IP protection through gate-level netlist security enhancement

In modern Integrated Circuits (IC) design flow, from specification to chip fabrication, various security threats are emergent. These range from malicious modifications in the design, to the Electronic Design Automation (EDA) tools, during layout or fabrication, or to the packaging. Of particular concern are modifications made to third-party IP cores and commercial off-the-shelf (COTS) chips where no Register Transfer Level (RTL) code or golden models are available. While chip level reverse engineering techniques can help rebuild circuit gate-level netlist from fabricated chips, there still lacks a netlist reverse engineering tool which can recover the full functionality of the rebuilt netlist. Toward this direction, we develop a tool, named Reverse Engineering Finite State Machine (REFSM), that helps end-users reconstruct a high-level description of the control logic from a flattened netlist. We demonstrate that REFSM effectively recovers circuit control logic from netlists with varying degrees of complexity. Experimental results also show that the REFSM can easily identify malicious logic from a flattened (or even obfuscated) netlist. Supported by REFSM, another tool, called Reverse Engineering Hardware Obfuscation for Protection (REHOP), is developed to enhance gate-level netlist security without learning the RTL code.