scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A Chip-Level Anti-Reverse Engineering Technique

25 Jul 2018-ACM Journal on Emerging Technologies in Computing Systems (Association for Computing Machinery (ACM))-Vol. 14, Iss: 2, pp 29
TL;DR: In the proposed technique, transformable interconnects enable an IC chip to maintain functioning in normal use and to transform its physical structure into another pattern when exposed to invasive attacks.
Abstract: Protection of intellectual property (IP) is increasingly critical for IP vendors in the semiconductor industry. However, advanced reverse engineering techniques can physically disassemble the chip and derive the IPs at a much lower cost than the value of IP design that chips carry. This invasive hardware attack—obtaining information from IC chips—always violates the IP rights of vendors. The intent of this article is to present a chip-level reverse engineering resilient design technique. In the proposed technique, transformable interconnects enable an IC chip to maintain functioning in normal use and to transform its physical structure into another pattern when exposed to invasive attacks. The newly created pattern will significantly increase the difficulty of reverse engineering. Furthermore, to improve the effectiveness of the proposed technique, a systematic design method is developed targeting integrated circuits with multiple design constraints. Simulations have been conducted to demonstrate the capability of the proposed technique, which generates extremely large complexity for reverse engineering with manageable overhead.
Citations
More filters
16 Mar 1993
TL;DR: Giant and isotropic magnetoresistance as huge as −53% was observed in magnetic manganese oxide La0.72Ca0.25MnOz films with an intrinsic antiferromagnetic spin structure as discussed by the authors.
Abstract: Giant and isotropic magnetoresistance as huge as −53% was observed in magnetic manganese oxide La0.72Ca0.25MnOz films with an intrinsic antiferromagnetic spin structure. We ascribe this magnetoresistance to spin‐dependent electron scattering due to spin canting of the manganese oxide.

924 citations

Journal ArticleDOI
13 Nov 2017
TL;DR: This work proposes a novel LC scheme which is low-cost and generic — full-chip LC can finally be realized without any reservation and makes the flow publicly available, enabling the community to protect their sensitive designs.
Abstract: Layout camouflaging can protect the intellectual property of modern circuits. Most prior art, however, incurs excessive layout overheads and necessitates customization of active-device manufacturing processes, i.e., the front-end-of-line (FEOL). As a result, camouflaging has typically been applied selectively, which can ultimately undermine its resilience. Here, we propose a low-cost and generic scheme—full-chip camouflaging can be finally realized without reservations. Our scheme is based on obfuscating the interconnects, i.e., the back-end-of-line (BEOL), through design-time handling for real and dummy wires and vias. To that end, we implement custom, BEOL-centric obfuscation cells, and develop a CAD flow using industrial tools. Our scheme can be applied to any design and technology node without FEOL-level modifications. Considering its BEOL-centric nature, we advocate applying our scheme in conjunction with split manufacturing, to furthermore protect against untrusted fabs. We evaluate our scheme for various designs at the physical, DRC-clean layout level. Our scheme incurs a significantly lower cost than most of the prior art. Notably, for fully camouflaged layouts, we observe average power, performance, and area overheads of 24.96%, 19.06%, and 32.55%, respectively. We conduct a thorough security study addressing the threats (attacks) related to untrustworthy FEOL fabs (proximity attacks) and malicious end-users (SAT-based attacks). An empirical key finding is that only large-scale camouflaging schemes like ours are practically secure against powerful SAT-based attacks. Another key finding is that our scheme hinders both placement- and routing-centric proximity attacks; correct connections are reduced by $7.47\times $ , and complexity is increased by $24.15\times $ , respectively, for such attacks.

53 citations


Cites background or result from "A Chip-Level Anti-Reverse Engineeri..."

  • ...On the (lack of) resilience for [27]: Since our work is inspired to some degree by that of Chen et al....

    [...]

  • ...Since the exact locations of dummy wires and other details are not reported in [27], we insert N1–N3 wires randomly into the netlists available at our end....

    [...]

  • ...Columns N1, N2, and N3 quote the number of dummy wires, while limiting the delay overheads to 0%, 3%, and 5%, respectively, as proposed in [27]....

    [...]

  • ...During reverse engineering, the true Mg vias oxidize into MgO vias, rendering the differentiation of true and dummy vias difficult [27]....

    [...]

  • ...TABLE XII RUNTIME, IN SECONDS, FOR THE SAT-BASED ATTACK [15], [31] ON INTERCONNECTS OBFUSCATION [27] ON SELECTED ITC-99 BENCHMARKS...

    [...]

