基于多级协同混淆的硬件IP核安全防护设计

传统硬件混淆从物理级、逻辑级、行为级等进行单层次混淆,没有发挥多级协同优势,存在安全隐患.该文通过对物理版图、电路逻辑和状态跳变行为的关系研究,提出多级协同混淆的硬件IP核防护方法.该方案首先在自下而上协同混淆中,采用虚拟孔设计版图级伪装门的方式进行物理-逻辑级混淆,采用过孔型物理不可克隆函数(PUF)控制状态跳变的方式实现物理-行为级混淆;然后,在自上而下协同混淆中,利用密钥控制密钥门进行行为-逻辑级混淆,利用并行-支路混淆线的方法完成行为-物理级混淆;最后提出混淆电路在网表的替换机制,设计物理-逻辑-行为的3级协同混淆,实现多级协同混淆的IP核安全防护.ISCAS-89基准电路测试结果表明,在TSMC 65 nm工艺下,多级协同混淆IP核在较大规模测试电路中的面积开销占比平均为11.7％,功耗开销占比平均为5.1％,正确密钥和错误密钥下的寄存器翻转差异低于10％,所提混淆方案可有效抵御暴力攻击、逆向工程、SAT等攻击.     

基于正交混淆的多硬件IP核安全防护设计

为了解决集成电路设计中多方合作的成员信息泄漏问题,该文提出一种基于正交混淆的多硬件IP核安全防护方案。该方案首先利用正交混淆矩阵产生正交密钥数据,结合硬件特征的物理不可克隆函数(PUF)电路,产生多硬件IP核的混淆密钥;然后,在正交混淆状态机的基础上,实现多硬件IP核的正交混淆安全防护算法;最后,利用ISCAS-85基准电路和密码算法,验证正交混淆方法的有效性。在台湾积体电路制造股份有限公司(TSMC) 65 nm工艺下测试正交混淆的多硬件IP核方案,正确密钥和错误密钥下的Toggle翻转率小于5%,在较大规模的测试电路中面积和功耗开销占比小于2%。实验结果表明,采用正交混淆的方式能够提高多硬件IP核的安全性,可以有效防御成员信息泄漏、状态翻转率分析等攻击。     

基于状态映射的AES算法硬件混淆设计

代码混淆利用系统自身逻辑来保护内部重要信息和关键算法,常用于软件代码的安全防护,确保开发者和用户的利益。如何在硬件电路上实现混淆、保护硬件IP核的知识产权,也是亟待解决的问题。该文通过对硬件混淆和AES算法的研究,提出一种基于状态映射的AES算法硬件混淆方案。该方案首先利用冗余和黑洞两种状态相结合的状态映射方式,实现有限状态机的混淆;然后,采用比特翻转的方法,实现组合逻辑电路的混淆;最后,在SMIC 65 nm CMOS工艺下设计基于状态映射的AES算法硬件混淆电路,并采用Toggle、数据相关性和代码覆盖率等评价硬件混淆的效率和有效性。实验结果表明,基于状态映射的AES算法硬件混淆电路面积和功耗分别增加9%和16%,代码覆盖率达到93%以上。     

基于序列密码的强PUF抗机器学习攻击方法

物理不可克隆函数(Physical Unclonable Function, PUF)在信息安全领域具有极其重要的应用前景,然而也存在其自身安全受机器学习攻击等方面的不足。该文通过对PUF电路和密码算法的研究,提出一种基于序列密码的强PUF抗机器学习攻击方法。首先,通过构造滚动密钥生成器产生随机密钥,并与输入激励进行混淆;然后,将混淆后的激励通过串并转换电路作用于强PUF,产生输出响应;最后,利用Python软件仿真和FPGA硬件实现,并分析其安全性和统计特性。实验结果表明,当建模所用激励响应对(Challenge Response Pairs, CRPs)高达106组时,基于逻辑回归、人工神经网络和支持向量机的攻击预测率接近50%的理想值。此外,该方法通用性强、硬件开销小,且不影响PUF的随机性、唯一性以及可靠性。     

基于序列密码的强PUF抗机器学习攻击方法

物理不可克隆函数(Physical Unclonable Function,PUF)在信息安全领域具有极其重要的应用前景,然而也存在其自身安全受机器学习攻击等方面的不足.该文通过对PUF电路和密码算法的研究,提出一种基于序列密码的强PUF抗机器学习攻击方法.首先,通过构造滚动密钥生成器产生随机密钥,并与输入激励进行混淆;然后,将混淆后的激励通过串并转换电路作用于强PUF,产生输出响应;最后,利用Python软件仿真和FPGA硬件实现,并分析其安全性和统计特性.实验结果表明,当建模所用激励响应对(Challenge Response Pairs,CRPs)高达106组时,基于逻辑回归、人工神经网络和支持向量机的攻击预测率接近50％的理想值.此外,该方法通用性强、硬件开销小,且不影响PUF的随机性、唯一性以及可靠性.     

