Understanding Logic Locking 9783031379888, 9783031379895
126 9 18MB
English Pages [385] Year 2024
Table of contents :
Preface
Contents
1 Basics of VLSI Design
1.1 Introduction to VLSI Design
1.1.1 Steps of VLSI ASIC Design Flow: Specification to Packaged IC
1.1.2 EDAs, Equipment, and Entities in VLSI ASIC Design Flow
1.2 Advances in VLSI Design: Horizontal Model
1.3 Future of VLSI Design: What to Expect
References
2 Basics of VLSI Testing and Debug
2.1 Overview of VLSI Testing: Cost, Yield, and Quality
2.2 Fundamentals of VLSI Testing: Fault Simulation to ATPGs
2.2.1 Logic and Fault Simulation
2.2.2 Testability Measures
2.2.3 Combinational and Sequential ATPG
2.3 Design for Testability: From Scan Chain to BIST
2.3.1 Built-in-Self-Test (BIST)
2.4 Design Testability and Security: Double-Edged Sword
References
3 IP Protection: A Historical View
3.1 The First (National to Global) Action for IP Protection
3.1.1 The First Protection: Semiconductor Chip Protection Act (SCPA)
3.1.2 From the US SCPA to International Acts
3.2 Notable Cases Discussing the Violation of IP Protection
3.2.1 A Simple Profit-Oriented Case: Smartphone Patent Wars
3.3 The Importance of IP Protection Against Malicious Intentions
References
4 Making a Case for Logic Locking
4.1 Horizontal IC Supply Chain: Threats
4.1.1 Technology Stealing: Reverse Engineering
4.1.2 Illegal Reuse: Piracy and Overproduction
4.1.3 Malicious Modification and Tampering: Hardware Trojan
4.1.4 Information Leakage: Side-Channel Attack
4.2 Physical Action: DfTr Countermeasure Solutions
4.2.1 IP Encryption
4.2.2 IP Watermarking and Fingerprinting
4.2.3 IC Metering
4.2.4 Split Manufacturing
4.2.5 IC Camouflaging
4.3 Why Logic Locking? What to Expect?
References
5 Fundamentals of Logic Locking
5.1 What Logic Locking Means in a Logic Circuit?
5.1.1 Forming and Activating Logic Locking
5.2 Characteristics of Logic Locking
5.2.1 Abstraction Level(s) of Logic Locking
5.2.2 Logic Locking Types
5.2.3 Logic Locking (Key) Secret Size and Uniqueness
5.2.4 Output Corruptibility in Logic Locking
5.2.5 Logic Locking Overhead
5.3 Security Evaluation of Logic Locking: Modeling the Threat
5.3.1 Invasivity in De-obfuscation
5.3.2 Obtaining Reference in De-obfuscation: Oracle
5.3.3 Extra Access in De-obfuscation: DFT
5.3.4 Priming the Design for De-obfuscation: Malicious Insertion
References
6 Infrastructure Supporting Logic Locking
6.1 Traditional View of Trust Enabled by Logic Locking
6.2 A Big Assumption: Testing Before or After Activation?
6.3 Forward Trust Required for Logic Locking
6.4 Composition of Trusted Communication and Logic Locking
6.5 Dummy Key-Based Testing for Logic Locking
6.5.1 Improving the Quality of Dummy Keys for Testing
References
7 Impact of Satisfiability Solvers on Logic Locking
7.1 Fundamentals of SAT Solvers: From SAT to SMT to BMC
7.1.1 Building SAT Problems and Solving Procedure
7.1.2 Extension of SAT for Wider Set of Applications
7.1.3 The Usage of SAT for Representing Logic Circuits
7.2 SAT Solver for VLSI Design Testing
7.3 Solvers Against Logic Locking: Building Algorithmic Attacks
7.3.1 Assumptions in SAT/BMC Attack on Logic Locking
7.3.2 Flow of SAT/BMC Attack on Logic Locking
7.4 Challenges of SAT-/BMC-Based Attack on Logic Locking
References
8 Post-satisfiability Era: Countermeasures and Threats
8.1 A High-Level View on Defenses and Attacks: Pre- vs. Post-SAT
8.2 Pre- vs. Post-SAT Logic Locking Countermeasures
8.2.1 Primitive Logic Locking
8.2.2 Point Function Logic Locking
8.2.2.1 Compound Logic Locking