Proceedings ArticleDOI
05 May 2019
TL;DR: In this article, the authors review the landscape of IP protection techniques, which can be classified into logic locking, layout camouflaging, and split manufacturing, and discuss the history of these techniques, followed by state-of-theart advancements, relevant limitations, and scope for future work.
Abstract: The increasing cost of integrated circuit (IC) fabrication has driven most companies to "go fabless" over time. The corresponding outsourcing trend gave rise to various attack vectors, e.g., illegal overproduction of ICs, piracy of the design intellectual property (IP), or insertion of hardware Trojans (HTs). These attacks are possibly conducted by untrusted entities residing all over the supply chain, ranging from untrusted foundries, test facilities, even to end-users. To overcome this multitude of threats, various techniques have been proposed over the past decade. In this paper, we review the landscape of IP protection techniques, which can be classified into logic locking, layout camouflaging, and split manufacturing. We discuss the history of these techniques, followed by state-of-the-art advancements, relevant limitations, and scope for future work.

28 citations

Journal ArticleDOI
TL;DR: This paper demonstrates the superior resilience of the GSHE primitive when tailored for deterministic computing, and proposes an attack scheme called probabilistic SAT (PSAT) which can bypass the defense offered by logic locking and camouflaging for imprecise computing schemes.
Abstract: Protecting intellectual property (IP) has become a serious challenge for chip designers. Most countermeasures are tailored for CMOS integration and tend to incur excessive overheads, resulting from additional circuitry or device-level modifications. On the other hand, power density is a critical concern for sub-50 nm nodes, necessitating alternate design concepts. Although initially tailored for error-tolerant applications, imprecise computing has gained traction as a general-purpose design technique. Emerging devices are currently being explored to implement ultralow-power circuits for inexact computing applications. In this paper, we quantify the security threats of imprecise computing using emerging devices. More specifically, we leverage the innate polymorphism and tunable stochastic behavior of spin-orbit torque (SOT) devices, particularly, the giant spin-Hall effect (GSHE) switch. We enable IP protection (by means of logic locking and camouflaging) simultaneously for deterministic and probabilistic computing, directly at the GSHE device level. We conduct a comprehensive security analysis using state-of-the-art Boolean satisfiability (SAT) attacks; this paper demonstrates the superior resilience of our GSHE primitive when tailored for deterministic computing. We also demonstrate how probabilistic computing can thwart most, if not all, existing SAT attacks. Based on this finding, we propose an attack scheme called probabilistic SAT (PSAT) which can bypass the defense offered by logic locking and camouflaging for imprecise computing schemes. Further, we illustrate how careful application of our GSHE primitive can remain secure even on the application of the PSAT attack. Finally, we also discuss side-channel attacks and invasive monitoring, which are arguably even more concerning threats than SAT attacks.

14 citations


Cites background from "A Chip-Level Anti-Reverse Engineeri..."

  • ...It was also shown that dummy interconnects can become difficult to resolve during RE, as long as suitable materials, such as Mg and MgO are used [73], [87]....

    [...]

  • ...mented as nonconductive dummy interconnects [41], [73], Fig....

    [...]

Proceedings ArticleDOI
TL;DR: The landscape of IP protection techniques are reviewed, which can be classified into logic locking, layout camouflaging, and split manufacturing, and the history of these techniques are discussed, followed by state-of-the-art advancements, relevant limitations, and scope for future work.
Abstract: The increasing cost of integrated circuit (IC) fabrication has driven most companies to "go fabless" over time. The corresponding outsourcing trend gave rise to various attack vectors, e.g., illegal overproduction of ICs, piracy of the design intellectual property (IP), or insertion of hardware Trojans (HTs). These attacks are possibly conducted by untrusted entities residing all over the supply chain, ranging from untrusted foundries, test facilities, even to end-users. To overcome this multitude of threats, various techniques have been proposed over the past decade. In this paper, we review the landscape of IP protection techniques, which can be classified into logic locking, layout camouflaging, and split manufacturing. We discuss the history of these techniques, followed by state-of-the-art advancements, relevant limitations, and scope for future work.

9 citations

References
More filters
Journal ArticleDOI
TL;DR: The basic aspects of correlation analysis are discussed with examples given from professional journals and the interpretations and limitations of the correlation coefficient are focused on.
Abstract: A basic consideration in the evaluation of professional medical literature is being able to understand the statistical analysis presented. One of the more frequently reported statistical methods involves correlation analysis where a correlation coefficient is reported representing the degree of linear association between two variables. This article discusses the basic aspects of correlation analysis with examples given from professional journals and focuses on the interpretations and limitations of the correlation coefficient. No attention was given to the actual calculation of this statistical value.