基于遗传算法的抗网表逆向攻击逻辑混淆方法

随着集成电路(IC)产业进入后摩尔时代,芯片一次性工程成本愈发高昂,而以逆向工程技术为代表的知识产权窃取手段,越来越严重地威胁着芯片信息安全。为了抵抗逆向工程攻击,该文提出一种基于遗传算法的自动化逻辑混淆方法,通过分析网表寄存器的拓扑网络结构,筛选逻辑节点并创建冗余连接,从而混淆词级寄存器的相似性特征,在低开销下防止逆向攻击恢复寄存器传输级的词级变量、控制逻辑与数据通路。基于SM4国密算法基准电路开展验证实验,结果表明:经该文方法混淆后,逆向结果与设计真实情况的标准化互信息相关度下降了46%,拓扑复杂度提升61.46倍,面积额外开销为0.216%;同时相较于随机混淆,该混淆方法效率提升为2.718倍,面积额外开销降低70.8%。     

基于SystemC的事务级协同验证方法研究

随着深亚微米集成电路技术的发展,系统芯片上将集成越来越多的IP核,这些IP核不仅包括为数众多的存储器模块、控制电路模块、时钟电路模块、I/O模块和A/D、D/A模块,还包括很多MCU、MPU和DSP,基于IP核的软硬件协同设计技术已经成为系统芯片发展的必然趋势。软硬件协同设计要求系统功能一部分由硬件实现,而其余部分则由软件实现,系统硬件实现的部分通常是由VHDL、Verilog等硬件编程语言描述其模型,然后进行仿真验证,最后利用EDA工具综合成门级网表并进行版图级的布局布线,而系统软件实现的部分则通常由C、C 等高级语言描述,并最…     

矢量数据包处理加速的动态防护系统设计与实现

针对IP地址动态化防护技术引入额外开销而导致正常网络传输性能下降的问题,首次设计并实现了一种基于矢量数据包处理（Vector Packet Processing,VPP）加速的IP地址动态防护系统,在隐藏真实IP地址的同时增强了系统数据处理能力.首先,针对控制平面和数据平面处理逻辑不同,分别设计了快转发逻辑和慢转发逻辑,降低数据报文处理过程中的拷贝次数;其次,面向真实IP-虚假IP频繁映射,提出一种共享内存的高效的IP地址动态变换机制;再次,采用最优化和哈希链算法制定了IP跳变策略与虚假IP地址预分配机制,最小化系统性能损耗;最后,实验结果表明,系统能够有效抵御DoS攻击并将潜在的侦查攻击命中率控制在16%以下,在数据处理性能上也有明显的速度提升.     

基于局部逻辑伪装的IC保护方法

集成电路(IC)设计面临逆向工程的攻击,核心专利(IP)和算法被盗用,硬件安全受到威胁。该文提出一种电路伪装方法LPerturb,通过对其局部电路逻辑的扰动,实现IC电路的保护。对电路进行最大独立锥划分(MFFCs),选取被伪装的最大子电路,确保输出逻辑扰动的局部性。针对要扰动锥结点逻辑,从锥中选择被替换的逻辑单元,以最小化代价对进行局部电路逻辑扰动。用多值伪装电路对扰动的逻辑值进行混淆保护,恢复相应的电路逻辑。实验结果表明,该方法能够稳定生成保护电路,具有较好的输出扰动性,能有效抵御SAT去伪装攻击,面积额外开销较小,时延影响可以忽略。     

基于局部逻辑伪装的IC保护方法

集成电路(IC)设计面临逆向工程的攻击,核心专利(IP)和算法被盗用,硬件安全受到威胁.该文提出一种电路伪装方法LPerturb,通过对其局部电路逻辑的扰动,实现IC电路的保护.对电路进行最大独立锥划分(MFFCs),选取被伪装的最大子电路,确保输出逻辑扰动的局部性.针对要扰动锥结点逻辑,从锥中选择被替换的逻辑单元,以最小化代价对进行局部电路逻辑扰动.用多值伪装电路对扰动的逻辑值进行混淆保护,恢复相应的电路逻辑.实验结果表明,该方法能够稳定生成保护电路,具有较好的输出扰动性,能有效抵御SAT去伪装攻击,面积额外开销较小,时延影响可以忽略.     

