 electrical engineering, electronic engineering, information engineering, Computer architecture, reverse-engineering, 021110 strategic, defence & security studies, ISA randomization, business.industry, Adversary, Software obfuscation, Obfuscation (software), Embedded software, Computational Theory and Mathematics, Hardware and Architecture, Embedded system, Hardware obfuscation, 020201 artificial intelligence & image processing, Compiler, business, computer, Software

Abstract

The risk of code reverse-engineering is particularly acute for embedded processors which often have limited available resources to protect program information. Previous efforts involving code obfuscation provide some additional security against reverse- engineering of programs, but the security benefits are typically limited and not quantifiable. Hence, new approaches to code protection and creation of associated metrics are highly desirable. This paper has two main contributions. We propose the first hybrid diversification approach for protecting embedded software and we provide statistical metrics to evaluate the protection. Diversification is achieved by combining hardware obfuscation at the microarchitecture level and the use of software-level obfuscation techniques tailored to embedded systems. Both measures are based on a compiler which generates obfuscated programs, and an embedded processor implemented in an FPGA with a randomized Instruction Set Architecture (ISA) encoding to execute the hybrid obfuscated program. We employ a fine-grained, hardware-enforced access control mechanism for information exchange with the processor and hardware-assisted booby traps to actively counteract manipulation attacks. It is shown that our approach is effective against a wide variety of possible information disclosure attacks in case of a physically present adversary. Moreover, we propose a novel statistical evaluation methodology that provides a security metric for hybrid-obfuscated programs.

Published

2017