Hardware Trust and Assurance through Reverse Engineering: A Survey and
  Outlook from Image Analysis and Machine Learning Perspectives by Botero, Ulbert J. et al.
1Hardware Trust and Assurance through Reverse Engineering:
A Survey and Outlook from Image Analysis and Machine Learning Perspectives
Ulbert J. Botero†, Ronald Wilson†, Hangwei Lu, Mir Tanjidur Rahman, Mukhil A. Mallaiyan,
Fatemeh Ganji∗, Navid Asadizanjani Member, IEEE, Mark M. Tehranipoor Fellow, IEEE,
Damon L. Woodard Senior Member, IEEE, and Domenic Forte Senior Member, IEEE
Abstract—In the context of hardware trust and assurance,
reverse engineering has been often considered as an illegal action.
Generally speaking, reverse engineering aims to retrieve infor-
mation from a product, i.e., integrated circuits (ICs) and printed
circuit boards (PCBs) in hardware security-related scenarios,
in the hope of understanding the functionality of the device
and determining its constituent components. Hence, it can raise
serious issues concerning Intellectual Property (IP) infringement,
the (in)effectiveness of security-related measures, and even new
opportunities for injecting hardware Trojans. Ironically, reverse
engineering can enable IP owners to verify and validate the
design. Nevertheless, this cannot be achieved without overcoming
numerous obstacles that limit successful outcomes of the reverse
engineering process. This paper surveys these challenges from
two complementary perspectives: image processing and machine
learning. These two fields of study form a firm basis for the
enhancement of efficiency and accuracy of reverse engineering
processes for both PCBs and ICs. In summary, therefore, this
paper presents a roadmap indicating clearly the actions to be
taken to fulfill hardware trust and assurance objectives. 1
Index Terms—Hardware Counterfeiting, Hardware Trojan,
Imaging, Image Processing, Integrated Circuits, Machine Learn-
ing, Printed Circuit Boards, Reverse Engineering, Trust and
Assurance.
I. INTRODUCTION
Outsourcing of integrated circuit (IC) and printed circuit
board (PCB) design, fabrication, packaging, and testing have
dramatically reduced the time and cost of product develop-
ment. In doing so, this has enabled the widespread availability
of microelectronics, which has indeed transformed modern
life. However, unintended consequences include malicious
design alteration (i.e., hardware Trojan insertion [2, 3]) and
the rise of the counterfeit electronics industry [4]. Reverse
engineering (RE) is widely applied for educational purposes
and for detecting Intellectual Property (IP) infringement, but
it can play an even more significant role in hardware trust and
assurance. RE of electronic chips and systems refers to the
process of retrieving an electronic design layout and/or netlist,
stored information (memory contents, firmware, software,
etc.), and functionality/specification through electrical testing
and/or physical inspection. Although RE is often considered in
a negative light (e.g., illegal cloning designs and/or disclosing
sensitive information to a competitor or adversary), it is the
* Corresponding author.
† These authors have contributed to the paper equally.
1Part of this work has appeared in Electronic Device Failure Analysis
(EDFA) magazine [1].
only foolproof way to detect malicious alteration and/or tam-
pering by semiconductor foundries, find vulnerabilities present
in commercial-off-the-shelf (COTS) chips and avoid them, and
replace obsolete (i.e., no longer manufactured) hardware.
As for attaining trust and assurance, existing techniques are
limited and/or ineffective. For example, run-time monitoring
techniques increase the resource requirements – power con-
sumption, memory utilization, and area overhead on ICs/PCBs
– due to on-chip/board sensors used to detect anomalous
activities. In test time methods, the challenge is to generate
test vectors that trigger stealthy, well-placed hardware Trojans
in billion-transistor chips. Similarly, in side-channel signal
analysis approaches, inescapable process variations and the
measurement noise undermine the probability of detecting
small Trojans [5]. As a result, the confidence level in de-
tecting Trojans using the aforementioned techniques is quite
low [6, 7, 8]. Hence, RE has been gaining more attention
in recent years and experiencing community-wide acceptance
as an effective approach, in particular, for hardware Trojan
detection [9, 10].
In the area of IC counterfeit detection and avoidance, the
current best practice requires the use of either classification
by subject matter experts (SME), procuring lifetime buys for
long-term system maintenance, or acquiring components from
untrusted distributors in a supply chain, which potentially
involves grey market distributors. Each of these options is
non-ideal. The large quantities of components that SME coun-
terfeit analysts are required to analyze and manually classify
makes this current practice very inefficient and costly. As
for life-of-type buys, it is impractical and almost impossible
to predict the lifetime of every component in a design, in
anticipation of obsolescence and failure. Overestimation of the
lifetime leads to procuring more components than necessary,
and consequently, the waste of resources. Underestimation of
the lifetime results in non-ideal situations, such as redesign
or procurement through grey market distributors necessitated
earlier than desired.
For PCBs, counterfeiting and Trojan insertion is a simi-
larly prevalent problem. While there are existing chip-level
integrity validation approaches, as mentioned above, they are
not readily adaptable to PCBs which is a cause for concern.
In response to this concern, a common method for preventing
and protecting against PCB counterfeiting is to take advantage
of intrinsic characteristics of PCBs making each and every
of them (quite) unique [11]. Additionally, [12] has explored
using unique patterns seen in images of surface vertical inter-
ar
X
iv
:2
00
2.
04
21
0v
1 
 [e
es
s.I
V]
  1
1 F
eb
 20
20
2connect access (via) as fingerprints of design to overcome the
problem of counterfeit PCB distribution. While both of these
approaches can help us to improve reliability and assurance of
a PCB after manufacturing, these techniques would still have
to face difficulties in detecting small Trojans, similar to that
seen in the October 2018 Bloomberg Businessweek article,
entitled ”The Big Hack” [2]. In October 2018, it was claimed
that unauthorized microchips were found in the products of a
manufacturer that provided Apple, Amazon, and even the US
government, with specialized servers [3]. As reported in [3],
security experts suspected that the assembly facility owned
by Supermicro might have implanted the chip, which could
serve as a backdoor for spying information exchanged over
networks equipped with the altered PCBs of servers. Such an
attack, i.e., adding an extra chip maliciously, severely affects
the confidentiality and integrity of a system. More importantly,
the survivability of this system is strongly influenced due to the
typically high degree of complication and obstacles involved
in revealing the existence of such threats and recovering
the system from them. This can further highlight the strong
demand for the verification of security of the physical systems.
According to the above discussion, today more than ever,
there is a significant need for fast and fully automated RE,
imposed by industries, and especially for security-critical
applications. The RE process comprises delayering, imaging,
annotation, and netlist extraction. The current state-of-the-art
practices are tedious, challenging, and expensive. They usually
require a suite of cleanroom and microscopy equipment, very
long imaging times, and manual or semi-automated post-
processing steps for converting images to netlists. Despite
this, recent advancements in failure analysis tools and de-
layering processes are opening up new dimensions in RE.
As an example, plasma etching has achieved better control
over ion-energy distribution, thereby improving selective and
automation in delayering [13]. Furthermore, the introduction
of non-destructive X-ray computed tomography (X-Ray CT)
and ptychography in recent years can eliminate the process of
delayering, and hence, can speed up the imaging time for the
upper metal layers of an IC and an entire PCB. New scanning
electronic microscopes (SEMs), such as multi-beam systems,
have also been introduced to significantly speed up imaging of
nanoscale samples. Nevertheless, they are not widely available
and are still several times more expensive than standard SEMs.
In addition, since such tools could yield petabytes of data in
only a day, the research on automated and intelligent image
analysis algorithms is an urgent need to reduce the time and
cost of RE.
In this paper, we systematically study the current challenges
that automated RE faces in order to be useful for providing
trust and assurance. Existing surveys on RE focus on different
aspects, e.g., Keshavarz et al. have presented examples of
image-based RE applications and discussed hardware attacks
in detail [14], while Fyrbiak et al. have summarized the pro-
cess of accessing gate-level netlist from three system models
and discussed the evaluation strategies [15]. Compared to
our work, they have explored neither the challenges during
a typical RE process from imaging perspective nor considered
the possibility of applying machine learning approaches in
this context. Our paper further describes a typical workflow
of RE, and then investigates the possibilities and limitations
of processes incorporated in such a workflow from the RE
perspective. More precisely, we explain inherent differences
between natural images, which virtually all the well-developed
image processing algorithms are designed for, and images
taken to conduct RE on a hardware device. To this end, we give
an exhaustive overview on numerous obstacles to the applica-
tion of common methods originating in image processing and
machine learning. In particular, we place emphasis on the need
to incorporate domain knowledge to overcome them. Several
examples of such issues are given and reviewed in detail. In
summary, this paper aims at providing an outlook on how to
improve RE so that it can better handle tasks of detection and
avoidance in the context of hardware trust and assurance.
A brief overview and the organization of the paper: Beyond
providing a taxonomy of approaches proposed to address trust
and assurance issues, Section 2 describes how automated RE
can enable us to solve those problems more effectively. Sec-
tion 3 discusses the challenges involved in adopting existing
image processing algorithms and the limitation of RE from
an imaging perspective (see the imaging block in Figure 1).
This section is complemented by a discussion from a machine
learning and image analysis point of view along with a brief
discussion on the application of deep learning in RE, in Sec-
tion 4 and illustrated in the machine learning block in Figure
1. Section 4 further demonstrates how various applications of
RE, such as counterfeit and Trojan detection, can leverage the
information retrieved through feature extraction and feature
analysis. Afterward, Section 5 expands on the development of
counter RE methods. As this paper aims at pointing to a new
outlook, Section 6 is devoted to future research directions.
Finally, we conclude the paper with remarks on the issues
addressed in the paper.
II. APPLICATIONS OF RE FOR TRUST AND ASSURANCE
Semiconductor technology has become an integral part of
our everyday life, as ICs and embedded systems have been
becoming ubiquitous. The spectrum of the applications of
these devices and systems covers various areas including, but
not limited to, household appliances, critical infrastructures
(i.e., commercial facilities sector, government facilities, energy
sector, etc.), and military systems. Regardless of these appli-
cations, their trustworthiness and reliability must be assured.
This section aims to explain how automated RE can address
this concern by providing an added degree of precision for
the analysis and evaluation, applied at different development
stages in electronics industries. We further elaborate on the
applications of (automated) RE, namely Trojan detection, and
obsolescence replacement.
A. Trojan Detection and Counterfeit Avoidance
Counterfeit and tampered electronics pose serious threats
to hardware-based trust and assurance. In particular, cloned
chips and hardware Trojans can violate security requirements
of root-of-trust, thereby reducing confidentiality, integrity,
3Fig. 1: Our systematic overview of an RE process, which can be performed on ICs and PCBs, its challenges and possibilities.
(a) A typical workflow of RE encompassing various stages. Two main blocks of such a workflow are: Image Analysis (see
Section III) and Machine Learning (see Section IV). Moreover, we discuss how the outputs of the machine learning-related
block can enable us to provide hardware-based trust and assurance, as an application of RE (for a general view, see Section
II). Inherent challenges facing us in both cases of ICs and PCBs are further discussed in Section III- IV. (b) RE workflow for
IC: (b1) Deprocessing of the IC [16], (b2) Example of noise removal in the active region using different imaging parameters,
(b3) Segmentation and extraction of polysilicon structures and vias in an IC [17, 18], (b4) Netlist of extracted logic cells. (c)
RE workflow for PCB: (c1) Image depicting a multi-layered PCB [19]. Depending on the number of the layers in a PCB,
different types of RE techniques should be considered. Irrespective of this, these challenges are inevitable: (c2) Example for
misaligned layer and reconstructed image, (c3) Segmentation and extraction of vias for X-rayed PCB and labelled components
on the surface of an optically imaged PCB, (c4) Segmented layout of PCB layers with connected and not-connected vias [20].