Security Against Hardware Trojan Attacks Using Key-Based Design Obfuscation

Malicious modification of hardware in untrusted fabrication facilities, referred to as hardware Trojan, has emerged as a major security concern. Comprehensive detection of these Trojans during post-manufacturing test has been shown to be extremely difficult. Hence, it is important to develop design techniques that provide effective countermeasures against hardware Trojans by either preventing Trojan attacks or facilitating detection during test. Obfuscation is a technique that is conventionally employed to prevent piracy of software and hardware intellectual property (IP). In this work, we propose a novel application of key-based circuit structure and functionality obfuscation to achieve protection against hardware Trojans triggered by rare internal circuit conditions. The proposed obfuscation scheme is based on judicious modification of the state transition function, which creates two distinct functional modes: normal and obfuscated. A circuit transitions from the obfuscated to the normal mode only upon application of a specific input sequence, which defines the key. We show that it provides security against Trojan attacks in two ways: (1) it makes some inserted Trojans benign, i.e. they become effective only in the obfuscated mode; and (2) it prevents an adversary from exploiting the true rare events in a circuit to insert hard-to-detect Trojans. The proposed design methodology can thus achieve simultaneous protection from hardware Trojans and hardware IP piracy. Besides protecting ICs against Trojan attacks in foundry, we show that it can also protect against malicious modifications by untrusted computer-aided design (CAD) tools in both SoC and FPGA design flows. Simulation results for a set of benchmark circuits show that the scheme is capable of achieving high levels of security against Trojan attacks at modest area, power and delay overhead.     

New lightweight Anti-SAT block design and obfuscation technique to thwart removal attack

Logic locking has emerged as a prominent technique to protect an integrated circuit from piracy, overbuilding, and hardware Trojans. Most of the well-known logic locking techniques are vulnerable to satisfiability (SAT) based attack. Though several SAT-resistant logic locking techniques such as Anti-SAT block (ASB) are reported that increase the time to decipher the secret key, the existing techniques are either vulnerable to signal probability skew (SPS) based removal attack or require significant design overhead. Therefore, a new lightweight ASB design and obfuscation technique is proposed that effectively integrate and obfuscates the ASB in the design to thwart removal attack. We first propose a new ASB design/integration approach that effectively thwarts the structural/functional analysis based removal attack with minimum overhead. Further, we also propose an ASB obfuscation approach that shifts the inverter deep in the circuit using De Morgan's law and replaces an ASB gate with a key-gate to thwart SPS based removal attack. Moreover, a new algorithm is proposed that inserts the ASB in the locked design to achieve desired output corruptibility. Finally, a new INV/BUFF key-gate is proposed that constructs the ASB with reduced overhead over the XOR/XNOR. Experimental evaluation on ISCAS-85 benchmarks shows that our ASB design and obfuscation approaches, on an average, reduce area overhead by 25.5% and 22% respectively, and effectively prevent removal attack without reducing any security.     

Defense-in-depth: A recipe for logic locking to prevail

Logic locking/obfuscation has emerged as an auspicious solution for protecting the semiconductor intellectual property (IP) from the untrusted entities in the design and fabrication process. Logic locking disguises the implementation and functionality of the IP by implanting additional key-gates in the circuit. The right output of the locked chip is produced, once the correct key value is available at the input of the key-gates. The confidentiality of the key is imperative for the security of the locked IP as it stands as the lone barrier against IP infringement. Therefore, the logic locking is considered as a broken scheme once the key value is exposed. The logic locking techniques have shown vulnerability to different classes of attacks, such as Oracle-guided and physical attacks. Although the research community has proposed a number of countermeasures against such attacks, none of them is simultaneously unbreakable against Oracle-guided, Oracle-less, and physical attacks. Under such circumstances, a defense-in-depth mechanism can be considered as a feasible approach in addressing the vulnerabilities of logic locking. Defense-in-depth is a multilayer defense strategy where several independent countermeasures are implemented in the device to provide aggregated protection against different attack vectors.Introducing such a multilayer shielding model in logic locking is the major contribution of this paper. With regard to this, we first identify the core components of logic locking schemes, which need to be protected. Afterwards, we categorize the vulnerabilities of core components according to potential threats for the locking key in logic locking schemes. Furthermore, we propose several defense layers and countermeasures to protect the device from those vulnerabilities. In conclusion, we believe that a logic locking technique with a layered defense mechanism can be a possible solution against IP piracy.     

