Paper 2019/719
The Key is Left under the Mat: On the Inappropriate Security Assumption of Logic Locking Schemes
Mir Tanjidur Rahman, Shahin Tajik, M. Sazadur Rahman, Mark Tehranipoor, and Navid Asadizanjani
Abstract
Logic locking has been proposed as an obfuscation technique to protect outsourced IC designs from Intellectual Property (IP) piracy by untrusted entities in the design and fabrication process. It obfuscates the netlist by adding extra key-gates, to mislead an adversary, whose aim is to reverse engineer the netlist. The correct functionality will be obtained only if a correct key is applied to the key-gates. The key is written into a nonvolatile memory (NVM) after the fabrication by the IP owner. In the past several years, the focus of the research community has been mostly on Oracle-guided attacks, such as SAT attacks, on logic locking and proposing proper countermeasures against such attacks. However, none of the reported researches in the literature has ever challenged a more fundamental assumption of logic locking, which is the security of the key itself. In other words, if an adversary can read out the correct key after insertion, the security of the entire scheme is broken, no matter how robust is the logic-locking scheme. In this work, we first review possible adversaries for the locked circuits and their capabilities. Afterward, we demonstrate that even with the assumption of having a tamper and read-proof memory for the key storage, which is not vulnerable to any physical attacks, the key transfer between the memory and the key-gates through registers and buffers make the key extraction by an adversary possible. To support our claim, we implemented a proof-of-concept locked circuit as well as one of the common logic locking benchmarks on a 28 nm Flash-based FPGA and extract their keys using optical probing. Finally, we discuss the feasibility of the proposed attack in different scenarios and propose potential countermeasures.
Note: We are submitting this paper in a conference which does not allow paper published in e-print. Therefore unfortunately we have to withdraw
Metadata
- Available format(s)
- -- withdrawn --
- Publication info
- Preprint. MINOR revision.
- Keywords
- Logic LockingOptical Contactless ProbingTamper-proof Memory
- Contact author(s)
-
mir rahman @ ufl edu
stajik @ ufl edu - History
- 2019-08-28: withdrawn
- 2019-06-18: received
- See all versions
- Short URL
- https://ia.cr/2019/719
- License
-
CC BY