Other affiliations: University of California, Duke University, University of California, San Diego ...read more
Bio: Ozgur Sinanoglu is an academic researcher from New York University Abu Dhabi. The author has contributed to research in topics: Scan chain & Automatic test pattern generation. The author has an hindex of 35, co-authored 267 publications receiving 5391 citations. Previous affiliations of Ozgur Sinanoglu include University of California & Duke University.
Papers published on a yearly basis
••03 Jun 2012
TL;DR: This work demonstrates that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output, and develops techniques to fix this vulnerability and make obfuscation truly exponential in thenumber of inserted keys.
Abstract: Due to globalization of Integrated Circuit (IC) design flow, rogue elements in the supply chain can pirate ICs, overbuild ICs, and insert hardware trojans. EPIC  obfuscates the design by randomly inserting additional gates; only a correct key makes the design to produce correct outputs. We demonstrate that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output. We then develop techniques to fix this vulnerability and make obfuscation truly exponential in the number of inserted keys.
TL;DR: This work relates logic encryption to fault propagation analysis in IC testing and develop a fault analysis-based logic encryption technique that enables a designer to controllably corrupt the outputs.
Abstract: Globalization of the integrated circuit (IC) design industry is making it easy for rogue elements in the supply chain to pirate ICs, overbuild ICs, and insert hardware Trojans. Due to supply chain attacks, the IC industry is losing approximately $4 billion annually. One way to protect ICs from these attacks is to encrypt the design by inserting additional gates such that correct outputs are produced only when specific inputs are applied to these gates. The state-of-the-art logic encryption technique inserts gates randomly into the design, but does not necessarily ensure that wrong keys corrupt the outputs. Our technique ensures that wrong keys corrupt the outputs. We relate logic encryption to fault propagation analysis in IC testing and develop a fault analysis-based logic encryption technique. This technique enables a designer to controllably corrupt the outputs. Specifically, to maximize the ambiguity for an attacker, this technique targets 50% Hamming distance between the correct and wrong outputs (ideal case) when a wrong key is applied. Furthermore, this 50% Hamming distance target is achieved using a smaller number of additional gates when compared to random logic encryption.
••04 Nov 2013
TL;DR: The feasibility of identifying the functionality of camouflaged gates is analyzed and techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering are proposed.
Abstract: Camouflaging is a layout-level technique that hampers an attacker from reverse engineering by introducing, in one embodiment, dummy contacts into the layout. By using a mix of real and dummy contacts, one can camouflage a standard cell whose functionality can be one of many. If an attacker cannot resolve the functionality of a camouflaged gate, he/she will extract an incorrect netlist. In this paper, we analyze the feasibility of identifying the functionality of camouflaged gates. We also propose techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering. Furthermore, we judiciously select gates to camouflage by using techniques which ensure that the outputs of the extracted netlist are controllably corrupted. The techniques leverage IC testing principles such as justification and sensitization. The proposed techniques are evaluated using ISCAS benchmark circuits and OpenSparc T1 microprocessor controllers.
••03 May 2016
TL;DR: The proposed logic locking technique, referred to as SARLock, maximizes the required number of distinguishing input patterns to recover the secret key and thwarts the SAT attack by rendering the attack effort exponential in the number of bits in thesecret key, while its overhead grows only linearly.
Abstract: Logic locking is an Intellectual Property (IP) protection technique that thwarts IP piracy, hardware Trojans, reverse engineering, and IC overproduction. Researchers have taken multiple attempts in breaking logic locking techniques and recovering its secret key. A Boolean Satisfiability (SAT) based attack has been recently presented that breaks all the existing combinational logic locking techniques. In this paper, we develop a lightweight countermeasure against this and other attacks that aim at gradually pruning the key search space. Our proposed logic locking technique, referred to as SARLock, maximizes the required number of distinguishing input patterns to recover the secret key. SARLock thwarts the SAT attack by rendering the attack effort exponential in the number of bits in the secret key, while its overhead grows only linearly.
••30 Oct 2017
TL;DR: This paper proposes stripped-functionality logic locking (SFLL), which strips some of the functionality of the design and hides it in the form of a secret key(s), thereby rendering on-chip implementation functionally different from the original one.
Abstract: Logic locking has been conceived as a promising proactive defense strategy against intellectual property (IP) piracy, counterfeiting, hardware Trojans, reverse engineering, and overbuilding attacks. Yet, various attacks that use a working chip as an oracle have been launched on logic locking to successfully retrieve its secret key, undermining the defense of all existing locking techniques. In this paper, we propose stripped-functionality logic locking (SFLL), which strips some of the functionality of the design and hides it in the form of a secret key(s), thereby rendering on-chip implementation functionally different from the original one. When loaded onto an on-chip memory, the secret keys restore the original functionality of the design. Through security-aware synthesis that creates a controllable mismatch between the reverse-engineered netlist and original design, SFLL provides a quantifiable and provable resilience trade-off between all known and anticipated attacks. We demonstrate the application of SFLL to large designs (>100K gates) using a computer-aided design (CAD) framework that ensures attaining the desired security level at minimal implementation cost, 8%, 5%, and 0.5% for area, power, and delay, respectively. In addition to theoretical proofs and simulation confirmation of SFLL's security, we also report results from the silicon implementation of SFLL on an ARM Cortex-M0 microprocessor in 65nm technology.
01 Jan 1982
••05 May 2015
TL;DR: A SAT-based algorithm is presented which allows an attacker to “decrypt” an encrypted netlist using a small number of carefully-selected input patterns and their corresponding output observations and a “partial-break” algorithm that can reveal some of the key inputs even when the attack is not fully successful.
Abstract: Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. One class of techniques to combat these threats is logic encryption. Logic encryption modifies an IC design such that it operates correctly only when a set of newly introduced inputs, called key inputs, are set to the correct values. In this paper, we use algorithms based on satisfiability checking (SAT) to investigate the security of logic encryption. We present a SAT-based algorithm which allows an attacker to “decrypt” an encrypted netlist using a small number of carefully-selected input patterns and their corresponding output observations. We also present a “partial-break” algorithm that can reveal some of the key inputs even when the attack is not fully successful. We conduct a thorough evaluation of our attack by examining six proposals for logic encryption from the literature. We find that all of these are vulnerable to our attack. Among the 441 encrypted circuits we examined, we were able to decrypt 418 (95%). We discuss the strengths and limitations of our attack and suggest directions that may lead to improved logic encryption algorithms.
••15 Jul 2014
TL;DR: The threat of hardware Trojan attacks is analyzed; attack models, types, and scenarios are presented; different forms of protection approaches are discussed; and emerging attack modes, defenses, and future research pathways are described.
Abstract: Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.
01 Jul 2006
TL;DR: This book is a comprehensive guide to new DFT methods that will show the readers how to design a testable and quality product, drive down test cost, improve product quality and yield, and speed up time-to-market and time- to-volume.