Novel Bypass Attack and BDD-based Tradeoff Analysis Against All Known Logic Locking Attacks

Logic locking has emerged as a promising technique for protecting gate-level semiconductor intellectual property. However, recent work has shown that such gate-level locking techniques are vulnerable to Boolean satisfiability (SAT) attacks. In order to thwart such attacks, several SAT-resistant logic locking techniques have been proposed, which minimize the discriminating ability of input patterns to rule out incorrect keys. In this work, we show that such SAT-resistant logic locking techniques have their own set of unique vulnerabilities. In particular, we propose a novel “bypass attack” that ensures the locked circuit works even when an incorrect key is applied. Such a technique makes it possible for an adversary to be oblivious to the type of SAT-resistant protection applied on the circuit, and still be able to restore the circuit to its correct functionality. We show that such a bypass attack is feasible on a wide range of benchmarks and SAT-resistant techniques, while incurring minimal run-time and area/delay overhead. Binary decision diagrams (BDDs) are utilized to analyze the proposed bypass attack and assess tradeoffs in security vs overhead of various countermeasures.

[1]  Jeyavijayan Rajendran,et al.  Security analysis of Anti-SAT , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[2]  Giovanni De Micheli,et al.  The EPFL Combinational Benchmark Suite , 2015 .

[3]  F. Brglez,et al.  A neutral netlist of 10 combinational benchmark circuits and a target translator in FORTRAN , 1985 .

[4]  Ramesh Karri,et al.  On Improving the Security of Logic Locking , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[5]  Jeyavijayan Rajendran,et al.  Fault Analysis-Based Logic Encryption , 2015, IEEE Transactions on Computers.

[6]  Vishwani D. Agrawal,et al.  Essentials of electronic testing for digital, memory, and mixed-signal VLSI circuits [Book Review] , 2000, IEEE Circuits and Devices Magazine.

[7]  Hai Zhou,et al.  Double DIP: Re-Evaluating Security of Logic Encryption Algorithms , 2017, ACM Great Lakes Symposium on VLSI.

[8]  Robert K. Brayton,et al.  ABC: An Academic Industrial-Strength Verification Tool , 2010, CAV.

[9]  Ozgur Sinanoglu,et al.  SARLock: SAT attack resistant logic locking , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[10]  Farinaz Koushanfar,et al.  Active Hardware Metering for Intellectual Property Protection and Security , 2007, USENIX Security Symposium.

[11]  Ankur Srivastava,et al.  Mitigating SAT Attack on Logic Locking , 2016, CHES.

[12]  Jarrod A. Roy,et al.  Ending Piracy of Integrated Circuits , 2010, Computer.

[13]  Maciej J. Ciesielski,et al.  BDS: a BDD-based logic optimization system , 2000, DAC.

[14]  Jarrod A. Roy,et al.  EPIC: Ending Piracy of Integrated Circuits , 2008, 2008 Design, Automation and Test in Europe.

[15]  Jeyavijayan Rajendran,et al.  Security analysis of logic obfuscation , 2012, DAC Design Automation Conference 2012.

[16]  Dick James,et al.  The State-of-the-Art in IC Reverse Engineering , 2009, CHES.

[17]  Sayak Ray,et al.  Evaluating the security of logic encryption algorithms , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[18]  Fabio Somenzi,et al.  CUDD: CU Decision Diagram Package Release 2.2.0 , 1998 .

[19]  Ujjwal Guin,et al.  Counterfeit Integrated Circuits , 2015 .

[20]  Franz Franchetti,et al.  Efficient and secure intellectual property (IP) design with split fabrication , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).