[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
research-article

The SAT Attack on IC Camouflaging: Impact and Potential Countermeasures

Published: 01 August 2020 Publication History

Abstract

Integrated circuit (IC) camouflaging is a promising defense against so-called IC extraction attacks that seek to reverse engineer the netlist of a packaged IC using delayering and imaging techniques. Camouflaging works by hiding the Boolean functionality of selected gates in the netlist from reverse engineering, albeit at the cost of increased gate area and power. The intuitive security claim then is that the attacker cannot infer the netlist’s exact Boolean functionality. This paper describes a powerful class of attacks on IC camouflaging referred to as SAT attacks; the attacks use the input/output (I/O) behavior of a functional camouflaged IC along with the Boolean satisfiability (SAT)-based inference to reverse the Boolean functionalities of camouflaged gates. The SAT attack is rooted in a foundational complexity theory mindset and is shown to defeat defenses that previously claimed to secure against even the most determined adversaries. This paper then highlights the subsequent impact of the SAT attack in terms of new SAT-resilient defenses that emerged, their vulnerability to enhancements of the SAT attack, and implications of the attack on provably secure defense mechanisms.

References

[1]
SEMI. Innovation Is at Risk: Losses of Up to $4 Billion Annually Due to IP Infringement. Accessed: May 2014. [Online]. Available: http://www.semi.org/en/Issues/IntellectualProperty/ssLINK/P043785
[2]
ChipWorks. Reverse Engineering Software. Accessed: May 2014. [Online]. Available: http://www.chipworks.com/en/technical-competitive-analysis/resources/reerse-engineering-software
[3]
Degate. Reverse Engineering Integrated Circuits With Degate. Accessed: May 2014. [Online]. Available: http://www.degate.org/documentation/
[4]
ChipWorks. Inside the Apple Lightning Cable. Accessed: Oct. 2012. [Online]. Available: http://www.chipworks.com/en/technical-competitive-analysis/resources/blog/inside-the-apple-lightning-cable/
[5]
R. Torrance. The State-of-the-Art in Semiconductor Reverse Engineering at Chipworks. Accessed: Jul. 2014. [Online]. Available: http://www.chesworkshop.org/ches2009/presentations/12_Invited_Talk_III/CHES2009_torrance.pdf
[6]
J. Rajendran, M. Sam, O. Sinanoglu, and R. Karri, “Security analysis of integrated circuit camouflaging,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security (CCS), Berlin, Germany, 2013, pp. 709–720. [Online]. Available: http://doi.acm.org/10.1145/2508859.2516656
[7]
SypherMedia. Syphermedia Library Circuit Camouflage Technology. Accessed: May 2014. [Online]. Available: http://www.smi.tv/solutions.htm
[8]
I. T. AG. Semiconductor & System Solutions—Infineon Technologies. Accessed: Aug. 2014. [Online]. Available: http://www.infineon.com/
[9]
M. El Massad, S. Garg, and M. V. Tripunitara, “Integrated circuit (IC) decamouflaging: Reverse engineering camouflaged ICS within minutes.” in Proc. NDSS, 2015, pp. 1–14.
[10]
P. Subramanyan, S. Ray, and S. Malik, “Evaluating the security of logic encryption algorithms,” in Proc. IEEE Int. Symp. Hardw. Orient. Security Trust (HOST), 2015, pp. 137–143.
[11]
M. Yasin and O. Sinanoglu, “Transforming between logic locking and IC camouflaging,” in Proc. IDT, 2015, pp. 1–4.
[12]
N. Eén and N. Sörensson, “An extensible SAT-solver,” in Proc. Int. Conf. Theory Appl. Satisfiability Test., May 2003, pp. 502–518.
[13]
M. Yasin, A. Sengupta, M. T. Nabeel, M. Ashraf, J. J. Rajendran, and O. Sinanoglu, “Provably-secure logic locking: From theory to practice,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security, 2017, pp. 1601–1618.
[14]
S. Arora and B. Barak, Computational Complexity: A Modern Approach. Cambridge, U.K.: Cambridge Univ. Press, 2009. [Online]. Available: http://books.google.ca/books?id=nGvI7cOuOOQC
[15]
S. Jha, S. Gulwani, S. A. Seshia, and A. Tiwari, “Oracle-guided component-based program synthesis,” in Proc. ACM/IEEE 32nd Int. Conf. Softw. Eng., vol. 1, 2010, pp. 215–224.
[16]
M. R. Garey and D. S. Johnson, Computers and Intractability; A Guide to the Theory of NP-Completeness. New York, NY, USA: Freeman, 1990.
[17]
F. Brglez, “Neutral netlist of 10 combinational benchmark circuits and a target translator in FORTRAN,” in Proc. IEEE Int. Symp. Circuits Syst., Jun. 1985, pp. 663–698.
[18]
F. Brglez, D. Bryan, and K. Kozminski, “Combinational profiles of sequential benchmark circuits,” in Proc. IEEE Int. Symp. Circuits Syst., 1989, pp. 1929–1934.
[19]
M. Yasin, B. Mazumdar, J. J. Rajendran, and O. Sinanoglu, “SARLock: SAT attack resistant logic locking,” in Proc. IEEE Int. Symp. Hardw. Orient. Security Trust (HOST), 2016, pp. 236–241.
