Abstract
The outsourcing of the design and manufacturing of integrated circuits (ICs) in the current horizontal semiconductor integration flow has posed various security threats due to the presence of untrusted entities, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Properties (IPs). Consequently, logic locking emerged as one of the prominent design for trust techniques. Unfortunately, these locking techniques are now inclined to achieve complete Boolean satisfiability (SAT) resiliency after the seminal work published in Subramanyan et al. (in: International Symposium on Hardware 907 Oriented Security and Trust, pp 137–143, 2015). In this paper, we propose a novel oracle-less attack that is based on the topological analysis of the locked netlist even though it is SAT-resilient. The attack relies on identifying and constructing unit functions with a hypothesis key to be searched in the entire netlist to find its replica. The proposed graph search algorithm efficiently finds the duplicate functions in the netlist, making it a self-referencing attack. This proposed attack is extremely efficient and can determine the secret key within a few minutes. We have also proposed a countermeasure to make the circuit resilient against this topology-guided attack to progress toward a secure logic locking technique.
Similar content being viewed by others
References
Abboud, A., Backurs, A., Hansen, T.D., Vassilevska Williams, V., Zamir, O.: Subtree isomorphism revisited. ACM Trans. Alg. TALG 14(3), 27 (2018)
Alkabani, Y. M., Koushanfar, F.: Active hardware metering for intellectual property protection and security. In: Proceedings of USENIX Security Symposium, pp. 20:1–20:16 (2007)
Alrahis, L., Yasin, M., Limaye, N., Saleh, H., Mohammad, B., Alqutayri, M., Sinanoglu, O.: ScanSAT: unlocking static and dynamic scan obfuscation. Transactions on Emerging Topics in Computing (2019)
Baumgarten, A., Tyagi, A., Zambreno, J.: Preventing IC piracy using reconfigurable logic barriers. IEEE Des. Test Comput. pp. 66–75 (2010)
Bhunia, S., Tehranipoor, M.: Hardware security: a hands-on learning approach. Morgan Kaufmann, Burlington (2018)
Bryan, D.: The ISCAS’85 benchmark circuits and netlist format. North Carolina State University 25, (1985)
Castillo, E., Meyer-Baese, U., García, A., Parrilla, L., Lloris, A.: IPP@HDL: efficient intellectual property protection scheme for IP cores. IEEE Trans. Very Large Scale Integr. Syst. pp. 578–591 (2007)
Chakraborty, R., Bhunia, S.: Hardware protection and authentication through netlist level obfuscation. In: Proceedings of IEEE/ACM international conference on computer-aided design, pp. 674 –677 (2008)
Chakraborty, R. S., Bhunia, S.: HARPOON: an obfuscation-based SoC design methodology for hardware protection. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. pp. 1493–1502 (2009)
Charbon, E.: Hierarchical watermarking in IC design. In: Custom integrated circuits conference, pp. 295–298 (1998)
Chen, H., Fu, C., Zhao, J., Koushanfar, F.: Genunlock: an automated genetic algorithm framework for unlocking logic encryption. In: ICCAD, pp. 1–8 (2019)
Chiang, H. Y., Chen, Y. C., Ji, D. X., Yang, X. M., Lin, C. C., Wang, C. Y.: LOOPLock: logic optimization based cyclic logic locking. Trans. Comput.-Aided Des. Integr. Circuits Syst. (2019)
Cormen, T. H., Leiserson, C. E., Rivest, R. L., Stein, C.: Introduction to algorithms. MIT press (2009)
Davidson, S.: Itc’99 benchmark circuits-preliminary results. In: International Test Conference 1999. Proceedings (IEEE Cat. No. 99CH37034), pp. 1125–1125. IEEE Computer Society (1999)
Dickinson, P. J., Bunke, H., Dadej, A., Kraetzl, M.: On graphs with unique node labels. In: International workshop on graph-based representations in pattern recognition, pp. 13–23. Springer (2003)
Guin, U., Shi, Q., Forte, D., Tehranipoor, M. M.: FORTIS: a comprehensive solution for establishing forward trust for protecting IPs and ICs. ACM Trans. Des. Autom. Electron. Syst. (2016)
Guin, U., Zhou, Z., Singh, A.: A novel design-for-security (DFS) architecture to prevent unauthorized IC overproduction. In: Proceedings of the IEEE VLSI Test Symposium (VTS), pp. 1–6 (2017)
Guin, U., Zhou, Z., Singh, A.: Robust design-for-security architecture for enabling trust in IC manufacturing and test. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. pp. 818–830 (2018)
Jarvis, R. W., McIntyre, M. G.: Split manufacturing method for advanced semiconductor circuits (2007). US Patent 7,195,931
Juretus, K., Savidis, I.: Increasing the SAT attack resiliency of in-cone logic locking. In: International symposium on circuits and systems (ISCAS), pp. 1–5 (2019)
Kahng, A., Lach, J., Mangione-Smith, W., Mantik, S., Markov, I., Potkonjak, M., Tucker, P., Wang, H., Wolfe, G.: Constraint-based watermarking techniques for design IP protection. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. pp. 1236–1252 (2001)
Karmakar, R., Chatopadhyay, S., Kapur, R.: Encrypt flip-flop: A novel logic encryption technique for sequential circuits. arXiv preprint arXiv:1801.04961 (2018)
Khaleghi, S., Da Zhao, K., Rao, W.: IC piracy prevention via design withholding and entanglement. In: The 20th asia and south pacific design automation conference, pp. 821–826 (2015)
