Defense-in-Depth: A Recipe for Logic Locking to Prevail

Logic locking has emerged as a promising solution for protecting the semiconductor intellectual Property (IP) from the untrusted entities in the design and fabrication process. Logic locking hides the functionality of the IP by embedding additional key-gates in the circuit. The correct output of the chip is produced, once the correct key value is available at the input of the key-gates. The confidentiality of the key is imperative for the security of the locked IP as it stands as the lone barrier against IP infringement. Therefore, the logic locking is considered as a broken scheme once the key value is exposed. The research community has shown the vulnerability of the logic locking techniques against different classes of attacks, such as Oracle-guided and physical attacks. Although several countermeasures have already been proposed against such attacks, none of them is simultaneously impeccable against Oracle-guided, Oracle-less, and physical attacks. Under such circumstances, a defense-in-depth approach can be considered as a practical approach in addressing the vulnerabilities of logic locking. Defense-in-depth is a multilayer defense approach where several independent countermeasures are implemented in the device to provide aggregated protection against different attack vectors. Introducing such a multilayer defense model in logic locking is the major contribution of this paper. With regard to this, we first identify the core components of logic locking schemes, which need to be protected. Afterwards, we categorize the vulnerabilities of core components according to potential threats for the locking key in logic locking schemes. Furthermore, we propose several defense layers and countermeasures to protect the device from those vulnerabilities. Finally, we turn our focus to open research questions and conclude with suggestions for future research directions.

[1]  Christof Paar,et al.  Stealthy dopant-level hardware Trojans: extended version , 2014, Journal of Cryptographic Engineering.

[2]  Avesta Sasan,et al.  Full-Lock: Hard Distributions of SAT instances for Obfuscating Circuits using Fully Configurable Logic and Routing Blocks , 2019, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[3]  Ulf Schlichtmann,et al.  TimingCamouflage: Improving circuit security against counterfeiting by unconventional timing , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[4]  Swarup Bhunia,et al.  SURF: Joint Structural Functional Attack on Logic Locking , 2019, 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[5]  Ramesh Karri,et al.  On Improving the Security of Logic Locking , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[6]  Qihang Shi,et al.  Golden Gates: A New Hybrid Approach for Rapid Hardware Trojan Detection using Testing and Imaging , 2019, 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[7]  Jeyavijayan Rajendran,et al.  Removal Attacks on Logic Locking and Camouflaging Techniques , 2020, IEEE Transactions on Emerging Topics in Computing.

[8]  Swaroop Ghosh,et al.  TOIC: Timing Obfuscated Integrated Circuits , 2019, ACM Great Lakes Symposium on VLSI.

[9]  Qihang Shi,et al.  Probing Assessment Framework and Evaluation of Antiprobing Solutions , 2019, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[10]  Jianguo Yang,et al.  A Logic Resistive Memory Chip for Embedded Key Storage With Physical Security , 2016, IEEE Transactions on Circuits and Systems II: Express Briefs.

[11]  Swarup Bhunia,et al.  VIm-Scan: A Low Overhead Scan Design Approach for Protection of Secret Key in Scan-Based Secure Chips , 2007, 25th IEEE VLSI Test Symposium (VTS'07).

[12]  Ramesh Karri,et al.  Test-mode-only scan attack and countermeasure for contemporary scan architectures , 2014, 2014 International Test Conference.

[13]  Sylvain Guilley,et al.  Cryptographically Secure Shield for Security IPs Protection , 2017, IEEE Transactions on Computers.

[14]  Debdeep Mukhopadhyay,et al.  Secured Flipped Scan-Chain Model for Crypto-Architecture , 2007, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[15]  Ozgur Sinanoglu,et al.  SARLock: SAT attack resistant logic locking , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[16]  Nidish Vashistha,et al.  Trojan Scanner: Detecting Hardware Trojans with Rapid SEM Imaging Combined with Image Processing and Machine Learning , 2018, ISTFA 2018: Conference Proceedings from the 44th International Symposium for Testing and Failure Analysis.

