Xueyan Wang,Xiaotao Jia,Qiang Zhou,Yici Cai,Jianlei Yang,Mingze Gao,Gang Qu

DOI: https://doi.org/10.1145/2902961.2903000

2016-01-01

Abstract:Circuit obfuscation techniques have been proposed to conceal circuit's functionality in order to thwart reverse engineering (RE) attacks to integrated circuits (IC). We believe that a good obfuscation method should have low design complexity and low performance overhead, yet, causing high RE attack complexity. However, existing obfuscation techniques do not meet all these requirements. In this paper, we propose a polynomial obfuscation scheme which leverages special designed multiplexers (MUXs) to replace judiciously selected logic gates. Candidate to-be-obfuscated logic gates are selected based on a novel gate classification method which utilizes IC topological structure information. We show that this scheme is resilient to all the known attacks, hence it is secure. Experiments are conducted on ISCAS 85/89 and MCNC benchmark suites to evaluate the performance overhead due to obfuscation.

Kaveh Shamsi,Meng Li,Travis Meade,Zheng Zhao,David Z. Pan,Yier Jin

DOI: https://doi.org/10.1145/3060403.3060494

2017-01-01

Abstract:This paper provides a systematization of knowledge in the domain of integrated circuit protection through obfuscation with a focus on the recent Boolean satisfiability (SAT) attacks. The study systematically combines real-world IC reverse engineering reports, experimental results using the most recent oracle-guided attacks, and concepts in machine-learning and cryptography to draw a map of the state-of-the-art of IC obfuscation and future challenges and opportunities.

Kaveh Shamsi,Meng Li,Travis Meade,Zheng Zhao,David Z. Pan,Yier Jin

DOI: https://doi.org/10.1145/3060403.3060458

2017-01-01

Abstract:Logic locking and IC camouflaging are proactive circuit obfuscation methods that if proven secure can thwart hardware attacks such as reverse engineering and IP theft. However, the security of both these schemes is called into question by recent SAT based attacks. While a number of methods have been proposed in literature that exponentially increase the running time of such attacks, they are vulnerable to \"findand-remove\" attacks, and only slightly hide the circuit functionality. In this paper, we present a novel approach towards creating SAT attack resiliency based on creating densely cyclic obfuscated circuit topologies by adding dummy paths to the circuit. Our methodology is applicable to both IC camouflaging and logic locking. We demonstrate that cyclic logic locking creates SAT resilient circuits with 40% less area and 20% less delay compared to an insecure XOR/XNOR-obfuscation with the same key length. Furthermore, we show that cyclic IC camouflaging can be implemented at the layout level with no substrate area overhead and little delay and power overhead with respect to the original circuit.

Jianlei Yang,Xueyan Wang,Qiang Zhou,Zhaohao Wang,Hai Li,Yiran Chen,Weisheng Zhao

DOI: https://doi.org/10.1109/tcad.2018.2802870

IF: 2.9

2019-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Circuit obfuscation is a frequently used approach to conceal logic functionalities in order to prevent reverse engineering attacks on fabricated chips. Efficient obfuscation implementations are expected with lower design complexity and overhead but higher attack difficulties. In this paper, an emerging obfuscation approach is proposed by leveraging spin-orbit torque (SOT) devices-based look-up-tables as reconfigurable logic to replace the carefully selected gates. It is essentially impossible to identify the obfuscated gate with SOTs inside according to the physical geometry characteristics because the configured functionalities are represented by magnetization states. Such an obfuscation approach makes the circuit security further improved with high exponential attack complexities. Experiments on MCNC and ISCAS 85/89 benchmark suits show that the proposed approach could reduce the area overheads due to obfuscation by 10% averagely.

