Functional Analysis Attacks on Logic Locking

Sirone, Deepak; Subramanyan, Pramod

doi:10.1109/tifs.2020.2968183

Cited by 72 publications

(35 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Both SFLL-HD and SFLL-flex c×k utilize AND-trees which leave structural hints for an opportune attacker. Such an attack has been demonstrated recently by Sirone et al [33]; the authors deciphered the key successfully (even without oracle access). At the time of writing, no attacks have been demonstrated on SFLL-fault yet.…”

Section: Advanced Logic Locking Schemesmentioning

confidence: 87%

Protect Your Chip Design Intellectual Property

Knechtel

Patnaik

Sinanoglu

2019

Proceedings of the International Conference on Omni-Layer Intelligent Systems

View full text Add to dashboard Cite

The increasing cost of integrated circuit (IC) fabrication has driven most companies to "go fabless" over time. The corresponding outsourcing trend gave rise to various attack vectors, e.g., illegal overproduction of ICs, piracy of the design intellectual property (IP), or insertion of hardware Trojans (HTs). These attacks are possibly conducted by untrusted entities residing all over the supply chain, ranging from untrusted foundries, test facilities, even to end-users. To overcome this multitude of threats, various techniques have been proposed over the past decade. In this paper, we review the landscape of IP protection techniques, which can be classified into logic locking, layout camouflaging, and split manufacturing. We discuss the history of these techniques, followed by state-of-the-art advancements, relevant limitations, and scope for future work. CCS CONCEPTS• Security and privacy → Security in hardware;

show abstract

Section: Advanced Logic Locking Schemesmentioning

confidence: 87%

Protect Your Chip Design Intellectual Property

Knechtel

Patnaik

Sinanoglu

2019

Proceedings of the International Conference on Omni-Layer Intelligent Systems

View full text Add to dashboard Cite

show abstract

“…Further research revealed that these obfuscation techniques are vulnerable to removal [11], Bypass [24] and FALL [25] attacks. In a removal attack, these SAT hard blocks are identified using Signal Probability Skew (SPS) attack [11] and removed.…”

Section: A Acyclic Logic Obfuscationmentioning

confidence: 99%

SAT-Hard Cyclic Logic Obfuscation for Protecting the IP in the Manufacturing Supply Chain

Roshanisefat

Kamali

Homayoun

et al. 2020

IEEE Trans. VLSI Syst.

View full text Add to dashboard Cite

State-of-the-art attacks against cyclic logic obfuscation use satisfiability solvers that are equipped with a set of cycle avoidance clauses. These cycle avoidance clauses are generated in a pre-processing step and define various key combinations that could open or close cycles without making the circuit oscillating or stateful. In this paper, we show that this preprocessing step has to generate cycle avoidance conditions on all cycles in a netlist, otherwise, a missing cycle could trap the solver in an infinite loop or make it exit with an incorrect key. Then, we propose several techniques by which the number of cycles is exponentially increased as a function of the number of inserted feedbacks. We further illustrate that when the number of feedbacks is increased, the pre-processing step of the attack faces an exponential increase in complexity and runtime, preventing the correct composition of cycle avoidance clauses in a reasonable time. On the other hand, if the pre-processing is not concluded, the attack formulated by the satisfiability solver will either get stuck or exit with an incorrect key. Hence, when the cyclic obfuscation under the conditions proposed in this paper is implemented, it would impose an exponentially difficult problem for the satisfiability solver based attacks.

show abstract

“…SFLL was briefly considered the state-of-the-art SAT resistant logic obfuscation technique. Then a recent functional analysis attack (FALL) [58] was proposed that uses structural and functional analyses on the locked design to identify the locking key, without even having access to an oracle. EPIC attack [55] uses a hill-climbing search based algorithm that monitors test response to guess the secret key.…”

Section: Vulnerabilities Of the Dftmentioning

confidence: 99%

Defense-in-depth: A recipe for logic locking to prevail

Rahman

Wang

et al. 2020

Integration

View full text Add to dashboard Cite

Logic locking has emerged as a promising solution for protecting the semiconductor intellectual Property (IP) from the untrusted entities in the design and fabrication process. Logic locking hides the functionality of the IP by embedding additional key-gates in the circuit. The correct output of the chip is produced, once the correct key value is available at the input of the key-gates. The confidentiality of the key is imperative for the security of the locked IP as it stands as the lone barrier against IP infringement. Therefore, the logic locking is considered as a broken scheme once the key value is exposed. The research community has shown the vulnerability of the logic locking techniques against different classes of attacks, such as Oracle-guided and physical attacks. Although several countermeasures have already been proposed against such attacks, none of them is simultaneously impeccable against Oracle-guided, Oracle-less, and physical attacks. Under such circumstances, a defense-in-depth approach can be considered as a practical approach in addressing the vulnerabilities of logic locking. Defense-in-depth is a multilayer defense approach where several independent countermeasures are implemented in the device to provide aggregated protection against different attack vectors. Introducing such a multilayer defense model in logic locking is the major contribution of this paper. With regard to this, we first identify the core components of logic locking schemes, which need to be protected. Afterwards, we categorize the vulnerabilities of core components according to potential threats for the locking key in logic locking schemes. Furthermore, we propose several defense layers and countermeasures to protect the device from those vulnerabilities. Finally, we turn our focus to open research questions and conclude with suggestions for future research directions.

show abstract

Functional Analysis Attacks on Logic Locking

Cited by 72 publications

References 36 publications

Protect Your Chip Design Intellectual Property

Protect Your Chip Design Intellectual Property

SAT-Hard Cyclic Logic Obfuscation for Protecting the IP in the Manufacturing Supply Chain

Defense-in-depth: A recipe for logic locking to prevail

Contact Info

Product

Resources

About