基于多级协同混淆的硬件IP核安全防护设计

传统硬件混淆从物理级、逻辑级、行为级等进行单层次混淆,没有发挥多级协同优势,存在安全隐患。该文通过对物理版图、电路逻辑和状态跳变行为的关系研究,提出多级协同混淆的硬件IP核防护方法。该方案首先在自下而上协同混淆中,采用虚拟孔设计版图级伪装门的方式进行物理-逻辑级混淆,采用过孔型物理不可克隆函数(PUF)控制状态跳变的方式实现物理-行为级混淆;然后,在自上而下协同混淆中,利用密钥控制密钥门进行行为-逻辑级混淆,利用并行-支路混淆线的方法完成行为-物理级混淆;最后提出混淆电路在网表的替换机制,设计物理-逻辑-行为的3级协同混淆,实现多级协同混淆的IP核安全防护。ISCAS-89基准电路测试结果表明,在TSMC 65 nm工艺下,多级协同混淆IP核在较大规模测试电路中的面积开销占比平均为11.7%,功耗开销占比平均为5.1%,正确密钥和错误密钥下的寄存器翻转差异低于10%,所提混淆方案可有效抵御暴力攻击、逆向工程、SAT等攻击。     

Defense-in-depth: A recipe for logic locking to prevail

Logic locking/obfuscation has emerged as an auspicious solution for protecting the semiconductor intellectual property (IP) from the untrusted entities in the design and fabrication process. Logic locking disguises the implementation and functionality of the IP by implanting additional key-gates in the circuit. The right output of the locked chip is produced, once the correct key value is available at the input of the key-gates. The confidentiality of the key is imperative for the security of the locked IP as it stands as the lone barrier against IP infringement. Therefore, the logic locking is considered as a broken scheme once the key value is exposed. The logic locking techniques have shown vulnerability to different classes of attacks, such as Oracle-guided and physical attacks. Although the research community has proposed a number of countermeasures against such attacks, none of them is simultaneously unbreakable against Oracle-guided, Oracle-less, and physical attacks. Under such circumstances, a defense-in-depth mechanism can be considered as a feasible approach in addressing the vulnerabilities of logic locking. Defense-in-depth is a multilayer defense strategy where several independent countermeasures are implemented in the device to provide aggregated protection against different attack vectors.Introducing such a multilayer shielding model in logic locking is the major contribution of this paper. With regard to this, we first identify the core components of logic locking schemes, which need to be protected. Afterwards, we categorize the vulnerabilities of core components according to potential threats for the locking key in logic locking schemes. Furthermore, we propose several defense layers and countermeasures to protect the device from those vulnerabilities. In conclusion, we believe that a logic locking technique with a layered defense mechanism can be a possible solution against IP piracy.     

基于遗传算法的抗网表逆向攻击逻辑混淆方法

随着集成电路(IC)产业进入后摩尔时代,芯片一次性工程成本愈发高昂,而以逆向工程技术为代表的知识产权窃取手段,越来越严重地威胁着芯片信息安全。为了抵抗逆向工程攻击,该文提出一种基于遗传算法的自动化逻辑混淆方法,通过分析网表寄存器的拓扑网络结构,筛选逻辑节点并创建冗余连接,从而混淆词级寄存器的相似性特征,在低开销下防止逆向攻击恢复寄存器传输级的词级变量、控制逻辑与数据通路。基于SM4国密算法基准电路开展验证实验,结果表明:经该文方法混淆后,逆向结果与设计真实情况的标准化互信息相关度下降了46%,拓扑复杂度提升61.46倍,面积额外开销为0.216%;同时相较于随机混淆,该混淆方法效率提升为2.718倍,面积额外开销降低70.8%。     

基于局部逻辑伪装的IC保护方法

集成电路(IC)设计面临逆向工程的攻击,核心专利(IP)和算法被盗用,硬件安全受到威胁。该文提出一种电路伪装方法LPerturb,通过对其局部电路逻辑的扰动,实现IC电路的保护。对电路进行最大独立锥划分(MFFCs),选取被伪装的最大子电路,确保输出逻辑扰动的局部性。针对要扰动锥结点逻辑,从锥中选择被替换的逻辑单元,以最小化代价对进行局部电路逻辑扰动。用多值伪装电路对扰动的逻辑值进行混淆保护,恢复相应的电路逻辑。实验结果表明,该方法能够稳定生成保护电路,具有较好的输出扰动性,能有效抵御SAT去伪装攻击,面积额外开销较小,时延影响可以忽略。     

