SoC: a real platform for IP reuse, IP infringement, and IP protection
TL;DR: The IP-based SoC design flow is discussed to highlight the exact locations and the nature of infringements in the flow, identifies the adversaries, categorizes these infringements, and applies strategic analysis on the effectiveness of the existing IPP techniques for these categories of infringement.
Abstract: Increased design complexity, shrinking design cycle, and low cost--this three-dimensional demandmandates advent of system-onchip (SoC) methodology in semiconductor industry. The key concept of SoC is reuse of the intellectual property (IP) cores. Reuse of IPs on SoC increases the risk of misappropriation of IPs due to introduction of several new attacks and involvement of various parties as adversaries. Existing literature has huge number of proposals for IP protection (IPP) techniques to be incorporated in the IP design flow as well as in the SoC design methodology. However, these are quite scattered, limited in possibilities in multithreat environment, and sometimes mutually conflicting. Existing works need critical survey, proper categorization, and summarization to focus on the inherent tradeoff, existing security holes, and new research directions. This paper discusses the IP-based SoC design flow to highlight the exact locations and the nature of infringements in the flow, identifies the adversaries, categorizes these infringements, and applies strategic analysis on the effectiveness of the existing IPP techniques for these categories of infringements. It also clearly highlights recent challenges and new opportunities in this emerging field of research.
Citations
More filters
TL;DR: In the proposed technique, transformable interconnects enable an IC chip to maintain functioning in normal use and to transform its physical structure into another pattern when exposed to invasive attacks.
Abstract: Protection of intellectual property (IP) is increasingly critical for IP vendors in the semiconductor industry. However, advanced reverse engineering techniques can physically disassemble the chip and derive the IPs at a much lower cost than the value of IP design that chips carry. This invasive hardware attack—obtaining information from IC chips—always violates the IP rights of vendors. The intent of this article is to present a chip-level reverse engineering resilient design technique. In the proposed technique, transformable interconnects enable an IC chip to maintain functioning in normal use and to transform its physical structure into another pattern when exposed to invasive attacks. The newly created pattern will significantly increase the difficulty of reverse engineering. Furthermore, to improve the effectiveness of the proposed technique, a systematic design method is developed targeting integrated circuits with multiple design constraints. Simulations have been conducted to demonstrate the capability of the proposed technique, which generates extremely large complexity for reverse engineering with manageable overhead.
14 citations
Cites background from "SoC: a real platform for IP reuse, ..."
...Revealing the design details and physical implementations not only creates opportunities for illegal reproduction but also makes it easier for IP infringement, tampering, malicious alteration, and counterfeiting [1, 11, 28, 34]....
[...]
TL;DR: This paper proposes the first known approach to protect the authorship and the usage legitimacy of NoCs using specially designed routing, square spiral routing, which exploits routing redundancy inherent in the mesh NoCs and transports packets along the paths, which have very low probability to be taken under commonly used routing algorithms.
Abstract: Intellectual property (IP) core reuse is essential for the design process of system-on-chip (SoC). Network-on-chip (NoC) has been used as an independent IP core during SoC design. However, the NoC has not been protected via IP protection and paid attention on its innovations. This paper proposes the first known approach to protect the authorship and the usage legitimacy of NoCs using specially designed routing, square spiral routing. The special routing algorithm exploits routing redundancy inherent in the mesh NoCs and transports packets along the paths, which have very low probability to be taken under commonly used routing algorithms. These unique and diverse paths are exploited in this paper to embed information of the author and identify the legal buyer of NoCs, showing high robustness and credibility. The hardware implementation of an IP-protected mesh NoC shows that the area overhead is small, which is $\sim 0.74$ %, and the power overhead is $\sim 0.52$ %, while the functionality and performance of the network is not affected. In this paper, the approach is presented for the mesh NoC, but the idea is equally applicable to other NoC topologies where the unique and diverse paths also inherently exist.
9 citations
Cites background or methods from "SoC: a real platform for IP reuse, ..."
...and become one of the major concern in the industry [1]....
[...]
...Reuse of already designed, optimized, and verified intellectual property (IP) cores has become the pervasive practice in SoC design industry, to meet the requirements of short design time and low design cost [1]....
[...]
...For a comprehensive review and classification of classical hardware watermarking, we refer the interested readers to [1] and [4]....
[...]
TL;DR: A novel methodology to secure hardware accelerators against ownership threats/IP piracy using biometric fingerprinting, followed by embedding fingerprint’s digital template into the design in the form of secret biometric constraints; thereby generating a secured hardware accelerator design.
