Skip to main content
SpringerLink
Log in

A novel topology-guided attack and its countermeasure towards secure logic locking

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

The outsourcing of the design and manufacturing of integrated circuits (ICs) in the current horizontal semiconductor integration flow has posed various security threats due to the presence of untrusted entities, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Properties (IPs). Consequently, logic locking emerged as one of the prominent design for trust techniques. Unfortunately, these locking techniques are now inclined to achieve complete Boolean satisfiability (SAT) resiliency after the seminal work published in Subramanyan et al. (in: International Symposium on Hardware 907 Oriented Security and Trust, pp 137–143, 2015). In this paper, we propose a novel oracle-less attack that is based on the topological analysis of the locked netlist even though it is SAT-resilient. The attack relies on identifying and constructing unit functions with a hypothesis key to be searched in the entire netlist to find its replica. The proposed graph search algorithm efficiently finds the duplicate functions in the netlist, making it a self-referencing attack. This proposed attack is extremely efficient and can determine the secret key within a few minutes. We have also proposed a countermeasure to make the circuit resilient against this topology-guided attack to progress toward a secure logic locking technique.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Abboud, A., Backurs, A., Hansen, T.D., Vassilevska Williams, V., Zamir, O.: Subtree isomorphism revisited. ACM Trans. Alg. TALG 14(3), 27 (2018)

    MathSciNet  MATH  Google Scholar 

  2. Alkabani, Y. M., Koushanfar, F.: Active hardware metering for intellectual property protection and security. In: Proceedings of USENIX Security Symposium, pp. 20:1–20:16 (2007)

  3. Alrahis, L., Yasin, M., Limaye, N., Saleh, H., Mohammad, B., Alqutayri, M., Sinanoglu, O.: ScanSAT: unlocking static and dynamic scan obfuscation. Transactions on Emerging Topics in Computing (2019)

  4. Baumgarten, A., Tyagi, A., Zambreno, J.: Preventing IC piracy using reconfigurable logic barriers. IEEE Des. Test Comput. pp. 66–75 (2010)

  5. Bhunia, S., Tehranipoor, M.: Hardware security: a hands-on learning approach. Morgan Kaufmann, Burlington (2018)

    Google Scholar 

  6. Bryan, D.: The ISCAS’85 benchmark circuits and netlist format. North Carolina State University 25, (1985)

  7. Castillo, E., Meyer-Baese, U., García, A., Parrilla, L., Lloris, A.: IPP@HDL: efficient intellectual property protection scheme for IP cores. IEEE Trans. Very Large Scale Integr. Syst. pp. 578–591 (2007)

  8. Chakraborty, R., Bhunia, S.: Hardware protection and authentication through netlist level obfuscation. In: Proceedings of IEEE/ACM international conference on computer-aided design, pp. 674 –677 (2008)

  9. Chakraborty, R. S., Bhunia, S.: HARPOON: an obfuscation-based SoC design methodology for hardware protection. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. pp. 1493–1502 (2009)

  10. Charbon, E.: Hierarchical watermarking in IC design. In: Custom integrated circuits conference, pp. 295–298 (1998)

  11. Chen, H., Fu, C., Zhao, J., Koushanfar, F.: Genunlock: an automated genetic algorithm framework for unlocking logic encryption. In: ICCAD, pp. 1–8 (2019)

  12. Chiang, H. Y., Chen, Y. C., Ji, D. X., Yang, X. M., Lin, C. C., Wang, C. Y.: LOOPLock: logic optimization based cyclic logic locking. Trans. Comput.-Aided Des. Integr. Circuits Syst. (2019)

  13. Cormen, T. H., Leiserson, C. E., Rivest, R. L., Stein, C.: Introduction to algorithms. MIT press (2009)

  14. Davidson, S.: Itc’99 benchmark circuits-preliminary results. In: International Test Conference 1999. Proceedings (IEEE Cat. No. 99CH37034), pp. 1125–1125. IEEE Computer Society (1999)

  15. Dickinson, P. J., Bunke, H., Dadej, A., Kraetzl, M.: On graphs with unique node labels. In: International workshop on graph-based representations in pattern recognition, pp. 13–23. Springer (2003)