Koushanfar, F., Qu, G.: Hardware metering. In: Proceedings IEEE-ACM design automation conference, pp. 490–493 (2001). http://doi.org/10.1109/DAC.2001.156189
Lee, Y. W., Touba, N. A.: Improving logic obfuscation via logic cone analysis. In: Latin-American Test Symposium (LATS), pp. 1–6 (2015)
Limaye, N., Sengupta, A., Nabeel, M., Sinanoglu, O.: Is robust design-for-security robust enough? Attack on locked circuits with restricted scan chain access. arXiv preprint arXiv:1906.07806 (2019)
Liu, B., Wang, B.: Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks. In: Proceedings of the conference on Design, Automation & Test in Europe, p. 243 (2014)
Plaza, S. M., Markov, I. L.: Solving the third-shift problem in IC piracy with test-aware logic locking. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. pp. 961–971 (2015)
Potluri, S., Aysu, A., Kumar, A.: Seql: Secure scan-locking for ip protection. arXiv preprint arXiv:2005.13032 (2020)
Python-2.7: Available: https://www.python.org/download/releases/2.7/ (2019)
Qu, G., Potkonjak, M.: Intellectual property protection in VLSI designs: theory and practice. Springer, Berlin (2003)
Rajendran, J., Pino, Y., Sinanoglu, O., Karri, R.: Security analysis of logic obfuscation. In: Proceedings of ACM/IEEE on Design Automation Conference, pp. 83–89 (2012)
Rajendran, J., Zhang, H., Zhang, C., Rose, G.S., Pino, Y., Sinanoglu, O., Karri, R.: Fault analysis-based logic encryption. IEEE Trans. Comput. pp. 410–424 (2015)
Reich, A. J., Nakagawa, K. H., Boone, R. E.: OASIS versus GDSII stream format efficiency. In: 23rd Annual BACUS Symposium on Photomask Technology, vol. 5256, pp. 163–174 (2003)
Roy, J., Koushanfar, F., Markov, I.: EPIC: Ending Piracy of Integrated Circuits. In: DATE, pp. 1069 –1074 (2008). http://doi.org/10.1109/DATE.2008.4484823
Salmani, H., Tehranipoor, M.: Trust-hub (2018). [Online]. https://trust-hub.org/home
Sengupta, A., Nabeel, M., Limaye, N., Ashraf, M., Sinanoglu, O.: Truly stripping functionality for logic locking: a fault-based perspective. Trans. Comput.-Aided Des. Integr. Circuits Syst. (2020)
Shakya, B., Xu, X., Tehranipoor, M., Forte, D.: Cas-lock: A security-corruptibility trade-off resilient logic locking scheme. IACR Trans. Cryptogr. Hardware Embed. Syst. pp. 175–202 (2020)
Shakya, B., Xu, X., Tehranipoor, M., Forte, D.: Defeating cas-unlock. IACR Cryptol. ePrint Arch. 2020, 324 (2020)
Shamsi, K., Li, M., Meade, T., Zhao, Z., Pan, D.Z., Jin, Y.: AppSAT: Approximately deobfuscating integrated circuits. In: International Symposium on Hardware Oriented Security and Trust (2017)
Shamsi, K., Li, M., Pan, D. Z., Jin, Y.: Kc2: key-condition crunching for fast sequential circuit deobfuscation. In: 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 534–539. IEEE (2019)
Shamsi, K., Li, M., Plaks, K., Fazzari, S., Pan, D.Z., Jin, Y.: IP protection and supply chain security through logic obfuscation: a systematic overview. Trans. Des. Autom. Electron. Syst. (TODAES) p. 65 (2019)
Shen, Y., Zhou, H.: Double DIP: Re-Evaluating Security of Logic Encryption Algorithms. In: Proceedings of the on Great Lakes Symposium on VLSI, pp. 179–184 (2017)
Sirone, D., Subramanyan, P.: Functional analysis attacks on logic locking. IEEE Trans. Inf. Forens. Secur. 15, 2514–2527 (2020)
Subramanyan, P., Ray, S., Malik, S.: Evaluating the security of logic encryption algorithms. In: International Symposium on Hardware Oriented Security and Trust, pp. 137–143 (2015)
Tan, Q., Potluri, S., Aysu, A.: Efficacy of satisfiability based attacks in the presence of circuit reverse engineering errors. arXiv preprint arXiv:2005.13048 (2020)
Tarjan, R.: Depth-first search and linear graph algorithms. SIAM J. Comput. pp. 146–160 (1972)
Tehranipoor, M.M., Guin, U., Forte, D.: Counterfeit Integrated Circuits: Detection and Avoidance. Springer, Berlin (2015)
Torrance, R., James, D.: The state-of-the-art in IC reverse engineering. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 363–381 (2009)
Trusted and Assured Micro Electronics Forum (2019). https://www.tameforum.org/
UF/FICS Hardware De-obfuscation Competition (2019). https://trust-hub.org/competitions/hwobfuscation1
Vaidyanathan, K., Liu, R., Sumbul, E., Zhu, Q., Franchetti, F., Pileggi, L.: Efficient and secure intellectual property (IP) design with split fabrication. In: International Symposium on Hardware Oriented Security and Trust, pp. 13–18 (2014)
Wang, X., Zhang, D., He, M., Su, D., Tehranipoor, M.: Secure scan and test using obfuscation throughout supply chain. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 37(9), 1867–1880 (2017)
Yasin, M., Rajendran, J.J., Sinanoglu, O., Karri, R.: On improving the security of logic locking. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 35(9), 1411–1424 (2016)
Acknowledgements
This work was supported by the National Science Foundation under Grant No. CNS-1755733. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhang, Y., Jain, A., Cui, P. et al. A novel topology-guided attack and its countermeasure towards secure logic locking. J Cryptogr Eng 11, 213–226 (2021). https://doi.org/10.1007/s13389-020-00243-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-020-00243-6