Abstract: This article presents a novel methodology to secure hardware accelerators (such as digital signal processing (DSP) and multimedia intellectual property (IP) cores) against ownership threats/IP piracy using biometric fingerprinting. In this approach, an IP vendor’s biometric fingerprint is first converted into a corresponding digital template, followed by embedding fingerprint’s digital template into the design in the form of secret biometric constraints; thereby generating a secured hardware accelerator design. The results report the following qualitative and quantitative analysis of the proposed biometric fingerprint approach: 1) impact of 11 different fingerprints on probability of coincidence (Pc) metric. As evident, the proposed approach achieves a very low Pc value in the range of 2.22E−3 to 4.35E−6. Further, the biometric fingerprint achieves total constraints size between minimum 350 bits to maximum 895 bits; 2) impact of six different resource constraints on the design cost overhead of JPEG compression hardware postembedding biometric fingerprint. As evident, for all the resource constraints implemented, the design cost overhead is 0%; and 3) comparative analysis of proposed biometric fingerprint with recent work, for five different signature strength values, in terms of Pc. As evident, the proposed approach achieves minimum 3.9E+2 times and maximum 6.9E+4 times lower Pc, when compared to recent work.
9 citations
Cites background from "SoC: a real platform for IP reuse, ..."
...encoding rules) contributing to the security of the signature are known to an attacker, it becomes ineffective, as it can easily be replicated by an attacker [24]–[26]....
[...]
...vulnerable as it can be compromised by an attacker [24]–[26]....
[...]
Posted Content•
TL;DR: UNTANGLE as mentioned in this paper proposes a link prediction-based attack that successfully breaks InterLock in an oracle-less setting without having access to an activated IC (oracle), since InterLock hides selected timing paths in key-controlled routing blocks.
Abstract: Logic locking aims to prevent intellectual property (IP) piracy and unauthorized overproduction of integrated circuits (ICs). However, initial logic locking techniques were vulnerable to the Boolean satisfiability (SAT)-based attacks. In response, researchers proposed various SAT-resistant locking techniques such as point function-based locking and symmetric interconnection (SAT-hard) obfuscation. We focus on the latter since point function-based locking suffers from various structural vulnerabilities. The SAT-hard logic locking technique, InterLock [1], achieves a unified logic and routing obfuscation that thwarts state-of-the-art attacks on logic locking. In this work, we propose a novel link prediction-based attack, UNTANGLE, that successfully breaks InterLock in an oracle-less setting without having access to an activated IC (oracle). Since InterLock hides selected timing paths in key-controlled routing blocks, UNTANGLE reveals the gates and interconnections hidden in the routing blocks upon formulating this task as a link prediction problem. The intuition behind our approach is that ICs contain a large amount of repetition and reuse cores. Hence, UNTANGLE can infer the hidden timing paths by learning the composition of gates in the observed locked netlist or a circuit library leveraging graph neural networks. We show that circuits withstanding SAT-based and other attacks can be unlocked in seconds with 100% precision using UNTANGLE in an oracle-less setting. UNTANGLE is a generic attack platform (which we also open source [2]) that applies to multiplexer (MUX)-based obfuscation, as demonstrated through our experiments on ISCAS-85 and ITC-99 benchmarks locked using InterLock and random MUX-based locking.
9 citations
TL;DR: A Radio Frequency Identification (RFID) based protection scheme for Intellectual Property Protection (IPP) of Static Random Access Memory (SRAM) FPGA IP cores that overcome the limitations of existing IPP techniques is proposed.
Abstract: Field-programmable gate-array (FPGA) based hardware IP cores have emerged as an integral part of modern SOC designs. IP trading plays central role in Electronic Design Automation (EDA) industry. While the potential of IP infringement is growing fast, the global awareness of IP protection remains low. In this work, we propose a Radio Frequency Identification (RFID) based protection scheme for Intellectual Property Protection (IPP) of Static Random Access Memory (SRAM) FPGA IP cores that overcome the limitations of existing IPP techniques. Here, three types of reconfigurable RFID tags is realised in order to support the incorporation of the proposed RFID based security scheme in all the reconfigurable FPGA devices of Xilinx family. Also a special tag bypass feature is employed to increase the suitability of proposed scheme as an IPP technique for reconfigurable IP cores. The proposed scheme supports safe exchange of reconfigurable FPGA IP cores between IP providers and system developers. The results derived from the testing of hardware prototype used for the evaluation of the proposed scheme are quite encouraging and shows that the proposed security feature can be incorporated into the reconfigurable IP cores of any functionality without significant performance degradation of the reconfigurable IP cores.
