AppSAT: Approximately deobfuscating integrated circuits

Shamsi, Kaveh; Li, Meng; Meade, Travis; Zhao, Zheng; Pan, David Z.; Jin, Yier

doi:10.1109/hst.2017.7951805

Cited by 251 publications

(107 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We note that wire cutting has been demonstrated in the past [47], enabling such invasive attacks in principle. Besides, these schemes are also vulnerable to other algorithmic attacks [20]- [23]. This is because a key limitation of these schemes is that they induce low output corruptibility, allowing an attacker to obtain relatively easily an approximate version of the IP.…”

Section: Ieee Transactions On Computer-aided Design Of Integrated Cirmentioning

confidence: 99%

Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

Patnaik¹,

Ashraf²,

Knechtel³

et al. 2020

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

Layout camouflaging can protect the intellectual property of modern circuits. Most prior art, however, incurs excessive layout overheads and necessitates customization of active-device manufacturing processes, i.e., the front-end-of-line (FEOL). As a result, camouflaging has typically been applied selectively, which can ultimately undermine its resilience. Here, we propose a low-cost and generic scheme-full-chip camouflaging can be finally realized without reservations. Our scheme is based on obfuscating the interconnects, i.e., the back-end-ofline (BEOL), through design-time handling for real and dummy wires and vias. To that end, we implement custom, BEOL-centric obfuscation cells, and develop a CAD flow using industrial tools. Our scheme can be applied to any design and technology node without FEOL-level modifications. Considering its BEOL-centric nature, we advocate applying our scheme in conjunction with split manufacturing, to furthermore protect against untrusted fabs. We evaluate our scheme for various designs at the physical, DRC-clean layout level. Our scheme incurs a significantly lower cost than most of the prior art. Notably, for fully camouflaged layouts, we observe average power, performance, and area overheads of 24.96%, 19.06%, and 32.55%, respectively. We conduct a thorough security study addressing the threats (attacks) related to untrustworthy FEOL fabs (proximity attacks) and malicious end-users (SAT-based attacks). An empirical key finding is that only large-scale camouflaging schemes like ours are practically secure against powerful SAT-based attacks. Another key finding is that our scheme hinders both placement-and routing-centric proximity attacks; correct connections are reduced by 7.47X, and complexity is increased by 24.15X, respectively, for such attacks.

show abstract

Section: Ieee Transactions On Computer-aided Design Of Integrated Cirmentioning

confidence: 99%

Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

Patnaik¹,

Ashraf²,

Knechtel³

et al. 2020

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

show abstract

“…To increase the output corruption, they could be augmented with other (output corruption oriented) obfuscation mechanisms. However, by using approximate SAT attack [23] almost all key values for the augmented obfuscation mechanism could be correctly identified.…”

Section: A Acyclic Logic Obfuscationmentioning

confidence: 99%

SAT-Hard Cyclic Logic Obfuscation for Protecting the IP in the Manufacturing Supply Chain

Roshanisefat

Kamali

Homayoun

et al. 2020

IEEE Trans. VLSI Syst.

View full text Add to dashboard Cite

State-of-the-art attacks against cyclic logic obfuscation use satisfiability solvers that are equipped with a set of cycle avoidance clauses. These cycle avoidance clauses are generated in a pre-processing step and define various key combinations that could open or close cycles without making the circuit oscillating or stateful. In this paper, we show that this preprocessing step has to generate cycle avoidance conditions on all cycles in a netlist, otherwise, a missing cycle could trap the solver in an infinite loop or make it exit with an incorrect key. Then, we propose several techniques by which the number of cycles is exponentially increased as a function of the number of inserted feedbacks. We further illustrate that when the number of feedbacks is increased, the pre-processing step of the attack faces an exponential increase in complexity and runtime, preventing the correct composition of cycle avoidance clauses in a reasonable time. On the other hand, if the pre-processing is not concluded, the attack formulated by the satisfiability solver will either get stuck or exit with an incorrect key. Hence, when the cyclic obfuscation under the conditions proposed in this paper is implemented, it would impose an exponentially difficult problem for the satisfiability solver based attacks.

show abstract

“…These SAT-resistant logic locking techniques that increase SAT attack complexity by increasing the number of required distinguishing input patterns (DIPs) [9], [8] or by striping some of the functionality of the logic locked design [56] and hiding it in the form of a secret key, possess their own critical vulnerabilities. For example, researchers have proposed Bypass attack [57], SPS attack [6], App-SAT attack [5], and FALL attack [89] that can easily circumvent the effect of the SAT-resistant locking schemes. Further, these SAT-resistant schemes are known to possess low corruptibility, and thus do not provide the desired functional obfuscation.…”

Section: F Defense For Logic Obfuscation Techniquesmentioning

confidence: 99%

Defense-in-depth: A recipe for logic locking to prevail

Rahman

Wang

et al. 2020

Integration

View full text Add to dashboard Cite

Logic locking has emerged as a promising solution for protecting the semiconductor intellectual Property (IP) from the untrusted entities in the design and fabrication process. Logic locking hides the functionality of the IP by embedding additional key-gates in the circuit. The correct output of the chip is produced, once the correct key value is available at the input of the key-gates. The confidentiality of the key is imperative for the security of the locked IP as it stands as the lone barrier against IP infringement. Therefore, the logic locking is considered as a broken scheme once the key value is exposed. The research community has shown the vulnerability of the logic locking techniques against different classes of attacks, such as Oracle-guided and physical attacks. Although several countermeasures have already been proposed against such attacks, none of them is simultaneously impeccable against Oracle-guided, Oracle-less, and physical attacks. Under such circumstances, a defense-in-depth approach can be considered as a practical approach in addressing the vulnerabilities of logic locking. Defense-in-depth is a multilayer defense approach where several independent countermeasures are implemented in the device to provide aggregated protection against different attack vectors. Introducing such a multilayer defense model in logic locking is the major contribution of this paper. With regard to this, we first identify the core components of logic locking schemes, which need to be protected. Afterwards, we categorize the vulnerabilities of core components according to potential threats for the locking key in logic locking schemes. Furthermore, we propose several defense layers and countermeasures to protect the device from those vulnerabilities. Finally, we turn our focus to open research questions and conclude with suggestions for future research directions.

show abstract

AppSAT: Approximately deobfuscating integrated circuits

Cited by 251 publications

References 17 publications

Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

Obfuscating the Interconnects: Low-Cost and Resilient Full-Chip Layout Camouflaging

SAT-Hard Cyclic Logic Obfuscation for Protecting the IP in the Manufacturing Supply Chain

Defense-in-depth: A recipe for logic locking to prevail

Contact Info

Product

Resources

About