The quest for developing secure integrated circuit design obfuscation techniques.
Modern ICs are produced in a diversified global supply-chain, with multiple parties sometimes from different nations, that carry out design, verification, and fabrication. Therefore, the security and privacy discussions have been initiated in the IC domain over the past decade. The primary concerns are: 1) malicious modification of the design, 2) reverse-engineering by delayering and imaging the IC to the end goal of gaining critical information for exploitation, or the theft of intellectual property (IP), and 3) cloning, replicating or overproduction by the foundry.
Circuit obfuscation is among the primary design-stage methods for protecting against the above attacks. Logic encryption/locking and IC Camouflaging are two of the main circuit obfuscation techniques. Logic encryption or key-based obfuscation is based on corrupting the output of the circuit with additional key-inputs to render the circuit useless without a secret key. IC camouflaging is a layout level technique based on creating indistinguishable layout structures for creating obscurity. These techniques can potentially provide a layer of protection against most of the supply chain attacks. For instance, with logic encryption, targeted malicious modification of the design is hindered through the obscurity of the obfuscated circuit and the foundry cannot overproduce the design without the key. In addition, both IC camouflaging and logic encryption hamper IC reverse-engineering.
Almost all existing obfuscation schemes have questionable security. The main reason is because they do not resist algorithmic attacks that use input output pairs to resolve the obfuscation secret. Other attacks try to leak signle key bits to the output to resolve them, or search the structure of the obfuscated circuit to try and remove the modifications made to the circuit during the obfuscation phase.
our work revolves around developing 1) deobfsucation novel attacks/algorithms to understand the limits of the attacker 2) developing novel obfuscation schemes that can resist them.
Our most recent work in this direction is an Boolean Satisfiability (SAT) based attack that either deobfuscates completely or approximates with high accuracy state-of-art obfuscation schemes. Our paper on this attack won the best paper award at the Symposium on Hardware Oriented Security and Trust (HOST2017).
Our most recent obfuscation scheme is called "cyclic obfuscation". It is based on creating dummy cycles in the circuit that are difficult to remove for the attacker. Our paper on this scheme was published in the Great Lake Symposium on VLSI (GLSVLSI2017).
C/C++ code and EDA scripts for the above ideas will be released in Kaveh's personal bitbucket page.