›› 2018,Vol. 33 ›› Issue (1): 42-57.doi: 10.1007/s11390-018-1807-6

所属专题: 不能删除 Computer Architecture and Systems

• Special Section on Selected Paper from NPC 2011 • 上一篇    下一篇

矛与盾:集成电路伪装技术的发展历程

Xue-Yan Wang1, Student Member, ACM, IEEE, Qiang Zhou1,*, Senior Member, CCF, Member, ACM, IEEE, Yi-Ci Cai1, Senior Member, CCF, Member, IEEE, Gang Qu2, Senior Member, IEEE   

  1. 1 Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China;
    2 Department of Electrical and Computer Engineering, University of Maryland, College Park, MD 20740, U.S.A
  • 收稿日期:2017-03-22 修回日期:2017-11-29 出版日期:2018-01-05 发布日期:2018-01-05
  • 通讯作者: Qiang Zhou E-mail:zhouqiang@mail.tsinghua.edu.cn
  • 作者简介:Xue-Yan Wang received her B.S. degree in computer science and technology from Shandong University, Jinan, in 2013. She is currently pursuing her Ph.D. degree from the Department of Computer Science and Technology, Tsinghua University, Beijing. She is involved in research with the EDA (Electronic Design Automation) Laboratory. From 2015 to 2016, she was a visiting student in University of Maryland, College Park, MD, USA. Her current research interests include hardware security and efficient algorithms for VLSI physical design.
  • 基金资助:

    This work is supported by the National Natural Science Foundation of China under Grant No. 61774091. Gang Qu is supported in part by Air Force Office of Scientific Research Multi-University Research Initiative of USA under Award No. FA9550-14-1-0351.

Spear and Shield: Evolution of Integrated Circuit Camouflaging

Xue-Yan Wang1, Student Member, ACM, IEEE, Qiang Zhou1,*, Senior Member, CCF, Member, ACM, IEEE, Yi-Ci Cai1, Senior Member, CCF, Member, IEEE, Gang Qu2, Senior Member, IEEE   

  1. 1 Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China;
    2 Department of Electrical and Computer Engineering, University of Maryland, College Park, MD 20740, U.S.A
  • Received:2017-03-22 Revised:2017-11-29 Online:2018-01-05 Published:2018-01-05
  • Contact: Qiang Zhou E-mail:zhouqiang@mail.tsinghua.edu.cn
  • About author:Xue-Yan Wang received her B.S. degree in computer science and technology from Shandong University, Jinan, in 2013. She is currently pursuing her Ph.D. degree from the Department of Computer Science and Technology, Tsinghua University, Beijing. She is involved in research with the EDA (Electronic Design Automation) Laboratory. From 2015 to 2016, she was a visiting student in University of Maryland, College Park, MD, USA. Her current research interests include hardware security and efficient algorithms for VLSI physical design.
  • Supported by:

    This work is supported by the National Natural Science Foundation of China under Grant No. 61774091. Gang Qu is supported in part by Air Force Office of Scientific Research Multi-University Research Initiative of USA under Award No. FA9550-14-1-0351.

知识产权保护是硬件安全的核心问题之一。然而,半导体行业仍然缺乏有效和主动的防御措施来防止基于逆向工程的电路剽窃。集成电路伪装技术填补了这一空白,它用专门设计的逻辑单元(称为伪装门)代替电路中的一些传统的逻辑门而不改变电路的功能。伪装的门可以执行不同的逻辑功能且保持相同的外观,从而防止攻击者直接通过逆向工程工具获取电路的设计信息。自2012年首次被提出以来,电路伪装技术已经成为硬件安全研究的热点之一,且主要集中在两个基本问题上。如何选择伪装门的类型,并决定在哪里插入它们,以便同时最小化性能开销同时最大化逆向攻击复杂性?攻击者如何还原被伪装的电路并完成逆向工程攻击?在这篇文章中,我们回顾了电路伪装技术发展中的攻击和防御技术,即矛与盾。我们首先介绍了基于真/假连接,静态随机存取存储器,掺杂和新兴器件四种不同类型伪装单元的设计方法。然后详细阐述了四种具有代表性的攻击方法:暴力枚举攻击,基于测试技术的攻击,基于可满足性问题的攻击和基于电路划分的攻击,以及相应的防御方法:基于干扰的伪装,CamoPerturb,基于与树的伪装,和基于等价类的伪装。我们认为,目前的重点研究工作应该是减少电路伪装引起的开销,并防御可能的还原攻击。我们指出,探索新型器件的特征并用来设计伪装单元是一个值得探索的方向。最后,作为对电路伪装技术的补充,我们总结了当前其他先进的电路保护技术。