[20]
Y. Xie and A. Srivastava, “Mitigating SAT attack on logic locking,” in Proc. Int. Conf. Cryptograph. Hardw. Embedded Syst., 2016, pp. 127–146.
[21]
M. Liet al., “Provably secure camouflaging strategy for IC protection,” IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., to be published.
[22]
M. Yasin, B. Mazumdar, O. Sinanoglu, and J. Rajendran, “Security analysis of Anti-SAT,” in Proc. 22nd Asia South Pac. Design Autom. Conf. (ASP-DAC), 2017, pp. 342–347.
[23]
X. Xu, B. Shakya, M. M. Tehranipoor, and D. Forte, “Novel bypass attack and BDD-based tradeoff analysis against all known logic locking attacks,” in Proc. Int. Conf. Cryptograph. Hardw. Embedded Syst., 2017, pp. 189–210.
[24]
Y. Shen, A. Rezaei, and H. Zhou, “SAT-based bit-flipping attack on logic encryptions,” in Proc. Design Autom. Test Europe Conf. Exhibit. (DATE), 2018, pp. 629–632.
[25]
M. Yasin, A. Sengupta, B. C. Schafer, Y. Makris, O. Sinanoglu, and J. J. Rajendran, “What to lock: Functional and parametric locking,” in Proc. ACM Great Lakes Symp. VLSI, 2017, pp. 351–356.
[26]
M. Yasin, B. Mazumdar, O. Sinanoglu, and J. Rajendran, “CamoPerturb: secure IC camouflaging for minterm protection,” in Proc. IEEE/ACM Int. Conf. Comput.-Aided Design (ICCAD), 2016, pp. 1–8.
[27]
Y. Shen and H. Zhou, “Double DIP: Re-evaluating security of logic encryption algorithms,” in Proc. ACM Great Lakes Symp. VLSI, 2017, pp. 179–184.
[28]
K. Shamsi, M. Li, T. Meade, Z. Zhao, D. Z. Pan, and Y. Jin, “AppSAT: Approximately deobfuscating integrated circuits,” in Proc. IEEE Int. Symp. Hardw. Orient. Security Trust (HOST), 2017, pp. 95–100.
[29]
M. Yasin, B. Mazumdar, O. Sinanoglu, and J. Rajendran, “Removal attacks on logic locking and camouflaging techniques,” IEEE Trans. Emerg. Topics Comput., to be published.
[30]
A. Sengupta, M. Nabeel, M. Yasin, and O. Sinanoglu, “ATPG-based cost-effective, secure logic locking,” in Proc. IEEE 36th VLSI Test Symp. (VTS), 2018, pp. 1–6.
[31]
H. Zhou, “A humble theory and application for logic encryption,” Cryptol. ePrint Archive, Rep. 2017/696, 2017. [Online]. Available: https://eprint.iacr.org
[32]
D. Mitchell, B. Selman, and H. Levesque, “Hard and easy distributions of SAT problems,” in Proc. AAAI, vol. 92, 1992, pp. 459–465.
[33]
K. Shamsi, M. Li, T. Meade, Z. Zhao, D. Z. Pan, and Y. Jin, “Cyclic obfuscation for creating SAT-unresolvable circuits,” in Proc. ACM Great Lakes Symp. VLSI, 2017, pp. 173–178.
[34]
H. Zhou, R. Jiang, and S. Kong, “CycSAT: SAT-based attack on cyclic logic encryptions,” in Proc. IEEE 36th Int. Conf. Comput.-Aided Design, 2017, pp. 49–56.
[35]
S. Roshanisefat, H. M. Kamali, and A. Sasan, “SRCLock: SAT-resistant cyclic logic locking for protecting the hardware,” in Proc. ACM Great Lakes Symp. VLSI, 2018, pp. 153–158.
[36]
D. Liu, C. Yu, X. Zhang, and D. E. Holcomb, “Oracle-guided incremental SAT solving to reverse engineer camouflaged logic circuits,” in Proc. Design Autom. Test Europe Conf. Exhibit. (DATE), 2016, pp. 433–438.
[37]
C. Yu, X. Zhang, D. Liu, M. Ciesielski, and D. Holcomb, “Incremental SAT-based reverse engineering of camouflaged logic circuits,” IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., vol. 36, no. 10, pp. 1647–1659, Oct. 2017.
[38]
X. Wang, Q. Zhou, Y. Cai, and G. Qu, “A conflict-free approach for parallelizing SAT-based de-camouflaging attacks,” in Proc. IEEE 23rd Asia South Pac. Design Autom. Conf., 2018, pp. 259–264.
[39]
X. Wang, Q. Zhou, Y. Cai, and G. Qu, “Parallelizing SAT-based de-camouflaging attacks by circuit partitioning and conflict avoiding,” Integration, vol. 67, pp. 108–120, Jul. 2019.
[40]
X. Wang, Q. Zhou, Y. Cai, and G. Qu, “An empirical study on gate camouflaging methods against circuit partition attack,” in Proc. ACM Great Lakes Symp. VLSI, 2017, pp. 345–350.
[41]
K. Juretus and I. Savidis, “Time domain sequential locking for increased security,” in Proc. IEEE Int. Symp. Circuits Syst. (ISCAS), 2018, pp. 1–5.
[42]
T. Meade, Z. Zhao, S. Zhang, D. Pan, and Y. Jin, “Revisit sequential logic obfuscation: Attacks and defenses,” in Proc. IEEE Int. Symp. Circuits Syst. (ISCAS), 2017, pp. 1–4.
[43]
M. El Massad, S. Garg, and M. Tripunitara, “Reverse engineering camouflaged sequential circuits without scan access,” in Proc. IEEE/ACM Int. Conf. Comput.-Aided Design (ICCAD), 2017, pp. 33–40.
[44]
A. Bogdanov, D. Khovratovich, and C. Rechberger, “Biclique cryptanalysis of the full AES,” in Proc. Int. Conf. Theory Appl. Cryptol. Inf. Security, 2011, pp. 344–371.
[45]
M. Bellare and P. Rogaway, Introduction to Modern Cryptography, vol. 207, CSE, UCSD, San Diego, CA, USA, 2005, p. 207.
[46]
