IcySAT: Improved SAT-based Attacks on Cyclic Locked Circuits

“Cyclic” circuit locking/camouflaging is a recently proposed direction in logic obfuscation for thwarting foundry and end-user reverse engineering. As opposed to traditional schemes, these techniques create cycles in the obfuscated circuit in a way that confuses the attacker but does not disrupt the combinational nature of the circuit. While these schemes can thwart the baseline SAT-based attack, the CycSAT attack was proposed recently to break these schemes through a preprocessing step that builds a Boolean condition to avoid cyclic solutions/keys during the attack. However, follow-up work has suggested that extracting these conditions requires enumerating all cycles in the circuit, or that instead of relying on these conditions preemptively, cyclic solutions must be banned individually on the fly. In this paper we present new algorithms for performing SAT-based attacks on cyclic circuits. We first propose an algorithm that can produce non-cyclic conditions in polynomial time with respect to the size of the circuit, avoiding the potentially exponential runtime of explicit key-banning or cycle enumeration. We then take a deeper look at the problem, discussing some of the fundamental limitations of extracting precise non-cyclic conditions and propose a more complex but complete procedure for cyclic deobfuscation. We evaluate our attacks on densely cyclic obfuscated benchmark circuits.

[1]  Meng Li,et al.  Cross-Lock: Dense Layout-Level Interconnect Locking using Cross-bar Architectures , 2018, ACM Great Lakes Symposium on VLSI.

[2]  Meng Li,et al.  AppSAT: Approximately deobfuscating integrated circuits , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[3]  Hai Zhou,et al.  CycSAT: SAT-based attack on cyclic logic encryptions , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[4]  Sharad Malik Analysis of cyclic combinational circuits , 1994, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[5]  Siddharth Garg,et al.  Integrated Circuit (IC) Decamouflaging: Reverse Engineering Camouflaged ICs within Minutes , 2015, NDSS.

[6]  Meng Li,et al.  Cyclic Obfuscation for Creating SAT-Unresolvable Circuits , 2017, ACM Great Lakes Symposium on VLSI.

[7]  Jeyavijayan Rajendran,et al.  Provably-Secure Logic Locking: From Theory To Practice , 2017, CCS.

[8]  Ranga Vemuri,et al.  On the Effectiveness of the Satisfiability Attack on Split Manufactured Circuits , 2018, 2018 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC).

[9]  Hai Zhou,et al.  BeSAT: behavioral SAT-based attack on cyclic logic encryption , 2019, ASP-DAC.

[10]  Avesta Sasan,et al.  SRCLock: SAT-Resistant Cyclic Logic Locking for Protecting the Hardware , 2018, ACM Great Lakes Symposium on VLSI.

[11]  David Z. Pan,et al.  On the Approximation Resiliency of Logic Locking and IC Camouflaging Schemes , 2019, IEEE Transactions on Information Forensics and Security.

[12]  Hai Zhou,et al.  Cyclic locking and memristor-based obfuscation against CycSAT and inside foundry attacks , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[13]  Hai Zhou,et al.  Double DIP: Re-Evaluating Security of Logic Encryption Algorithms , 2017, ACM Great Lakes Symposium on VLSI.