Paper 2016/978

Testing the Trustworthiness of IC Testing: An Oracle-less Attack on IC Camouflaging

Muhammad Yasin, Ozgur Sinanoglu, and Jeyavijayan Rajendran

Abstract

Test of integrated circuits (ICs) is essential to ensure their quality; the test is meant to prevent defective and out-of-spec ICs from entering into the supply chain. The test is conducted by comparing the observed IC output with the expected test responses for a set of test patterns; the test patterns are generated using automatic test pattern generation algorithms. Existing test-pattern generation algorithms aim to achieve higher fault coverage at lower test costs. In an attempt to reduce the size of test data, these algorithms reveal the maximum information about the internal circuit structure. This is realized through sensitizing the internal nets to the outputs as much as possible, unintentionally leaking the secrets embedded in the circuit as well. In this paper, we present HackTest, an attack that extracts secret information generated in the test data, even if the test data does not explicitly contain the secret. HackTest can break the existing intellectual property (IP) protection techniques, such as camouflaging, within two minutes for our benchmarks using only the camouflaged layout and the test data. HackTest applies to all existing camouflaged gate-selection techniques and is successful even in the presence of state-of-the-art test infrastructure, i.e. test data compression circuits. Our attack necessitates that the IC test data generation algorithms be reinforced with security. We also discuss potential countermeasures to prevent HackTest.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Logic encryptionIP protectionIC camouflagingVLSI test
Contact author(s)
yasin @ nyu edu
History
2016-10-12: received
Short URL
https://ia.cr/2016/978
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/978,
      author = {Muhammad Yasin and Ozgur Sinanoglu and Jeyavijayan Rajendran},
      title = {Testing the Trustworthiness of IC Testing: An Oracle-less Attack on IC Camouflaging},
      howpublished = {Cryptology ePrint Archive, Paper 2016/978},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/978}},
      url = {https://eprint.iacr.org/2016/978}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.