Evaluating the security of logic encryption algorithms

Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. One class of techniques to combat these threats is logic encryption. Logic encryption modifies an IC design such that it operates correctly only when a set of newly introduced inputs, called key inputs, are set to the correct values. In this paper, we use algorithms based on satisfiability checking (SAT) to investigate the security of logic encryption. We present a SAT-based algorithm which allows an attacker to “decrypt” an encrypted netlist using a small number of carefully-selected input patterns and their corresponding output observations. We also present a “partial-break” algorithm that can reveal some of the key inputs even when the attack is not fully successful. We conduct a thorough evaluation of our attack by examining six proposals for logic encryption from the literature. We find that all of these are vulnerable to our attack. Among the 441 encrypted circuits we examined, we were able to decrypt 418 (95%). We discuss the strengths and limitations of our attack and suggest directions that may lead to improved logic encryption algorithms.

[1]  Cliff Wang,et al.  Introduction to Hardware Security and Trust , 2011 .

[2]  Armin Biere Lingeling, Plingeling and Treengeling Entering the SAT Competition 2013 , 2013 .

[3]  Farinaz Koushanfar Hardware Metering: A Survey , 2012 .

[4]  Joseph Zambreno,et al.  Preventing IC Piracy Using Reconfigurable Logic Barriers , 2010, IEEE Design & Test of Computers.

[5]  Ioannis G. Tollis,et al.  Improved Techniques for Estimating Signal Probabilities , 1989, IEEE Trans. Computers.

[6]  Claude Castelluccia,et al.  Extending SAT Solvers to Cryptographic Problems , 2009, SAT.

[7]  Dick James,et al.  The State-of-the-Art in IC Reverse Engineering , 2009, CHES.

[8]  Masahiro Fujita,et al.  Partial synthesis through sampling with and without specification , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[9]  Jarrod A. Roy,et al.  EPIC: Ending Piracy of Integrated Circuits , 2008, 2008 Design, Automation and Test in Europe.

[10]  Swarup Bhunia,et al.  Hardware protection and authentication through netlist level obfuscation , 2008, ICCAD 2008.

[11]  Giorgio Di Natale,et al.  A novel hardware logic encryption technique for thwarting illegal overproduction and Hardware Trojans , 2014, 2014 IEEE 20th International On-Line Testing Symposium (IOLTS).

[12]  Ashish Tiwari,et al.  Template-based circuit understanding , 2014, 2014 Formal Methods in Computer-Aided Design (FMCAD).

[13]  Sharad Malik,et al.  SAT-based techniques for determining backbones for post-silicon fault localisation , 2011, 2011 IEEE International High Level Design Validation and Test Workshop.

[14]  Farinaz Koushanfar,et al.  Provably Secure Active IC Metering Techniques for Piracy Avoidance and Digital Rights Management , 2012, IEEE Transactions on Information Forensics and Security.

[15]  Sumit Gulwani,et al.  Oracle-guided component-based program synthesis , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[16]  Jeyavijayan Rajendran,et al.  Security analysis of logic obfuscation , 2012, DAC Design Automation Conference 2012.

[17]  Jeyavijayan Rajendran,et al.  Fault Analysis-Based Logic Encryption , 2015, IEEE Transactions on Computers.

[18]  David G. Mitchell,et al.  Finding hard instances of the satisfiability problem: A survey , 1996, Satisfiability Problem: Theory and Applications.

[19]  M. Pecht,et al.  Bogus: electronic manufacturing and consumers confront a rising tide of counterfeit electronics , 2006, IEEE Spectrum.

[20]  John Villasenor,et al.  Chop shop electronics , 2013, IEEE Spectrum.

[21]  Vishwani D. Agrawal,et al.  Essentials of electronic testing for digital, memory, and mixed-signal VLSI circuits [Book Review] , 2000, IEEE Circuits and Devices Magazine.