Novel Bypass Attack and BDD-based Tradeoff Analysis Against All Known Logic Locking Attacks

  • Xiaolin XuEmail author
  • Bicky Shakya
  • Mark M. Tehranipoor
  • Domenic Forte
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10529)


Logic locking has emerged as a promising technique for protecting gate-level semiconductor intellectual property. However, recent work has shown that such gate-level locking techniques are vulnerable to Boolean satisfiability (SAT) attacks. In order to thwart such attacks, several SAT-resistant logic locking techniques have been proposed, which minimize the discriminating ability of input patterns to rule out incorrect keys. In this work, we show that such SAT-resistant logic locking techniques have their own set of unique vulnerabilities. In particular, we propose a novel “bypass attack” that ensures the locked circuit works even when an incorrect key is applied. Such a technique makes it possible for an adversary to be oblivious to the type of SAT-resistant protection applied on the circuit, and still be able to restore the circuit to its correct functionality. We show that such a bypass attack is feasible on a wide range of benchmarks and SAT-resistant techniques, while incurring minimal run-time and area/delay overhead. Binary decision diagrams (BDDs) are utilized to analyze the proposed bypass attack and assess tradeoffs in security vs overhead of various countermeasures.



This research is supported in part by Cisco Systems Inc, and by the AFOSR award number FA9550-14-1-0351.


  1. 1.
    Tehranipoor, M.M., Guin, U., Forte, U.: Counterfeit integrated circuits. In: Counterfeit Integrated Circuits, pp. 15–36. Springer, Heidelberg (2015)Google Scholar
  2. 2.
    Vaidyanathan, K., Liu, R., Sumbul, E., Zhu, Q., Franchetti, F., Pileggi, L.: Efficient and secure intellectual property (IP) design with split fabrication. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 13–18. IEEE (2014)Google Scholar
  3. 3.
    Alkabani, Y., Koushanfar, F.: Active hardware metering for intellectual property protection and security. In: USENIX security, Boston MA, USA, pp. 291–306 (2007)Google Scholar
  4. 4.
    Roy, J.A., Koushanfar, F., Markov, I.L.: Epic: Ending piracy of integrated circuits, vol. 43, pp. 30–38. IEEE (2010)Google Scholar
  5. 5.
    Rajendran, J., Zhang, H., Zhang, C., Rose, G.S., Pino, Y., Sinanoglu, O., Karri, R.: Fault analysis-based logic encryption. IEEE Trans. Comput. 64(2), 410–424 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Subramanyan, P., Ray, S., Malik, S.: Evaluating the security of logic encryption algorithms. In: 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 137–143. IEEE (2015)Google Scholar
  7. 7.
    Yasin, M., Mazumdar, B., Rajendran, J.J.V., Sinanoglu, O.: SARLock: SAT attack resistant logic locking. In: 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 236–241, May 2016Google Scholar
  8. 8.
    Xie, Y., Srivastava, A.: Mitigating SAT attack on logic locking. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 127–146. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53140-2_7 Google Scholar
  9. 9.
    Torrance, R., James, D.: The state-of-the-art in IC reverse engineering. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 363–381. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04138-9_26 CrossRefGoogle Scholar
  10. 10.
    Rajendran, J., Pino, Y., Sinanoglu, O., Karri, R.: Security analysis of logic obfuscation. In: Proceedings of the 49th Annual Design Automation Conference, pp. 83–89. ACM (2012)Google Scholar
  11. 11.
    Bushnell, M., Agrawal, V.: Essentials of Electronic Testing for Digital, Memory and Mixed-Signal VLSI Circuits, vol. 17. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Yasin, M., Rajendran, J.J., Sinanoglu, O., Karri, R.: On improving the security of logic locking. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 35(9), 1411–1424 (2016)CrossRefGoogle Scholar
  13. 13.
    Yasin, M., Mazumdar, B., Sinanoglu, O., Rajendran, J.: Security analysis of anti-SAT. In: 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 342–347. IEEE (2017)Google Scholar
  14. 14.
    Shen, Y., Zhou, H.: Double DIP: Re-evaluating security of logic encryption algorithms. In: Proceedings of the Great Lakes Symposium on VLSI 2017, GLSVLSI 2017, pp. 179–184. ACM, New York (2017)Google Scholar
  15. 15.
    Brglez, F.: A neutral netlist of 10 combinational benchmark circuits and a target translation in FORTRAN. In: ISCAS-85 (1985)Google Scholar
  16. 16.
    Amarú, L., Gaillardon, P.-E., De Micheli, G.: The EPFL combinational benchmark suite. In: Proceedings of the 24th International Workshop on Logic & Synthesis (IWLS), number EPFL-CONF-207551 (2015)Google Scholar
  17. 17.
    Soos, M.: Cryptominisat-a SAT solver for cryptographic problems (2009).
  18. 18.
    Brayton, R., Mishchenko, A.: ABC: An academic industrial-strength verification tool. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 24–40. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14295-6_5 CrossRefGoogle Scholar
  19. 19.
    Somenzi, F.: CUDD: CU decision diagram package release 2.3.0. University of Colorado at Boulder (1998)Google Scholar
  20. 20.
    Yang, C., Ciesielski, M.: BDS: A BDD-based logic optimization system. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 21(7), 866–876 (2002)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Xiaolin Xu
    • 1
    Email author
  • Bicky Shakya
    • 1
  • Mark M. Tehranipoor
    • 1
  • Domenic Forte
    • 1
  1. 1.ECE DepartmentUniversity of FloridaGainesvilleUSA

Personalised recommendations