Abstract: Intellectual property (IP) protection is one of the hardcore problems in hardware security. Semiconductor industry still lacks effective and proactive defense to shield IPs from reverse engineering (RE) based attacks. Integrated circuit (IC) camouflaging technique fills this gap by replacing some conventional logic gates in the IPs with specially designed logic cells (called camouflaged gates) without changing the functions of the IPs. The camouflaged gates can perform different logic functions while maintaining an identical look to RE attackers, thus preventing them from obtaining the layout information of the IP directly from RE tools. Since it was first proposed in 2012, circuit camouflaging has become one of the hottest research topics in hardware security focusing on two fundamental problems. How to choose the types of camouflaged gates and decide where to insert them in order to simultaneously minimize the performance overhead and optimize the RE complexity? How can an attacker de-camouflage a camouflaged circuit and complete the RE attack? In this article, we review the evolution of circuit camouflaging through this spear and shield race. First, we introduce the design methods of four different kinds of camouflaged cells based on true/dummy contacts, static random access memory (SRAM), doping, and emerging devices, respectively. Then we elaborate four representative de-camouflaging attacks:brute force attack, IC testing based attack, satisfiability-based (SAT-based) attack, and the circuit partition based attack, and the corresponding countermeasures:clique-based camouflaging, CamoPerturb, AND-tree camouflaging, and equivalent class based camouflaging, respectively. We argue that the current research efforts should be on reducing overhead introduced by circuit camouflaging and defeating de-camouflaging attacks. We point out that exploring features of emerging devices could be a promising direction. Finally, as a complement to circuit camouflaging, we conclude with a brief review of other state-of-the-art IP protection techniques.

[1] Qu G, Potkonjak M. Intellectual Property Protection in VLSI Designs:Theory and Practice. Kluwer Academic Publishers, 2003.

[2] Rostami M, Koushanfar F, Karri R. A primer on hardware security:Models, methods, and metrics. Proceedings of the IEEE, 2014, 102(8):1283-1295.

[3] Jin Y E. Introduction to hardware security. Electronics, 2015, 4(4):763-784.

[4] Lv Y Q, Zhou Q, Cai Y C, Qu G. Trusted integrated circuits:The problem and challenges. Journal of Computer Science and Technology, 2014, 29(5):918-928.

[5] Quadir S E, Chen J L, Forte D, Asadizanjani N, Shahbazmohamadi S, Wang L, Chandy J, Tehranipoor M. A survey on chip to system reverse engineering. ACM Journal on Emerging Technologies in Computing Systems (JETC), 2016, 13(1):Article No. 6.

[6] Adee S. The hunt for the kill switch. IEEE Spectrum, 2008, 45(5):34-39.

[7] Qu G, Potkonjak M. Fingerprinting intellectual property using constraint-addition. In Proc. the 37th Annual Design Automation Conf., June 2000, pp.587-592.

[8] Dunbar C, Qu G. Satisfiability Don't Care condition based circuit fingerprinting techniques. In Proc. the 20th Asia and South Pacific Design Automation Conf., January 2015, pp.815-820.

[9] Kahng A B, Lach J, Mangione-Smith W H, Mantik S, Markov I L, Potkonjak M, Tucker P, Wang H, Wolfe G. Constraint-based watermarking techniques for design IP protection. IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, 2001, 20(10):1236-1252.