A cellular automata guided two level obfuscation of Finite-State-Machine for IP protection

A popular countermeasure against IP piracy is to obfuscate the Finite State Machine (FSM) which is assumed to be the heart of a digital system. Most of the existing FSM obfuscation strategies rely on additionally introduced set of obfuscation mode state-transitions to protect the original state-transitions of the FSM. Although these methods assume that it is difficult to extract the FSM behavior from the flattened gate-level netlist, some recent reverse engineering attacks could successfully break the defense of these schemes. The capability of differentiating obfuscation mode state-transitions from normal mode state-transitions makes these attacks powerful. As a countermeasure against these attacks, we propose a new strategy that offers a key-based obfuscation to each state-transition of the FSM. We use a special class of non-group additive cellular automata (CA), called D1 1 CA, and it's counterpart D11CA_dual to obfuscate each state-transition of the FSM. Each state-transition has its own customized key, which must be configured correctly in order to get correct state-transition behavior from the synthesized FSM. A second layer of protection to the state-transition logic enhances the security of the proposed scheme. An in-depth security analysis of the proposed easily testable key-controlled FSM synthesis scheme demonstrates its ability to thwart the majority of the state-of-the-art attacks, such as FSM reverse engineering, SAT, and circuit unrolling attacks. Thus, the proposed scheme can be used for IP protection of the digital designs. Experimentations on various IWLS′93 benchmark FSM designs show that the average area, power, and delay overheads our proposed multi-bit key-based obfuscated FSM design are 56.43%, 6.87%, and 23.41% while considering the FSMs as standalone circuits. However, experimentation on the Amber23 processor core shows these overheads drastically reduce (reported area, power, and delay overheads values are 0.0025%, 0.44%, and 0%, respectively) while compared with respect to the entire design.     

Novel Low-Overhead Operand Isolation Techniques for Low-Power Datapath Synthesis

Power consumption in datapath modules due to redundant switching is an important design concern for high-performance applications. Operand isolation schemes that reduce this redundant switching incur considerable overhead in terms of delay, power, and area. This paper presents novel operand isolation techniques based on supply gating that reduce overheads associated with isolating circuitry. The proposed schemes also target leakage minimization and additional operand isolation at the internal logic of datapath to further reduce power consumption. We integrate the proposed techniques and power/delay models to develop a synthesis flow for low-power datapath synthesis. Simulation results show that the proposed operand isolation techniques achieve at least 40% reduction in power consumption compared to original circuit with minimal area overhead (5%) and delay penalty (0.15%)     

Security Against Hardware Trojan Attacks Using Key-Based Design Obfuscation

Malicious modification of hardware in untrusted fabrication facilities, referred to as hardware Trojan, has emerged as a major security concern. Comprehensive detection of these Trojans during post-manufacturing test has been shown to be extremely difficult. Hence, it is important to develop design techniques that provide effective countermeasures against hardware Trojans by either preventing Trojan attacks or facilitating detection during test. Obfuscation is a technique that is conventionally employed to prevent piracy of software and hardware intellectual property (IP). In this work, we propose a novel application of key-based circuit structure and functionality obfuscation to achieve protection against hardware Trojans triggered by rare internal circuit conditions. The proposed obfuscation scheme is based on judicious modification of the state transition function, which creates two distinct functional modes: normal and obfuscated. A circuit transitions from the obfuscated to the normal mode only upon application of a specific input sequence, which defines the key. We show that it provides security against Trojan attacks in two ways: (1) it makes some inserted Trojans benign, i.e. they become effective only in the obfuscated mode; and (2) it prevents an adversary from exploiting the true rare events in a circuit to insert hard-to-detect Trojans. The proposed design methodology can thus achieve simultaneous protection from hardware Trojans and hardware IP piracy. Besides protecting ICs against Trojan attacks in foundry, we show that it can also protect against malicious modifications by untrusted computer-aided design (CAD) tools in both SoC and FPGA design flows. Simulation results for a set of benchmark circuits show that the scheme is capable of achieving high levels of security against Trojan attacks at modest area, power and delay overhead.     

