Reverse Engineering Camouflaged Sequential Integrated Circuits Without Scan Access

Preprint English OPEN
Massad, Mohamed El ; Garg, Siddharth ; Tripunitara, Mahesh (2017)
  • Subject: Computer Science - Cryptography and Security

Integrated circuit (IC) camouflaging is a promising technique to protect the design of a chip from reverse engineering. However, recent work has shown that even camouflaged ICs can be reverse engineered from the observed input/output behaviour of a chip using SAT solvers. However, these so-called SAT attacks have so far targeted only camouflaged combinational circuits. For camouflaged sequential circuits, the SAT attack requires that the internal state of the circuit is controllable and observable via the scan chain. It has been implicitly assumed that restricting scan chain access increases the security of camouflaged ICs from reverse engineering attacks. In this paper, we develop a new attack methodology to decamouflage sequential circuits without scan access. Our attack uses a model checker (a more powerful reasoning tool than a SAT solver) to find a discriminating set of input sequences, i.e., one that is sufficient to determine the functionality of camouflaged gates. We propose several refinements, including the use of a bounded model checker, and sufficient conditions for determining when a set of input sequences is discriminating to improve the run-time and scalabilty of our attack. Our attack is able to decamouflage a large sequential benchmark circuit that implements a subset of the VIPER processor.
  • References (18)
    18 references, page 1 of 2

    [1] Chipworks. Reverse Engineering Software. http://www.chipworks.com/en/ technical-competitive-analysis/resources/ reerse-engineering-software. Last accessed May 2014.

    [2] SypherMedia. Syphermedia library circuit camou age technology. http://www.smi.tv/solutions.htm. Last accessed May 2014.

    [3] Lawrence E Larson. Convertible multi-function microelectronic logic gate structure and method of fabricating the same, September 8 1992. US Patent 5,146,117.

    [4] Robert H Walden. Dynamic circuit disguise for microelectronic integrated digital logic circuits, April 13 1993. US Patent 5,202,591.

    [5] Maria I Mera Collantes, Mohamed El Massad, and Siddharth Garg. Threshold-dependent camou aged cells to secure circuits against reverse engineering attacks. In VLSI (ISVLSI), 2016 IEEE Computer Society Annual Symposium on, pages 443{448. IEEE, 2016.

    [6] Jeyavijayan Rajendran, Michael Sam, Ozgur Sinanoglu, and Ramesh Karri. Security Analysis of Integrated Circuit Camou aging. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS '13, pages 709{720, New York, NY, USA, 2013. ACM.

    [7] Muhammad Yasin, Bodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajendran. Camoperturb: Secure ic camou aging for minterm protection. In Computer-Aided Design (ICCAD), 2016 IEEE/ACM International Conference on, pages 1{8. IEEE, 2016.

    [8] Meng Li, Kaveh Shamsi, Travis Meade, Zheng Zhao, Bei Yu, Yier Jin, and David Z Pan. Provably secure camou aging strategy for ic protectiona^Gd'.

    [9] Mohamed El Massad, Siddharth Garg, and Mahesh V Tripunitara. Integrated circuit (ic) decamou aging: Reverse engineering camou aged ics within minutes. In NDSS, 2015.

    [10] Pramod Subramanyan, Sayak Ray, and Sharad Malik. Evaluating the security of logic encryption algorithms. In Hardware Oriented Security and Trust (HOST), 2015 IEEE International Symposium on, pages 137{143. IEEE, 2015.

  • Similar Research Results (1)
  • Metrics
    No metrics available
Share - Bookmark