[10] Dunbar C, Qu G. A practical circuit fingerprinting method utilizing observability Don't Care conditions. In Proc. the 52nd ACM/EDAC/IEEE Design Automation Conf., June 2015.

[11] Chow L W, Baukus J P, Wang B J, Cocchi R P. Camouflaging a standard cell based integrated circuit:US Patent 8151235, April 3, 2012. http://www.freepatentsonline.com/8151235.html, Dec. 2017.

[12] Rajendran J, Sam M, Sinanoglu O, Karri R. Security analysis of integrated circuit camouflaging. In Proc. ACM SIGSAC Conf. Computer & Communications Security, November 2013, pp.709-720.

[13] Wang X Y, Gao M Z, Zhou Q, Cai Y C, Qu G. Gate camouflaging-based obfuscation. In Hardware Protection through Obfuscation, Forte D, Bhunia S, Tehranipoor M M (eds.), Springer, 2017, pp.89-102.

[14] Subramanyan P, Ray S, Malik S. Evaluating the security of logic encryption algorithms. In Proc. IEEE Int. Symp. Hardware Oriented Security and Trust, May 2015, pp.137-143.

[15] Massad M E, Garg S, Tripunitara M V. Integrated circuit (IC) decamouflaging:Reverse engineering camouflaged ICs within minutes. In Proc. the 22nd Annual Network and Distributed System Security Symp., February 2015.

[16] Liu D, Yu C X, Zhang X Y, Holcomb D. Oracle-guided incremental SAT solving to reverse engineer camouflaged logic circuits. In Proc. Design Automation & Test in Europe Conf. Exhibition, March 2016, pp.433-438.

[17] Wang X Y, Zhou Q, Cai Y C, Qu G. Is the secure IC camouflaging really secure? In Proc. IEEE Int. Symp. Circuits and Systems, May 2016, pp.1710-1713.

[18] Liu B, Wang B. Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks. In Proc. Design Automation & Test in Europe Conf. Exhibition, March 2014.

[19] Wang X Y, Jia X T, Zhou Q, Cai Y C, Yang J L, Gao M Z, Qu G. Secure and low-overhead circuit obfuscation technique with multiplexers. In Proc. the 26th Edition on Great Lakes Symp. VLSI, May 2016, pp.133-136.

[20] Yasin M, Mazumdar B, Sinanoglu O, Rajendran J. Camoperturb:Secure IC camouflaging for minterm protection. In Proc. the 35th Int. Conf. Computer-Aided Design, November 2016, Article No. 29.

[21] Li M, Shamsi K, Meade T, Zhao Z, Yu B, Jin Y E, Pan D Z. Provably secure camouflaging strategy for IC protection. In Proc. the 35th Int. Conf. Computer-Aided Design, November 2016, Article No. 28.

[22] Chow L W, Baukas J P, Clark Jr W M. Integrated circuits protected against reverse engineering and method for fabricating the same using an apparent metal contact line terminating on field oxide. US Patent 20020096776, Jul. 25, 2002. http://www.freepatentsonline.com/20020096776.pdf, Jan. 2018.

[23] Baukus J P, Chow L W, Clark Jr W M. Method and apparatus using silicide layer for protecting integrated circuits from reverse engineering. US Patent 6117762, Sept. 12, 2000. http://www.freepatentsonline.com/6117762.html, Dec. 2017.

[24] Cocchi R P, Baukus J P, Wang B J, Chow L W, Ouyang P. Building block for a secure CMOS logic cell library. US Patent 8111089, Feb. 7, 2012. http://www.freepatentsonline.com/8111089.html, Dec. 2017.

[25] Chow L W, Clark Jr W M, Harbison G J, Baukus J P. Conductive channel pseudo block process and circuit to inhibit reverse engineering. US Patent 7049667, May 23, 2006. http://www.freepatentsonline.com/8258583.html, Dec. 2017.