Output gating performance overhead elimination for scan test

Switching activity is much higher in test mode as compared to normal mode of operation which causes higher power dissipation, and this leads to several reliability issues. Output gating is proposed as a very effective low-power test technique, which is used to eliminate redundant switching activity in the combinational logic of circuit under test (CUT) during the shifting of test vectors in a scan chain. This method reduces the average power significantly, but it introduces performance overhead in normal mode of operation. In this work, a new output gating technique is proposed which eliminates redundant switching activity in combinational logic of CUT during shifting of test vectors without any negative impact on performance as compared to earlier proposed output gating techniques. The proposed design also improves the performance of the scan flop in functional mode with negligible area overhead incurred due to extra transistors. Experimental results show that our design has a more robust performance over wide range of capacitive load as compared to earlier designs.     

Susceptible Workload Evaluation and Protection using Selective Fault Tolerance

Low power fault tolerance design techniques trade reliability to reduce the area cost and the power overhead of integrated circuits by protecting only a subset of their workload or their most vulnerable parts. However, in the presence of faults not all workloads are equally susceptible to errors. In this paper, we present a low power fault tolerance design technique that selects and protects the most susceptible workload. We propose to rank the workload susceptibility as the likelihood of any error to bypass the logic masking of the circuit and propagate to its outputs. The susceptible workload is protected by a partial Triple Modular Redundancy (TMR) scheme. We evaluate the proposed technique on timing-independent and timing-dependent errors induced by permanent and transient faults. In comparison with unranked selective fault tolerance approach, we demonstrate a) a similar error coverage with a 39.7% average reduction of the area overhead or b) a 86.9% average error coverage improvement for a similar area overhead. For the same area overhead case, we observe an error coverage improvement of 53.1% and 53.5% against permanent stuck-at and transition faults, respectively, and an average error coverage improvement of 151.8% and 89.0% against timing-dependent and timing-independent transient faults, respectively. Compared to TMR, the proposed technique achieves an area and power overhead reduction of 145.8% to 182.0%.     

Machine learning and structural characteristics for reverse engineering

In the past years, much of the research into hardware reverse engineering has focused on the abstraction of gate level netlists to a human readable form. However, none of the proposed methods consider a realistic reverse engineering scenario, where the netlist is physically extracted from a chip. This paper analyzes the impact of errors caused by this extraction and the later partitioning of the netlist on the ability to identify the functionality. Current formal verification based methods which compare against golden models are incapable of dealing with such erroneous netlists. Two methods focusing on the idea that structural similarity implies functional similarity solve this problem: The first new approach uses fuzzy structural similarity matching to compare the structural characteristics of an unknown design against designs in a golden model library. The second new approach proposes a method for inexact graph matching using fuzzy graph isomorphisms, based on the functionalities of gates used within the design. In addition, past attacks on obfuscation methods such as logic locking have required access to an activated chip to compare the obfuscated netlist to a functionally equivalent model. The proposed methods can also find a golden model without the need of an activated chip, so that attacks can occur even before production and activation of the chip. Experiments show that for simple logic locking the approaches identify a suitable golden model in more than 80% of all cases. For realistic error percentages, both approaches can match more than 90% of designs correctly. This is an important first step for hardware reverse engineering methods beyond formal verification based equivalence matching.     

Deterministic built-in test pattern generation for high-performancecircuits using twisted-ring counters

We present a new approach for built-in test pattern generation based on the reseeding of twisted-ring counters (TRCs). The proposed technique embeds a precomputed deterministic test set for the circuit under test (CUT) in a short test sequence produced by a TRC. The TRC is designed using existing circuit flip-flops and does not add to hardware overhead beyond what is required for basic scan design. The test control logic is simple, uniform for all circuits, and can be shared among multiple CUTs. Furthermore, the proposed method requires no mapping logic between the test generator circuit and the CUT; hence it imposes no additional performance penalty. Experimental results for the ISCAS benchmark circuits show that it is indeed possible to embed the entire precomputed test set in a TRC sequence using only a small number of seeds     

Orthogonal obfuscation based key management for multiple IP protection

With the development of system-on-chip (SoC) chips, more and more design houses are cooperating with each other's. How to achieve benefit sharing and key management for multiple intellectual properties (IPs) has become an emergency problem. This work proposes an orthogonal obfuscation method to protect multiple IPs. The proposed method permits cooperators to control the project using different security keys, protects the patterns with an orthogonal key, and be convenient for the user to manage the key. For reasons of increased security, the proposed method hides the original keys to prevent information leakage. Multi-port Physical Unclonable Function (MPUF) circuit is used as the additional orthogonal key to cluster membership. It protects the IPs from hardware attacks such as brute-force attack, member leakage attack, reverse engineering and so on. The security analyzes results show that the proposed method reduces the key retrieval time by 36.3% over the baseline. The proposed obfuscation methods have been successfully applied to ISCAS′89 benchmark circuits and cryptographic algorithms. Experimental results indicate that the orthogonal obfuscation only increases the area by 3.43% and consumes 2.77% more power than the baseline.     