M. Yasin, J. J. V. Rajendran, O. Sinanoglu, and R. Karri, “On improving the security of logic locking,” IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., vol. 35, no. 9, pp. 1411–1424, Sep. 2016.
[47]
J. Borghoffet al., “Prince—A low-latency block cipher for pervasive computing applications,” in Proc. Int. Conf. Theory Appl. Cryptol. Inf. Security, 2012, pp. 208–225.
[48]
A. Bogdanovet al., “PRESENT: An ultra-lightweight block cipher,” in Proc. Int. Workshop Cryptograph. Hardw. Embedded Syst., 2007, pp. 450–466.
[49]
Y.-C. Chen, “Enhancements to SAT attack: Speedup and breaking cyclic logic encryption,” ACM Trans. Design Autom. Electron. Syst., vol. 23, no. 4, p. 52, 2018.
[50]
W. T. Lee, “Engineering a device for electron-beam probing,” IEEE Design Test Comput., vol. 6, no. 3, pp. 36–42, Jun. 1989.
[51]
R. Torrance and D. James, “The state-of-the-art in IC reverse engineering,” in Proc. Cryptograph. Hardw. Embedded Syst. (CHES), 2009, pp. 363–381.
[52]
J. P. Baukus, L. W. Chow, and W. M. Clark, Jr., “Digital circuit with transistor geometry and channel stops providing camouflage against reverse engineering,” U.S. Patent 5 783 846, Jul. 21, 1998.
[53]
L.-W. Chow, J. P. Baukus, and W. M. Clark, Jr., “Integrated circuits protected against reverse engineering and method for fabricating the same using vias without metal terminations,” U.S. Patent 6 791 191, Sep. 14, 2004.
[54]
M. Manjappaet al., “Reconfigurable MEMS fano metasurfaces with multiple-input–output states for logic operations at terahertz frequencies,” Nat. Commun., vol. 9, no. 1, p. 4056, 2018.
[55]
V. S. Rathor, B. Garg, and G. K. Sharma, “New light weight threshold voltage defined camouflaged gates for trustworthy designs,” J. Electron. Test., vol. 33, no. 5, pp. 657–668, 2017.
[56]
S. Patnaik, N. Rangarajan, J. Knechtel, O. Sinanoglu, and S. Rakheja, “Advancing hardware security using polymorphic and stochastic spin-hall effect devices,” in Proc. Design Autom. Test Europe Conf. Exhibit. (DATE), 2018, pp. 97–102.
[57]
M. I. M. Collantes, M. El Massad, and S. Garg, “Threshold-dependent camouflaged cells to secure circuits against reverse engineering attacks,” in Proc. IEEE Comput. Soc. Annu. Symp. VLSI (ISVLSI), 2016, pp. 443–448.
[58]
B. Erbagci, C. Erbagci, N. E. C. Akkaya, and K. Mai, “A secure camouflaged threshold voltage defined logic family,” in Proc. IEEE Int. Symp. Hardw. Orient. Security Trust (HOST), 2016, pp. 229–235.
[59]
F. Parveen, Z. He, S. Angizi, and D. Fan, “Hybrid polymorphic logic gate with 5-terminal magnetic domain wall motion device,” in Proc. IEEE Comput. Soc. Annu. Symp. VLSI (ISVLSI), 2017, pp. 152–157.
[60]
A. Baumgarten, A. Tyagi, and J. Zambreno, “Preventing IC piracy using reconfigurable logic barriers,” IEEE Design Test Comput., vol. 27, no. 1, pp. 66–75, Jan./Feb. 2010.
[61]
B. Liu and B. Wang, “Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks,” in Proc. Conf. Design Autom. Test Europe, 2014, p. 243.
[62]
S. Patnaik, M. Ashra, J. Knechtel, and O. Sinanoglu, “Obfuscating the interconnects: Low-cost and resilient full-chip layout camouflaging,” in Proc. IEEE/ACM Int. Conf. Comput.-Aided Design (ICCAD), 2017, pp. 41–48.
[63]
Y. Xie and A. Srivastava, “Delay locking: Security enhancement of logic locking against IC counterfeiting and overproduction,” in Proc. 54th Annu. Design Autom. Conf., 2017, p. 9.
[64]
M. Zaman, A. Sengupta, D. Liu, O. Sinanoglu, Y. Makris, and J. J. Rajendran, “Towards provably-secure performance locking,” in Proc. Design Autom. Test Europe Conf. Exhibit. (DATE), 2018, pp. 1592–1597.
[65]
A. Chakraborty, Y. Liu, and A. Srivastava, “TimingSAT: Timing profile embedded SAT attack,” in Proc. ACM Int. Conf. Comput.-Aided Design, 2018, p. 6.
[66]
A. Sengupta and S. P. Mohanty, “Functional obfuscation of DSP cores using robust logic locking and encryption,” in Proc. IEEE Comput. Soc. Annu. Symp. VLSI (ISVLSI), 2018, pp. 709–713.
[67]
A. Sengupta, D. Kachave, and D. Roy, “Low cost functional obfuscation of reusable IP cores used in CE hardware through robust locking,” IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., vol. 38, no. 4, pp. 604–616, Apr. 2019.
[68]
C. Pilato, F. Regazzoni, R. Karri, and S. Garg, “TAO: Techniques for algorithm-level obfuscation during high-level synthesis,” in Proc. ACM 55th Annu. Design Autom. Conf., 2018, p. 155.
[69]
J. Wang, C. Shi, A. C. Sanabria-Borbon, E. Sánchez-Sinencio, and J. Hu, “Thwarting analog IC piracy via combinational locking,” in Proc. IEEE Int. Test Conf. (ITC), 2017, pp. 1–10.
[70]
N. G. Jayasankaran, A. S. Borbon, E. Sanchez-Sinencio, J. Hu, and J. Rajendran, “Towards provably-secure analog and mixed-signal locking against overproduction,” in Proc. ACM Int. Conf. Comput.-Aided Design, 2018, p. 7.