  16. Guin, U., Shi, Q., Forte, D., Tehranipoor, M. M.: FORTIS: a comprehensive solution for establishing forward trust for protecting IPs and ICs. ACM Trans. Des. Autom. Electron. Syst. (2016)

  17. Guin, U., Zhou, Z., Singh, A.: A novel design-for-security (DFS) architecture to prevent unauthorized IC overproduction. In: Proceedings of the IEEE VLSI Test Symposium (VTS), pp. 1–6 (2017)

  18. Guin, U., Zhou, Z., Singh, A.: Robust design-for-security architecture for enabling trust in IC manufacturing and test. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. pp. 818–830 (2018)

  19. Jarvis, R. W., McIntyre, M. G.: Split manufacturing method for advanced semiconductor circuits (2007). US Patent 7,195,931

  20. Juretus, K., Savidis, I.: Increasing the SAT attack resiliency of in-cone logic locking. In: International symposium on circuits and systems (ISCAS), pp. 1–5 (2019)

  21. Kahng, A., Lach, J., Mangione-Smith, W., Mantik, S., Markov, I., Potkonjak, M., Tucker, P., Wang, H., Wolfe, G.: Constraint-based watermarking techniques for design IP protection. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. pp. 1236–1252 (2001)

  22. Karmakar, R., Chatopadhyay, S., Kapur, R.: Encrypt flip-flop: A novel logic encryption technique for sequential circuits. arXiv preprint arXiv:1801.04961 (2018)

  23. Khaleghi, S., Da Zhao, K., Rao, W.: IC piracy prevention via design withholding and entanglement. In: The 20th asia and south pacific design automation conference, pp. 821–826 (2015)

  24. Koushanfar, F., Qu, G.: Hardware metering. In: Proceedings IEEE-ACM design automation conference, pp. 490–493 (2001). http://doi.org/10.1109/DAC.2001.156189

  25. Lee, Y. W., Touba, N. A.: Improving logic obfuscation via logic cone analysis. In: Latin-American Test Symposium (LATS), pp. 1–6 (2015)

  26. Limaye, N., Sengupta, A., Nabeel, M., Sinanoglu, O.: Is robust design-for-security robust enough? Attack on locked circuits with restricted scan chain access. arXiv preprint arXiv:1906.07806 (2019)

  27. Liu, B., Wang, B.: Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks. In: Proceedings of the conference on Design, Automation & Test in Europe, p. 243 (2014)

  28. Plaza, S. M., Markov, I. L.: Solving the third-shift problem in IC piracy with test-aware logic locking. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. pp. 961–971 (2015)

  29. Potluri, S., Aysu, A., Kumar, A.: Seql: Secure scan-locking for ip protection. arXiv preprint arXiv:2005.13032 (2020)

  30. Python-2.7: Available: https://www.python.org/download/releases/2.7/ (2019)

  31. Qu, G., Potkonjak, M.: Intellectual property protection in VLSI designs: theory and practice. Springer, Berlin (2003)

    Google Scholar 

  32. Rajendran, J., Pino, Y., Sinanoglu, O., Karri, R.: Security analysis of logic obfuscation. In: Proceedings of ACM/IEEE on Design Automation Conference, pp. 83–89 (2012)

  33. Rajendran, J., Zhang, H., Zhang, C., Rose, G.S., Pino, Y., Sinanoglu, O., Karri, R.: Fault analysis-based logic encryption. IEEE Trans. Comput. pp. 410–424 (2015)

  34. Reich, A. J., Nakagawa, K. H., Boone, R. E.: OASIS versus GDSII stream format efficiency. In: 23rd Annual BACUS Symposium on Photomask Technology, vol. 5256, pp. 163–174 (2003)

  35. Roy, J., Koushanfar, F., Markov, I.: EPIC: Ending Piracy of Integrated Circuits. In: DATE, pp. 1069 –1074 (2008). http://doi.org/10.1109/DATE.2008.4484823

  36. Salmani, H., Tehranipoor, M.: Trust-hub (2018). [Online]. https://trust-hub.org/home

  37. Sengupta, A., Nabeel, M., Limaye, N., Ashraf, M., Sinanoglu, O.: Truly stripping functionality for logic locking: a fault-based perspective. Trans. Comput.-Aided Des. Integr. Circuits Syst. (2020)