DMR +: An efficient alternative to TMR to protect registers in Xilinx FPGAs

Registers are one of the circuit elements that can be affected by soft errors. To ensure that soft errors do not affect the system functionality, Triple Modular Redundancy (TMR) is commonly used to protect registers. TMR can effectively protect against errors affecting a single flip-flop and has a low overhead in terms of circuit delay. The main drawback of TMR is that it requires more than three times the original circuit area as the flip-flops are triplicated and additional voting logic is inserted. Another alternative is to protect registers using Error Correction Codes (ECCs), but those typically require a large circuit delay overhead and are not suitable for high speed implementations. In this paper, DMR + an alternative to TMR to protect registers in FPGAs, is presented. The proposed scheme exploits the FPGA structure to achieve a reduction in the FPGA resources (LUTs and Flip-Flops) at the cost of a certain overhead in delay. DMR + can correct all single bit errors like TMR but is more vulnerable to multiple bit errors. To evaluate the benefits, the DMR + technique has been implemented and compared with TMR considering standalone registers and also some simple designs.     

基于信号传输理论的Glitch物理不可克隆函数电路设计

通过对信号传输理论、竞争-冒险现象和物理不可克隆函数(Physical Unclonable Functions, PUF)电路的研究,论文提出一种基于信号传输理论的毛刺型物理不可克隆函数电路(Glitch Physical Unclonable Functions, Glitch-PUF)方案。该方案首先根据偏差延迟的信号传输理论,推导出获得稳定毛刺输出的电路级数;然后利用组合逻辑电路的传播延迟差异,结合1冒险和0冒险获得具有毛刺的输出波形,采用多级延迟采样电路实现Glitch-PUF的输出响应。由于毛刺信号具有显著的非线性特性,将其应用于PUF电路可有效解决模型攻击等问题。最后在TSMC 65 nm CMOS工艺下,设计128位数据输出的电路结构,Monte Carlo仿真结果表明Glitch-PUF电路具有良好的随机性。     

基于正交混淆的多硬件IP核安全防护设计

为了解决集成电路设计中多方合作的成员信息泄漏问题,该文提出一种基于正交混淆的多硬件IP核安全防护方案。该方案首先利用正交混淆矩阵产生正交密钥数据,结合硬件特征的物理不可克隆函数(PUF)电路,产生多硬件IP核的混淆密钥;然后,在正交混淆状态机的基础上,实现多硬件IP核的正交混淆安全防护算法;最后,利用ISCAS-85基准电路和密码算法,验证正交混淆方法的有效性。在台湾积体电路制造股份有限公司(TSMC) 65 nm工艺下测试正交混淆的多硬件IP核方案,正确密钥和错误密钥下的Toggle翻转率小于5%,在较大规模的测试电路中面积和功耗开销占比小于2%。实验结果表明,采用正交混淆的方式能够提高多硬件IP核的安全性,可以有效防御成员信息泄漏、状态翻转率分析等攻击。     

Generation Methodology for Good-Enough Approximate Modules of ATMR

Approximate triple modular redundancy (ATMR) is sought for logic masking of soft errors while effectuating lower area overhead than conventional TMR through the introduction of approximate modules. However, the use of approximate modules instigates reduced fault coverage in ATMR. In this work, we target better design tradeoffs in ATMR by proposing a heuristic method that effectively utilizes a threshold for unprotected input vectors to generate good enough combinations of approximate modules for ATMR, which accomplishes higher fault coverage and reduced area overhead compared with previously proposed approaches. The key concept is to employ logic optimization techniques of prime implicant (PI) expansion and reduction for successively obtaining approximate modules such that the combination of three approximate modules appropriately functions as an ATMR. For an ATMR to function appropriately, blocking is used to ensure that at each input vector, through the prime implicant (PI) expansion and reduction technique, only one approximate module differ from the original circuit. For large circuits, clustering is utilized and comparative analysis indicates that higher fault coverage is attained through the proposed ATMR scheme while preserving the characteristic feature of reduced area overhead. With a small percentage of unprotected input vectors, we achieved substantial decrease in transistor count and greater fault detection, i.e., an improvement of up to 26.1% and 42.1%, respectively.     

