HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection
01 Oct 2009-IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (IEEE)-Vol. 28, Iss: 10, pp 1493-1502
TL;DR: Simulation results for a set of ISCAS-89 benchmark circuits and the advanced-encryption-standard IP core show that high levels of security can be achieved at less than 5% area and power overhead under delay constraint.
Abstract: Hardware intellectual-property (IP) cores have emerged as an integral part of modern system-on-chip (SoC) designs. However, IP vendors are facing major challenges to protect hardware IPs from IP piracy. This paper proposes a novel design methodology for hardware IP protection using netlist-level obfuscation. The proposed methodology can be integrated in the SoC design and manufacturing flow to simultaneously obfuscate and authenticate the design. Simulation results for a set of ISCAS-89 benchmark circuits and the advanced-encryption-standard IP core show that high levels of security can be achieved at less than 5% area and power overhead under delay constraint.
Citations
More filters
18 Jul 2014
TL;DR: This paper systematizes the current knowledge in this emerging field, including a classification of threat models, state-of-the-art defenses, and evaluation metrics for important hardware-based attacks.
Abstract: The multinational, distributed, and multistep nature of integrated circuit (IC) production supply chain has introduced hardware-based vulnerabilities. Existing literature in hardware security assumes ad hoc threat models, defenses, and metrics for evaluation, making it difficult to analyze and compare alternate solutions. This paper systematizes the current knowledge in this emerging field, including a classification of threat models, state-of-the-art defenses, and evaluation metrics for important hardware-based attacks.
514 citations
Cites background from "HARPOON: An Obfuscation-Based SoC D..."
...Section VII concludes the paper....
[...]
...Section III details IP piracy and IC overbuilding....
[...]
03 Jun 2012
TL;DR: This work demonstrates that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output, and develops techniques to fix this vulnerability and make obfuscation truly exponential in thenumber of inserted keys.
Abstract: Due to globalization of Integrated Circuit (IC) design flow, rogue elements in the supply chain can pirate ICs, overbuild ICs, and insert hardware trojans. EPIC [1] obfuscates the design by randomly inserting additional gates; only a correct key makes the design to produce correct outputs. We demonstrate that an attacker can decipher the obfuscated nctlist, in a time linear to the number of keys, by sensitizing the key values to the output. We then develop techniques to fix this vulnerability and make obfuscation truly exponential in the number of inserted keys.
489 citations
15 Jul 2014
TL;DR: This tutorial will provide a review of some of the existing counterfeit detection and avoidance methods, and discuss the challenges ahead for implementing these methods, as well as the development of new Detection and avoidance mechanisms.
Abstract: As the electronic component supply chain grows more complex due to globalization, with parts coming from a diverse set of suppliers, counterfeit electronics have become a major challenge that calls for immediate solutions. Currently, there are a few standards and programs available that address the testing for such counterfeit parts. However, not enough research has yet addressed the detection and avoidance of all counterfeit partsVrecycled, remarked, overproduced, cloned, out-of-spec/defective, and forged documentationVcurrently infiltrating the electronic component supply chain. Even if they work initially, all these parts may have reduced lifetime and pose reliability risks. In this tutorial, we will provide a review of some of the existing counterfeit detection and avoidance methods. We will also discuss the challenges ahead for im- plementing these methods, as well as the development of new detection and avoidance mechanisms.
424 citations
Cites methods from "HARPOON: An Obfuscation-Based SoC D..."
...This locking is mostly done in three ways: 1) initializing ICs to a locked state on power-up [20]; 2) combinational locking by scattering xor gates randomly throughout the design [71]–[73]; and 3) adding a finitestate machine (FSM) which is initially locked and can be unlocked only with the correct sequence of primary inputs [70], [74]....
[...]
TL;DR: This work relates logic encryption to fault propagation analysis in IC testing and develop a fault analysis-based logic encryption technique that enables a designer to controllably corrupt the outputs.