[26] Clark Jr W M, Chow L W, Harbison G, Ouyang P. Programmable connection and isolation of active regions in an integrated circuit using ambiguous features to confuse a reverse engineer. US Patent 8564073, Oct. 22, 2013. http://www.freepatentsonline.com/8564073.html, Dec. 2017.

[27] Clark Jr W M, Baukus J, Chow L W. Implanted hidden interconnections in a semiconductor device for preventing reverse engineering. US Patent 7166515, Jan. 23, 2007. http://www.freepatentsonline.com/7166515.html, Dec. 2017.

[28] Liu B, Wang B. Reconfiguration-based VLSI design for security. IEEE Journal on Emerging and Selected Topics in Circuits and Systems, 2015, 5(1):98-108.

[29] Becker G T, Regazzoni F, Paar C, Burleson W P. Stealthy dopant-level hardware trojans:Extended version. Journal of Cryptographic Engineering, 2014, 4(1):19-31.

[30] Chow L W, Clark Jr W M, Baukus J P. Covert transformation of transistor properties as a circuit protection method. US Patent 7217977, May 15, 2007. http://www.freepatentsonline.com/7217977.html, Dec. 2017.

[31] Ma K S, Liu H C, Xiao Y, Zheng Y, Li X Q, Gupta S K, Xie Y, Narayanan V. Independently-controlled-gate FinFET 6T SRAM cell design for leakage current reduction and enhanced read access speed. In Proc. IEEE Computer Society Annual Symp. VLSI, July 2014, pp.296-301.

[32] Sedighi B, Hu X S, Nahas J J, Niemier M. Nontraditional computation using beyond-CMOS tunneling devices. IEEE Journal on Emerging and Selected Topics in Circuits and Systems, 2014, 4(4):438-449.

[33] Lin S, Kim Y B, Lombardi F. CNTFET-based design of ternary logic gates and arithmetic circuits. IEEE Trans. Nanotechnology, 2011, 10(2):217-225.

[34] Zhao P, Feenstra R M, Gu G, Jena D. SymFET:A proposed symmetric graphene tunneling field-effect transistor. IEEE Trans. Electron Devices, 2013, 60(3):951-957.

[35] Chua L. Memristor-the missing circuit element. IEEE Trans. Circuit Theory, 1971, 18(5):507-519.

[36] Strukov D B, Snider G S, Stewart D R, Williams R S. The missing memristor found. Nature, 2008, 453(7191):80-83.

[37] Roy K, Sharad M, Fan D L, Yogendra K. Computing with spin-transfer-torque devices:Prospects and perspectives. In Proc. IEEE Computer Society Annual Symp. VLSI, July 2014, pp.398-402.

[38] Chen A, Hu X S, Jin Y E, Niemier M, Yin X Z. Using emerging technologies for hardware security beyond PUFs. In Proc. Design Automation & Test in Europe Conf. Exhibition, March 2016, pp.1544-1549.

[39] Shamsi K, Jin Y. Security of emerging non-volatile memories:Attacks and defenses. In Proc. the 34th IEEE VLSI Test Symp., April 2016.

[40] Arafin M T, Qu G. RRAM based lightweight user authentication. In Proc. IEEE/ACM Int. Conf. Computer-Aided Design, November 2015, pp.139-145.

[41] Arafin M T, Dunbar C, Qu G, McDonald N, Yan L. A survey on memristor modeling and security applications. In Proc. the 16th Int. Symp. Quality Electronic Design, March 2015, pp.440-447.

[42] Winograd T, Salmani H, Mahmoodi H, Gaj K, Homayoun H. Hybrid STT-CMOS designs for reverse-engineering prevention. In Proc. the 53rd ACM/EDAC/IEEE Design Automation Conf., June 2016.

[43] Bi Y, Shamsi K, Yuan J S, Gaillardon P E, De Micheli G, Yin X Z, Hu X S, Niemier M, Jin Y. Emerging technologybased design of primitives for hardware security. ACM Journal on Emerging Technologies in Computing Systems, 2016, 13(1):Article No. 3.

