You are looking at a specific version 20210920:182608 of this paper. See the latest version.

Paper 2021/1245

SeqL+: Secure Scan-Obfuscation with Theoretical and Empirical Validation

Seetal Potluri and Shamik Kundu and Akash Kumar and Kanad Basu and Aydin Aysu

Abstract

Existing logic-locking attacks are known to successfully decrypt a functionally correct key of a locked combinational circuit. Extensions of these attacks to real-world Intellectual Properties (IPs, which are sequential circuits) have been demonstrated through the scan-chain by selectively initializing the combinational logic and analyzing the responses. In this paper, we propose SeqL+ to mitigate a broad class of such attacks. The key idea is to lock selective functional-input/scan-output pairs of flip-flops without feedback to cause attackers to decrypt an incorrect key, and to scramble flip-flops with feedback to increase key length without introducing further vulnerabilities. We conduct a formal study of the scan-locking and scan-scrambling problems and demonstrate automating our proposed defense on any given IP. This study reveals the first formulation and complexity analysis of Boolean Satisfiability (SAT)-based attack on scan-scrambling. We formulate the attack as a conjunctive normal form (CNF) using a worst-case O(n^3) reduction in terms of scramble-graph size n, making SAT-based attack applicable and show that scramble equivalence classes are equi-sized and of cardinality 1. In order to defeat SAT-based attack, we propose an iterative swapping-based scan-cell scrambling algorithm that has linear implementation time-complexity and exponential SAT-decryption time-complexity in terms of a user-configurable cost constraint. We empirically validate that SeqL+ hides functionally correct keys from the attacker, thereby increasing the likelihood of the decrypted key being functionally incorrect. When tested on pipelined combinational benchmarks (ISCAS, MCNC), sequential benchmarks (ITC), and a fully-fledged RISC-V CPU, SeqL+ gave 100% resilience to a broad range of state-of-the-art attacks including SAT [1], Double-DIP [2], HackTest [3], SMT [4], FALL [5], Shift-and-Leak [6], Multi-cycle [7], Scan-flushing [8], and Removal [9] attacks.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Logic LockingOracle-guided attacksOracle-less attacksScan-LockingScan-Scrambling
Contact author(s)
spotlur2 @ ncsu edu
History
2022-07-25: last of 5 revisions
2021-09-20: received
See all versions
Short URL
https://ia.cr/2021/1245
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.