4Fig. 2: Taxonomy of approaches for addressing trust and
assurance issues through RE.
and availability. For ICs, cloning is the process of copying
and unauthorized production of a design without having a
legal IP rights. Moreover, any malicious modification of the
structure, functionality or parameters of the chip that causes
the device to operate outside of its specification can be
identified as a hardware Trojan. Furthermore, the root-of-trust
can be compromised at the system level. PCBs give another
opportunity for an attacker to tamper, clone, counterfeit, and
insert a hardware Trojan. In fact, since PCBs lie at the heart
of an electronic system and integrate several components to
achieve the desired functionality, it is increasingly important
to guarantee a high level of trust and reliability at such an
integration stage. The aforementioned incident allegedly at
Supermicro serves as an example (see Section I). Advances
in the RE automation process can enable us to shorten the
time to identify these type of threats at multiple levels of an
electronic system [20, 21].
The importance of applying RE for addressing trust and
assurance-related issues are twofold, namely detection and
avoidance (see Figure 2). When it comes to avoidance, we
are interested in approaches that can prevent counterfeit parts
from entering the supply chain. For this purpose, it is crucial to
develop relatively less costly and time-consuming counterfeit
detection methods [22]. Therefore, due to this close connection
between avoidance and detection, in this paper, our primary
focus of interest is detection methods. In the detection process,
the incoming electronic components undergo a physical or
electrical inspection process to examine authenticity. As RE
is an interior, physical-inspection-based approach, to decide
whether a chip/system is cloned or to detect a Trojan, one
should rely on the availability of golden data. Golden data can
be images from a known authentic chip or PCB, bill of mate-
rials (BoM), schematic, layout, or device, whose functionality,
structural and electrical parametric signatures are available for
comparison.
(a)
(b)
Fig. 3: (a) Layout of smart card chip (b) SEM image of
the corresponding area. (Circled areas shows the effect of a
modification or insertion of the logic cell.)[23]
For example, a layout2 is determined as golden if the IP
holder and System-on-Chip (SoC) designer/PCB manufacturer
are authorized and trusted3 [23]. A golden layout or design
can provide a benchmark for assessing the functionality of
the chip or analyzing its physical structure. The designer’s
layout (see Figure 3(a)) can be compared to the SEM image
taken from the respective manufactured design (see Figure
3(b)), to determine possible Trojan insertions. However, it does
not provide any reference for side-channel parametric profiles,
e.g., power, path timing, electromagnetic signature, photonic
emission, etc., which can only be characterized by using a
fabricated chip or board. Additionally, a device is considered
golden, when either it is fabricated from a golden layout in a
trusted facility or its functionally and physical characteristics
are verified through full-blown RE [8]. The primary concern
regarding fabricating a golden sample in a trusted facility is
a prohibitively costly process. Besides, the parametric profile
of the golden device is different from the same parametric
profile of devices produced in another facility for the same
technology node, even within the same fabrication facility.
Nevertheless, common test methodologies may not always
be helpful for detecting Trojans [24]. In this context, an RE
approach can also be employed to detect extra insertions
and deletions [25, 26]. Note that although IC camouflaging4,
especially dummy contact-based IC camouflaging, can impair
the effectiveness of malicious RE of ICs, the designer can
greatly benefit from an automated RE along with a golden
2After performing the translation of a specification into a behavioral
description (typically in a hardware design language (HDL)), this description
is synthesized to generate a design implementation of logic gates, i.e.,
netlist. This netlist is used to produce a layout (GDSII file) by conducting
placement/routing. To fabricate ICs, this GDSII is sent to a foundry by the
design house.
3A trusted party is defined as one committed to ensuring a proper IC
design/fabrication flow (i.e., does not insert Trojans, protects IP confidentiality,
etc.). An untrusted party cannot ensure such a proper flow or performs
malicious activities intentionally.
4A technique that can be employed to mask the circuit functionality by
synthesizing circuits with logic cells, which look similar, but can have different
functionalities.
5chip or layout to deal with such cases. Yet the challenges
with RE-based approaches are the SME involvement and the
execution time (see Section II-B).
For PCBs, due to the minute details involved in the Trojan
insertion process, the availability of golden data to facilitate
full-blown PCB RE is even more pressing. The modern nature
of PCB designs, being multi-layered, provides a variety of
Trojan insertion possibilities that are nearly impossible to
prevent without full-blown RE. Specifically, an attacker can
take advantage of unused pins, multiple layers, and hidden
vias in the design to alter connections throughout the inter-
nal layers/ hidden vias, as well as the properties of these
connections. Altering traces in the internal layers can make
no structural difference, but produces undesired functionality
under certain conditions. Such alterations include modifying
the mutual coupling capacitance, characteristic impedance
and loop inductance [27] as well as adding ultra-low areas,
and power components in the internal layers. Moreover, the
chances of detecting these modifications via exhaustive testing
is low since malicious functions are barely triggered during in-
circuit and boundary-scan-based functional tests. With a full-
blown RE, the design dimensions going down to the trace
widths and spacing can be extracted and compared for tamper
detection and to give the IP holder an available golden sample.
If the attacker alters the design structure, by comparing the
designed and extracted netlists, the detection can be less
challenging, and the full-blown RE can be more effective (for
more details see Section II-B).
In general, the detection techniques have progressed at a
fast pace, due in part to advancements in artificial intelli-
gence, and in particular, machine learning. Techniques origi-
nating from machine learning have been widely employed in
hardware security. For instance, machine learning algorithms
have been applied for Trojan and IC counterfeit detection;
for a comprehensive survey, see [28]. Nevertheless, when it
comes to approaches leveraging the strengths and capabilities
of both reverse engineering and machine learning methods,
e.g., [29, 30], less effort has been made to develop such
approaches. Only recently, as a result of the advancements
in image analysis incorporated with the developments of
techniques relying on SEM, X-Ray CT, and optical imaging,
more reliable, faster and automated hardware Trojans detection
methods have been developed, being also useful for detecting
cloned chips/systems. Such a process generally involves sev-
eral steps, namely image pre-processing, feature extraction,
and classification.
Image pre-processing influences the accuracy of perceptual
feature extraction through noise reduction, edge enhancement,
segmentation, etc. As the name implies, feature extraction
deals with extracting salient features from the images of in
the electronic component, acquired by using the SEM/X-
ray CT/optical microscope. Those features are represented
as inputs for machine learning algorithms, e.g., neural net-
work, support vector machine (SVM) or clustering approaches,
which can determine modifications in the function or the
structure in the system. However, to benefit from advances in
machine learning, relatively large sets of data are necessary
to train machine learning algorithms. Especially for deep
learning methods, a vast number of data samples are required
to achieve an acceptable level of performance.Nonetheless, ad-
vanced methods, e.g., Trojan Scanner [23], can direct trust and
assurance-related studies towards partial RE-based hardware
Trojan detection methods.
In the presence of data derived from a golden sample,
different methodologies, e.g., the structural test comparison
between a suspected sample and the golden sample/layout,
can be deployed to identify cloned devices [22]. Over the
years, to address the availability of neither a golden chip/layout
nor a sufficiently large training dataset when dealing with
protecting chips/systems, different avoidance methodologies
like the secure split-test, physically unclonable functions, and
lightweight on-chip sensors have been proposed for countefeit
detection and avoidance[22]. In line with this, the fast and au-
tomated RE can enable us to establish a secured supply chain
comprised of a trusted manufacturing facility and distribution
for the security-critical applications. Such improvement offers
effective measures for the avoidance of cloned or Trojan-
infected chips.
B. Obsolescence
In addition to Trojan detection and counterfeit avoidance,
an RE-based method also provides trust and assurance for the
obsolete or near-term life technologies and components. These
technologies, usually referred to as legacy electronics/systems,
are prominent in many critical systems. Typically the produc-
tion cycle for electronics is under pressure from the fast-paced
consumer electronics industry, where the next generation of
devices with improved properties is expected and adopted in
the course of the following calendar year. Yet, the opposite
is the case in military and government electronic systems that
go through longer development cycles and deployment. These
systems are designed to be in operation for decades [31].
However, since these systems are deployed for increasingly
longer periods, the cost of maintenance begins to increase due
to needed parts becoming obsolete. The long life span of these
components and systems opens up new possibilities for mali-
cious activities including security concerns and vulnerabilities.
Most notably, diminishing manufacturing sources for obso-
lete components can force original equipment manufacturers
(OEMs) to purchase from untrustworthy distributors. This has
been identified as a known source for recycled, remarked or
counterfeit components/systems and consequently, a pressing
concern for governments, as reported by, e.g., the United States
Senate [32].
Although a full system redesign is an option to address
this concern, it is impractical due to the associated costs and
manpower [31]. In particular, if previous design information
that would be used for the redesign is no longer available or
scarce, performing RE to acquire the needed design informa-
tion can result in destroying the only available samples. This
is often the case in legacy systems, where previous designs
are lost over time through company migrations/transitions or
components are obsolete and discontinued. These concerns are
present for both of the IC and PCB levels, but can be addressed
thanks to advances in image analysis and machine learning.
61) IC Level Upgrades: As an interdisciplinary field in-
cluding several key components from image analysis and
machine learning fields of study, automated RE enables us
to replace obsolete technologies and provide additional trust
and assurance in hardware security. With respect to the ability
of automated RE to segment, identify, and interpret different
properties of IC layouts, it is possible to not only deconstruct
the netlist of a device, but also reconstruct it. By identifying
various components on a layout and comparing them with the
standard cells, the functionality and netlist of an IC can be
deconstructed. Afterward, this information can be used either
to analyze possible faults in the layout or for reproduction, if
the reverse-engineered device is obsolete and no longer in dis-
tribution. Furthermore, once the functionality is deduced and
the netlist is reconstructed, any desired upgrades (additional
logic, security primitives, etc.) can be added to the design and
the new upgraded design and layout are ready for fabrication
[33].
2) PCB Level Upgrades: The above-mentioned advances
enable us to offer the maintenance or replace obsolete or
rare PCBs as well. In a similar fashion to ICs, automated
RE can be used on PCBs to identify key components, traces,
vias, and layers to reconstruct the design and netlist [34].
Coupling these techniques with advances in non-destructive
RE via X-Ray CT [20] leads to an all-encompassing process
that completely removes the traditionally needed SME. This
is especially useful for PCBs, whose design information has
been mishandled or with scarce supply. This can be explained
by the fact that traditional RE may result in the destruction of
samples undergoing the process [35]. Providing a substantial
cost and efficiency savings achieved through this gathered
design information, it is now possible to perform design-to-
manufactured product validation, product-to-product compar-
ison, and the ability to upgrade past designs. All of these
provide an added level of trust and assurance to the systems
that require the utmost attention to security.
III. INHERENT CHALLENGES ASSOCIATED WITH IMAGING
ELECTRONIC COMPONENTS AND SYSTEMS
In the context of natural scenes, image processing plays the
role of enhancing the image to the point of being discernible
and pleasing to the viewer. The fine-tuning of different pa-
rameters of the image such as the contrast and intensity is
considered as an art rather than an application of a set of
predefined algorithms. However, with the advent of machine
learning and the higher likelihood of the image being delivered
to a computer than a human, the adjustment of the imaging
parameters must be performed regarding the application for a
particular domain and nature of the problem being addressed.
For instance, a camera placed on an assembly line in a manu-
facturing facility might only require to examine the presence
of an object rather than its color or shape. Modifying the image
to be visually pleasing is neither required nor recommended in
this case. As indicated in this example, optimizing images for a
certain purpose requires in-depth knowledge of the domain and
application, posing a significant challenge to the application of
image processing in electronics, e.g., images taken from ICs
or PCBs.
Fig. 4: Difficulties with the handling of IC images: (a) an SEM
image of a logic cell showing the size of features in pixels, (b)
the software-based structure of the cell shown in (a), and (c)
an example illustrating the ambiguity in the feature resolution
in the presence of the noise
Along with the extensive application of image processing in
natural scene-related scenarios, the factors affecting the quality
of images such as motion blur, sensor noise, and uneven light-
ing are well known and studied. This in-depth understanding
enables the development of image processing algorithms that
can suppress the effect of noise sources, as mentioned above,
and produce high quality images. However, this does not hold
true for imaging modalities used for acquiring images of ICs
and/or PCBs.