8.2.3 Cyclic-Based Logic Locking
8.2.4 LUT/MUX-Based Logic/Routing Locking
8.2.5 FSM/Sequential Logic Locking
8.2.6 Behavioral (Timing-Based) Locking
8.2.7 High-Level Abstraction Logic Locking
8.2.8 eFPGA-Based Logic Locking
8.3 Pre- vs. Post-SAT Attacks on Logic Locking
8.3.1 Oracle-Guided (OG) on Combinational Circuits
8.3.1.1 OG Combinational ATPG-Based Attacks
8.3.1.2 OG Combinational Algorithmic (SAT)-Based Attacks
8.3.1.3 OG Combinational Structural/Functional Attacks
8.3.1.4 Summary of OG Combinational Attacks
8.3.2 Oracle-Guided (OG) on Sequential Circuits
8.3.2.1 OG/OL Sequential on FSM Locking
8.3.3 Oracle-Less (OL) Attacks on Logic Locking
8.3.3.1 OL Structural Synthesis-Based Attacks
8.3.3.2 OL Structural ATPG-Based Attacks
8.3.3.3 OL Structural ML-Based Attacks
8.3.3.4 OL Tampering Attacks
8.3.3.5 OL Probing Attacks
8.3.3.6 Summary of Oracle-Less (OL) Attacks
References
9 Design-for-Testability and Its Impact on Logic Locking
9.1 Why DFT Structure Must Be Protected?
9.1.1 Post-SAT Logic Locking Countermeasures
9.2 IC Testability Using DFT-Based Techniques
9.3 Primitive Secure Scan Chain Architectures for Crypto
9.3.1 Threat Models and Assumptions
9.3.2 Flipping the Scan Chain Using Static InverterNetworks
9.3.3 Feedback XOR in Scan Chain
9.3.4 State-Dependent Scan Flip-Flop
9.3.5 Scrambled Secure Scan
9.3.6 Decoupling Sensitive Data Using Mirror Key Register
9.3.7 Division of Scan Chain to Sub-chains withRandomness
9.3.8 Partial Secure Scan Chain Architecture
9.4 Advanced Secure Scan Chain Architectures for Logic Locking
9.4.1 Threat Models and Assumptions
9.4.2 Scan Chain Blockage vs. Scan Chain Locking
9.5 Locking the Scan Chain in the Presence of Logic Locking
9.5.1 Encrypt Flip-Flop
9.5.2 Dynamically Logic Locking of the Scan Chain
9.5.3 Attacks on Logic Locked Circuits with Restricted Scan
9.5.3.1 Primitive Sequential SAT Attack
9.5.3.2 KC2
9.5.3.3 RANE
9.5.3.4 ScanSAT on Both Static and Dynamic Scan Chain Logic Locking
9.5.4 Dynamicity in Encrypt Flip-Flop Technique
9.5.5 DynUnlock Attack: Breaking Dynamic Encrypt Flip-Flop
9.5.6 Crypto Macros in Scan-Based Logic Locking
9.6 Blocking the Scan Chain in the Presence of Logic Locking
9.6.1 R-DFS: Robust Design for Security in Logic Locking
9.6.2 Shift-and-Leak Attack on R-DFS
9.6.3 mR-DFS: Modified Robust Design for Security
9.6.4 mR-DFS Architectural Drawbacks
9.6.5 kt-DFS: Key-Trapped Design for Security
9.6.6 DisORC: Oracle Dishonesty with Scan Blockage: Key-Trapped Design for Security
9.6.7 Comparison of Scan Blockage Techniques
9.7 Comparison Between Scan Chain Locking/BlockingTechniques
References
10 Emergence of Cutting-Edge Technologies on Logic Locking
10.1 Probing Techniques and Its Impact on the Threats Models
10.1.1 Tamper- and Read-Proof Memory
10.1.2 Potential Adversaries in Probing-Based Attacks
10.2 Overview of Probing Approaches at Circuit Level
10.2.1 Contactless Probing
10.2.2 Contact-Based Probing
10.3 Misuse of Probing: Circuit Security Threats
10.3.1 Probing-Based Attacks on FPGAs
10.3.2 Probing-Based Attacks on ASICs
10.3.3 Probing-Based Attacks on Memories
10.4 A Case Study: Probing Attack on Logic Locking
10.4.1 Main Steps of the Optical Probing Attack
10.4.2 Experimental View: How Probing Breaks Logic Locking
10.4.2.1 Probing Targeted Device: Microsemi PolarFire
10.4.2.2 Key Extraction from the Targeted Device
10.5 Challenges in Probing-Based Attacks
10.6 Advanced Misuse of Probing: Observing to Modification
References
11 Multilayer Approach to Logic Locking
11.1 Abstraction Layers and Core Components of Logic Locking