Kaveh Shamsi,Meng Li,Travis Meade,Zheng Zhao,David Z. Pan,Yier Jin

DOI: https://doi.org/10.1109/HST.2017.7951805

2017-01-01

Abstract:In today's diversified semiconductor supply-chain, protecting intellectual property (IP) and maintaining manufacturing integrity are important concerns. Circuit obfuscation techniques such as logic encryption and IC camouflaging can potentially defend against a majority of supply-chain threats such as stealthy malicious design modification, IP theft, overproduction, and cloning.Recently, a Boolean Satisfiability (SAT) based attack, namely the SAT attack has been able to deobfuscate almost all traditional circuit obfuscation schemes, and as a result, a number of defense solutions have been proposed in literature. All these defenses are based on the implicit assumption that the attacker needs a perfect deobfuscation accuracy which may not be true in many practical cases. Therefore, in this paper by relaxing the exactness constraint on deobfuscation, we propose the AppSAT attack, an approximate deobfuscation algorithm based on the SAT attack and random testing. We show how the AppSAT attack can deobfuscate 68 out of the 71 benchmark circuits that were obfuscated with state-of-the-art SAT attack defenses with an accuracy of 1/n, n being the number of inputs. AppSAT shows that with current SAT attack defenses there will be a trade-off between exact-attack resiliency and approximation resiliency.

Abdulrahman Alaql,Swarup Bhunia

DOI: https://doi.org/10.48550/arXiv.2010.15329

2020-10-29

Abstract:Hardware IP protection has been one of the most critical areas of research in the past years. Recently, attacks on hardware IPs (such as reverse engineering or cloning) have evolved as attackers have developed sophisticated techniques. Therefore, hardware obfuscation has been introduced as a powerful tool to protect IPs against piracy attacks. However, many recent attempts to break existing obfuscation methods have been successful in unlocking the IP and restoring its functionality. In this paper, we propose SARO, a Scalable Attack-Resistant Obfuscation that provides a robust functional and structural design transformation process. SARO treats the target circuit as a graph, and performs a partitioning algorithm to produce a set of sub-graphs, then applies our novel Truth Table Transformation (T3) process to each partition. We also propose the $T3_{metric}$, which is developed to quantify the structural and functional design transformation level caused by the obfuscation process. We evaluate SARO on ISCAS85 and EPFL benchmarks, and provide full security and performance analysis of our proposed framework.

Cryptography and Security

Subrata Das,Swaroop Ghosh

2023-06-29

Abstract:The success of quantum circuits in providing reliable outcomes for a given problem depends on the gate count and depth in near-term noisy quantum computers. Quantum circuit compilers that decompose high-level gates to native gates of the hardware and optimize the circuit play a key role in quantum computing. However, the quality and time complexity of the optimization process can vary significantly especially for practically relevant large-scale quantum circuits. As a result, third-party (often less-trusted/untrusted) compilers have emerged, claiming to provide better and faster optimization of complex quantum circuits than so-called trusted compilers. However, untrusted compilers can pose severe security risks, such as the theft of sensitive intellectual property (IP) embedded within the quantum circuit. We propose an obfuscation technique for quantum circuits using randomized reversible gates to protect them from such attacks during compilation. The idea is to insert a small random circuit into the original circuit and send it to the untrusted compiler. Since the circuit function is corrupted, the adversary may get incorrect IP. However, the user may also get incorrect output post-compilation. To circumvent this issue, we concatenate the inverse of the random circuit in the compiled circuit to recover the original functionality. We demonstrate the practicality of our method by conducting exhaustive experiments on a set of benchmark circuits and measuring the quality of obfuscation by calculating the Total Variation Distance (TVD) metric. Our method achieves TVD of up to 1.92 and performs at least 2X better than a previously reported obfuscation method. We also propose a novel adversarial reverse engineering (RE) approach and show that the proposed obfuscation is resilient against RE attacks. The proposed technique introduces minimal degradation in fidelity (~1% to ~3% on average).

