. Logic encryption/locking
implements a built-in locking
mechanism on ICs to prevent reverse engineering and IP
piracy by a malicious foundry and user, and hinder Trojan
insertion by a malicious foundry.
Split manufacturing
splits the layout and manufactures
different metal layers in two separate foundries to prevent
reverse engineering and piracy by a malicious foundry.
IC camouflaging/obfuscation
modifies the layout of
certain gates to deceive reverse engineers into obtaining an
incorrect netlist, thereby, preventing reverse engineering by a
malicious user.
Trojan activation
inserts dummy scan flip-flops (dSFFs)
to manipulate the transition probabilities and expose a Trojan
that is hidden in low-activity regions (see Hardware Trojan
slides).
Logic Encryption/Locking (Detailed)
-Logic encryption hides the functionality and the implementation of a design by inserting additional gates, referred to as key gates, into the original design. - To exhibit its correct functionality for the encrypted design (i.e., produce correct outputs), a valid key has to be supplied to the encrypted design, e.g., loading the key to a tamper-proof onchip memory - Upon applying an incorrect key, the encrypted design will exhibit an incorrect functionality (i.e., produce incorrect outputs). - Logic encryption of hardware does not mean encrypting the design file by a cryptographic algorithm
Logic encryption in an IC design flow
- Before sending the design to an untrusted foundry,
the designer encrypts the design using logic
encryption techniques. - The foundry then manufactures this encrypted
design. - On receiving the encrypted hardware, the IC
designer activates it by applying the secret key and
the IC is then sold in the market.
Security of Logic Encryption/Locking
- Incorrect outputs should be produced on applying
an incorrect key - An attacker should not be able to retrieve the secret
key - 50% Output Corruption: The ambiguity for an
attacker is maximum when 50% of the outputs are
corrupted upon applying a random in- correct key
Fault Analysis Driven Logic Encryption
Relating logic encryption and fault analysis via testing principles, such as
fault excitation, propagation, and masking, a designer can find
optimal places to insert key gates
IC Camouflaging/Obfuscation (detailed)
Camouflaging is a layout-level technique that hampers an
attacker from extracting a gate-level netlist of a circuit from
the layout through imaging different layers.
- Design standard cells that look alike irrespective of their
functionality.
- e.g., NAND and NOR standard cells can be designed to look alike
- An IC camouflaging technique should satisfy two criteria
1. 50% of the outputs are corrupted upon trying an incorrect
functionality, and
2. an attacker should not be able to retrieve functionality of the
camouflaged gates.
IC Camouflaging in an IC design flow
- A design is synthesized into layout by using both
regular standard cells and camouflaged standard
cells - Delayering and imaging of gate-level netlist does
not divulge the functionality of obfuscated gates
Provable IC Obfuscation?
It has been shown that many IC camouflaging/obfuscation
techniques are vulnerable to SAT solving attacks (i.e., no
need to brute-force!)