Improving power analysis attack resistance using intrinsic noise in 3D ICs

Three-dimensional (3D) integration is envisioned as a natural defense to thwart side-channel analysis (SCA) attacks on the hardware implementation of cryptographic algorithms. However, neither physical experiments nor quantitative analysis is available in existing works to study the impact of power distribution network (PDN) on the SCA attacks. Through quantitative analyses and experiments with realistic 3D models, this work demonstrates the impact of noise in PDN on the 3D chip's resilience against correlation power analysis (CPA) attack, which is one of SCA attacks. The characteristic of PDN noise is extracted from our experiments. To expand the natural defense originated from the 3D integration, this work proposes to exploit the PDN noise inherently existing in 3D chips to thwart CPA attacks. Instead of introducing external noise or flattening the power profile, the proposed method utilizes the spatially and temporally varied supply voltages from other 3D planes to blur the power correlation of the crypto unit. Both theoretical analysis and experimental validation prove that the proposed method can effectively enhance the resilience of a crypto unit embedded in the 3D chip against CPA attacks. Simulation results show the proposed method improves the average guessing entropy by 9× over the baseline. Emulation on an FPGA platform demonstrates that the proposed method successfully slows down the key retrieval speed of CPA attack, with significantly less power overhead than representable power equalization techniques. Test vector leakage assessment (TVLA) shows that the proposed method improves the confidence to accept null hypothesis 201× over the baseline.     

Timing of Multi-Gigahertz Rapid Single Flux Quantum Digital Circuits

Rapid Single Flux Quantum (RSFQ) logic is a digital circuit technology based on superconductors that has emerged as a possible alternative to advanced semiconductor technologies for large scale ultra-high speed, very low power digital applications. Timing of RSFQ circuits at frequencies of tens to hundreds of gigahertz is a challenging and still unresolved problem. Despite the many fundamental differences between RSFQ and semi- conductor logic at the device and at the circuit level, timing of large scale digital circuits in both technologies is principally governed by the same rules and constraints. Therefore, RSFQ offers a new perspective on the timing of ultra-high speed digital circuits.This paper is intended as a comprehensive review of RSFQ timing, from the viewpoint of the principles, concepts, and language developed for semiconductor VLSI. It includes RSFQ clocking schemes, both synchronous and asynchronous, which have been adapted from semiconductor design methodologies as well as those developed specifically for RSFQ logic. The primary features of these synchronization schemes, including timing equations, are presented and compared.In many circuit topologies of current medium to large scale RSFQ circuits, single-phase synchronous clocking outperforms asynchronous schemes in speed, device/area overhead, and simplicity of the design procedure. Synchronous clocking of RSFQ circuits at multigigahertz frequencies requires the application of non-standard design techniques such as pipelined clocking and intentional non-zero clock skew. Even with these techniques, there exist difficulties which arise from the deleterious effects of process variations on circuit yield and performance. As a result, alternative synchronization techniques, including but not limited to asynchronous timing, should be considered for certain circuit topologies. A synchronous two-phase clocking scheme for RSFQ circuits of arbitrary complexity is introduced, which for critical circuit topologies offers advantages over previous synchronous and asynchronous schemes.     

Efficient design of parity preserving logic in quantum-dot cellular automata targeting enhanced scalability in testing

Design of parity preserving logic based on emerging nanotechnology is very limited due to present technological limitation in tackling its high error rate. In this work, Quantum-dot cellular automata (QCA), a potential alternative to CMOS, is investigated for designing easily testable logic circuit. A novel self-testable logic structure referred to as the testable-QCA (t-QCA), using parity preserving logic, is proposed. Design flexibility of t-QCA then evaluated through synthesis of standard functions. The programmability feature of t-QCA is utilized to implement an ALU, realizing six important functions. Although the parity preservation property of t-QCA enables concurrent detection of permanent as well as the transient faults, an augmented test logic circuit (TC) using QCA primitives has been introduced to cover the cell defects in nanotechnology. Experimental results establish the efficiency of the proposed design that outperforms the existing technologies in terms of design cost and test overhead. The achievement of 100% stuck-at fault coverage and the 100% fault coverage for single missing/additional cell defects in QCA layout of the t-QCA gate, address the reliability issues of QCA nano-circuit design.