Quantum Physics,Cryptography and Security

Zain Ul Abideen,Sumathi Gokulanathan,Muayad J. Aljafar,Samuel Pagliarini

DOI: https://doi.org/10.1145/3677118

IF: 16.6

2024-07-09

ACM Computing Surveys

Abstract:Building and maintaining a silicon foundry is a costly endeavor that requires substantial financial investment. From this scenario, the semiconductor business has largely shifted to a fabless model where the Integrated Circuit (IC) supply chain is globalized but potentially untrusted. In recent years, several hardware obfuscation techniques have emerged to thwart hardware security threats related to untrusted IC fabrication. Reconfigurable-based obfuscation schemes have shown great promise of security against state-of-the-art attacks – these are techniques that rely on the transformation of static logic configurable elements such as Look Up Tables (LUTs). This survey provides a comprehensive analysis of reconfigurable-based obfuscation techniques, evaluating their overheads and enumerating their effectiveness against all known attacks. The techniques are also classified based on different factors, including the technology used, element type, and IP type. Additionally, we present a discussion on the advantages of reconfigurable-based obfuscation techniques when compared to Logic Locking techniques and the challenges associated with evaluating these techniques on hardware, primarily due to the lack of tapeouts. The survey’s findings are essential for researchers interested in hardware obfuscation and future trends in this area.

computer science, theory & methods

Kaveh Shamsi,Meng Li,David Z. Pan,Yier Jin

DOI: https://doi.org/10.23919/DATE.2019.8715053

2019-01-01

Abstract:Logic locking and IC camouflaging are two promising techniques for thwarting an array of supply chain threats. Logic locking can hide the design from the foundry as well as end-users and IC camouflaging can thwart IC reverse engineering by end-users. Oracle-guided SAT-based deobfuscation attacks against these schemes have made it more and more difficult to securely implement them with low overhead. Almost all of the literature on SAT attacks is focused on combinational circuits. A recent first implementation of oracle-guided attacks on sequential circuits showed a drastic increase in deobfuscation time versus combinational circuits. In this paper we show that integrating the sequential SAT-attack with incremental bounded-model-checking, and dynamic simplification of key-conditions (Key-Condition Crunching or KC2), we are able to reduce the runtime of sequential SAT-attacks by two orders of magnitude across benchmark circuits, significantly reducing the gap between sequential and combinational deobfuscation. These techniques are applicable to combinational deobfuscation as well and thus represent a generic improvement to deobfuscation procedures and help better understand the complexity of deobfuscation for designing secure locking/camouflaging schemes.

Hui Xu,Yangfan Zhou,Yu Kang,Michael R. Lyu

DOI: https://doi.org/10.48550/arXiv.1710.01139

2017-10-03

Abstract:Program obfuscation is a widely employed approach for software intellectual property protection. However, general obfuscation methods (e.g., lexical obfuscation, control obfuscation) implemented in mainstream obfuscation tools are heuristic and have little security guarantee. Recently in 2013, Garg et al. have achieved a breakthrough in secure program obfuscation with a graded encoding mechanism and they have shown that it can fulfill a compelling security property, i.e., indistinguishability. Nevertheless, the mechanism incurs too much overhead for practical usage. Besides, it focuses on obfuscating computation models (e.g., circuits) rather than real codes. In this paper, we aim to explore secure and usable obfuscation approaches from the literature. Our main finding is that currently we still have no such approaches made secure and usable. The main reason is we do not have adequate evaluation metrics concerning both security and performance. On one hand, existing code-oriented obfuscation approaches generally evaluate the increased obscurity rather than security guarantee. On the other hand, the performance requirement for model-oriented obfuscation approaches is too weak to develop practical program obfuscation solutions.

Cryptography and Security,Software Engineering

Xueyan Wang,Qiang Zhou,Yici Cai,Gang Qu

DOI: https://doi.org/10.1145/3060403.3060493

2017-01-01

Abstract:Gate camouflaging has emerged as a leading proactive countermeasure for reverse engineering (RE) attacks. However, a recently proposed circuit partition attack (CPA) can significantly reduce the complexity of revealing the original design from a camouflaged circuit. In this paper, we first conduct an empirical study on how CPA can facilitate the state-of-the-art de-camouflaging methods to perform more efficient attacks. We then study how an equivalent class guided camouflaging approach may thwart these de-camouflaging attempts and re-establish the defense against RE. Experimental results demonstrate that (1) CPA is an effective pre-processing technique to boost de-camouflaging methods, and (2) Equivalent class guided camouflaging technique is resilient against the union of CPA and existing de-camouflaging methods.

