WordRev: Finding word-level structures in a sea of bit-level gates

Li, Wenchao; Gascón, Adrià; Subramanyan, Pramod; Tan, Wei Yang; Tiwari, Ashish; Malik, Sharad; Shankar, Natarajan; Seshia, Sanjit A.

doi:10.1109/hst.2013.6581568

Cited by 68 publications

(37 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To successfully perform such attacks the layout of the IC must first be reverse-engineered. Several approaches for reverse-engineering ICs have been proposed in previous works [14,16,17]. In reality, for most attacks it is sufficient to reverse-engineer just the datapath between non-volatile memory and the CPU core.…”

Section: Countermeasures and Attack Mitigationmentioning

confidence: 99%

Breaking and entering through the silicon

Helfmeier¹,

Nedospasov²,

Tarnovsky

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

As the surplus market of failure analysis equipment continues to grow, the cost of performing invasive IC analysis continues to diminish. Hardware vendors in high-security applications utilize security by obscurity to implement layers of protection on their devices. High-security applications must assume that the attacker is skillful, well-equipped and wellfunded. Modern security ICs are designed to make readout of decrypted data and changes to security configuration of the device impossible. Countermeasures such as meshes and attack sensors thwart many state of the art attacks. Because of the perceived difficulty and lack of publicly known attacks, the IC backside has largely been ignored by the security community. However, the backside is currently the weakest link in modern ICs because no devices currently on the market are protected against fully-invasive attacks through the IC backside. Fully-invasive backside attacks circumvent all known countermeasures utilized by modern implementations. In this work, we demonstrate the first two practical fully-invasive attacks against the IC backside. Our first attack is fully-invasive backside microprobing. Using this attack we were able to capture decrypted data directly from the data bus of the target IC's CPU core. We also present a fully invasive backside circuit edit. With this attack we were able to set security and configuration fuses of the device to arbitrary values.

show abstract

Section: Countermeasures and Attack Mitigationmentioning

confidence: 99%

Breaking and entering through the silicon

Helfmeier¹,

Nedospasov²,

Tarnovsky

et al. 2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

View full text Add to dashboard Cite

show abstract

“…The netlist can allow for identification of hardware trojans in the implementation [9] or POIs for conducting successful attacks such as micro-probing from the frontside of the chip [10], [11]. To prevent such attacks, many modern IC designs contain active meshes on the frontside of the chip to alert the CPU, when the integrity of the IC is compromised [12].…”

Section: Related Workmentioning

confidence: 99%

Emission Analysis of Hardware Implementations

Tajik

Nedospasov

Helfmeier

et al. 2014

2014 17th Euromicro Conference on Digital System Design

View full text Add to dashboard Cite

Today, hardware implementations are the basis for many security applications, such as cryptographic ciphers. Such applications are realized using complex combinatorial logic circuits of substantial size. Therefore, understanding the gatelevel implementation can be crucial for the attacker. However, Hardware Description Language (HDL) behavioral models and gate-level netlist are seldom available for a particular design. Executing software directly on the device to assist in understanding the implementation is one potential solution. However, this may either be infeasible or completely impossible in practice as target devices may be incapable of executing code. Currently, few works have proposed forms of dynamic gate-level analysis of the actual hardware implementations. Moreover, current reverse-engineering techniques based on physical delayering and optical imaging cannot be applied to programmable logic. In this work we present the first dynamic emission analysis of a hardware implementation. This technique does not require any prior knowledge about the target device. Furthermore, it does not require code to be executed by the target. Hardware implementations consist of basic primitives that form the building blocks of complex hardware functions. By individually analyzing each primitive and correlating the corresponding optical images, the emission fingerprint of each primitive can be identified. As a result the hardware implementation of the device can be reconstructed. We present practical results for a common Complex Programmable Logic Device (CPLD). However, the same approach can be applied to hardware implementations in general.

show abstract

“…The works that come closest to our work are those developed in the context of verifying hardware implementations of word-level arithmetic operations. There is a long history of heuristics for identifying bit-vector (or word-level) operators from gate-level implementations (see, for example, [19,20,22,23] for a small sampling). The use of canonical representations of arithmetic operations have also been explored in the context of verifying arithmetic circuits like multipliers (see [29,30], among others).…”

Section: Related Workmentioning

confidence: 99%

“…Indeed, variants of this approach have been used earlier in different contexts [19,20,21,22,23]. In the context of SMT solving, however, more caution is needed.…”

Section: Introductionmentioning

confidence: 99%

Matching Multiplications in Bit-Vector Formulas

Chakraborty

Gupta

Jain

2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Bit-vector formulas arising from hardware verification problems often contain word-level arithmetic operations. Empirical evidence shows that state-of-the-art SMT solvers are not very efficient at reasoning about bit-vector formulas with multiplication. This is particularly true when multiplication operators are decomposed and represented in alternative ways in the formula. We present a pre-processing heuristic that identifies certain types of decomposed multipliers, and adds special assertions to the input formula that encode the equivalence of sub-terms and word-level multiplication terms. The pre-processed formulas are then solved using an SMT solver. Our experiments with three SMT solvers show that our heuristic allows several formulas to be solved quickly, while the same formulas time out without the pre-processing step.

show abstract

WordRev: Finding word-level structures in a sea of bit-level gates

Cited by 68 publications

References 19 publications

Breaking and entering through the silicon

Breaking and entering through the silicon

Emission Analysis of Hardware Implementations

Matching Multiplications in Bit-Vector Formulas

Contact Info

Product

Resources

About