You are looking at a specific version 20200621:173544 of this paper. See the latest version.

Paper 2020/750

Doppelganger Obfuscation - Exploring the Defensive and Offensive Aspects of Hardware Camouflaging

Max Hoffmann and Christof Paar

Abstract

Hardware obfuscation is widely used in practice to counteract reverse engineering. In recent years, low-level obfuscation via camouflaged gates has been increasingly discussed in the scientific community and industry. In contrast to classical high-level obfuscation, such gates result in recovery of an erroneous netlist. This technology has so far been regarded as a purely defensive tool. We show that low-level obfuscation is in fact a double-edged sword that can also enable stealthy malicious functionalities. In this work, we present Doppelganger, the first generic design-level obfuscation technique that is based on low-level camouflaging. Doppelganger obstructs central control modules of digital designs, e.g., FSMs or bus controllers, resulting in two different design functionalities: an apparent one that is recovered during reverse engineering and the actual one that is executed during operation. Notably, both functionalities are under the designer's control. In two case studies, we apply Doppelganger to a universal cryptographic coprocessor. First, we show the defensive capabilities by presenting the reverse engineer with a different mode of operation than the one that is actually executed at an area overhead of less than 0.6%. Then, for the first time, we demonstrate the considerable threat potential through low-level obfuscation. We show how an invisible, remotely exploitable key-leakage Trojan can be injected into the same cryptographic coprocessor just through obfuscation at an area overhead of mere 0.01%.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Hardware ObfuscationCamouflagingHardware Trojans
Contact author(s)
max hoffmann @ rub de
History
2021-05-25: revised
2020-06-21: received
See all versions
Short URL
https://ia.cr/2020/750
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.