11.1.1 Key Storage Element
11.1.2 Interconnects
11.1.3 Key Delivery Unit
11.1.4 Design-for-Test (DFT)
11.1.5 Logic-Locked Hardware
11.2 Defense in Depth: Multilayer Logic Locking
11.3 Security Analysis of Core Components
11.3.1 Vulnerabilities of the Key Storage Element
11.3.2 Vulnerabilities of the Interconnects
11.3.3 Vulnerabilities of the Key Delivery Unit
11.3.4 Vulnerabilities of the DFT
11.3.5 Vulnerabilities of the Logic Locking Technique
11.3.6 Security Breach Through Hardware Trojan Insertion
11.3.7 Summary of Vulnerabilities of the Core Components
11.4 Detailed IC Supply Chain Threat Model Analysis
11.4.1 Vulnerability Analysis in IC Supply Chain
11.4.2 Potential Adversaries in IC Supply Chain
11.5 Architecture for a Multilayer Defense-in-Depth Solution
11.6 Security Measures of a Defense-in-Depth Architecture
11.7 What Is Next in Logic Locking: Future Trend
References
12 Logic Locking in Future IC Supply Chain Environments
12.1 Vulnerabilities and Shortcomings of Logic Locking
12.1.1 Lack of Formal Model
12.1.2 Dynamic/Expanding Nature of Threat Modeling
12.1.3 Cutting-Edge Technologies/Devices Against Logic Locking
12.1.4 (Mis)use of Machine Learning over Logic Locking
12.2 Possible Futuristic Directions in Logic Locking
12.2.1 Security Evaluation of Logic Locking Using Formal Models
12.2.1.1 Metric for Algorithmic Attacks
12.2.1.2 Metric for Physical Attacks
12.2.1.3 Metric for Structural Attacks
12.2.1.4 From Metric to Method for Building Logic Locking
12.2.2 Multilayer Logic Locking
12.2.3 Logic Locking in Zero-Knowledge Environment
12.2.3.1 Indiscernibility for Logic Locking
12.2.3.2 Early-Stage Logic Locking
12.2.3.3 Granularity of Adding Ambiguity via Logic Locking
References
13 Locking Your IP: A Step-by-Step Guide
13.1 A Top View on Logic Locking
13.2 Implementing Logic Locking at Gate Level
13.2.1 Building Gate-Level Representation: Logic Synthesis
13.2.2 Required Conversion: The Usage of BENCH Format
13.2.3 Gate-Level Logic Locking by SLE
13.2.4 Gate-Level Logic Locking by NEOS
13.3 Implementing Logic Locking at Register Transfer Level
13.3.1 RT Level Logic Locking by ReTrustFSM
13.3.2 RT Level Logic Locking by EvoLUTe
13.4 Post Locking Verification: Equivalency Check
13.5 Logic Locking Efficiency: Collecting PPA Overhead
13.6 Pre-activation Test
References
14 Security Evaluation of a Locked IP: A Step-by-Step Guide
14.1 A Top View on De-obfuscation Attacks on Logic Locking
14.2 Combinational De-obfuscation Attack on Logic Locking
14.2.1 Input Format for Attack Vector
14.2.2 Oracle-Guided Combinational Attack by SLD
14.2.3 Oracle-Guided Combinational Attack by NEOS
14.3 Sequential De-obfuscation Attack on Logic Locking
14.3.1 Oracle-Guided Sequential Attack by RANE
14.3.1.1 Assigning Solver for De-obfuscation
14.3.1.2 The Support of Hierarchical Design for De-obfuscation
14.3.1.3 Running Sequential De-obfuscation Equipped with JasperGold Formal Method
14.4 Evaluation Metrics for De-obfuscation Attacks
References
Index
![Trustworthy Hardware Design: Combinational Logic Locking Techniques [1st ed. 2020]
978-3-030-15333-5, 978-3-030-15334-2](https://dokumen.pub/img/200x200/trustworthy-hardware-design-combinational-logic-locking-techniques-1st-ed-2020-978-3-030-15333-5-978-3-030-15334-2.jpg)
![A Modern Formal Logic Primer: Sentence Logic + Predicate Logic [I + II, 1 ed.]
9780139031700, 9780139031960](https://dokumen.pub/img/200x200/a-modern-formal-logic-primer-sentence-logic-predicate-logic-i-ii-1nbsped-9780139031700-9780139031960.jpg)