1,890 citations


"A Chip-Level Anti-Reverse Engineeri..." refers background in this paper

  • ...whereX andY represent the bitstreams {xi } and {yi }, respectively, at two circuit nodes, n is the total number of bits used in estimation, and μX and μY are the average values of these two bitstreams [35]....

    [...]

Journal ArticleDOI
TL;DR: Giant and isotropic magnetoresistance as huge as −53% was observed in magnetic manganese oxide La0.72Ca0.25MnOz films with an intrinsic antiferromagnetic spin structure as mentioned in this paper.
Abstract: Giant and isotropic magnetoresistance as huge as −53% was observed in magnetic manganese oxide La0.72Ca0.25MnOz films with an intrinsic antiferromagnetic spin structure. We ascribe this magnetoresistance to spin‐dependent electron scattering due to spin canting of the manganese oxide.

995 citations


"A Chip-Level Anti-Reverse Engineeri..." refers background in this paper

  • ...On the other hand, MgO is a perfect insulator; the resistivity of MgO at room temperature is more than 1000 Ω·cm, in the same range of silicon dioxide [6]....

    [...]

16 Mar 1993
TL;DR: Giant and isotropic magnetoresistance as huge as −53% was observed in magnetic manganese oxide La0.72Ca0.25MnOz films with an intrinsic antiferromagnetic spin structure as discussed by the authors.
Abstract: Giant and isotropic magnetoresistance as huge as −53% was observed in magnetic manganese oxide La0.72Ca0.25MnOz films with an intrinsic antiferromagnetic spin structure. We ascribe this magnetoresistance to spin‐dependent electron scattering due to spin canting of the manganese oxide.

924 citations

Journal ArticleDOI
18 Jul 2014
TL;DR: This paper systematizes the current knowledge in this emerging field, including a classification of threat models, state-of-the-art defenses, and evaluation metrics for important hardware-based attacks.
Abstract: The multinational, distributed, and multistep nature of integrated circuit (IC) production supply chain has introduced hardware-based vulnerabilities. Existing literature in hardware security assumes ad hoc threat models, defenses, and metrics for evaluation, making it difficult to analyze and compare alternate solutions. This paper systematizes the current knowledge in this emerging field, including a classification of threat models, state-of-the-art defenses, and evaluation metrics for important hardware-based attacks.

514 citations


"A Chip-Level Anti-Reverse Engineeri..." refers methods in this paper

  • ...Also, physical unclonable functions (PUFs) have been used for anti-reverse engineering [25, 36]....

    [...]

Proceedings ArticleDOI
04 Nov 2013
TL;DR: The feasibility of identifying the functionality of camouflaged gates is analyzed and techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering are proposed.
Abstract: Camouflaging is a layout-level technique that hampers an attacker from reverse engineering by introducing, in one embodiment, dummy contacts into the layout. By using a mix of real and dummy contacts, one can camouflage a standard cell whose functionality can be one of many. If an attacker cannot resolve the functionality of a camouflaged gate, he/she will extract an incorrect netlist. In this paper, we analyze the feasibility of identifying the functionality of camouflaged gates. We also propose techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering. Furthermore, we judiciously select gates to camouflage by using techniques which ensure that the outputs of the extracted netlist are controllably corrupted. The techniques leverage IC testing principles such as justification and sensitization. The proposed techniques are evaluated using ISCAS benchmark circuits and OpenSparc T1 microprocessor controllers.

385 citations


"A Chip-Level Anti-Reverse Engineeri..." refers background in this paper

  • ...Other works, such as References [32, 38], targeted satisfiability checking based (SAT) attacks associated with reverse engineering....

    [...]

  • ...In Reference [38], the keys were divided into two parts: One part is connected to the original circuit to obfuscate its functionality, and the other part is connected to the Anti-SAT block to thwart the SAT attack....

    [...]

  • ...CCS Concepts: • Security and privacy → Hardware reverse engineering; • Hardware → Hard and soft IP ; Additional Key Words and Phrases: Anti-reverse engineering, transformable interconnect, hardware security, circuit camouflage ACM Reference format: Shuai Chen, Junlin Chen, and Lei Wang....

    [...]

  • ...In Reference [8], dummy interconnects were introduced and inserted into the circuit, and dummy vias are very difficult to detect during imaging process by introducing a MgO/Mg material pair....

    [...]

  • ...In Reference [3], Alkabani et al. introduced the technique to lock the initial state during power-up....

    [...]