5 citations
References
More filters
26 Jul 2009
TL;DR: A technique for recovery of characteristics of gates in terms of leakage current, switching power, and delay is introduced, which utilizes linear programming to solve a system of equations created using nondestructive measurements of power or delays to detect embedded HTHs.
Abstract: Hardware Trojan horses (HTHs) are the malicious altering of hardware specification or implementation in such a way that its functionality is altered under a set of conditions defined by the attacker. There are numerous HTHs sources including untrusted foundries, synthesis tools and libraries, testing and verification tools, and configuration scripts. HTH attacks can greatly comprise security and privacy of hardware users either directly or through interaction with pertinent systems and application software or with data. However, while there has been a huge research and development effort for detecting software Trojan horses, surprisingly, HTHs are rarely addressed. HTH detection is a particularly difficult task in modern and pending deep submicron technologies due to intrinsic manufacturing variability. Our goal is to provide an impetus for HTH research by creating a generic and easily applicable set of techniques and tools for HTH detection. We start by introducing a technique for recovery of characteristics of gates in terms of leakage current, switching power, and delay, which utilizes linear programming to solve a system of equations created using non-destructive measurements of power or delays. This technique is combined with constraint manipulation techniques to detect embedded HTHs. The effectiveness of the approach is demonstrated on a number of standard benchmarks.
263 citations
"SoC: a real platform for IP reuse, ..." refers methods in this paper
...…Koushanfar 2009 [27] Y Agrawal et al. 2007 [28] Y Y Cui et al. 2008 [29] Y Lach et al. 2001 [30] Y Y Gu et al. 2009 [31] Y Li and Lach 2008 [32] Y Y Potkonjak et al. 2009 [33] Y Wei et al. 2010 [34] Y Dutt and Li 2009 [35] Y Y Potkonjak 2010 [36] Y needs wider space for mark insertion compared to…...
[...]
...Among the trojan detection techniques based on gatelevel characterization (GLC), [33] characterizes gates using physical properties specifically leakage current....
[...]
TL;DR: It is demonstrated how reconfigurability can be exploited to eliminate the stated PUF limitations and how FPGA-based PUFs can be used for privacy protection.
Abstract: Physically unclonable functions (PUFs) provide a basis for many security and digital rights management protocols. PUF-based security approaches have numerous comparative strengths with respect to traditional cryptography-based techniques, including resilience against physical and side channel attacks and suitability for lightweight protocols. However, classical delay-based PUF structures have a number of drawbacks including susceptibility to guessing, reverse engineering, and emulation attacks, as well as sensitivity to operational and environmental variations.To address these limitations, we have developed a new set of techniques for FPGA-based PUF design and implementation. We demonstrate how reconfigurability can be exploited to eliminate the stated PUF limitations. We also show how FPGA-based PUFs can be used for privacy protection. Furthermore, reconfigurability enables the introduction of new techniques for PUF testing. The effectiveness of all the proposed techniques is validated using extensive implementations, simulations, and statistical analysis.
234 citations
"SoC: a real platform for IP reuse, ..." refers background in this paper
...…[20] Y Suzuki et al. 2004 [21] Y Deng et al. 2009 [23] Y Y Castillo et al. 2007 [24] Y Abdel-Hamid et al. 2005 [25] Y Saha and Sur-Kolay 2010 [26] Y Majzoobi and Koushanfar 2009 [27] Y Agrawal et al. 2007 [28] Y Y Cui et al. 2008 [29] Y Lach et al. 2001 [30] Y Y Gu et al. 2009 [31] Y Li and Lach…...
[...]
...(iv) Physically unclonable functions (PUFs) [27] authenticate each IC instance by leveraging manufacturing variability of each fabricated IC, based on a nonfunctional characteristics such as delay or power....
[...]
TL;DR: Watermarking-based IP protection as mentioned in this paper addresses IP protection by tracing unauthorized reuse and making untraceable unauthorized reuse as difficult as recreating given pieces of IP from scratch, where a watermark is a mechanism for identification that is nearly invisible to human and machine inspection; difficult to remove; and permanently embedded as an integral part of the design.
Abstract: Digital system designs are the product of valuable effort and know-how. Their embodiments, from software and hardware description language program down to device-level netlist and mask data, represent carefully guarded intellectual property (IP). Hence, design methodologies based on IP reuse require new mechanisms to protect the rights of IP producers and owners. This paper establishes principles of watermarking-based IP protection, where a watermark is a mechanism for identification that is: (1) nearly invisible to human and machine inspection; (2) difficult to remove; and (3) permanently embedded as an integral part of the design. Watermarking addresses IP protection by tracing unauthorized reuse and making untraceable unauthorized reuse as difficult as recreating given pieces of IP from scratch. We survey related work in cryptography and design methodology, then develop desiderata, metrics, and concrete protocols for constraint-based watermarking at various stages of the very large scale integration (VLSI) design process. In particular, we propose a new preprocessing approach that embeds watermarks as constraints into the input of a black-box design tool and a new postprocessing approach that embeds watermarks as constraints into the output of a black-box design tool. To demonstrate that our protocols can be transparently integrated into existing design flows, we use a testbed of commercial tools for VLSI physical design and embed watermarks into real-world industrial designs. We show that the implementation overhead is low-both in terms of central processing unit time and such standard physical design metrics as wirelength, layout area, number of vias, and routing congestion. We empirically show that the placement and routing applications considered in our methods achieve strong proofs of authorship and are resistant to tampering and do not adversely influence timing.
220 citations
"SoC: a real platform for IP reuse, ..." refers background or methods in this paper
...Illegal copies of an IP are generated due to intentional reselling of a firm/hard IP or fabrication of additional ICs in foundry [7, 8]....
[...]
...Signature embedded by applying constraints in place/ route phase of physical design [8] or through incremental router [37] cannot be verified from an IC fabricated from that marked design....
[...]
...(c) The technique should be robust against typical attacks like tampering, finding ghost signatures, additive attack [8], as well as resilient in the design flow....
[...]
05 Nov 2007
TL;DR: In this article, the authors proposed a remote activation scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy by replication of a few states of the finite state machine and adding control to the state transitions.
Abstract: We introduce a remote activation scheme that aims to protect integrated circuits (IC) intellectual property (IP) against piracy. Remote activation enables designers to lock each working IC and to then remotely enable it. The new method exploits inherent unclonable variability in modern manufacturing for unique identification (ID) and integrated the IDs into the circuit functionality. The objectives are realized by replication of a few states of the finite state machine (FSM) and adding control to the state transitions. On each chip, the added control signals are a function of the unique IDs and are thus unclonable. On standard benchmark circuits, the experimental results show that the novel activation method is stable, unclonable, attack-resilient, while having a low overhead and a unique key for each IC.
194 citations
TL;DR: A procedure for intellectual property protection of digital circuits called IPP@HDL is presented, which relies on hosting the bits of the digital signature within memory structures or combinational logic that are part of the system at the high level description of the design.
Abstract: In this paper, a procedure for intellectual property protection (IPP) of digital circuits called IPP@HDL is presented. Its aim is to protect the author rights in the development and distribution of reusable modules by means of an electronic signature. The technique relies on hosting the bits of the digital signature within memory structures or combinational logic that are part of the system, at the high level description of the design. Thus, the area of the system is not increased and the signature is difficult to change or to remove without damaging the design. The technique also includes a procedure for secure signature extraction requiring minimal modifications to the system and without interfering its normal operation. The benefits of the presented procedure are illustrated with programmable logic and cell-based application-specific integrated circuit examples with several signature lengths. These design examples show no performance degradation and a negligible area increase, while probabilistic analyses show that the proposed IPP scheme offers high resistance against attacks.
123 citations
"SoC: a real platform for IP reuse, ..." refers background in this paper
...…and Bhunia 2009 [18] Y Y Granado-Criado et al. 2010 [19] Y Dyka and Langendoerfer 2005 [20] Y Suzuki et al. 2004 [21] Y Deng et al. 2009 [23] Y Y Castillo et al. 2007 [24] Y Abdel-Hamid et al. 2005 [25] Y Saha and Sur-Kolay 2010 [26] Y Majzoobi and Koushanfar 2009 [27] Y Agrawal et al. 2007…...
[...]
...(i) Signature of IP vendor, that is, watermark, may be hosted into nonused cells of memory structure described in HDL [24]....
[...]
...If an IP remains in electronic form, it is either a circuit description in hardware description language, that is, HDL (soft IP), may be any form of netlist, placed and routed design (firm IP), or design layout (hard IP); otherwise, it remains as hardware chip constituting a hardware IP core....
[...]