Moreover, in typical natural scene images, the amount of
information extracted is rarely dependent on the value of a
few pixels, but on the entire image or a large section of the
image. This results in an increase in the reliability of feature
extraction algorithms. On the other hand, by increasing the
level of integration that puts together a higher number of
transistors into a limited space, the size of the features in an
IC image usually expands to only a few pixels (see Figure 4
(a, b)). Hence, depending on the intensity of noise affecting
such features, there are situations, where a structure containing
a few pixels cannot be categorized into a feature or a noise
artifact (see Figure 4 (c)). In the context of hardware assurance,
the ambiguity in this matter may lead to a Trojan detection
error. As an example of such a malicious modification, con-
sider a Trojan implemented to cause malfunction of the cell by
adding transistors [25]. This modification indeed has an impact
on the shape of the cell. Similarly, PCB images used for RE are
subject to this challenge, albeit in a different way, due to the
7different modalities the images are taken from. For instance,
optical imaging can easily fail to detect an extra component
acting as a Trojan, when the color of the motherboard and
the components on it are both black. Furthermore, the via
detection through X-Ray CT imaging may not be helpful when
vias are blurred by the presence of high impedance materials
that attenuate X-rays.
In summary, schematics extracted from images with
such uncertainty can alter the functionality of the reverse-
engineered device or system. As the goal of most RE ap-
plications is either the accurate reconstruction of the target
device/system or the detection of anomalies, the presence of
such limitations would be counterproductive and reduce the
effectiveness of RE.
Although one may make certain modifications to the
RE workflow (see Figure 1(a)) on the basis of the end
goal/purpose, depending on whether ICs or PCBs are con-
sidered, the core processes involved remains the same. Each
block in this workflow will be discussed in detail in the coming
sections.
A. Problems Associated with Handling IC Images
In the early days of RE, image acquisition was done using
an optical microscope with individual images stitched together
to form a holistic view of the entire IC [19]. With the scale of
integration available during that time period, the resolution of
an optical microscope was sufficient to determine the features
and extract the structure and logical elements of the IC. Even
though this had been a tedious and time consuming process,
it was still been possible to perform IC RE in a realistic
time frame. However, for today’s ICs using technology nodes
around 10nm, this is no longer possible. Nowadays, the RE
relies solely on electron microscopy to acquire high quality
images of the ICs, where the most commonly used equipment
is the Scanning Electron Microscope (SEM). Other imaging
modalities such as Confocal Electron Microscopy (CEM) can
also be used to capture images of the IC. Excluding studies
presented in [38] and [39], where CEM is utilized, other
methods found in the literature apply destructive approaches
to take images from different layers of the IC. Although the
existence of electron microscopy imaging techniques enable
the acquisition of high-resolution images of the IC, they do
have certain inherent drawbacks which are listed below.
• Manufacturing process variations: The intensity of each
pixel in the image depends on the material and its
thickness [38]. Due to the high accuracy of the imag-
ing modality, any small variation in the manufacturing
process would cause changes in the acquired image. The
degree of influence of this factor on the RE process
depends on the precision/tolerance of the manufacturing
process and the resolution of the imaging modality.
• Topography of the material: Areas with high roughness
or edges between materials in the IC have larger escape
areas for the secondary electrons [40]. Hence, the inten-
sities of the image might not be accurate.
• Diffusion: In the case of non-metal materials, the atoms
diffuse laterally in the material causing the edges between
the materials in the same layer to blur and fade out [41].
• Atmospheric exposure: During the deprocessing of the
IC, the die is exposed to air, which may cause oxidation
in the metallic interconnects present in the IC.
• Electromigration: If the IC has been used, there are
chances of having electromigration and changes in the
physical structure of the materials [42]. This type of
defect is usually found in metal interconnects, through
which high density currents flow.
• Conductivity: Insulating materials may charge positively
and suppress the secondary electrons [40]. If the material
is considerably thin, it may also let the electrons pass
through and the sensors cannot detect them [43]. This
leads to localized pockets of bright and dark regions in
the image.
Taking the above points into account, the degree of con-
tribution of these noise sources to the quality of the image
cannot be always adequately assessed. Moreover, the above
list of the noise sources may not also be comprehensive. This
lack of understanding is one of the major challenges that one
has to face, when image analysis comes into play to solve RE
tasks.
In addition to the inherent limitations associated with imag-
ing an IC, several challenges are introduced by the RE process.
One such challenge is the iterative physical deprocessing. A
typical IC, nowadays, consists of several layers of materials
put on top of each other. These layers (see Figure 5) play their
own unique role in making the IC functional. These layers
have to be imaged in their entirety to perform an effective RE.
As discussed earlier, the imaging process can be destructive,
in which layers of pre-defined thickness – typically chosen by
an experienced operator – are removed in an iterative manner.
This continues until a clear view of the target layer is made
visible. In the RE-related terminology, this step of the sample
preparation is called physical deprocessing (see Figure 1(a)).
Deprocessing can be carried out from either the backside or
the frontside5 of the IC (see Figure 6). Irrespective of that, the
basic processes involved in both of those cases are mostly the
same: first, the protective casing around the IC is removed.
This process is commonly referred to as de-potting or de-
packaging [19]. There are several approaches to accomplish
this task ranging from chemical to physical abrasions and
followed by mechanical polishing of the IC die. The first
source of the error is introduced at this point. As the ratio
of the surface area to the cross-section of the IC wafer is
extremely small, the wafer has the tendency to warp with a
small curvature (see Figure 7) [16]. This tendency sometimes
results in uneven polishing and skew in the images acquired
with a low level of zoom.
Secondly, layers with predefined thickness are removed
incrementally from the IC wafer, and the thickness is usually
determined by the operator. When the effect of uneven polish-
ing is accumulated, the delayering process can also be uneven
across the surface of the IC. In some cases, structures from the
contact layer (CO) of an IC would show up in images acquired
5Backside denotes the bottommost layer of an IC, which is populated
by active devices such as transistors. By the term “Frontside”, we mean
the topmost layer of an IC including passivation, metal pads, and global
interconnects.
8Fig. 5: The sequence of the layers in an IC along with their cross-sectional view [36, 37]
Fig. 6: Deprocessing workflow for an IC (highlighted in grey)
at the doping layer (DO), and so on. Depending on the degree
of inevitable undesired blending between the different layers,
it may be difficult to separate the features from the constituent
layers, especially with the errors accumulating over time. In
addition, the method used for removing layers of the IC may
leave residue on the imaging surface, thereby reducing the
quality of the acquired image (see Figure 8) [41].
Finally, the holistic view of the IC is reconstructed by stitch-
ing individual images together. Due to the noise introduced at
the deprocessing stage, off-the-shelf algorithms for stitching
may produce erroneous results, even with considerable over-
lap between consecutive images. Acquiring images at higher
magnification levels can reduce the amount of work needed for
stitching, but in turn, may reduce the quality of the image (see
Figure 9). Last but not least, note that these are some common
issues and examples of the inherent challenges associated with
acquiring and handling images for IC RE.
B. Problems Associated with Handling PCB Images
The challenges and limitations associated with PCB RE
overlap significantly with those presented earlier in IC RE
scenarios. The main difference being that PCB RE focuses
on two major themes: external and internal RE. External
PCB RE deals with the information that one can observe
at both surfaces, the top and bottom layer of a PCB. This
information typically consists of the components of a design
9Fig. 7: Warping on the IC wafer after deprocessing [16]
Fig. 8: Errors associated with IC deprocessing (red square).
Example of uneven delayering (top) and residue leftover
(bottom) after deprocessing.
(passive elements, active elements, ICs, processors, etc.), their
connections, silkscreen markings, and a variety of ports [36].
External RE would usually suffice if the PCB has only two
layers, but this is often not the case. More common, however,
are PCBs manufactured with multiple layers, where the ma-
jority of them are internal to the board and have structural
and connectivity information not visible externally. In these
cases, internal RE is necessary [36]. The main challenges for
each PCB RE modality can be broadly categorized into how
to handle the noise associated with the imaging modality used
for data acquisition, and determining the desired features to
be extracted.
The imaging modality used for data acquisition in external
PCB RE is typically an optical microscope or a digital camera.
Both are used to take images of a PCB at varying resolutions
to enable the detection, classification, and analysis of the
design information. Specifically, external RE uses these images
to identify the components, connections, silkscreen markings
and different types of ports (high speed serial/parallel, pro-
gram/debug, display) present on the topside and bottomside
of a PCB [19, 35]. Among all imaging modalities, the il-
lumination variance is the most prominent noise source. In
some cases, imaging an entire PCB board requires stitching,
which results in multiple regions of the entire board with
varying illuminance. This variation may cause differences in
Fig. 9: Stitching error from joining 4 individual images to
form a panoramic view
Fig. 10: Optically imaged PCB section highlighting illumi-
nance non-uniformity
the appearance of even the same sample, therefore, drastically
impacting the effectiveness of image analysis algorithms and
the inspection results.
Depending on the magnification of the microscope or cam-
era used for data acquisition, the image patches obtained
vary in size and the amount of information included in them.
While an increase in the magnification obtains more detailed
features for extraction, the illumination noise is also amplified
(see Figure 10) causing an information loss. For instance,
using low magnification results in a larger image view, but
we may lose small features (e.g., characters on resistor)
due to the reflection. This, of course, makes the detection
of Trojans, i.e., maliciously inserted/ replaced components,
more challenging. Although more features per image means
more details, more image patches should be stitched together
to complete the whole image and thus, regions with the
various illuminance are involved in the fully stitched sample.
Furthermore, when the image magnification increases to obtain
more details, some large components on a PCB are separated
into different patches, which may be affected by the stitching
error. Moreover, since many of the existing image analysis
algorithms for segmentation, detection, and classification are
heavily parameter-dependent or pixel intensity sensitive, a
holistic solution should minimize tuning of the respective
parameters to generalize well.
If the PCB under RE has only one to two layers, the
challenges encountered by the expert would be solely limited
to those discussed above. However, it is more likely that
modern PCBs are multilayered, where chips are connected to
each other on the top, bottom, and through internal layers.
Therefore, for multilayered PCBs, internal RE is required to
10
Fig. 11: Noise in X-Ray CT PCB:(red square on the right side)
Neighboring Layers Aliasing (green square on the bottom left
side) Blur Artifacts (yellow square on the top left side) High
Impedance Material Artifacts
complete the RE process. When discussing internal RE, there
are two predominant methods: destructive and non-destructive
RE. Traditionally, internal RE has been a destructive process
[35] similar to that of IC RE. The process involves delayering
(similar to IC deprocessing) and imaging of a PCB layer-by-
layer until a working physical sample no longer exists. The
imaging component of this process is typically done optically
by using a digital camera or a high-quality optical microscope,
but the destructive nature of the delayering process introduces
multiple potential sources of the noise that could impact the
quality of the image. Some examples include broken traces,
disconnected vias, or just poor quality images making feature
extraction much more difficult in the analysis stage of the
process. This is due to fact that the effectiveness of the RE
process is tied to the quality of the imaging, which is not
always excellent.
Fortunately, recent progress toward non-destructive RE via
X-Ray CT has pushed the current state-of-the-art RE methods
[44]. While non-destructive RE via X-Ray CT does reduce the
amount of physical damage to a PCB caused by the delayering
process, there are other challenges still to be faced, which
impact the quality of the RE. These noise sources generated
by the X-Ray process are outlined below.
• Blur artifacts: During the X-Ray CT process, the sample
is rotated inside the X-Ray chamber by 360°at a slight
tilt in both the X and Y direction to maximize the amount
of information received from the X-Ray particles passing
through the sample to the receiver in the chamber. This
tilt along with the rotation during the acquisition process
result in noise artifacts in the reconstructed 3D stack, in
the form of blurred image regions.
• High impedance materials: Typically, PCBs are manufac-
tured with the majority of their parts made of silicone-
based materials. However, if the PCB is populated with
components, soldering is used to ensure the connectivity
of the components throughout the entire board. This
solder acts as a high impedance material in the presence
of X-Ray particles, reducing the effectiveness of their
passing-through property. Therefore, it creates noise arti-
facts in a populated sample or a sample with components
being removed, but with remaining solder residue.
