Security analysis of Anti-SAT

Logic encryption protects integrated circuits (ICs) against intellectual property (IP) piracy and overbuilding attacks by encrypting the IC with a key. A Boolean satisfiability (SAT) based attack breaks all existing logic encryption technique within few hours. Recently, a defense mechanism known as Anti-SAT was presented that protects against SAT attack, by rendering the SAT-attack effort exponential in terms of the number of key gates. In this paper, we highlight the vulnerabilities of Anti-SAT and propose signal probability skew (SPS) attack against Anti-SAT block. SPS attack leverages the structural traces in Anti-SAT block to identify and isolate Anti-SAT block. The attack is 100% successful on all variants of Anti-SAT block. SPS attack is scalable to large circuits, as it breaks circuits with up to 22K gates within two minutes.

[1]  Ramesh Karri,et al.  On Improving the Security of Logic Locking , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[2]  Jarrod A. Roy,et al.  EPIC: Ending Piracy of Integrated Circuits , 2008, 2008 Design, Automation and Test in Europe.

[3]  Ozgur Sinanoglu,et al.  SARLock: SAT attack resistant logic locking , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[4]  Ramesh Karri,et al.  A Primer on Hardware Security: Models, Methods, and Metrics , 2014, Proceedings of the IEEE.

[5]  Jeyavijayan Rajendran,et al.  Activation of logic encrypted chips: Pre-test or post-test? , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[6]  Swarup Bhunia,et al.  HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection , 2009, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[7]  Farinaz Koushanfar,et al.  Provably Secure Active IC Metering Techniques for Piracy Avoidance and Digital Rights Management , 2012, IEEE Transactions on Information Forensics and Security.

[8]  John P. Hayes,et al.  Unveiling the ISCAS-85 Benchmarks: A Case Study in Reverse Engineering , 1999, IEEE Des. Test Comput..

[9]  Igor L. Markov,et al.  Solving the Third-Shift Problem in IC Piracy With Test-Aware Logic Locking , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[10]  Joseph Zambreno,et al.  Preventing IC Piracy Using Reconfigurable Logic Barriers , 2010, IEEE Design & Test of Computers.

[11]  Ankur Srivastava,et al.  Mitigating SAT Attack on Logic Locking , 2016, CHES.

[12]  Brandon Wang,et al.  Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[13]  Sayak Ray,et al.  Evaluating the security of logic encryption algorithms , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[14]  Jeyavijayan Rajendran,et al.  Fault Analysis-Based Logic Encryption , 2015, IEEE Transactions on Computers.