[17]  Bruno Rouzeyre,et al.  Test control for secure scan designs , 2005, European Test Symposium (ETS'05).

[18]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[19]  Haoting Shen,et al.  Nanopyramid: An Optical Scrambler Against Backside Probing Attacks , 2018, ISTFA 2018: Conference Proceedings from the 44th International Symposium for Testing and Failure Analysis.

[20]  Meng Li,et al.  Cyclic Obfuscation for Creating SAT-Unresolvable Circuits , 2017, ACM Great Lakes Symposium on VLSI.

[21]  Jeyavijayan Rajendran,et al.  Provably-Secure Logic Locking: From Theory To Practice , 2017, CCS.

[22]  Avi Mendelson,et al.  Exploiting the Scan Side Channel for Reverse Engineering of a VLSI Device , 2016 .

[23]  Sergei Skorobogatov Hardware Security Implications of Reliability, Remanence, and Recovery in Embedded Memory , 2018, J. Hardw. Syst. Secur..

[24]  Sergei Skorobogatov,et al.  Reverse Engineering Flash EEPROM Memories Using Scanning Electron Microscopy , 2016, CARDIS.

[25]  Jean-Pierre Seifert,et al.  Breaking and entering through the silicon , 2013, CCS.

[26]  Jeyavijayan Rajendran,et al.  Security analysis of logic obfuscation , 2012, DAC Design Automation Conference 2012.

[27]  Mark Mohammad Tehranipoor,et al.  A low-cost solution for protecting IPs against scan-based side-channel attacks , 2006, 24th IEEE VLSI Test Symposium.

[28]  Deepak Sirone,et al.  Functional Analysis Attacks on Logic Locking , 2018, IEEE Transactions on Information Forensics and Security.

[29]  Lionel Torres,et al.  A survey on security features in modern FPGAs , 2015, 2015 10th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC).

[30]  Christian Boit,et al.  On charge sensors for FIB attack detection , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[31]  Shahrzad Keshavarz,et al.  Threshold-based obfuscated keys with quantifiable security against invasive readout , 2017, 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[32]  Donglin Su,et al.  Secure Scan and Test Using Obfuscation Throughout Supply Chain , 2018, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[33]  Georg Sigl,et al.  The Low Area Probing Detector as a Countermeasure Against Invasive Attacks , 2018, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[34]  Ramesh Karri,et al.  Secure scan: a design-for-test architecture for crypto chips , 2005, Proceedings. 42nd Design Automation Conference, 2005..

[35]  Mark Mohammad Tehranipoor,et al.  Covert Gates: Protecting Integrated Circuits with Undetectable Camouflaging , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[36]  Christof Paar,et al.  Physical Design Obfuscation of Hardware: A Comprehensive Investigation of Device and Logic-Level Techniques , 2019, IEEE Transactions on Information Forensics and Security.

[37]  Adit D. Singh,et al.  SSTKR: Secure and Testable Scan Design through Test Key Randomization , 2011, 2011 Asian Test Symposium.

[38]  Michel Renovell,et al.  Scan Design and Secure Chip , 2004, IOLTS.

[39]  Stephan Borel,et al.  A Novel Structure for Backside Protection Against Physical Attacks on Secure Chips or SiP , 2018, 2018 IEEE 68th Electronic Components and Technology Conference (ECTC).

[40]  Jeyavijayan Rajendran,et al.  CamoPerturb: Secure IC camouflaging for minterm protection , 2016, 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[41]  Mark Mohammad Tehranipoor,et al.  Comparative Analysis of Hardware Obfuscation for IP Protection , 2017, ACM Great Lakes Symposium on VLSI.