[44] Bi Y, Gaillardon P E, Hu X S, Niemier M, Yuan J S, Jin Y. Leveraging emerging technology for hardware securitycase study on silicon nanowire fets and graphene symfets. In Proc. the 23rd IEEE Asian Test Symp., November 2014, pp.342-347.

[45] Shamsi K, Wen W J, Jin Y. Hardware security challenges beyond CMOS:Attacks and remedies. In Proc. IEEE Computer Society Annual Symp. VLSI, July 2016, pp.200-205.

[46] Bobba S, De Marchi M, Leblebici Y, De Micheli G. Physical synthesis onto a sea-of-tiles with double-gate silicon nanowire transistors. In Proc. the 49th Annual Design Automation Conf., June 2012, pp.42-47.

[47] Suzuki D, Natsui M, Ikeda S, Hasegawa H, Miura K, Hayakawa J, Endoh T, Ohno H, Hanyu T. Fabrication of a nonvolatile lookup-table circuit chip using magneto/semiconductor-hybrid structure for an immediatepower-up field programmable gate array. In Proc. Symp. VLSI Circuits, June 2009, pp.80-81.

[48] Mahmoodi H, Lakshmipuram S S, Arora M, Asgarieh Y, Homayoun H, Lin B, Tullsen D M. Resistive computation:A critique. IEEE Computer Architecture Letters, 2014, 13(2):89-92.

[49] Rajendran J, Sinanoglu O, Karri R. VLSI testing based security metric for IC camouflaging. In Proc. IEEE Int. Test Conf., September 2013.

[50] Lee H K, Ha D S. HOPE:An efficient parallel fault simulator for synchronous sequential circuits. IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, 1996, 15(9):1048-1058.

[51] Jarvis R W, Mcintyre M G. Split manufacturing method for advanced semiconductor circuits. US Patent 7195931, March 27, 2007. http://www.freepatentsonline.com/7195931.html, Dec. 2017.

[52] Imeson F, Emtenan A, Garg S, Tripunitara M V. Securing computer hardware using 3D integrated circuit (IC) technology and split manufacturing for obfuscation. In Proc. the 22nd USENIX Conf. Security, August 2013, pp.495-510.

[53] Valamehr J, Sherwood T, Kastner R, Marangoni-Simonsen D, Huffmire T, Irvine C, Levin T. A 3-D split manufacturing approach to trustworthy system development. IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, 2013, 32(4):611-615.

[54] Rajendran J, Sinanoglu O, Karri R. Is split manufacturing secure? In Proc. Design Automation & Test in Europe Conf. Exhibition, March 2013, pp.1259-1264.

[55] Vaidyanathan K, Liu R Z, Sumbul E, Zhu Q L, Franchetti F, Pileggi L. Efficient and secure intellectual property (IP) design with split fabrication. In Proc. IEEE Int. Symp. Hardware-Oriented Security and Trust, May 2014, pp.13-18.

[56] Jagasivamani M, Gadfort P, Sika M, Bajura M, Fritze M. Split-fabrication obfuscation:Metrics and techniques. In Proc. IEEE Int. Symp. Hardware-Oriented Security and Trust, May 2014, pp.7-12.

[57] Roy J A, Koushanfar F, Markov I L. EPIC:Ending piracy of integrated circuits. In Proc. Design Automation and Test in Europe, March 2008, pp.1069-1074.

[58] Rajendran J, Pino Y, Sinanoglu O, Karri R. Security analysis of logic obfuscation. In Proc. the 49th ACM/EDAC/IEEE Design Automation Conf. June 2012, pp.83-89.

[59] Baumgarten A, Tyagi A, Zambreno J. Preventing IC piracy using reconfigurable logic barriers. IEEE Design & Test of Computers, 2010, 27(1):66-75.

[60] Alkabani Y M, Koushanfar F. Active hardware metering for intellectual property protection and security. In Proc. the 16th USENIX Security Symp., August 2007.