Abstract: Globalization of the integrated circuit (IC) design industry is making it easy for rogue elements in the supply chain to pirate ICs, overbuild ICs, and insert hardware Trojans. Due to supply chain attacks, the IC industry is losing approximately $4 billion annually. One way to protect ICs from these attacks is to encrypt the design by inserting additional gates such that correct outputs are produced only when specific inputs are applied to these gates. The state-of-the-art logic encryption technique inserts gates randomly into the design, but does not necessarily ensure that wrong keys corrupt the outputs. Our technique ensures that wrong keys corrupt the outputs. We relate logic encryption to fault propagation analysis in IC testing and develop a fault analysis-based logic encryption technique. This technique enables a designer to controllably corrupt the outputs. Specifically, to maximize the ambiguity for an attacker, this technique targets 50% Hamming distance between the correct and wrong outputs (ideal case) when a wrong key is applied. Furthermore, this 50% Hamming distance target is achieved using a smaller number of additional gates when compared to random logic encryption.
420 citations
Cites background or methods from "HARPOON: An Obfuscation-Based SoC D..."
...Hamming distancebetween the outputs of designs on applying the correct key and a randomwrong key: (a) Random insertion of XORs in ISCAS designs [6], [7], [11], (b) fault analysis-based insertion of XORs in ISCASdesigns, (c) random insertion of XORs inOpenSPARC [6], [7], [11], and (d) fault analysis-based insertion of XORs in OpenSPARC units....
[...]
...In sequential logic encryption, additional logic (black) states are introduced in the state transition graph [3], [11], [12]....
[...]
...Thus, as highlighted in [11], it becomes necessary to produce wrong outputs for many input patterns for a random, wrong key....
[...]
...9 shows the power, delay, and area overhead of the benchmarks that are encrypted with the number of key-gates listed in Table 3 using random insertion [6], [7], [11] and the proposed fault-analysis based insertion....
[...]
...Logic encryption techniques can thwart an untrusted foundry from illegally copying, reverse engineering, overproducing the IC design [3], [5]–[8], [11], and Trojan insertion [12]....
[...]
04 Nov 2013
TL;DR: The feasibility of identifying the functionality of camouflaged gates is analyzed and techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering are proposed.
Abstract: Camouflaging is a layout-level technique that hampers an attacker from reverse engineering by introducing, in one embodiment, dummy contacts into the layout. By using a mix of real and dummy contacts, one can camouflage a standard cell whose functionality can be one of many. If an attacker cannot resolve the functionality of a camouflaged gate, he/she will extract an incorrect netlist. In this paper, we analyze the feasibility of identifying the functionality of camouflaged gates. We also propose techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering. Furthermore, we judiciously select gates to camouflage by using techniques which ensure that the outputs of the extracted netlist are controllably corrupted. The techniques leverage IC testing principles such as justification and sensitization. The proposed techniques are evaluated using ISCAS benchmark circuits and OpenSparc T1 microprocessor controllers.
385 citations
Cites background from "HARPOON: An Obfuscation-Based SoC D..."
...In sequential logic obfuscation, additional logic (black) states are introduced in the finite state machine (FSM) of a design [23, 29]....
[...]
References
More filters
10 Mar 2008
TL;DR: A novel comprehensive technique to end piracy of integrated circuits (EPIC), which requires that every chip be activated with an external key, which can only be generated by the holder of IP rights, and cannot be duplicated.
Abstract: As semiconductor manufacturing requires greater capital investments, the use of contract foundries has grown dramatically, increasing exposure to mask theft and unauthorized excess production. While only recently studied, IC piracy has now become a major challenge for the electronics and defense industries [6].We propose a novel comprehensive technique to end piracy of integrated circuits (EPIC). It requires that every chip be activated with an external key, which can only be generated by the holder of IP rights, and cannot be duplicated. EPIC is based on (i) automatically-generated chip IDs, (ii) a novel combinational locking algorithm, and (iii) innovative use of public-key cryptography. Our evaluation suggests that the overhead of EPIC on circuit delay and power is negligible, and the standard flows for verification and test do not require change. In fact, major required components have already been integrated into several chips in production. We also use formal methods to evaluate combinational locking and computational attacks. A comprehensive protocol analysis concludes that EPIC is surprisingly resistant to various piracy attempts.
639 citations
"HARPOON: An Obfuscation-Based SoC D..." refers background in this paper
...1(a) against an ordinary two-input AND gate will report four possible input vectors with en = 1 as failing patterns....
[...]
TL;DR: Watermarking-based IP protection as mentioned in this paper addresses IP protection by tracing unauthorized reuse and making untraceable unauthorized reuse as difficult as recreating given pieces of IP from scratch, where a watermark is a mechanism for identification that is nearly invisible to human and machine inspection; difficult to remove; and permanently embedded as an integral part of the design.