Kimia Zamiri Azar,Hadi Mardani Kamali,Houman Homayoun,Avesta Sasan

DOI: https://doi.org/10.46586/tches.v2019.i1.97-122

2018-11-09

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:In this paper, we introduce the Satisfiability Modulo Theory (SMT) attack on obfuscated circuits. The proposed attack is the superset of Satisfiability (SAT) attack, with many additional features. It uses one or more theory solvers in addition to its internal SAT solver. For this reason, it is capable of modeling far more complex behaviors and could formulate much stronger attacks. In this paper, we illustrate that the use of theory solvers enables the SMT to carry attacks that are not possible by SAT formulated attacks. As an example of its capabilities, we use the SMT attack to break a recent obfuscation scheme that uses key values to alter delay properties (setup and hold time) of a circuit to remain SAT hard. Considering that the logic delay is not a Boolean logical property, the targeted obfuscation mechanism is not breakable by a SAT attack. However, in this paper, we illustrate that the proposed SMT attack, by deploying a simple graph theory solver, can model and break this obfuscation scheme in few minutes. We describe how the SMT attack could be used in one of four different attack modes: (1) We explain how SMT attack could be reduced to a SAT attack, (2) how the SMT attack could be carried out in Eager, and (3) Lazy approach, and finally (4) we introduce the Accelerated SMT (AccSMT) attack that offers significant speed-up to SAT attack. Additionally, we explain how AccSMT attack could be used as an approximate attack when facing SMT-Hard obfuscation schemes.

English Else

Isaac McDaniel,Michael Zuzak,Ankur Srivastava

DOI: https://doi.org/10.1145/3674903

IF: 1.447

2024-07-09

ACM Transactions on Design Automation of Electronic Systems

Abstract:Logic obfuscation is a prominent approach to protect intellectual property within integrated circuits during fabrication. Many attacks on logic locking have been proposed, particularly in the Boolean satifiability (SAT) attack family, leading to the development of stronger obfuscation techniques. Some obfuscation techniques, including Full-Lock and InterLock, resist SAT attacks by inserting SAT-hard instances into the design, making the SAT attack infeasible. In this work, we observe that this class of obfuscation leaves most of the original design topology visible to an attacker, who can reverse-engineer the original design given the functionality of the SAT-hard instance. We show that an attacker can expose the SAT-hard instance functionality of Full-Lock or InterLock with a polynomial number of queries of its inputs and outputs. We then develop a mathematical framework showing how the functionality can be inferred using only a black-box oracle, as is commonly used in attacks in the literature. Using this framework, we develop a novel attack that allows a SAT-capable attacker to efficiently unlock designs obfuscated with Full-Lock. Our attack recovers the intellectual property from these obfuscation techniques that were previously thought secure. We empirically demonstrate the potency of our novel sensitization attack against benchmark circuits obfuscated with Full-Lock.

computer science, software engineering, hardware & architecture

Ning Ding,Dawu Gu

DOI: https://doi.org/10.1007/978-3-642-21031-0_30

2011-01-01

Abstract:Obfuscating programs is a fascinating area of cryptography. The known general method of obfuscating programs with tamper-proof hardware is to first transform a program P to the corresponding ensemble of circuits and then apply the known obfuscation for circuits, e.g. the one by Goyal et al. in TCC'10, to obfuscate some circuit in the ensemble. We think there may exist two shortcomings in this method. One is the size of the obfuscated circuit is polynomial in P's running-time instead of P's length. Another one is that the obfuscated circuit can only be run on inputs of fixed length instead of inputs of any length.In this paper we propose a general and efficient obfuscation for programs rather than circuits with tamper-proof hardware. The size of our obfuscated program for P is polynomial in P's length and the program can by run on an arbitrary polynomially long input.

Kimia Zamiri Azar,Hadi Mardani Kamali,Farimah Farahmandi,Mark Tehranipoor

DOI: https://doi.org/10.1109/tifs.2024.3357286

IF: 7.231

2024-02-06

IEEE Transactions on Information Forensics and Security

Abstract:With the globalization and distribution of the semiconductor supply chain, intellectual property (IP) protection has become a necessity. Recent years have witnessed a surge of interest in logic locking as a proactive IP protection solution. However, in recent years, we also have seen an increase in logic/circuit de-obfuscation attacks that put the strength of logic locking at risk. One of these attacks on locked circuits is the bounded-model-checker (BMC)-based attack, where the adversary has limited access to the design-for-testability (DFT) (known as scan chain). While the BMC-based attack is widely known as an algorithmic attack, numerous studies show that the attack lacks scalability since it has two unrolling factors: sequential unrolling and miter duplication. Inspired by straightforward heuristics widely used for satisfiability problems in the computer science SAT community, in this paper, we will explore a set of methodologies that can have a significant impact on mitigating the BMC attack's scalability issue. For this purpose, through the BMC attack process, we explore the efficacy of "restart" and "initialization" on the attack performance, in which we apply some modification on the locked design before ("initialization") or within ("restart") the BMC execution. By applying "restart" and "initialization" in numerous different configurations, our experimental results show >85% consistent improvement in the BMC attack that can lead to a stronger algorithmic attack scenario on logic locking.

computer science, theory & methods,engineering, electrical & electronic

Yu Yu,Jussipekka Leiwo,Benjamin Premkumar

DOI: https://doi.org/10.1007/11780656_15

2006-01-01

Abstract:Circuit/program obfuscation, if possible, would have a number of applications to cryptography and software protection. Unfortunately, negative results have been given by Barak et al. [1] that universal obfuscators (for circuits or programs) do not exist. In other words, given a circuit, an adversary might obtain more information (e.g. core algorithm) other than its input-output behavior. In this paper, we discuss the problem of circuit obfuscation under a weaker assumption where the adversary knows only partial information regarding the circuit, namely, the circuit topology (i.e., all information regarding the circuit except the functionalities of its gates), then how can C be obfuscated such that the circuit topology of the resulting circuit C′ (denoted by Topo(C′)) discloses nothing substantial? In practice, the scenario corresponds to that a reverse engineer attempts to illegally copy a circuit by passively analyzing how its gates are inter-wired. Our results are quite positive: there exist efficient circuit topology obfuscation algorithms that transform every circuit C with size s to circuit C′ with the same input-output behavior, size slog3s and depth slog(logs), where Topo(C′) reveals nothing more than circuit size, input length and output length in an information-theoretic sense.

Ning Ding,Dawu Gu

DOI: https://doi.org/10.1007/978-3-642-21518-6_34

2011-01-01

Abstract:In recent years, theoretical cryptography community has focused on a fascinating research line of obfuscating programs (circuits). Loosely speaking, obfuscating a program P is to construct a new program which can preserve P's functionality, but its code is fully "unintelligent". No adversary can understand the obfuscated program or reverse-engineering it.In TCC'10, Goyal et al. showed how to obfuscate any circuit (program) with tamer-proof (stateless) hardware. In their construction, the hardware executes most computation and the software executes a few, and the software needs to interact with the hardware Theta(z) times if the original circuit is of size z. Thus if a user wants to gain the outputs of the obfuscated circuit on different inputs, be cannot fast the computation by running multiple instances of the obfuscated circuit concurrently well.In this paper we propose an alternative construction of obfuscating circuits (programs) with tamper-proof hardware. The notable characters of our construction are that the required hardware is still universal in obfuscating circuits and that for a specific circuit the computation on the instantiated hardware is independent of the size of the circuit. When a user runs multiple instances of the obfuscated circuit with different inputs concurrently, the software and hardware have reasonable computation load and thus the entire computation can run almost in parallel and thus be fasten.