Cited By

View all
  • (2023)TimingCamouflage+ DecamouflagedProceedings of the Great Lakes Symposium on VLSI 202310.1145/3583781.3590238(575-580)Online publication date: 5-Jun-2023
  • (2021)PhaseCamouflage: Leveraging Adiabatic Operation to Thwart Reverse EngineeringIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2021.307856729:7(1285-1296)Online publication date: 1-Jul-2021

Index Terms

  1. The SAT Attack on IC Camouflaging: Impact and Potential Countermeasures
        Index terms have been assigned to the content through auto-classification.

        Recommendations

        Comments

        Please enable JavaScript to view thecomments powered by Disqus.

        Information & Contributors

        Information

        Published In

        cover image IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
        IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems  Volume 39, Issue 8
        Aug. 2020
        200 pages

        Publisher

        IEEE Press

        Publication History

        Published: 01 August 2020

        Qualifiers

        • Research-article

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)0
        • Downloads (Last 6 weeks)0
        Reflects downloads up to 01 Jan 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2023)TimingCamouflage+ DecamouflagedProceedings of the Great Lakes Symposium on VLSI 202310.1145/3583781.3590238(575-580)Online publication date: 5-Jun-2023
        • (2021)PhaseCamouflage: Leveraging Adiabatic Operation to Thwart Reverse EngineeringIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2021.307856729:7(1285-1296)Online publication date: 1-Jul-2021

        View Options

        View options

        Media

        Figures

        Other

        Tables

        Share

        Share

        Share this Publication link

        Share on social media