[61] Chakraborty R S, Bhunia S. HARPOON:An obfuscationbased SoC design methodology for hardware protection. IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, 2009, 28(10):1493-1502.

[62] Zamanzadeh S, Jahanian A. Automatic netlist scrambling methodology in ASIC design flow to hinder the reverse engineering. In Proc. the 21st IFIP/IEEE Int. Conf. Very Large Scale Integration, October 2013, pp.52-53.

[63] Yasin M, Rajendran J J, Sinanoglu O, Karri R. On improving the security of logic locking. IEEE Trans. ComputerAided Design of Integrated Circuits and Systems, 2016, 35(9):1411-1424.

[64] Yasin M, Mazumdar B, Rajendran J J V, Sinanoglu O. Sarlock:SAT attack resistant logic locking. In Proc. IEEE Int. Symp. Hardware Oriented Security and Trust, May 2016, pp.236-241.

[65] Suh G E, Devadas S. Physical unclonable functions for device authentication and secret key generation. In Proc. the 44th ACM/IEEE Design Automation Conf., June 2007, pp.9-14.

[66] Herder C, Yu M D, Koushanfar F, Devadas S. Physical unclonable functions and applications:A tutorial. Proceedings of the IEEE, 2014, 102(8):1126-1141.

[67] Yamamoto D, Takenaka M, Sakiyama K, Torii N. A technique using PUFs for protecting circuit layout designs against reverse engineering. In Proc. the 9th International Workshop on Security, August 2014, pp.158-173.

[68] Wendt J B, Potkonjak M. Hardware obfuscation using PUFbased logic. In Proc. IEEE/ACM Int. Conf. ComputerAided Design, November 2014, pp.270-277.

[69] Lee J W, Lim D, Gassend B, Suh G E, Van Dijk M, Devadas S. A technique to build a secret key in integrated circuits for identification and authentication applications. In Proc. Symp. VLSI Circuits Digest of Technical Papers, June 2004, pp.176-179.

[70] Zhang J L, Qu G, Lv Y Q, Zhou Q. A survey on silicon PUFs and recent advances in ring oscillator PUFs. Journal of Computer Science and Technology, 2014, 29(4):664-678.

[71] Forte D, Bhunia S, Tehranipoor M M. Hardware Protection through Obfuscation. Springer, 2017.

[72] Yasin M, Sinanoglu O. Transforming between logic locking and IC camouflaging. In Proc. the 10th Int. Design & Test Symp., December 2015.
No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 刘明业; 洪恩宇;. Some Covering Problems and Their Solutions in Automatic Logic Synthesis Systems[J]. , 1986, 1(2): 83 -92 .
[2] 陈世华;. On the Structure of (Weak) Inverses of an (Weakly) Invertible Finite Automaton[J]. , 1986, 1(3): 92 -100 .
[3] 高庆狮; 张祥; 杨树范; 陈树清;. Vector Computer 757[J]. , 1986, 1(3): 1 -14 .
[4] 陈肇雄; 高庆狮;. A Substitution Based Model for the Implementation of PROLOG——The Design and Implementation of LPROLOG[J]. , 1986, 1(4): 17 -26 .
[5] 黄河燕;. A Parallel Implementation Model of HPARLOG[J]. , 1986, 1(4): 27 -38 .
[6] 闵应骅; 韩智德;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .
[7] 唐同诰; 招兆铿;. Stack Method in Program Semantics[J]. , 1987, 2(1): 51 -63 .
[8] 闵应骅;. Easy Test Generation PLAs[J]. , 1987, 2(1): 72 -80 .
[9] 朱鸿;. Some Mathematical Properties of the Functional Programming Language FP[J]. , 1987, 2(3): 202 -216 .
[10] 李明慧;. CAD System of Microprogrammed Digital Systems[J]. , 1987, 2(3): 226 -235 .
版权所有 © 《计算机科学技术学报》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn
总访问量: