ABSTRACT
Camouflaging is a layout-level technique that hampers an attacker from reverse engineering by introducing, in one embodiment, dummy contacts into the layout. By using a mix of real and dummy contacts, one can camouflage a standard cell whose functionality can be one of many. If an attacker cannot resolve the functionality of a camouflaged gate, he/she will extract an incorrect netlist. In this paper, we analyze the feasibility of identifying the functionality of camouflaged gates. We also propose techniques to make the dummy contact-based IC camouflaging technique resilient to reverse engineering. Furthermore, we judiciously select gates to camouflage by using techniques which ensure that the outputs of the extracted netlist are controllably corrupted. The techniques leverage IC testing principles such as justification and sensitization. The proposed techniques are evaluated using ISCAS benchmark circuits and OpenSparc T1 microprocessor controllers.
- Chipworks, "Intel‘s 22-nm Tri-gate Transistors Exposed," http://www.chipworks.com/blog/technologyblog/2012/04/23/intels-22-nm-tri-gate-transistors-exposed/, 2012.Google Scholar
- R. Torrance and D. James, "The state-of-the-art in semiconductor reverse engineering," phin the Proc. of IEEE/ACM Design Automation Conference, pp. 333--338, 2011. Google ScholarDigital Library
- ExtremeTech, "iPhone 5 A6 SoC reverse engineered, reveals rare hand-made custom CPU, and tri-core GPU," http://www.extremetech.com/computing/136749-iphone-5-a6-soc-reverse-engineered-reveals-rare-hand-made-custom-cpu-and-a-tri-core-gpu.Google Scholar
- Silicon Zoo, "The layman's guide to ic reverse engineering," http://siliconzoo.org/tutorial.html.Google Scholar
- Chipworks, "Reverse engineering software," http://www.chipworks.com/en/technical-competitive-analysis/resources/reerse-engineering-software.Google Scholar
- Degate, http://www.degate.org/documentation/.Google Scholar
- SEMI, "Innovation is at risk as semiconductor equipment and materials industry loses up to$4 billion annually due to IP infringement," www.semi.org/en/Press/P043775, 2008.Google Scholar
- SypherMedia, "Syphermedia library circuit camouflage technology," http://www.smi.tv/solutions.htm.Google Scholar
- J. P. Baukus, L. W. Chow, R. P. Cocchi, and B. J. Wang, "Method and apparatus for camouflaging a standard cell based integrated circuit with micro circuits and post processing," phUS Patent no. 20120139582, 2012.Google Scholar
- J. P. Baukus, L. W. Chow, R. P. Cocchi, P. Ouyang, and B. J. Wang, "Building block for a secure cmos logic cell library," phUS Patent no. 8111089, 2012.Google Scholar
- J. P. Baukus, L. W. Chow, and W. Clark, "Integrated circuits protected against reverse engineering and method for fabricating the same using an apparent metal contact line terminating on field oxide," phUS Patent no. 20020096776, 2002.Google Scholar
- "Sun Microsystems, OpenSPARC T1 Processor," phhttp://www.opensparc.net/opensparc-t1/index.html.Google Scholar
- J. P. Baukus, L. W. Chow, R. P. Cocchi, P. Ouyang, and B. J. Wang, "Camouflaging a standard cell based integrated circuit," phUS Patent no. 8151235, 2012.Google Scholar
- J. P. Baukus, L.-W. Chow, J. W. M. Clark, and G. J. Harbison, "Conductive channel pseudo block process and circuit to inhibit reverse engineering," phUS Patent no. 8258583, 2012.Google Scholar
- M. L. Bushnell and V. D. Agrawal, "Essentials of Electronic Testing for Digital, Memory, and Mixed-Signal VLSI Circuits," phKluwer Academic Publishers, Boston, 2000.Google Scholar
- M. Abramovici, M. A. Breuer, and A. D. Friedman, "Digital Systems Testing & Testable Design," phWiley, 1994.Google Scholar
- M. Hansen, H. Yalcin, and J. Hayes, "Unveiling the ISCAS-85 benchmarks: a case study in reverse engineering," phIEEE Design Test of Computers, vol. 16, no. 3, pp. 72--80, 1999. Google ScholarDigital Library
- H. Lee and D. S. Ha, "HOPE: An Efficient Parallel Fault Simulator for Synchronous Sequential Circuits," phIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 15, no. 9, pp. 1048--1058, 1996. Google ScholarDigital Library
- Cadence, "RTL Compiler," www.cadence.com/products/ld/rtl\_compiler.Google Scholar
- K. Constantinides, "Online low-cost defect tolerance solutions for microprocessor designs," web.eecs.umich.edu/ taustin/papers/Kypros\_Thesis.pdf.Google Scholar
- A. Waksman, J. Eum, and S. Sethumadhavan, "Practical, lightweight secure inclusion of third-party intellectual property," phIEEE Design & Test, no. 99, pp. 1--1, 2013.Google Scholar
- Oracle, "Opensparc internals," http://www.oracle.com/technetwork/systems/opensparc/opensparc-internals-book-1500271.pdf.Google Scholar
- Y. Alkabani and F. Koushanfar, "Active hardware metering for intellectual property protection and security," phin the Proc. of USENIX security, pp. 291--306, 2007. Google ScholarDigital Library
- H. Heys and S. Tavares, "Avalanche characteristics of substitution-permutation encryption networks," phIEEE Transactions on Computers, vol. 44, no. 9, pp. 1131 --1139, 1995. Google ScholarDigital Library
- R. Torrance and D. James, "The state-of-the-art in ic reverse engineering," phin the Proc. of Cryptographic Hardware and Embedded Systems, pp. 363--381, 2009. Google ScholarDigital Library
- W. M. V. Fleet and M. R. Dransfield, "Method of recovering a gate-level netlist from a transistor-level," phUS Patent no. 6190433, 1998.Google Scholar
- W. Li, Z. Wasson, and S. Seshia, "Reverse engineering circuits using behavioral pattern mining," phin the Proc. of IEEE International Symposium on Hardware-Oriented Security and Trust, pp. 83--88, 2012.Google ScholarCross Ref
- P. Subramanyan, N. Tsiskaridze, K. Pasricha, D. Reisman, A. Susnea, and S. Malik, "Reverse engineering digital circuits using functional analysis," phin the Proc. of IEEE/ACM Design Automation and Test in Europe, 2013. Google ScholarDigital Library
- R. Chakraborty and S. Bhunia, "HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection," phIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493--1502, 2009. Google ScholarDigital Library
- J. Roy, F. Koushanfar, and I. Markov, "EPIC: Ending Piracy of Integrated Circuits," phIEEE Computer, vol. 43, no. 10, pp. 30--38, 2010. Google ScholarDigital Library
- J. Rajendran, Y. Pino, O. Sinanoglu, and R. Karri, "Security analysis of logic obfuscation," phin the Proc. of IEEE/ACM Design Automation Conference, pp. 83--89, 2012. Google ScholarDigital Library
- ----, "Logic encryption: A fault analysis perspective," phIEEE Design, Automation Test in Europe, pp. 953--958, 2012. Google ScholarDigital Library
- A. Baumgarten, A. Tyagi, and J. Zambreno, "Preventing IC Piracy Using Reconfigurable Logic Barriers," phIEEE Design and Test of Computers, vol. 27, no. 1, pp. 66--75, 2010. Google ScholarDigital Library
- A. Kahng, J. Lach, W. Mangione-Smith, S. Mantik, I. Markov, M. Potkonjak, P. Tucker, H. Wang, and G. Wolfe, "Watermarking techniques for intellectual property protection," phin the Proc. of IEEE/ACM Design Automation Conference, pp. 776--781, 1998. Google ScholarDigital Library
- F. Koushanfar, I. Hong, and M. Potkonjak, "Behavioral synthesis techniques for intellectual property protection," phACM Transactions on Design Automation of Electronic Systems, vol. 10, no. 3, pp. 523--545, 2005. Google ScholarDigital Library
- A. Kahng, S. Mantik, I. Markov, M. Potkonjak, P. Tucker, H. Wang, and G. Wolfe, "Robust IP watermarking methodologies for physical design," phin the Proc. of IEEE/ACM Design Automation Conference, pp. 782--787, 1998. Google ScholarDigital Library
- G. Suh and S. Devadas, "Physical Unclonable Functions for Device Authentication and Secret Key Generation," phin the Proc. of the IEEE/ACM Design Automation Conference, pp. 9--14, 2007. Google ScholarDigital Library
- J. Lee, D. Lim, B. Gassend, G. Suh, M. van Dijk, and S. Devadas, "A technique to build a secret key in integrated circuits for identification and authentication applications," phin the Proc. of IEEE Internationall Symposium on VLSI Circuits, pp. 176--179, 2004.Google Scholar
- Cadence, "SoC Encounter," http://www.cadence.com/products/di/soc\_encounter/ pages/default.aspx.Google Scholar
Index Terms
- Security analysis of integrated circuit camouflaging
Recommendations
IP Protection and Supply Chain Security through Logic Obfuscation: A Systematic Overview
The globalization of the semiconductor supply chain introduces ever-increasing security and privacy risks. Two major concerns are IP theft through reverse engineering and malicious modification of the design. The latter concern in part relies on ...
Security analysis of logic obfuscation
DAC '12: Proceedings of the 49th Annual Design Automation ConferenceDue to globalization of Integrated Circuit (IC) design flow, rogue elements in the supply chain can pirate ICs, overbuild ICs, and insert hardware trojans. EPIC [1] obfuscates the design by randomly inserting additional gates; only a correct key makes ...
Secure and Low-Overhead Circuit Obfuscation Technique with Multiplexers
GLSVLSI '16: Proceedings of the 26th edition on Great Lakes Symposium on VLSICircuit obfuscation techniques have been proposed to conceal circuit's functionality in order to thwart reverse engineering (RE) attacks to integrated circuits (IC). We believe that a good obfuscation method should have low design complexity and low ...
Comments