• Aliasing between neighboring layers: An X-Ray CT-
based PCB model is a 3D stack consisting of 2D image
slices. Each layer of a multi-layer PCB consists of the
trace and via information that may be different from those
being close to that layer. Depending on the alignment of
the board in the X-ray chamber, the resolution, and the X-
Ray parameters chosen, there may be slices at the fringes
of neighboring layers, where the information of the layers
overlaps, similar to aliasing in signal processing.
• Beam hardening: As an X-Ray beam passes through an
object, the mean energy of the beam increases, as the low
energy photons are attenuated [45]. Therefore, the lower
energy part of the X-ray beam is removed from its energy
spectrum and the beam is considered to become “harder”.
Due to this X-ray beam hardening, streaks or dark bands
appear at the center of the object, compared to the edge of
the object in the X-ray image. For this purpose, pre/post-
filtering the X-Ray beam by using metallic materials,
e.g., aluminum and copper, is applied to eliminate the
low energy photons in the beam and maintain a uniform
average energy during the X-ray imaging.
• Ring artifact: In general miscalibrated or defective de-
tectors and elements create a bright or dark ring close
to the isocenter of the scan. This can often be fixed by
recalibrating the detector.
The blur caused by the X-Ray is seen as the streaks in
the image (see the green square on the bottom left side of
Figure 11). The bright circular regions are where the solder
has impacted the X-Ray process, distorting the via features
slightly as illustrated in the yellow part on the top left side of
the figure. The areas, where the trace information intersecting
each other, show aliasing that occurs between the neighboring
layers (see the red square on the right side of Figure 11). While
these are the main sources of the noise seen during the X-Ray
process conducted on a PCB, their effects are compounded,
when taking the reconstruction process for X-Ray CT into
account. In particular, at each slice of the reconstructed PCB,
crafted by using X-Ray CT, the noise sources have a varying
degree of impact since they represent the varying depths of the
board and the depth of the X-Ray particles passing through the
samples. Therefore, it is necessary for image analysis-related
solutions to not only account for the variance seen within a
single design, but also across multiple designs.
IV. ADDRESSING CHALLENGES ASSOCIATED WITH
MACHINE LEARNING AND IMAGE ANALYSIS FOR RE
In recent years, machine learning has been widely adopted
by a variety of industries and research fields. It also becomes
an indispensable tool at the level of integration in ICs and
11
Fig. 12: The impact of applying different excitation voltages:
the image acquired at 5 kV (left), which shows the surface-
level features for the doping layer, and the image acquired at
15 kV (right) showing the same features of the doping layer
along with the features of the contact/metal layers, present
below the surface.
PCBs. However, several factors can limit the application of
general machine learning in the field of RE, including image
quality, IC and PCB features, the fabrication technology,
unavailability of ground truth, and computational resource re-
quired for image analysis in the field of RE. These challenges
are discussed in detail in the following sections from the
perspective of both IC and PCB.
A. Challenges Associated with IC
High-quality images help to improve the reconstruction
accuracy and the overall image analysis results. There are
two ways to improve image quality: (1) by reducing the
noise using a learned noise model, and (2) by appropriately
tuning the imaging parameters. In SEM imaging, the following
parameters are commonly fine-tuned depending on the features
that need to be extracted:
• Excitation voltage: The excitation voltage of the electrons
controls the depth of penetration into the sample. A
higher excitation voltage can show structures that are
hidden below the visible surface (see Figure 12).
• Dwelling time: This refers to the time that the scanning
beam takes to measure the intensity value of a single pixel
in the image. A longer dwelling time would give a better
estimation of the true intensity of the value at the given
position (see Figure 13).
• Magnification: This refers to the size ratio between an
object and its scaled projection. A high level of magni-
fication enables us to take images of small features that
cannot be seen at a low magnification (see Figure 14).
• Resolution: This parameter refers to the number of pixels
in the image. Higher pixel count produces better images
(see Figure 15).
An image that is less affected by the noise can be acquired
by increasing the magnification, resolution, and dwelling time;
however, this requires significantly longer imaging times. The
time cost of taking images for a 130 nm IC is reported in
Table I [23]. It can be observed that full-blown RE for a single
layer, with high-quality image acquisition settings, takes over
30 days to complete.
Fig. 13: The impact of the dwelling time, when it is changed
from 3.2 µs/pixel (left) to 32 µs/pixel (right) [23].
Fig. 14: The impact of the magnification, when it is changed
to 500 µm (left) from 20 µm (right) [23].
Fig. 15: The impact of the resolution, when it is changed from
512 x 512 (left) to 2048 x 2048 (right) [23].
In the context of hardware assurance for ICs, machine
learning has been implemented in a variety of scenarios. SEM
imaging-based IC Trojan detection applications are explored
in [9, 22, 25, 26, 29, 46, 47, 48, 49], and they have also
demonstrated the efficiency of automated Trojan detection
with the use of machine learning concepts. In addition to
the correlation method used in [9, 25], Bao et al. use metal
layer features with Support Vector Machine (SVM) to detect
the structure difference between golden sample and Trojan
sample [29], while Shi et al. also employs SVM but with
the features from doping layer (see Figure 5) [26]. The
Trojan scanner proposed in [26] removes the requirement
of a golden SEM image by inserting in-chip training gates,
whose location information can be obtained from the layout
image. This method reduces the imaging variations between
training and test samples, which also provide the results
from different near-optimal imaging parameters. However, the
works discussed above do not explore the challenges from the
machine learning viewpoint or discuss the image analysis in
detail. In contrast to the typical demonstration of performance
measures, the underlying challenges with each step of the
machine learning paradigm (see Figure 1(a)) will be discussed
in detail in the following paragraphs.
The machine learning aspect of the RE workflow can be
executed in three mutually-dependent sequential steps (see
Figure 1(a)). First, the identification of device node technology
from images of the IC wafer, which are taken layer by layer,
is of great importance. Machine learning techniques can be
employed at this level to improve the quality and reliability of
the acquired images, which is commonly referred to as pre-
processing. The pre-processed image is then forwarded to the
12
TABLE I: Time table of SEM imaging for an IC with the
following characteristics: technology node: 130nm, and size:
1.5 mm x 1.5 mm [23]
Scanning Speed Field of ViewResolution 500um x 500um 20um x 20um
1 usec/pixel 512x512 9 sec 1 hr 33 min
1 usec/pixel 1024x1024 18 sec 3 hr 7 min
1 usec/pixel 2048x2048 54 sec 9 hr 22 min
10 usec/pixel 512x512 45 sec 7 hr 48 min
10 usec/pixel 1024x1024 3 min 18 sec 1 d 10 hr
10 usec/pixel 2048x2048 6 min 25 sec 5 d 12 hr
32 usec/pixel 512x512 1 min 30 sec 15 hr 0 sec
32 usec/pixel 1024x1024 6 min 30 sec 1 d 21 hr
32 usec/pixel 2048x2048 24 min 0 sec 11 d 1 hr
100 usec/pixel 512x512 4 min 48 sec 2 d 2 hr
100 usec/pixel 1024x1024 18 min 54 sec 8 d 4 hr
100 usec/pixel 2048x2048 1 hr 11 min 30 d 20 hr
feature extraction step where information from the images are
extracted for further image analysis.
As mentioned above, the first phase of the IC RE framework
involves acquiring images of the IC to recover the node
technology employed in its design, with the aim of obtaining
the heuristic model of the design rules used to manufacture
the IC. A standard IC consists of active, polysilicon, contact,
metal-1, and multiple upper via and metal layers (see Figure
5). The active layer (see Figure 16) consists of N and P
doping regions, with shapes that fit the constraints of man-
hattan geometry on a cartesian space. The polysilicon layer
(Figure 17) in conjunction with the contact and metal layers
(Figure 18) connect the electrical circuit. Because of different
functionalities of each layer, they are usually designed with
particular structural patterns. Therefore, it is intuitive to match
those detected patterns with a standard cell library, and further
extract the netlist.
In natural scene images, the additive noise model or at
least a fit-to-purpose, heuristic model of the noise statistics
can be derived, which aids in the selection of noise filtering
approaches. Common methods such as spatial and frequency
domain filtering [50, 51, 52, 53] can suppress noise. However,
the effectiveness of these methods depends on a prior knowl-
edge of the characteristics of the additive noise. For instance,
median filtering is effective against salt-and-pepper noise [54].
With imaging modalities such as SEM and CEM, the noise
models for images taken from ICs are more complicated and,
thus, a comprehensive understanding of the noise sources is
required to perform effective RE.
Feature extraction involves the segmentation, modeling and
analysis of structures in the silicon substrate, which requires
the layer-by-layer separation in sequence rather than at the
same time. When discussing feature extraction for IC RE,
features are mostly acquired from the active, contact and
metal layers. Some approaches to the segmentation of selected
features such as via, metal and polysilicon are discussed in
[17, 18, 55, 56].
The features can be extracted from the silicon substrate
based on the intensity difference caused by the respective
constituent materials. Among the three layers in an IC, active,
polysilicon, and metal layers, the polysilicon layer has the
Fig. 16: Example of an active region
Fig. 17: Example of a polysilicon layer: The image on the left
side contains polysilicon and contacts, whereas the one on the
right side contains polysilicon, contact and metal.
highest separation error due to the noise (see Figure 17).
This is because the structure of polysilicon layer is easily
affected by the lateral diffusion of pixel intensity along the
side of its structures. It further introduces the islands of pixels
in the structures that has pixel values corresponding to the
silicon substrate. More specifically, this noise may lead to
the discontinuity of the polysilicon structure or the fusion of
neighboring structures. On the other hand, the metal layer and
the contact layer are easier to be distinguished compared to the
active and polysilicon regions [41] (see Figures 17 and 18).
Hence, as can be understood, the degree of susceptibility of
certain materials used in the IC to noise are different. However,
when the image quality is low, the noise effect is observed
in all layers and affects the feature extraction. Additionally,
although each layer presents different intensities, they have
significant overlaps in between. It can be clearly concluded
that the off-the-shelf image segmentation algorithms that rely
entirely on the intensity pixel values cannot provide accurate
segmentation results. The importance of accuracy in segmenta-
tion is critical for a variety of RE application scenarios and can
be demonstrated by an example. Suppose that we are interested
to find an inserted Trojan cell having a specific aspect ratio.
The noise may add additional pixels on the boundary of the
Trojan cell, and consequently, changes this aspect ratio and
results in Trojan detection failure.
Fig. 18: Example of a metal layer: Typical metal layer (left)
and metal layer with lateral spread (right, the red square shows
a part of the spread)
13
Fig. 19: Another example of an active region
Different amounts of available information in each layer
of an IC also challenges the feature extraction. For instance,
in advanced technology nodes, the amount of information
contained in the polysilicon layer is negligible as this layer
mostly consists of straight lines with varying counts. Its coun-
terparts in older technology nodes consist of more complicated
two-dimensional shapes. This phenomenon has been partially
studied in [57], where two open-source academic standard cell
library datasets for 32nm and 90nm ICs have been considered.
The study found significant variation in the amount of the
information contained in each layer, which can be used in
machine learning-based classifications. If the amount and
nature of information contained in each layer can be quantified
for a wider range of technology nodes and manufacturers,
the settings required to acquire images for that specific layer
can be optimized so that a good compromise between image
quality and imaging time can be reached.
Feature analysis is the final step in the IC RE workflow
(see Figure 1(a)). After the extraction of features, layers are
grouped together to form a three-dimensional representation
of the IC. Some of these extracted features join together to
form the basic logic units of the IC, i.e., the standard cells.
The rest of the features are auxillary units such as capacitors
and memory. There are a large number of tools and approaches
that enable the extraction of these standard cells and the gate-
level netlist, see for instance [19, 58, 59, 60, 61, 62, 63].
The major limitation of these tools is the assumption made
on the availability of the standard cell libraries used in the
design process of the IC. However, the standard cell library is
considered highly confidential and is not available for public
use. This imposes a limitation on how these libraries can be
used to perform RE: only manufacturer and clients having
access to the standard libraries can leverage the information
included in them. In such cases, the RE of COTS devices
can only be achieved with the assistance of SME in a time-
consuming and tedious fashion.
