Dominik Sisejkovic
Abstract
Logic locking is a prominent technique to protect the integrity of hardware designs throughout the integrated circuit design and fabrication flow. However, in recent years, the security of locking schemes has been thoroughly challenged by the introduction of various deobfuscation attacks. As in most research branches, deep learning is being introduced in the domain of logic locking as well. Therefore, in this article we present SnapShot, a novel attack on logic locking that is the first of its kind to utilize artificial neural networks to directly predict a key bit value from a locked synthesized gate-level netlist without using a golden reference. Hereby, the attack uses a simpler yet more flexible learning model compared to existing work. Two different approaches are evaluated. The first approach is based on a simple feedforward fully connected neural network. The second approach utilizes genetic algorithms to evolve more complex convolutional neural network architectures specialized for the given task. The attack flow offers a generic and customizable framework for attacking locking schemes using machine learning techniques. We perform an extensive evaluation of SnapShot for two realistic attack scenarios, comprising both reference combinational and sequential benchmark circuits as well as silicon-proven RISC-V core modules. The evaluation results show that SnapShot achieves an average key prediction accuracy of 82.60% for the selected attack scenario, with a significant performance increase of 10.49 percentage points compared to the state of the art. Moreover, SnapShot outperforms the existing technique on all evaluated benchmarks. The results indicate that the security foundation of common logic locking schemes is built on questionable assumptions. Based on the lessons learned, we discuss the vulnerabilities and potentials of logic locking uncovered by SnapShot. The conclusions offer insights into the challenges of designing future logic locking schemes that are resilient to machine learning attacks.
- A. Alaql, D. Forte, and S. Bhunia. 2019. Sweep to the secret: A constant propagation attack on logic locking. In 2019 AsianHOST. 1–6.Google Scholar
- Leandro M. Almeida and Teresa B. Ludermir. 2008. An evolutionary approach for tuning artificial neural network parameters. In HAIS, Emilio Corchado, Ajith Abraham, and Witold Pedrycz (Eds.). Springer, Berlin, 156–163. Google ScholarDigital Library
- Sarah Amir, Bicky Shakya, Domenic Forte, Mark Tehranipoor, and Swarup Bhunia. 2017. Comparative analysis of hardware obfuscation for IP protection. In Proceedings of GLSVLSI’17. ACM, New York, NY, 363–368. DOI:https://doi.org/10.1145/3060403.3060495 Google ScholarDigital Library
- Johanna Baehr, Alessandro Bernardini, Georg Sigl, and Ulf Schlichtmann. 2019. Machine learning and structural characteristics for reverse engineering. In Proceedings of the 24th ASPDAC’19. ACM, New York, NY, 96–103. DOI:https://doi.org/10.1145/3287624.3288740 Google ScholarDigital Library
- Peter W. Battaglia, Jessica B. Hamrick, Victor Bapst, Alvaro Sanchez-Gonzalez, Vinicius Zambaldi, Mateusz Malinowski, Andrea Tacchetti, David Raposo, Adam Santoro, Ryan Faulkner, et al. 2018. Relational inductive biases, deep learning, and graph networks. arXiv:1806.01261. Retrieved from https://arxiv.org/abs/1806.01261.Google Scholar
- F. Brglez, D. Bryan, and K. Kozminski. 1989. Combinational profiles of sequential benchmark circuits. In IEEE ISCAS. 1929–1934, Vol. 3. DOI:https://doi.org/10.1109/ISCAS.1989.100747Google Scholar
- P. Chakraborty, J. Cruz, and S. Bhunia. 2018. SAIL: Machine learning guided structural analysis attack on hardware obfuscation. In 2018 AsianHOST. 56–61. DOI:https://doi.org/10.1109/AsianHOST.2018.8607163Google Scholar
- P. Chakraborty, J. Cruz, and S. Bhunia. 2019. SURF: Joint structural functional attack on logic locking. In 2019 IEEE HOST. 181–190. DOI:https://doi.org/10.1109/HST.2019.8741028Google Scholar
- H. Chen, C. Fu, J. Zhao, and F. Koushanfar. 2019. GenUnlock: An automated genetic algorithm framework for unlocking logic encryption. In 2019 IEEE/ACM ICCAD. 1–8.Google Scholar
- Z. Chen, G. Kolhe, S. Rafatirad, C. Lu, S. Manoj P. D., H. Homayoun, and L. Zhao. 2020. Estimating the circuit de-obfuscation runtime based on graph deep learning. In 2020 DATE. 358–363. Google ScholarDigital Library