A cellular automata guided two level obfuscation of Finite-State-Machine for IP protection

A popular countermeasure against IP piracy is to obfuscate the Finite State Machine (FSM) which is assumed to be the heart of a digital system. Most of the existing FSM obfuscation strategies rely on additionally introduced set of obfuscation mode state-transitions to protect the original state-transitions of the FSM. Although these methods assume that it is difficult to extract the FSM behavior from the flattened gate-level netlist, some recent reverse engineering attacks could successfully break the defense of these schemes. The capability of differentiating obfuscation mode state-transitions from normal mode state-transitions makes these attacks powerful. As a countermeasure against these attacks, we propose a new strategy that offers a key-based obfuscation to each state-transition of the FSM. We use a special class of non-group additive cellular automata (CA), called D1 1 CA, and it's counterpart D11CA_dual to obfuscate each state-transition of the FSM. Each state-transition has its own customized key, which must be configured correctly in order to get correct state-transition behavior from the synthesized FSM. A second layer of protection to the state-transition logic enhances the security of the proposed scheme. An in-depth security analysis of the proposed easily testable key-controlled FSM synthesis scheme demonstrates its ability to thwart the majority of the state-of-the-art attacks, such as FSM reverse engineering, SAT, and circuit unrolling attacks. Thus, the proposed scheme can be used for IP protection of the digital designs. Experimentations on various IWLS′93 benchmark FSM designs show that the average area, power, and delay overheads our proposed multi-bit key-based obfuscated FSM design are 56.43%, 6.87%, and 23.41% while considering the FSMs as standalone circuits. However, experimentation on the Amber23 processor core shows these overheads drastically reduce (reported area, power, and delay overheads values are 0.0025%, 0.44%, and 0%, respectively) while compared with respect to the entire design.     

Threshold logic circuit design of parallel adders using resonanttunneling devices

Resonant tunneling devices and circuit architectures based on monostable-bistable transition logic elements (MOBILEs) are promising candidates for future nanoscale integration. In this paper, the design of clocked MOBILE-type threshold logic gates and their application to arithmetic circuit components is investigated. The gates are composed of monolithically integrated resonant tunneling diodes and heterostructure field-effect transistors. Experimental results are presented for a programmable NAND/NOR gate. Design related aspects such as the impact of lateral device scaling on the circuit performance and a bit-level pipelined operation using a four phase clocking scheme are discussed. The increased computational functionality of threshold logic gates is exploited in two full adder designs having a minimal logic depth of two circuit stages. Due to the self-latching behavior the adder designs are ideally suited for an application in a bit-level pipelined ripple carry adder. To improve the speed a novel pipelined carry lookahead addition scheme for this logic family is proposed     

Orthogonal obfuscation based key management for multiple IP protection

With the development of system-on-chip (SoC) chips, more and more design houses are cooperating with each other's. How to achieve benefit sharing and key management for multiple intellectual properties (IPs) has become an emergency problem. This work proposes an orthogonal obfuscation method to protect multiple IPs. The proposed method permits cooperators to control the project using different security keys, protects the patterns with an orthogonal key, and be convenient for the user to manage the key. For reasons of increased security, the proposed method hides the original keys to prevent information leakage. Multi-port Physical Unclonable Function (MPUF) circuit is used as the additional orthogonal key to cluster membership. It protects the IPs from hardware attacks such as brute-force attack, member leakage attack, reverse engineering and so on. The security analyzes results show that the proposed method reduces the key retrieval time by 36.3% over the baseline. The proposed obfuscation methods have been successfully applied to ISCAS′89 benchmark circuits and cryptographic algorithms. Experimental results indicate that the orthogonal obfuscation only increases the area by 3.43% and consumes 2.77% more power than the baseline.     

New Light Weight Threshold Voltage Defined Camouflaged Gates for Trustworthy Designs

The outsourcing of the IC fabrication process introduces the security vulnerabilities into the design. An attacker can exploit them to extract the functionality using image processing-based reverse engineering and can also mount the various attacks such as hardware Trojan, piracy, overbuilding, etc. Various dummy contacts and Threshold Voltage Defined (TVD) logic-based layout camouflaging techniques are presented that can deceive the attacker into incorrectly interpreting the functionality of the camouflaged gate. The existing dummy contact-based techniques require large overhead and provide poor security whereas, the TVD logic-based camouflaging techniques increase the security at the cost of large area and energy overhead. Therefore, in this paper, new light weight TVD static and dynamic logic (TVD-SL and TVD-DL) based camouflaged gates are proposed. The proposed TVD-SL/DL gates have same physical structure and provide the functionality of several standard gates by implanting different threshold voltages during manufacturing. Further, various simplified TVD-SL/DL gates are also proposed to achieve the overhead and security trade-off. To evaluate the efficacy, the proposed TVD logic gates are implemented using 32nm PTM library and simulated using the HSPICE simulator. The simulation results show that the proposed TVD-SL-based gates on an average reduce 35.49%, 59.18% and 72.05% whereas the proposed TVD-DL reduces 54.84%, 84.18% and 82.30% area, power and delay respectively over the existing. Further, on an average, the proposed TVD-DL-based camouflaged gates require 56% less power over the standard gates. Due to the low-cost and high energy efficiency, the proposed logic gates are best suited for the development of secure and portable devices for the Internet of Things applications.