  38. Shakya, B., Xu, X., Tehranipoor, M., Forte, D.: Cas-lock: A security-corruptibility trade-off resilient logic locking scheme. IACR Trans. Cryptogr. Hardware Embed. Syst. pp. 175–202 (2020)

  39. Shakya, B., Xu, X., Tehranipoor, M., Forte, D.: Defeating cas-unlock. IACR Cryptol. ePrint Arch. 2020, 324 (2020)

    Google Scholar 

  40. Shamsi, K., Li, M., Meade, T., Zhao, Z., Pan, D.Z., Jin, Y.: AppSAT: Approximately deobfuscating integrated circuits. In: International Symposium on Hardware Oriented Security and Trust (2017)

  41. Shamsi, K., Li, M., Pan, D. Z., Jin, Y.: Kc2: key-condition crunching for fast sequential circuit deobfuscation. In: 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 534–539. IEEE (2019)

  42. Shamsi, K., Li, M., Plaks, K., Fazzari, S., Pan, D.Z., Jin, Y.: IP protection and supply chain security through logic obfuscation: a systematic overview. Trans. Des. Autom. Electron. Syst. (TODAES) p. 65 (2019)

  43. Shen, Y., Zhou, H.: Double DIP: Re-Evaluating Security of Logic Encryption Algorithms. In: Proceedings of the on Great Lakes Symposium on VLSI, pp. 179–184 (2017)

  44. Sirone, D., Subramanyan, P.: Functional analysis attacks on logic locking. IEEE Trans. Inf. Forens. Secur. 15, 2514–2527 (2020)

    Article  Google Scholar 

  45. Subramanyan, P., Ray, S., Malik, S.: Evaluating the security of logic encryption algorithms. In: International Symposium on Hardware Oriented Security and Trust, pp. 137–143 (2015)

  46. Tan, Q., Potluri, S., Aysu, A.: Efficacy of satisfiability based attacks in the presence of circuit reverse engineering errors. arXiv preprint arXiv:2005.13048 (2020)

  47. Tarjan, R.: Depth-first search and linear graph algorithms. SIAM J. Comput. pp. 146–160 (1972)

  48. Tehranipoor, M.M., Guin, U., Forte, D.: Counterfeit Integrated Circuits: Detection and Avoidance. Springer, Berlin (2015)

    Book  Google Scholar 

  49. Torrance, R., James, D.: The state-of-the-art in IC reverse engineering. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 363–381 (2009)

  50. Trusted and Assured Micro Electronics Forum (2019). https://www.tameforum.org/

  51. UF/FICS Hardware De-obfuscation Competition (2019). https://trust-hub.org/competitions/hwobfuscation1

  52. Vaidyanathan, K., Liu, R., Sumbul, E., Zhu, Q., Franchetti, F., Pileggi, L.: Efficient and secure intellectual property (IP) design with split fabrication. In: International Symposium on Hardware Oriented Security and Trust, pp. 13–18 (2014)

  53. Wang, X., Zhang, D., He, M., Su, D., Tehranipoor, M.: Secure scan and test using obfuscation throughout supply chain. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 37(9), 1867–1880 (2017)

    Article  Google Scholar 

  54. Yasin, M., Rajendran, J.J., Sinanoglu, O., Karri, R.: On improving the security of logic locking. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 35(9), 1411–1424 (2016)

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by the National Science Foundation under Grant No. CNS-1755733. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, Auburn University, Auburn, AL, USA

    Yuqiao Zhang, Ayush Jain, Ziqi Zhou & Ujjwal Guin

  2. Department of Computer Science and Software Engineering, Auburn University, Auburn, AL, USA

    Pinchen Cui

Authors
  1. Yuqiao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ayush Jain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pinchen Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ziqi Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ujjwal Guin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ayush Jain.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, Y., Jain, A., Cui, P. et al. A novel topology-guided attack and its countermeasure towards secure logic locking. J Cryptogr Eng 11, 213–226 (2021). https://doi.org/10.1007/s13389-020-00243-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-020-00243-6

Keywords

Search

Navigation