- F. Corno, M. S. Reorda, and G. Squillero. 2000. RT-level ITC ’99 benchmarks and first ATPG results. IEEE Design Test of Computers 17, 3 (2000), 44–53. Google ScholarDigital Library
- A. E. Eiben and James E. Smith. 2015. Introduction to Evolutionary Computing (2nd ed.). Springer Publishing Company, Incorporated. Google ScholarDigital Library
- Thomas Elsken, Jan Hendrik Metzen, and Frank Hutter. 2018. Neural architecture search: A survey. arXiv:1808.05377. Retrieved from https://arxiv.org/abs/1808.05377.Google Scholar
- Xin He, Kaiyong Zhao, and Xiaowen Chu. 2020. AutoML: A survey of the state-of-the-art. arxiv:cs.LG/1908.00709. Retrieved from https://arxiv.org/abs/1908.00709.Google Scholar
- Ayush Jain, Ziqi Zhou, and Ujjwal Guin. 2021. TAAL: Tampering attack on any key-based logic locked circuits. ACM Trans. Des. Autom. Electron. Syst. 26, 4, Article 28 (March 2021), 22 pages. DOI:https://doi.org/10.1145/3442379 Google ScholarDigital Library
- H. M. Kamali, K. Z. Azar, H. Homayoun, and A. Sasan. 2019. Full-lock: Hard distributions of sat instances for obfuscating circuits using fully configurable logic and routing blocks. In 2019 56th ACM/IEEE DAC. 1–6. Google ScholarDigital Library
- R. Karmakar and S. Chattopadhyay. 2020. A particle swarm optimization guided approximate key search attack on logic locking in the absence of scan access. In 2020 DATE. 448–453. Google ScholarDigital Library
- R. Karmakar, S. Chattopadhyay, and R. Kapur. 2017. Enhancing security of logic encryption using embedded key generation unit. In 2017 ITC-Asia. 131–136. DOI:https://doi.org/10.1109/ITC-ASIA.2017.8097127Google Scholar
- S. Khan, H. Rahmani, S. A. A. Shah, M. Bennamoun, G. Medioni, and S. Dickinson. 2018. A Guide to Convolutional Neural Networks for Computer Vision. DOI:10.2200/S00822ED1V01Y201712COV015 Google ScholarCross Ref
- Yann LeCun and Yoshua Bengio. 1998. The Handbook of Brain Theory and Neural Networks. MIT Press, 255–258. Google ScholarDigital Library
- Jeremy Lee, Mohammad Tehranipoor, and Jim Plusquellic. 2006. A low-cost solution for protecting IPs against scan-based side-channel attacks. In VTS ’06. IEEE Computer Society, 94–99. DOI:https://doi.org/10.1109/VTS.2006.7 Google ScholarDigital Library
- L. Li and A. Orailoglu. 2019. Piercing logic locking keys through redundancy identification. In 2019 DATE. 540–545. DOI:https://doi.org/10.23919/DATE.2019.8714955Google Scholar
- L. Li and A. Orailoglu. 2019. Shielding logic locking from redundancy attacks. In 2019 VTS. 1–6. DOI:https://doi.org/10.1109/VTS.2019.8758671Google Scholar
- Zewen Li, Wenjie Yang, Shouheng Peng, and Fan Liu. 2020. A Survey of Convolutional Neural Networks: Analysis, Applications, and Prospects. arXiv:2004.02806. Retrieved from https://arxiv.org/abs/2004.02806.Google Scholar
- Y. Liu, M. Zuzak, Y. Xie, A. Chakraborty, and A. Srivastava. 2020. Strong Anti-SAT: Secure and effective logic locking. In 2020 ISQED. 199–205.Google Scholar
- Mohamed El Massad, Jun Zhang, Siddharth Garg, and Mahesh V. Tripunitara. 2017. Logic locking for secure outsourced chip fabrication: A new attack and provably secure defense mechanism. CoRR abs/1703.10187. arxiv:1703.10187.Google Scholar
- Mir Tanjidur Rahman, Shahin Tajik, M. Sazadur Rahman, Mark Tehranipoor, and Navid Asadizanjani. 2019. The Key is Left Under the Mat: On the Inappropriate Security Assumption of Logic Locking Schemes. Cryptology ePrint Archive, Report 2019/719. https://eprint.iacr.org/2019/719.Google Scholar
- J. Rajendran, Y. Pino, O. Sinanoglu, and R. Karri. 2012. Security analysis of logic obfuscation. In DAC 2012. 83–89. DOI:https://doi.org/10.1145/2228360.2228377 Google ScholarDigital Library
- M. Rostami, F. Koushanfar, and R. Karri. 2014. A primer on hardware security: Models, methods, and metrics. Proc. IEEE 102, 8 (Aug. 2014), 1283–1295. Google ScholarCross Ref
- J. A. Roy, F. Koushanfar, and I. L. Markov. 2008. EPIC: Ending piracy of integrated circuits. In 2008 DATE. 1069–1074. DOI:https://doi.org/10.1109/DATE.2008.4484823 Google ScholarDigital Library
- Bicky Shakya, Xiaolin Xu, Mark Tehranipoor, and Domenic Forte. 2019. CAS-lock: A security-corruptibility trade-off resilient logic locking scheme. TCHES 2020, 1 (Nov. 2019), 175–202. DOI:https://doi.org/10.13154/tches.v2020.i1.175-202Google ScholarCross Ref