In [57], an algorithm has been introduced that could extract
candidates from the standard cell library using the contact
layer constrained by the amount of data available. Another
approach using the doping layer has also been discussed
in [64]. The extracted standard cell library can be used to
generate the netlist of the IC. With a successful extraction
of the gate-level netlist, the information can be further fed
into a machine learning algorithm such as ones suggested in
[65, 66, 67, 68] to understand the purpose of the given circuit.
One of the major drawbacks associated with applying ma-
chine learning to RE is the lack of extracted features that can
be generalized to other ICs. For example, the contrast between
features in the active region of ICs within different technology
nodes (see Figures 16 and 19). Due to the confidential nature
of IC design and proprietary optimization techniques, the
features associated with the major layers in the IC are different.
This intrinsic characteristic of the features prevents us from
using information acquired through RE of one IC to another.
This is against one of the core principles of machine learning
that is, the generalization of a learned model, even within
the same domain. Hence, the application of machine learning
techniques in RE has to be limited to the IC under test or, at
best, ICs of the same technology node produced by the same
foundry.
B. Challenges Associated with PCB
Machine learning combined with image analysis have
proven invaluable for quality control and hardware assur-
ance in the PCB manufacturing industry, enabling automated
defect detection and visual inspection to a certain degree
[69, 70, 71, 72, 73, 74, 75, 76, 77, 78]. Several studies
have applied image subtraction to compare a golden, reference
image of a PCB design or schematic to a manufactured PCB,
whose quality needs to be tested [69, 70, 71, 73, 74]. Other
more complex approaches for defect detection in PCBs involve
modeling-based methods such as evaluating the roundness of
drilled vias [77], or using multi-marked point processes for
solder paste defect detection [75].
Similar to IC RE, challenges also exist in both imaging and
machine learning for PCB RE. The PCB RE can be categorized
as external PCB RE and the internal PCB RE, where the
optical imaging or X-Ray can be applied, respectively. In an
optical imaging scenario, a digital microscope or a digital
single-lens reflex camera can obtain high-quality images easily
due to the advance in CMOS technology. When using X-
Ray to acquire images, adjustable parameters can be taken
into account, which can affect the image quality, as discussed
below.
• Tube voltage: This parameter adjusts the peak energy
of the X-Ray beam (i.e., raises the average energy of
the photons). The choice of the tube voltage affects the
image contrast in the scanning process. An increase in
this voltage leads to a lower contrast in the images.
• Tube current-exposure time product: This refers to the
number of photons produced per unit time. Random, thin,
bright and dark streaks are considered as noise that may
appear in the images due to the low photon counts.
• Resolution: The resolution of the image is defined as the
pixel size selected during X-Ray image acquisition, where
the pixel size can be identified as the limiting factor for
spatial resolution.
• Filtration: Filters are used to reduce the beam hardening
effects in the X-Ray beam. As the low-energy photons do
not penetrate through the object, filtration improves the
quality of the beam.
The first phase of the machine learning for PCB deals with
identifying whether the PCB is imaged optically or via X-
Ray CT and whether external RE or internal RE should be
considered, respectively. Clearly, the pre-processing required
14
Fig. 20: An example of extracting the same color PCB
component from the PCB board.
Fig. 21: Optically imaged PCB segment highlighting compo-
nents: Capacitors (Red) and IC (Blue)
for each of these modalities is different as the noise sources
vary from one to another. For external RE, this step includes
generating the design’s BoM by extracting the components,
vias, traces, silkscreen annotations, etc. Internal PCB RE
mainly concerns with extracting the internal routings and
connections of traces and vias, with the main difference being
the noise involved. The final step for both external and internal
RE infers the purpose and functionality of the circuit, sub-
circuit, or system in the design.
When applying external RE, the desired features are the
components, text and logo markings, vias, traces, etc. From
an image analysis perspective, the extraction of such features
falls within the scope of object detection, classification, and
identification. Existing algorithms for achieving these goals
are well-developed in natural scene images [79, 80]. Nev-
ertheless, adapting these algorithms for external PCB RE-
related applications remains challenging. The components on
the surface of a PCB vary in size and color depending on
their functionality and packaging. This could challenge the
feature extraction process. First, the lighting conditions and
color of PCB surfaces may impact the extraction performance.
Traditional image analysis methods convert an RGB image to
another color map to address the lighting variance [81, 82];
however, this cannot prevent shadowing on PCB surface due to
the existence of tall components, which may result in an error
in color-based segmentation methods. Moreover, according to
the literature, the complications when the color of a PCB’s
surface is similar to the color of components has not been
Fig. 22: X-ray CT PCB: (a) Raw Image (b) Post Segmentation
addressed completely (see Figure 20 where the colors of the
surface of the PCB and components are all black). Besides,
in an optically imaged PCB, text markings, traces, and vias
are packed tightly compared to the objects in a natural scene
image. This increased image complexity challenges feature
localization, especially in a densely populated design. In ad-
dition, with the advances in technology, the size and shape of
components become smaller, and their placements/orientations
in the design are decided by the designer. Therefore, neither
specific rules nor the encoding that hold from one design to
another across even one generation can be defined.
While the above challenges should be faced, there is a
plethora of side information on the board itself that can be
leveraged to make the extraction task easier. The text marking
near a component on a board represents the type of compo-
nents (see Figure 21 where C2/C3/C29 are capacitors and U5
is an IC). Those markings can be used as ground truth, which
provide machine learning classifiers with either the labels or
additional features during classification. Although there are
substantial applications for these markings, extracting them is
particularly challenging. The Optical Character Recognition
(OCR) is the most widely used tool for text recognition [83],
but its performance is not stable in the case of PCB inspection.
The markings are etched or printed on PCB boards using a
variety of materials and colors, and they vary in orientation,
which degrades performance of the OCR engine [84]. This
stresses the importance of having a robust text recognition
system for external PCB RE application.
In addition to the above-mentioned markings, information
can be derived from the traces and vias on the board. The
extraction and localization of traces and vias are critical
because they determine the functionality and the performance
of the board, which allow the validation of the system’s
integrity. Existing research on detection of traces and vias has
mainly focused on finding defects and usually uses the bare
board to illustrate the problem [85, 86]; however, the proposed
approaches are not robust in practice, when traces and vias are
overlapping with components.
For internal PCB RE, the important design information are
the vias and traces on a board and the layers throughout the
board. The vias establish connectivity between the layers and
are consistent from one layer to another, except in a rare
15
Fig. 23: X-Ray CT trace and VIA detection using Hough
line/circle detectors
Fig. 24: Misaligned external PCB image
case of a blind/buried vias in a space constrained design.
These blind vias are unique only to their respective layers
as opposed to being at the same location throughout [34].
Traces provide the main discriminatory information for each
layer and determine the connectivity of the vias throughout
the board. As stated previously, the noise affects the X-Ray
image quality, which particularly impacts the feature extraction
stage, when the traces and vias in internal PCB RE can
be significantly altered due to the blur and high-z material
noise artifacts. For example, vias in the raw image can be
linked (see Figure 22 (a)) or their shape can be noticeably
distorted (see Figure 22 (b)). The distortion may degrade
performance of the feature localization and identification. Vias
and traces within a PCB are mainly circles and lines (see
Figure 23). The predominant class of algorithms for detecting
these geometries, line/circle detection using model fitting, is
quite sensitive to the parameters and pixel intensities. Thus, it
likely would require manual tuning from one sample to another
to minimize the number of missing or falsely detected objects.
This is neither practical nor ideal for automated PCB RE,
where it should be noise-tolerant, generalizable and scalable
for multiple technologies, and designs.
In addition to the challenges mentioned above, improper
alignment causes another difficulty that affects the feature
extraction in both external and internal PCB RE cases. Due to
the trade-off between details included in the features and the
size of the features in external PCB imaging, some components
cannot be captured completely in a single image, and thus
we require aligned (stitched) images to extract the features.
Although this matter has been dealt with by using the Charge-
Coupled Device (CCD) camera and SEM imaging [87, 88], the
Fig. 25: Misaligned Xilinx Spartan board X-Ray CT slice
lighting condition and the number of assembled components
can still lead to the stitching errors (see Figure 24) in external
PCB images. The same issue happens in the internal PCB
RE. The aliasing effect in the slices that make up the 3D
board sample (see Figure 11) is a byproduct of misalignment.
This leads eventually to having the layers containing various
amounts of feature information that may associate to a single
layer or an adjacent one. Additionally, misalignment can also
lead to another issue – missing information (see Figure 25
where red dashed regions show areas of missing information).
Therefore, it is important to not only be able to detect these
features at each slice during feature extraction, but also address
misalignment beforehand in order to localize and correspond
the features to their correct layer.
Similar to the feature analysis of IC, the extracted and
localized PCB features are also analyzed to generate a netlist
that can be further manufactured. This requires the translation
of the image features from the pixel domain to the geometrical
domain (see Figure 26). Once the BoM has been obtained
from the PCB board, a software is applied to interpret the
information by comparing that to a standard BoM for in-
spection, see, e.g., [89, 90]. Moreover, the systems such as
the work proposed in [91] can generate a schematic from a
netlist, enabling applications such as schematic verification,
anomaly detection, replacement/upgrades, etc. However, these
applications assume that the extracted features from PCB are
correct, which may lead to inspection failure if the error is
accumulated from earlier steps as mentioned in the previous
section. Accordingly, it is crucial to do in-depth research in
PCB feature extraction and analysis to obtain a more robust
PCB RE scheme.
C. Common Challenges Associated with RE
A complementary aspect to time complexity is the resource
complexity imposed by the images acquired at higher levels of
quality. As discussed before, for both PCB and IC RE, these
images indeed require more memory on a computer system to
store them. As an example, the space complexity associated
16
Fig. 26: Via and trace vectorized features
with acquiring images of the entire doping layer of a 45nm
node technology IC has been over 22 gigabytes [64]. For a
full-blown RE process conducted on ICs with present-day
technology nodes or a multi-layered PCB, several terabytes
of data should be stored. Besides, additional resources are
also necessary to process such images. This aspect has been
highlighted in [92]. Hence, the resource complexity can be
another limiting factor for an effective RE process.
Imaging involves human interaction from the initial step to
the final one. In addition to adjusting the imaging parameters
as mentioned above, optimizations are performed by the
operator, if such settings are provided by the microscope man-
ufacturer. These include, but are not limited to, contrast, focus,
doppler shift, aberration and a suite of other functions. Hence,
the bias caused by an operator is also a source of randomness
in the image acquisition phase of the RE framework.
Summary: Finally, to recap, the most prominent algorithms
used in RE at various stages of the workflow are given in Table
II. Although we discuss the challenges linked to application of
various methods in RE, similar to other studies on this matter,
a quantitative analysis on the performance of the algorithms
cannot be presented. This is a direct consequence of the lack
of a comprehensive benchmark dataset that can be used to
compare the algorithms. Such a database cannot be built easily
due to the complex undertaking involved in the preparation of
instances. This problem can be even more severe for deep
learning algorithms, as discussed in the following section.
D. Limitations of Deep Learning
Deep learning models are employed in the domain of
image analysis, where their applications range from noise
suppression, segmentation, and classification to image recon-
struction. Due to the relative simplicity of such approaches
along with the availability of a wide variety of supporting
tools and programming libraries, deep learning has become a
common approach to replace feature analysis. A deep learning
framework can be applied to approximate a mapping function
from an input to the respective output, provided that the model
has sufficient degrees of freedom to learn the representation.
The robustness of the model depends on the availability of a
fairly large number of diverse, high-quality images as inputs
and their corresponding accurate labels as ground truth. If
these conditions are not met, the model cannot be generalized
to unseen data. To the best of our knowledge, a dataset meeting
this condition is not available for ICs or PCBs. Moreover, fur-
ther attention should be given to the nature of the noise in the
images. In the presence of the noise, even if a few pixels are
affected, the model produces erroneous results [93, 94]. Hence,
the scope of application of deep learning in RE is currently
limited. With the lack of features being generalizable across
different technology nodes and manufacturers, to effectively
denoise, segment and extract models, it needs to (1) perform
imaging of a large number, typically thousands, of individual
ICs [95], and (2) give pixel level, accurate labels manually,
with the help of SMEs. This remains a major undertaking as
the amount of data and the required time scale up as shown
in Table I. Most studies done with deep learning in context
of RE and hardware assurance look for generalizable features
such as vias and metal connections [63, 92].