Shahrzad Keshavarz,Daniel Holcomb

DOI: https://doi.org/10.48550/arXiv.1708.07150

2017-10-26

Abstract:Advances in reverse engineering make it challenging to deploy any on-chip information in a way that is hidden from a determined attacker. A variety of techniques have been proposed for design obfuscation including look-alike cells in which functionality is determined by hard to observe mechanisms including dummy vias or transistor threshold voltages. Threshold-based obfuscation is especially promising because threshold voltages cannot be observed optically and require more sophisticated measurements by the attacker. In this work, we demonstrate the effectiveness of a methodology that applies threshold-defined behavior to memory cells, in combination with error correcting codes to achieve a high degree of protection against invasive reverse engineering. The combination of error correction and small threshold manipulations is significant because it makes the attacker's job harder without compromising the reliability of the obfuscated key. We present analysis to quantify key reliability of our approach, and its resistance to reverse engineering attacks that seek to extract the key through imperfect measurement of transistor threshold voltages. The security analysis and cost metrics we provide allow designers to make a quantifiable tradeoff between cost and security. We find that the combination of small threshold offsets and stronger error correcting codes are advantageous when security is the primary objective.

Cryptography and Security

Meng Li,Kaveh Shamsi,Yier Jin,David Z. Pan

DOI: https://doi.org/10.1109/test.2018.8624671

2018-01-01

Abstract:In order to counter advanced reverse engineering techniques, various integrated circuit (IC) camouflaging methods are proposed to protect hardware intellectual property (IP) proactively. For example, a timing-based camouflaging strategy is developed recently representing a new class of parametric camouflaging strategies. Unlike traditional IC camouflaging techniques that directly hide the circuit functionality, the new parametric strategies obfuscate the circuit timing schemes, which in turn protects the circuit functionality and invalidates all the existing attacks. In this paper, we propose a SAT attack, named TimingSAT, to analyze the security of such timing-based camouflaging strategies. We demonstrate that with a proper transformation of the camouflaged netlist, traditional SAT attacks are still effective to decamouflage the new protection methods. The correctness of the resolved circuit functionality is formally proved. While a direct implementation of TimingSAT suffers from poor scalability, we propose a simplification procedure to significantly enhance the attack efficiency without sacrificing the correctness of the decamouflaged netlist. The efficiency and effectiveness of TimingSAT is validated with extensive experimental results.

Xueyan Wang,Qiang Zhou,Yici Cai,Gang Qu

DOI: https://doi.org/10.1016/j.vlsi.2018.10.009

IF: 1.345

2018-01-01

Integration

Abstract:As one of the most effective proactive countermeasures against reverse engineering, circuit camouflaging has emerged to be a hot research topic and it is becoming a mature technology with the development of various de-camouflaging attacks. Among them, the SAT-based method is the most powerful one to defeat circuit camouflaging. However, SAT-based attacks have scalability problem due to the complexity of the underlying SAT solvers, and straightforward approach to parallelize SAT-based attacks will fail. In this article, we propose a novel parallelization framework for SAT-based attacks, which consists of a two-level partition method (independent module partitioning and k-medoids clustering), together with a novel conflict avoidance strategy. Specifically, we first break down the camouflaged netlist into multiple independent modules that can be solved in parallel. However, any good circuit camouflaging approach should produce one or multiple large modules. To solve this problem, we further apply the k -medoids algorithm to partition the large modules into multiple “high cohesion” and “low coupling” clusters. Utilizing the relative independence of these clusters, we propose a two-stage attack method to avoid conflicts among clusters. Experimental results on OpenSparc T1 microprocessor controller demonstrate that our approach can on average reduce the scales of the SAT formulas by more than 50%, reduce the attack iteration number by 45%, and achieves on average 3.6× and maximum 10× speed up over the best-known SAT-based de-camouflaging tool.