Abstract: Digital system designs are the product of valuable effort and know-how. Their embodiments, from software and hardware description language program down to device-level netlist and mask data, represent carefully guarded intellectual property (IP). Hence, design methodologies based on IP reuse require new mechanisms to protect the rights of IP producers and owners. This paper establishes principles of watermarking-based IP protection, where a watermark is a mechanism for identification that is: (1) nearly invisible to human and machine inspection; (2) difficult to remove; and (3) permanently embedded as an integral part of the design. Watermarking addresses IP protection by tracing unauthorized reuse and making untraceable unauthorized reuse as difficult as recreating given pieces of IP from scratch. We survey related work in cryptography and design methodology, then develop desiderata, metrics, and concrete protocols for constraint-based watermarking at various stages of the very large scale integration (VLSI) design process. In particular, we propose a new preprocessing approach that embeds watermarks as constraints into the input of a black-box design tool and a new postprocessing approach that embeds watermarks as constraints into the output of a black-box design tool. To demonstrate that our protocols can be transparently integrated into existing design flows, we use a testbed of commercial tools for VLSI physical design and embed watermarks into real-world industrial designs. We show that the implementation overhead is low-both in terms of central processing unit time and such standard physical design metrics as wirelength, layout area, number of vias, and routing congestion. We empirically show that the placement and routing applications considered in our methods achieve strong proofs of authorship and are resistant to tampering and do not adversely influence timing.
220 citations
"HARPOON: An Obfuscation-Based SoC D..." refers background or methods in this paper
...Previous work on IP protection can be broadly classified into two main categories: 1) obfuscationbased protection and 2) authentication-based protection....
[...]
...…trying to determine the functionality of an obfuscated gate-level IP core can take resort to either of the following ways: 1) simulation-based reverse engineering to determine functionality of the design or 2) structural analysis of the netlist to identify and isolate the original design from the…...
[...]
05 Nov 2007
TL;DR: In this article, the authors proposed a remote activation scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy by replication of a few states of the finite state machine and adding control to the state transitions.
Abstract: We introduce a remote activation scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy. Remote activation enables designers to lock each working IC and to then remotely enable it. The new method exploits inherent unclonable variability in modern manufacturing for unique identification (ID) and integrated the IDs into the circuit functionality. The objectives are realized by replication of a few states of the finite state machine (FSM) and adding control to the state transitions. On each chip, the added control signals are a function of the unique IDs and are thus unclonable. On standard benchmark circuits, the experimental results show that the novel activation method is stable, unclonable, attack-resilient, while having a low overhead and a unique key for each IC.
194 citations
10 Nov 2008
TL;DR: A novel design methodology for hardware IP protection and authentication using netlist level authentication is proposed and can be integrated in the SoC design and manufacturing flow to provide hardware protection to the IP vendors, the chip designer, and the system designer.
Abstract: Hardware intellectual property (IP) cores have emerged as an integral part of modern system-on-chip (SoC) designs. However, IP vendors are facing major challenges to protect hardware IPs and to prevent revenue loss due to IP piracy. In this paper, we propose a novel design methodology for hardware IP protection and authentication using netlist level authentication. The proposed methodology can be integrated in the SoC design and manufacturing flow to provide hardware protection to the IP vendors, the chip designer, and the system designer. Simulation results on ISCAS-89 benchmark circuits show that we can achieve high levels of security through a well-formulated obfuscation scheme at less than 10% area overhead under delay constraint.
143 citations
[...]
TL;DR: This work introduces the first hardware metering scheme that enables reliable low overhead proofs for the number of manufactured parts and establishes the connection between the requirements for hardware and synthesis process.
Abstract: We introduce the first hardware metering scheme that enables reli-able low overhead proofs for the number of manufactured parts. The key idea is to make each design slightly different. Therefore, if two identical hardware designs or a design that is not reported by the foundry are detected, the design house has proof of miscon-duct. We start by establishing the connection between the require-ments for hardware and synthesis process. Furthermore, we present mathematical analysis of statistical accuracy of the pro-posed hardware metering scheme. The effectiveness of the meter-ing scheme is demonstrated on a number of designs.
138 citations
"HARPOON: An Obfuscation-Based SoC D..." refers background in this paper
...Previous work on IP protection can be broadly classified into two main categories: 1) obfuscationbased protection and 2) authentication-based protection....
[...]