Deep learning for PCB RE is equally challenging. Although
for external PCB RE, it may seem apt to apply deep learning to
conduct object detection/classification, it can be easily broken.
Since deep learning models are usually heavily reliant on the
data, which they have been trained on, they can be confused
when encountering custom ICs developed in house or by a
third-party foundry, as opposed to those seen commercially.
Besides, the passive components have a variety of footprints
that often overlap, and consequently, a correct classification
cannot be achieved in a straightforward manner. Nevertheless,
deep learning has been adopted in studies on internal PCB
RE. As an example, Qiao et al. has suggested to use a Deep
Convolutional Neural Network (DCNN) with the graph cuts
to achieve segmentation in PCB CT images [96]. Although
the performance is improved, when compared to the state-of-
the-art methods, it leaves room for improvement in terms of
accuracy for full PCB RE. To apply deep learning in PCB
RE cases, the authors of [96] leverage transfer learning in
combination with image patches from the complete image to
address overfitting and other challenges caused due to the
limited size of the training database. Nonetheless, it is not
clear how well this technique generalizes to the vast variety
of board samples and whether training is required for every
new sample. Even if this issue can be resolved by adding other
board samples, this intensifies the labeling problem.
17
TA
B
L
E
II
:
Su
m
m
ar
y
of
th
e
m
et
ho
ds
ap
pl
ie
d
in
th
e
co
nt
ex
t
of
R
E
A
rt
ic
le
M
ai
n
C
on
tr
ib
ut
io
n
Sc
op
e
A
lg
or
ith
m
s
Fe
at
ur
es
U
se
d
M
et
ri
cs
E
va
lu
at
io
n
M
et
ho
d
Sh
or
tc
om
in
gs
fo
r
R
E
[5
3]
Se
gm
en
ta
tio
n
IC
E
dg
e
de
te
ct
io
n
M
et
al
la
ye
rs
N
A
V
is
ua
l
O
pt
ic
al
m
ic
ro
sc
op
e
im
ag
es
[1
8]
Se
gm
en
ta
tio
n
IC
K
-m
ea
ns
an
d
SV
M
C
on
ta
ct
an
d
M
et
al
la
ye
rs
F-
sc
or
e
G
ro
un
d
tr
ut
h
O
nl
y
ap
pl
ic
ab
le
to
vi
as
an
d
m
et
al
co
nn
ec
tio
ns
[1
7,
55
]
Se
gm
en
ta
tio
n
IC
K
-m
ea
ns
,F
uz
zy
C
-M
ea
ns
,S
V
M
Po
ly
si
lic
on
an
d
C
on
ta
ct
la
ye
rs
In
te
rs
ec
tio
n
ov
er
U
ni
on
(I
oU
),
pi
xe
l
ac
cu
ra
cy
G
ro
un
d
tr
ut
h
R
eq
ui
re
s
po
pu
la
tio
n
of
sh
ap
e
lib
ra
ry
[5
0,
51
,5
2]
Se
gm
en
ta
tio
n
IC
Sp
at
ia
l
an
d
fr
eq
ue
nc
y
do
m
ai
n
fil
te
ri
ng
C
on
ta
ct
an
d
M
et
al
la
ye
rs
N
A
V
is
ua
l
N
ai
ve
ap
pl
ic
at
io
ns
of
im
ag
e
pr
oc
es
si
ng
[9
2]
Se
gm
en
ta
tio
n
IC
D
C
N
N
C
on
ta
ct
an
d
M
et
al
la
ye
rs
Fa
ls
e
Po
si
tiv
e,
N
eg
at
iv
e
an
d
se
m
an
tic
er
ro
rs
G
ro
un
d
tr
ut
h
N
ee
ds
50
0,
00
0
la
be
lle
d
sa
m
pl
es
to
tr
ai
n
[6
4]
E
xt
ra
ct
io
n
of
St
an
da
rd
C
el
lL
ib
ra
ry
IC
N
or
m
al
iz
ed
cr
os
s-
co
rr
el
at
io
n
D
op
in
g
la
ye
r
N
A
G
ro
un
d
tr
ut
h
D
es
ig
ne
d
fo
r
pa
rt
ia
l
R
E
[5
7]
E
xt
ra
ct
io
n
of
St
an
da
rd
C
el
lL
ib
ra
ry
IC
R
ul
e
ba
se
d
C
on
ta
ct
la
ye
r
N
A
A
E
S
de
si
gn
s
w
ith
gr
ou
nd
tr
ut
h
O
ve
r/
U
nd
er
-s
eg
m
en
te
d
ce
lls
[6
0,
97
]
L
oc
al
iz
in
g
st
an
da
rd
ce
lls
IC
Te
m
pl
at
e
M
at
ch
in
g
C
on
du
ct
iv
e
la
ye
rs
N
A
N
A
U
se
s
ap
pr
ox
im
at
io
n
to
sp
ee
d
up
ce
ll
lo
ca
liz
at
io
n
[5
8,
59
]
N
et
lis
t
ge
ne
ra
tio
n
IC
Te
m
pl
at
e
M
at
ch
in
g
A
ll
la
ye
rs
N
A
N
A
R
eq
ui
re
s
st
an
da
rd
ce
ll
lib
ra
ry
[6
1]
N
et
lis
t
ge
ne
ra
tio
n
IC
X
G
B
oo
st
A
ll
la
ye
rs
w
ith
pi
xe
l
in
te
ns
ity
,g
ra
di
en
t
an
d
H
u
m
om
en
ts
N
A
G
ro
un
d
tr
ut
h
N
ee
ds
to
be
fin
e
tu
ne
d
fo
r
di
ff
er
en
t
IC
s
[6
6,
67
,6
8,
98
]
H
ig
h-
le
ve
l
de
sc
ri
pt
io
n
of
su
b-
ci
rc
ui
ts
IC
To
po
lo
gi
ca
l
an
al
ys
es
,f
uz
zy
st
ru
ct
ur
al
si
m
ila
ri
ty
N
et
lis
t
N
A
G
ro
un
d
tr
ut
h
U
se
s
si
m
ila
ri
ty
be
tw
ee
n
kn
ow
n
lib
ra
ri
es
of
fu
nc
tio
na
l
bl
oc
ks
to
ge
ne
ra
te
de
sc
ri
pt
io
n
[1
9,
99
,1
00
]
D
ev
el
op
m
en
t
of
to
ol
s
fo
r
R
E
IC
N
A
A
ll
la
ye
rs
N
A
N
A
A
ss
um
es
av
ai
la
bi
lit
y
of
so
m
e
in
fo
rm
at
io
n,
e.
g.
,t
he
st
an
da
rd
ce
ll
lib
ra
ry
[2
5,
26
]
IC
Tr
oj
an
de
te
ct
io
n
on
ac
tiv
e
la
ye
r
IC
R
ul
e
ba
se
d
Sh
ap
e
of
lo
gi
c
ce
lls
N
A
D
es
ig
ne
d
on
-c
hi
p
tr
ai
ni
ng
da
ta
Se
m
i-
de
st
ru
ct
iv
e,
ne
ed
m
an
ua
l
po
lis
hi
ng
[2
0]
N
on
-D
es
tr
uc
tiv
e
Im
ag
in
g
an
d
N
et
lis
t
E
xt
ra
ct
io
n
PC
B
X
-R
ay
C
T
Im
ag
in
g
an
d
Im
ag
e
Se
gm
en
ta
tio
n
X
-R
ay
C
T
Sl
ic
es
N
A
D
at
as
et
w
ith
D
e-
Po
pu
la
te
d
B
oa
rd
V
er
y
m
an
ua
l
an
d
pa
ra
m
et
er
de
pe
nd
en
t
im
ag
e
pr
oc
es
si
ng
[6
9,
70
,7
1,
73
,7
4,
85
,
86
]
PC
B
D
ef
ec
t
D
et
ec
tio
n
an
d
Q
ua
lit
y
C
on
tr
ol
PC
B
Im
ag
e
Su
bt
ra
ct
io
n[
69
,7
0,
71
,7
3,
74
,8
5]
an
d
D
ee
p
L
ea
rn
in
g[
86
]
PC
B
L
ay
er
Im
ag
es
Pr
ec
is
io
n
an
d
F-
Sc
or
e
G
ol
de
n
PC
B
L
ay
er
Im
ag
e
R
eq
ui
re
s
ba
re
bo
ar
d
go
ld
en
la
ye
r
im
ag
es
[8
4]
Te
xt
R
ec
og
ni
tio
n
on
PC
B
Su
rf
ac
e
PC
B
O
pt
ic
al
C
ha
ra
ct
er
R
ec
og
ni
tio
n,
B
in
ar
iz
at
io
n,
an
d
B
ac
kg
ro
un
d
E
st
im
at
io
n
B
oa
rd
su
rf
ac
e
im
ag
e
F-
Sc
or
e,
Pr
ec
is
io
n,
an
d
R
ec
al
l
C
om
pa
re
d
ag
ai
ns
t
fr
ee
ly
av
ai
la
bl
e
O
C
R
en
gi
ne
s
O
C
R
A
D
,
Te
ss
er
ac
t-
O
C
R
,C
un
ei
fo
rm
-l
in
ux
,
an
d
G
O
C
R
on
gr
ou
nd
tr
ut
h
Su
b-
op
tim
al
ac
cu
ra
cy
[9
6]
Tr
ac
e
se
gm
en
ta
tio
n
PC
B
D
C
N
N
an
d
G
ra
ph
C
ut
s-
ba
se
d
Se
m
an
tic
Se
gm
en
ta
tio
n
PC
B
C
T
Im
ag
es
Pi
xe
l
ac
cu
ra
cy
,I
oU
,
F1
-S
co
re
,P
re
ci
si
on
,
R
ec
al
l
50
PC
B
C
T
te
st
im
ag
es
D
ea
lin
g
w
ith
th
e
no
is
e,
re
lia
nc
e
on
tr
ai
ni
ng
da
ta
,a
nd
va
ri
an
ce
ac
ro
ss
de
si
gn
s/
im
ag
in
g.
18
V. COUNTER REVERSE ENGINEERING
The technical advancement in the field of RE has also led
to the development of counter RE methods. They are applied
to impair the effectiveness of the RE at all three levels of the
RE framework; however, here we introduce solely a couple
of them, being within the scope of our paper. Several tech-
niques that counter RE at the image acquisition phase rely on
obfuscation of key visual information or addition of unwanted
information to make RE more tedious [101, 102, 103]. For
instance, the method discussed in [104] relies on the insertion
of dummy logic cells on the unused silicon substrate in the
design of the IC. They are connected at a logic level, but do not
affect the functionality of the circuit. The work presented in
[26] achieves a similar goal, however, by inserting functional
logic cells. These methods successfully hide the boundary
between different standard cells making the extraction of gate-
level netlist difficult. At the same time, their method prevents
the insertion of hardware Trojans by utilizing all free space
in the IC die [26]. Although it may be possible to predict
the development trend of RE techniques, accounting for all of
them is rather difficult.
Similar to methods used in the anti-IC RE, anti-PCB RE
approaches are focused on making RE at the PCB level
prohibitively more expensive and time consuming than it
is worth. This is done in a variety of ways, with varying
complexities. The work presented in [34] focuses on the
design and implementation of few passive components, more
unmarked ICs, using custom silicon, and/or having cases of
missing silkscreens. These methods have low to moderate
overhead with regards to design cost and manufacturing im-
pact. However, they also only increase RE costs by a small
margin. Instead, by utilizing a multi-layer board, blind and
buried vias, and/or routing signals for the inner layers, the RE
costs can be significantly raised [36]. Additionally, obfuscation
can also be utilized for anti-RE of PCBs [105], similar to its
application for anti-RE at the IC level. Components referred
to as permutation blocks can be used to hide the interconnects
among the circuit components on PCBs.
Existing research on how to counter X-Ray-enabled RE fo-
cuses on inserting X-Ray detecting sensors and using specific
materials. X-Ray detecting sensors are devices embedded in
a PCB design, being sensitive to X-Rays and react once a
predetermined length of exposure to X-Rays has occurred.