[42]  Swarup Bhunia,et al.  SAIL: Machine Learning Guided Structural Analysis Attack on Hardware Obfuscation , 2018, 2018 Asian Hardware Oriented Security and Trust Symposium (AsianHOST).

[43]  Jean-Pierre Seifert,et al.  On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs , 2017, CCS.

[44]  Sayak Ray,et al.  Evaluating the security of logic encryption algorithms , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[45]  Debdeep Mukhopadhyay,et al.  CryptoScan: A Secured Scan Chain Architecture , 2005, 14th Asian Test Symposium (ATS'05).

[46]  Nur A. Touba,et al.  Improving logic obfuscation via logic cone analysis , 2015, 2015 16th Latin-American Test Symposium (LATS).

[47]  Jarrod A. Roy,et al.  EPIC: Ending Piracy of Integrated Circuits , 2008, 2008 Design, Automation and Test in Europe.

[48]  Christof Paar,et al.  The End of Logic Locking? A Critical View on the Security of Logic Locking , 2019, IACR Cryptol. ePrint Arch..

[49]  Ramesh Karri,et al.  New scan-based attack using only the test mode , 2013, 2013 IFIP/IEEE 21st International Conference on Very Large Scale Integration (VLSI-SoC).

[50]  Jean-Pierre Seifert,et al.  PUFMon: Security monitoring of FPGAs using physically unclonable functions , 2017, 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS).

[51]  Domenic Forte,et al.  Novel Bypass Attack and BDD-based Tradeoff Analysis Against All Known Logic Locking Attacks , 2017, CHES.

[52]  Mark Mohammad Tehranipoor,et al.  Securing Scan Design Using Lock and Key Technique , 2005, 20th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT'05).

[53]  Mark Mohammad Tehranipoor,et al.  Securing Designs against Scan-Based Side-Channel Attacks , 2007, IEEE Transactions on Dependable and Secure Computing.

[54]  Jeyavijayan Rajendran,et al.  Fault Analysis-Based Logic Encryption , 2015, IEEE Transactions on Computers.

[55]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[56]  Giorgio Di Natale,et al.  A novel differential scan attack on advanced DFT structures , 2013, ACM Trans. Design Autom. Electr. Syst..

[57]  Bruno Rouzeyre,et al.  Secure scan techniques: a comparison , 2006, 12th IEEE International On-Line Testing Symposium (IOLTS'06).

[58]  David Naccache,et al.  Random Active Shield , 2012, 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[59]  Avesta Sasan,et al.  Threats on Logic Locking: A Decade Later , 2019, ACM Great Lakes Symposium on VLSI.

[60]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[61]  Yu Huang,et al.  Effects of Embedded Decompression and Compaction Architectures on Side-Channel Attack Resistance , 2007, 25th IEEE VLSI Test Symposium (VTS'07).

[62]  David Naccache,et al.  Cryptographically secure shields , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[63]  Alfred L. Crouch,et al.  A call to action: Securing IEEE 1687 and the need for an IEEE test Security Standard , 2015, 2015 IEEE 33rd VLSI Test Symposium (VTS).

[64]  Xiangyu Zhang,et al.  Incremental SAT-Based Reverse Engineering of Camouflaged Logic Circuits , 2017, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[65]  Ken Mai,et al.  A secure camouflaged threshold voltage defined logic family , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[66]  Giorgio Di Natale,et al.  Are advanced DfT structures sufficient for preventing scan-attacks? , 2012, 2012 IEEE 30th VLSI Test Symposium (VTS).

[67]  Youhua Shi,et al.  Dynamically changeable secure scan architecture against scan-based side channel attack , 2012, 2012 International SoC Design Conference (ISOCC).

[68]  Christian Boit,et al.  Assessment of a Chip Backside Protection , 2018, J. Hardw. Syst. Secur..

[69]  Rosa Rodríguez Montañés,et al.  Backside polishing detector: a new protection against backside attacks , 2015 .