- Karen Simonyan and Andrew Zisserman. 2015. Very deep convolutional networks for large-scale image recognition. In ICLR 2015, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http://arxiv.org/abs/1409.1556Google Scholar
- P. Subramanyan, S. Ray, and S. Malik. 2015. Evaluating the security of logic encryption algorithms. In 2015 HOST. 137–143. DOI:https://doi.org/10.1109/HST.2015.7140252Google Scholar
- Christian Szegedy, Sergey Ioffe, Vincent Vanhoucke, and Alexander A. Alemi. 2017. Inception-v4, inception-ResNet and the impact of residual connections on learning. In AAAI 2017. AAAI Press, 4278–4284. Google ScholarDigital Library
- Fatemeh Tehranipoor, Nima Karimian, Mehran Mozaffari Kermani, and Hamid Mahmoodi. 2019. Deep RNN-oriented paradigm shift through BOCANet: Broken obfuscated circuit attack. In GLSVLSI’19. ACM, New York, NY, 335–338. DOI:https://doi.org/10.1145/3299874.3318031 Google ScholarDigital Library
- Dominik Šišejković, Farhad Merchant, Lennart M. Reimann, Rainer Leupers, Massimiliano Giacometti, and Sascha Kegreiß. 2020. A secure hardware-software solution based on RISC-V, logic locking and microkernel. In SCOPES’20. ACM, New York, NY, 62–65. DOI:https://doi.org/10.1145/3378678.3391886 Google ScholarDigital Library
- K. Xiao, D. Forte, Y. Jin, R. Karri, S. Bhunia, and M. Tehranipoor. 2016. Hardware Trojans: Lessons learned after one decade of research. ACM Trans. Des. Autom. Electron. Syst. 22, 1 (May 2016), Article 6, 23 pages. DOI:https://doi.org/10.1145/2906147 Google ScholarDigital Library
- Y. Xie and A. Srivastava. 2017. Anti-SAT: Mitigating SAT Attack on Logic Locking. Cryptology ePrint Archive, Report 2017/761. http://eprint.iacr.org/2017/761.Google Scholar
- M. Yasin and O. Sinanoglu. 2017. Evolution of logic locking. In 2017 IFIP/IEEE VLSI-SoC. 1–6. DOI:https://doi.org/10.1109/VLSI-SoC.2017.8203496Google Scholar
- Kimia Zamiri Azar, Hadi Mardani Kamali, Houman Homayoun, and Avesta Sasan. 2019. Threats on logic locking: A decade later. In GLSVLSI’19. ACM, New York, NY, 471–476. DOI:https://doi.org/10.1145/3299874.3319495 Google ScholarDigital Library
- F. Zaruba and L. Benini. 2019. The cost of application-class processing: Energy and performance analysis of a Linux-ready 1.7-GHz 64-bit RISC-V core in 22-nm FDSOI technology. IEEE Tran. Very Large Scale Integr. (VLSI) Syst. 27, 11 (Nov. 2019), 2629–2640. DOI:https://doi.org/10.1109/TVLSI.2019.2926114Google ScholarDigital Library
- Guo Zhang, Hao He, and Dina Katabi. 2019. Circuit-GNN: Graph neural networks for distributed circuit design, InProceedings of Machine Learning Research, Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.), Vol. 97. PMLR, 7364–7373. http://proceedings.mlr.press/v97/zhang19e.html.Google Scholar
- Yuqiao Zhang, Pinchen Cui, Ziqi Zhou, and Ujjwal Guin. 2019. TGA: An Oracle-Less and Topology-Guided Attack on logic locking. In ASHES 2019. ACM, New York, NY, 75–83. DOI:https://doi.org/10.1145/3338508.3359576 Google ScholarDigital Library
Index Terms
- Challenging the Security of Logic Locking Schemes in the Era of Deep Learning: A Neuroevolutionary Approach
Recommendations
Robust and Attack Resilient Logic Locking with a High Application-Level Impact
Logic locking is a hardware security technique aimed at protecting intellectual property against security threats in the IC supply chain, especially those posed by untrusted fabrication facilities. Such techniques incorporate additional locking circuitry ...
A particle swarm optimization guided approximate key search attack on logic locking in the absence of scan access
DATE '20: Proceedings of the 23rd Conference on Design, Automation and Test in EuropeLogic locking is a well known Design-for-Security(DfS) technique for Intellectual Property (IP) protection of digital Integrated Circuits(IC). However, various attacks on logic locking can extract the secret obfuscation key successfully. Although Boolean ...
SR-SFLL: Structurally Robust Stripped Functionality Logic Locking
Computer Aided VerificationAbstractLogic locking was designed to be a formidable barrier to IP piracy: given a logic design, logic locking modifies the logic design such that the circuit operates correctly only if operated with the “correct” secret key. However, strong attacks (...
Comments