Afterward, the sensors signal a destructive measure to take
place in the board to delay the RE process or simply act
as an indicator that RE has taken place. Furthermore, high
density materials with high X-Ray attenuation factors, such as
Zirconia powder, could be used throughout a board to reduce
the quality of the X-Ray images. Using this material in a
specific pattern throughout several layers can drastically affect
the X-Ray transmission through a PCB, resulting in a much
lower signal-to-noise ratio and low quality 3D reconstruction
of the PCB sample [44]. The combination of the anti-RE
techniques for external RE with these techniques for internal
RE could provide a holistic solution to protect the system from
RE.
VI. FUTURE RESEARCH DIRECTIONS
Up until this point, we’ve described the main building
blocks of a typical RE framework (see Figure 1(a)) put
together to meet the main requirements of an automated
approach. In fact, the end goal of the entire RE process is
to leverage the advantages offered by image analysis and
machine learning and eventually perform RE in an automated
manner. In addition to obvious benefits, namely the reduction
in manpower and costs, automated RE enables a variety
of applications, which can further exploit the information
provided by the RE. In this regard, the below topics are
possible directions for future research.
1) Enhanced Hardware Assurance: With automated RE
achieved at both of the IC and PCB levels, it can allow
for enhanced levels of assurance, when validating or
verifying a design. The detection of defects, design al-
terations, or IP infringement can be improved to a pixel-
level accuracy and performed more efficiently. However,
it is not known whether a substantial improvement over
the state-of-the-art techniques can be achieved through
these advancements. This needs to be explored in future
work in this area.
2) Qualitative Evaluation of Reverse Engineering: While
each block in the RE framework is necessary to achieve
a high level of automation, no method has been yet
developed in the literature that can evaluate the perfor-
mance of the RE process at each stage of the framework,
let alone the whole process. Defining metrics and criteria
for the quality assessment of RE can also provide
the ability to explore not only the trade-offs between
the quality at various stages, but also their impact on
the entire RE process. This can, of course, facilitate
possible improvements in the efficiency in terms of time,
complexity, and required computational resources.
3) Functional vs. Design Equivalence: Our earlier discus-
sion of image analysis- and machine learning-enabled
RE has focused on developing a method to reproduce
an IC or, similarly, a PCB as close to the original
one as possible. However, there are often scenarios,
where only a functionally-equivalent reproduction is
necessary rather than a precise design reproduction. As
an example, we can refer to an automated generation of
a new design built upon some arbitrary standard cells,
but with the same functionally as the original one with
the foundry-specific standard cells. For PCBs, this can
be even more straightforward: producing a PCB, whose
connectivity is maintained, but not its specifications, e.g.,
the trace/via width or distances. Future research should
not only focus on such cases, but also go beyond those
by considering a broader range of equivalence options,
instead of solely functional and design equivalence.
4) Reverse Engineering Optimization via Deep Learning:
In previous sections, the challenges towards applying
deep learning in RE-related studies have been discussed
19
(see Section IV-D). More precisely, due to the lack of
a sufficiently large amount of data as well as the varia-
tions in data collected across designs, the requirements
of effective deep learning models cannot be fulfilled.
However, after conducting an RE process, certain stages,
e.g., de-noising, via/trace feature extraction, etc., can
be optimized via deep learning. In this regard, we
can employ synthetic data generation and augmentation,
along with using previously extracted RE data as ground
truth. This can indeed help to make those stages more
time-efficient, when conventional deep neural networks
or convolutional neural networks are applied. As this has
not been thoroughly explored, the actual extent of such
improvement is not known.
5) Missing Data Reconstruction: Regardless of the modal-
ity, one has to deal with the noise in the collected
data. The impact of the noise can range from missing
regions of the information in a de-processed IC to
missing artifacts on a PCB after performing the X-
Ray CT. If RE can be automated, it is reasonable to
acquire a large amount of data to model particular
noise characteristics, observed during image acquisition.
These models could then be employed to correct noisy
data and even reconstruct missing data. While this is
well studied in machine learning- and image analysis-
related literature, the feasibility, and extent to which this
can be achieved for IC and PCB RE have yet to be
explored.
6) Compression Algorithms for RE: Another interesting as-
pect of RE to be taken into account in future work is that
the minimum amount of information or data required
for a successful reconstruction of images should be
collected and stored on a computer system. In addition
to speeding up the process of image acquisition, this has
the added benefit in terms of space complexity. Unlike
common image compression algorithms that attempt to
attain the highest possible level of visual quality, new
algorithms can be designed or adapted to accurately
reconstruct the required features, which leads to a saving
of the storage and processing resources.
7) Cross-Modality Comparison and Evaluation: One of
the biggest challenges facing us, when evaluating the
performance of an RE process, is to compare results
across different modalities. Irrespective of the modality
(i.e., SEM, Optical, X-Ray CT), the final output of the
RE framework should be compared to either a software-
provided golden design in a digital format or a PCB
schematic. This also requires the exploration of new
techniques that can incorporate various factors including
different characteristics of the data, the impact of the
noise, and variations across the modalities.
8) Countermeasures against Advanced RE-based Attacks:
While the techniques mentioned in Section V are useful
to stop an attacker enjoying the advantages of the
current, commonly applied RE framework, this cannot
be guaranteed in the future. In particular, to deal with
adversaries that can conduct RE, enhanced through
the adoption of machine learning and image analysis
algorithms, the designer has to predict the risk of such
emerging attacks. To this end, it is crucial to estimate
the amount of effort that the attacker has to put and
design measures to make the RE process significantly
less effective and inefficient. Unfortunately, such es-
timations cannot be carried out in a straightforward
manner. Therefore, new research directions regarding the
development of counter automated-RE can be of great
interest for researchers from government, industry, and
academia.
VII. CONCLUSION
In this paper, we have comprehensively discussed the chal-
lenges associated with RE of ICs and PCBs. It has been
observed that for hardware trust and assurance, even though
existing, well-known methods (e.g., functional analysis) can
be considered useful, the challenges of such methods rise
in proportion to the complexity of the IC. The aim of the
design in the semiconductor industry is to move towards a
higher performance and efficiency and the upward trend of
complexity can remain intact for the years to come. Hence,
the need for effective RE becomes greater than ever before.
From the imaging perspective, it has been noted that the
primary challenge to be faced by an effective RE-based
method is the lack of understanding of the nature of the noise
in imaging modalities used for RE, e.g., SEM and CEM. This
can be augmented by the techniques used to pre-process the IC
for imaging such as depotting and delayering. Furthermore, the
time spent to acquire high-quality images with a reduced level
of the noise makes RE infeasible for ICs employing today’s
technology nodes.
Our overview of machine learning going hand in hand with
RE has demonstrated the need for quantifying the amount of
useful information in each layer. In addition, the effect of
counter-RE on machine learning-enabled techniques has been
further investigated. Finally, the high variability of features
between the layers of different ICs and the lack of high-quality
datasets addressing this issue have been observed and regarded
as an obstacle to employment of deep learning for RE.
While relevant literature regarding PCB RE is not rich, there
has been a clear interest in taking advantage of image analysis
and machine learning algorithms for quality assurance in PCB
manufacturing processes. These approaches typically involve
image subtraction or (to some extent) building models for
detecting defect/anomaly during the manufacturing process.
Nevertheless, algorithms implemented for these purposes are
not sufficient as they cannot resolve challenges with the
external or internal PCB RE. As a prime example, external
PCB RE requires that robust, illumination-invariant algorithms
to be developed, which ensures effective, high-quality com-
ponent extraction and analysis. In addition to the intensity
inhomogeneity, algorithms designed to deal with internal PCB
RE must also be robust to blurring artifacts caused by the X-
ray, high-z materials, and aliasing from neighboring layers.
20
Furthermore, due to the wide variety of designs across tech-
nologies and the lack of representative datasets, generalization
of the results can pose a serious problem to RE.
Finally, we believe that this paper paves the way for the
necessary broad discussion on the above issues and how
hardware trust and assurance can benefit greatly from RE.
ACKNOWLEDGMENT
This paper is based upon work supported by Cisco, AFOSR
under award No. FA9550-14-1-0351, National Science Foun-
dation under grant No.1821780, and National Science Founda-
tion Graduate Research Fellowship under Grant Nos. 1315138
and 1842473.
REFERENCES
[1] F. Ganji, D. Forte, N. Asadizanjani, M. Tehranipoor, and
D. Woodard, “The power of ic reverse engineering for hard-
ware trust and assurance.” Electronic Device Failure Anal-
ysis (EDFA), 2019. https://static.asminternational.org/EDFA/
201905/30/[Accessed: August 9, 2019].
[2] J. Robertson and M. Riley, “The Big Hack:
Amazon, Apple, Supermicro, and the Chinese
Government.” Bloomberg Businessweek, Oct. 2018.
https://www.bloomberg.com/news/articles/2018-10-04/
the-big-hack-amazon-apple-supermicro-and-beijing-respond
[Accessed: August 9, 2019].
[3] S. K. Moore, “This tech would have spotted the secret chinese
chip in seconds,” jul 2018.
[4] M. M. Tehranipoor, U. Guin, and D. Forte, “Counterfeit
integrated circuits,” in Counterfeit Integrated Circuits, pp. 15–
36, Springer, 2015.
[5] Y. Jin and Y. Makris, “Hardware trojan detection using path
delay fingerprint,” in 2008 IEEE International workshop on
hardware-oriented security and trust, pp. 51–57, IEEE, 2008.
[6] S. Narasimhan, X. Wang, D. Du, R. S. Chakraborty, and
S. Bhunia, “Tesr: A robust temporal self-referencing approach
for hardware trojan detection,” in 2011 IEEE International
Symposium on Hardware-Oriented Security and Trust, pp. 71–
74, IEEE, 2011.
[7] R. S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, and
S. Bhunia, “Mero: A statistical approach for hardware trojan
detection,” in International Workshop on Cryptographic Hard-
ware and Embedded Systems, pp. 396–410, Springer, 2009.
[8] M. Tehranipoor and F. Koushanfar, “A survey of hardware tro-
jan taxonomy and detection,” IEEE design & test of computers,
vol. 27, no. 1, pp. 10–25, 2010.
[9] F. Courbon, P. Loubet-Moundi, J. J. Fournier, and A. Tria, “A
high efficiency hardware trojan detection technique based on
fast sem imaging,” in Proceedings of the 2015 Design, Automa-
tion & Test in Europe Conference & Exhibition, pp. 788–793,
EDA Consortium, 2015.
[10] C. Bao, D. Forte, and A. Srivastava, “On reverse engineering-
based hardware trojan detection,” IEEE Transactions on
Computer-Aided Design of Integrated Circuits and Systems,
vol. 35, no. 1, pp. 49–57, 2016.
[11] F. Zhang, A. Hennessy, and S. Bhunia, “Robust counterfeit
pcb detection exploiting intrinsic trace impedance variations,”
in 2015 IEEE 33rd VLSI Test Symposium (VTS), pp. 1–6, IEEE,
2015.
[12] T. Iqbal and K.-D. Wolf, “Pcb surface fingerprints based coun-
terfeit detection of electronic devices,” Electronic Imaging,
vol. 2017, no. 7, pp. 144–149, 2017.
[13] M. Rahman and M. Dewan, “Analytical determination of col-
lisional sheath properties for triple frequency capacitively cou-
pled plasma,” IEEE Transactions on Plasma Science, vol. 42,
no. 3, pp. 729–734, 2014.
[14] S. Keshavarz, C. Yu, S. Ghandali, X. Xu, and D. Holcomb,
“Survey on applications of formal methods in reverse engineer-
ing and intellectual property protection,” Journal of Hardware
and Systems Security, vol. 2, no. 3, pp. 214–224, 2018.
[15] M. Fyrbiak, S. Strauß, C. Kison, S. Wallat, M. Elson, N. Rum-
mel, and C. Paar, “Hardware reverse engineering: Overview
and open challenges,” in 2017 IEEE 2nd International Verifi-
cation and Security Workshop (IVSW), pp. 88–94, IEEE, 2017.