[70]  Sandip Ray,et al.  System-on-chip security architecture and CAD framework for hardware patch , 2018, 2018 23rd Asia and South Pacific Design Automation Conference (ASP-DAC).

[71]  Igor L. Markov,et al.  Protecting integrated circuits from piracy with test-aware logic locking , 2014, 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[72]  Ken Mai,et al.  A secure camouflaged logic family using post-manufacturing programming with a 3.6GHz adder prototype in 65nm CMOS at 1V nominal VDD , 2018, 2018 IEEE International Solid - State Circuits Conference - (ISSCC).

[73]  Chien-Mo James Li,et al.  IEEE 1500 Compatible Secure Test Wrapper For Embedded IP Cores , 2008, 2008 IEEE International Test Conference.

[74]  Giorgio Di Natale,et al.  Scan Attacks and Countermeasures in Presence of Scan Response Compactors , 2011, 2011 Sixteenth IEEE European Test Symposium.

[75]  Georg Sigl,et al.  Detection of probing attempts in secure ICs , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[76]  Meng Li,et al.  AppSAT: Approximately deobfuscating integrated circuits , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[77]  Ankur Srivastava,et al.  Anti-SAT: Mitigating SAT Attack on Logic Locking , 2019, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[78]  Qihang Shi,et al.  Probing Attacks on Integrated Circuits: Challenges and Research Opportunities , 2017, IEEE Design & Test.

[79]  Mark Mohammad Tehranipoor,et al.  Physical Inspection & Attacks: New Frontier in Hardware Security , 2018, 2018 IEEE 3rd International Verification and Security Workshop (IVSW).

[80]  Romain Desplats,et al.  Oxide charge measurements in EEPROM devices , 2005, Microelectron. Reliab..

[81]  Jean-Pierre Seifert,et al.  Laser Fault Attack on Physically Unclonable Functions , 2015, 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[82]  Swarup Bhunia,et al.  HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection , 2009, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[83]  Ronald P. Cocchi,et al.  Circuit camouflage integration for hardware IP protection , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[84]  Joseph Zambreno,et al.  Preventing IC Piracy Using Reconfigurable Logic Barriers , 2010, IEEE Design & Test of Computers.

[85]  David Z. Pan,et al.  On the Impossibility of Approximation-Resilient Circuit Locking , 2019, 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[86]  Meng Li,et al.  Cross-Lock: Dense Layout-Level Interconnect Locking using Cross-bar Architectures , 2018, ACM Great Lakes Symposium on VLSI.

[87]  Douglas B. Fuller Chip Design in China and India: Multinationals, Industry Structure and Development Outcomes in the Integrated Circuit Industry , 2014 .

[88]  Siddharth Garg,et al.  Logic Locking for Secure Outsourced Chip Fabrication: A New Attack and Provably Secure Defense Mechanism , 2017, ArXiv.

[89]  Tim Güneysu,et al.  Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering , 2009, CHES.

[90]  Yan Solihin,et al.  i-NVMM: A secure non-volatile main memory system with incremental encryption , 2011, 2011 38th Annual International Symposium on Computer Architecture (ISCA).

[91]  Jun Yang,et al.  Improving memory encryption performance in secure processors , 2005, IEEE Transactions on Computers.

[92]  Ujjwal Guin,et al.  TAAL: Tampering Attack on Any Key-based Logic Locked Circuits , 2019, ArXiv.

[93]  Giorgio Di Natale,et al.  Scan chain encryption for the test, diagnosis and debug of secure circuits , 2017, 2017 22nd IEEE European Test Symposium (ETS).

[94]  Jean-Pierre Seifert,et al.  Key Extraction using Thermal Laser Stimulation: A Case Study on Xilinx Ultrascale FPGAs , 2018, IACR Cryptol. ePrint Arch..

[95]  Jeyavijayan Rajendran,et al.  Security analysis of integrated circuit camouflaging , 2013, CCS.