[16] E. Principe, N. Asadizanjani, D. Forte, M. Tehranipoor,
R. Chivas, M. DiBattista, S. Silverman, M. Marsh, N. Piche,
and J. Mastovich, “Steps toward automated deprocessing of
integrated circuits,” in ISTFA 2017: Proceedings from the 43rd
International Symposium for Testing and Failure Analysis,
p. 285, ASM International, 2017.
[17] D. Cheng, Y. Shi, B.-H. Gwee, K.-A. Toh, and T. Lin, “A
hierarchical multiclassifier system for automated analysis of
delayered ic images,” IEEE Intelligent Systems, vol. 34, no. 2,
pp. 36–43, 2018.
[18] D. Cheng, Y. Shi, T. Lin, B.-H. Gwee, and K.-A. Toh, “Hybrid
k-means clustering and support vector machine method for via
and metal line detections in delayered ic images,” IEEE Trans-
actions on Circuits and Systems II: Express Briefs, vol. 65,
no. 12, pp. 1849–1853, 2018.
[19] R. Torrance and D. James, “The state-of-the-art in ic reverse
engineering,” in International Workshop on Cryptographic
Hardware and Embedded Systems, pp. 363–381, Springer,
2009.
[20] N. Asadizanjani, M. Tehranipoor, and D. Forte, “Pcb reverse
engineering using nondestructive x-ray tomography and ad-
vanced image processing,” IEEE Transactions on Components,
Packaging and Manufacturing Technology, vol. 7, no. 2,
pp. 292–299, 2017.
[21] M. T. Rahman, Q. Shi, S. Tajik, H. Shen, D. L. Woodard,
M. Tehranipoor, and N. Asadizanjani, “Physical inspection &
attacks: New frontier in hardware security,” in 2018 IEEE
3rd International Verification and Security Workshop (IVSW),
pp. 93–102, IEEE, 2018.
[22] U. Guin, D. DiMase, and M. Tehranipoor, “Counterfeit in-
tegrated circuits: detection, avoidance, and the challenges
ahead,” Journal of Electronic Testing, vol. 30, no. 1, pp. 9–23,
2014.
[23] N. Vashistha, M. T. Rahman, H. Shen, D. L. Woodard,
N. Asadizanjani, and M. Tehranipoor, “Detecting hardware
trojans inserted by untrusted foundry using physical inspection
and advanced image processing,” Journal of Hardware and
Systems Security, vol. 2, no. 4, pp. 333–344, 2018.
[24] Y. Jin, N. Kupp, and Y. Makris, “Experiences in hardware
trojan design and implementation,” in 2009 IEEE International
Workshop on Hardware-Oriented Security and Trust, pp. 50–
57, IEEE, 2009.
[25] N. Vashistha, H. Lu, Q. Shi, M. T. Rahman, H. Shen, D. L.
Woodard, N. Asadizanjani, and M. Tehranipoor, “Trojan scan-
ner: Detecting hardware trojans with rapid sem imaging com-
bined with image processing and machine learning,” in ISTFA
2018: Proceedings from the 44th International Symposium for
Testing and Failure Analysis, p. 256, ASM International, 2018.
[26] Q. Shi, N. Vashistha, H. Lu, H. Shen, B. Tehranipoor, D. L.
Woodard, and N. Asadizanjani, “Golden gates: A new hybrid
approach for rapid hardware trojan detection using testing
and imaging,” in 2019 IEEE International Symposium on
Hardware Oriented Security and Trust (HOST), pp. 61–71,
IEEE, 2019.
[27] S. Ghosh, A. Basak, and S. Bhunia, “How secure are printed
circuit boards against trojan attacks?,” IEEE Design & Test,
vol. 32, no. 2, pp. 7–16, 2014.
[28] R. Elnaggar and K. Chakrabarty, “Machine learning for hard-
ware security: Opportunities and risks,” Journal of Electronic
Testing, vol. 34, no. 2, pp. 183–201, 2018.
[29] C. Bao, D. Forte, and A. Srivastava, “On application of
21
one-class svm to reverse engineering-based hardware trojan
detection,” in Fifteenth International Symposium on Quality
Electronic Design, pp. 47–54, IEEE, 2014.
[30] C. Bao, D. Forte, and A. Srivastava, “On reverse engineering-
based hardware trojan detection,” IEEE Transactions on
Computer-Aided Design of Integrated Circuits and Systems,
vol. 35, no. 1, pp. 49–57, 2015.
[31] R. C. Stogdill, “Dealing with obsolete parts,” IEEE Design &
Test of Computers, vol. 16, no. 2, pp. 17–25, 1999.
[32] S. A. S. Committee et al., “Inquiry into counterfeit electronic
parts in the department of defense supply chain,” Washington,
DC: Author, 2012.
[33] U. J. Botero, M. M. Tehranipoor, and D. Forte, “Up-
grade/downgrade: Efficient and secure legacy electronic sys-
tem replacement,” IEEE Design & Test, vol. 36, no. 1, pp. 14–
22, 2019.
[34] I. McLoughlin, “Secure embedded systems: The threat of
reverse engineering,” in 2008 14th IEEE International Confer-
ence on Parallel and Distributed Systems, pp. 729–736, IEEE,
2008.
[35] J. Grand, “Printed circuit board deconstruction techniques,” in
8th {USENIX} Workshop on Offensive Technologies ({WOOT}
14), 2014.
[36] S. E. Quadir, J. Chen, D. Forte, N. Asadizanjani, S. Shah-
bazmohamadi, L. Wang, J. Chandy, and M. Tehranipoor, “A
survey on chip to system reverse engineering,” ACM journal on
emerging technologies in computing systems (JETC), vol. 13,
no. 1, p. 6, 2016.
[37] J. Abt and C. Pawlowicz, “Circuit analysis techniques:
Delayering and circuit vision,” 2012. Link:
http://www.techinsights.com/.
[38] M. Holler, M. Guizar-Sicairos, E. H. Tsai, R. Dinapoli,
E. Mu¨ller, O. Bunk, J. Raabe, and G. Aeppli, “High-resolution
non-destructive three-dimensional imaging of integrated cir-
cuits,” Nature, vol. 543, no. 7645, p. 402, 2017.
[39] E. Matlin, M. Agrawal, and D. Stoker, “Non-invasive recog-
nition of poorly resolved integrated circuit elements,” IEEE
Transactions on Information Forensics and Security, vol. 9,
no. 3, pp. 354–363, 2014.
[40] L. Harriott, A. Wagner, and F. Fritz, “Integrated circuit repair
using focused ion beam milling,” Journal of Vacuum Science
& Technology B: Microelectronics Processing and Phenomena,
vol. 4, no. 1, pp. 181–184, 1986.
[41] S. Blythe, B. Fraboni, S. Lall, H. Ahmed, and U. de Riu, “Lay-
out reconstruction of complex silicon chips,” IEEE journal of
solid-state circuits, vol. 28, no. 2, pp. 138–145, 1993.
[42] S. P. Frigo, Z. H. Levine, and N. J. Zaluzec, “Submicron
imaging of buried integrated circuit structures using scan-
ning confocal electron microscopy,” Applied Physics Letters,
vol. 81, no. 11, pp. 2112–2114, 2002.
[43] M. Salzer, A. Spettl, O. Stenzel, J.-H. Sma˚tt, M. Linde´n,
I. Manke, and V. Schmidt, “A two-stage approach to the
segmentation of fib-sem images of highly porous materials,”
Materials Characterization, vol. 69, pp. 115–126, 2012.
[44] N. Asadizanjani, S. Shahbazmohamadi, M. Tehranipoor, and
D. Forte, “Non-destructive pcb reverse engineering using x-ray
micro computed tomography,” in 41st International symposium
for testing and failure analysis, ASM, pp. 1–5, 2015.
[45] F. E. Boas and D. Fleischmann, “Ct artifacts: causes and
reduction techniques,” Imaging in Medicine, vol. 4, no. 2,
pp. 229–240, 2012.
[46] A. A. Nasr and M. Z. Abdulmageed, “Automatic feature
selection of hardware layout: a step toward robust hardware
trojan detection,” Journal of Electronic Testing, vol. 32, no. 3,
pp. 357–367, 2016.
[47] A. A. Nasr and M. Z. Abdulmageed, “An efficient reverse
engineering hardware trojan detector using histogram of ori-
ented gradients,” Journal of Electronic Testing, vol. 33, no. 1,
pp. 93–105, 2017.
[48] J. Balasch, B. Gierlichs, and I. Verbauwhede, “Electromagnetic
circuit fingerprints for hardware trojan detection,” in 2015
IEEE International Symposium on Electromagnetic Compat-
ibility (EMC), pp. 246–251, IEEE, 2015.
[49] E. Sarkar and M. Maniatakos, “On automating delayered ic
analysis for hardware ip protection,” in Proceedings of the
International Conference on Omni-Layer Intelligent Systems,
pp. 205–210, ACM, 2019.
[50] B. M. Trindade, E. Ukwatta, M. Spence, and C. Pawlowicz,
“Segmentation of integrated circuit layouts from scan electron
microscopy images,” in 2018 IEEE Canadian Conference on
Electrical & Computer Engineering (CCECE), pp. 1–4, IEEE,
2018.
[51] G. Masalskis et al., “Reverse engineering of cmos integrated
circuits,” Elektronika ir elektrotechnika, vol. 88, no. 8, pp. 25–
28, 2008.
[52] A. Doudkin, A. Inyutin, and M. Vatkin, “Objects identification
on the color layout images of the integrated circuit layers,”
in 2005 IEEE Intelligent Data Acquisition and Advanced
Computing Systems: Technology and Applications, pp. 610–
614, IEEE, 2005.
[53] D. Lagunovsky, S. Ablameyko, and M. Kutas, “Recogni-
tion of integrated circuit images in reverse engineering,” in
Proceedings. Fourteenth International Conference on Pattern
Recognition (Cat. No. 98EX170), vol. 2, pp. 1640–1642, IEEE,
1998.
[54] R. H. Chan, C.-W. Ho, and M. Nikolova, “Salt-and-pepper
noise removal by median-type noise detectors and detail-
preserving regularization,” IEEE Transactions on image pro-
cessing, vol. 14, no. 10, pp. 1479–1485, 2005.
[55] D. Cheng, Y. Shi, T. Lin, B.-H. Gwee, and K.-A. Toh, “Global
template projection and matching method for training-free
analysis of delayered ic images,” in 2019 IEEE International
Symposium on Circuits and Systems (ISCAS), pp. 1–5, IEEE,
2019.
[56] R. Nakagaki, Y. Takagi, and K. Nakamae, “Automatic recogni-
tion of circuit patterns on semiconductor wafers from multiple
scanning electron microscope images,” Measurement Science
and Technology, vol. 21, no. 8, p. 085501, 2010.
[57] R. Wilson, R. Y. Acharya, D. Forte, N. Asadizanjani, and
D. Woodard, “A novel approach to unsupervised automated
extraction of standard cell library for reverse engineering and
hardware assurance,” in ISTFA 2019: Proceedings from the
45th International Symposium for Testing and Failure Analysis,
p. To Be Published, ASM International, 2019.
[58] K. Y. Kenneth and C. N. Berglund, “Automated system for
extracting design and layout information from an integrated
circuit,” Feb. 4 1992. US Patent 5,086,477.
[59] H. Ahmed, S. Blythe, and B. Fraboni, “Integrated circuit
structure analysis,” Mar. 2 1993. US Patent 5,191,213.
[60] V. L. Zavadsky, V. Gont, E. Keyes, J. Abt, and S. Begg,
“Method of design analysis of existing integrated circuits,”
Aug. 25 2009. US Patent 7,580,557.
[61] R. Quijada, R. Dura, J. Pallares, X. Formatje, S. Hidalgo,
and F. Serra-Graells, “Large-area automated layout extraction
methodology for full-ic reverse engineering,” Journal of Hard-
ware and Systems Security, vol. 2, no. 4, pp. 322–332, 2018.
[62] R. Quijada, A. Ravento´s, F. Tarre´s, R. Dura, and S. Hidalgo,
“The use of digital image processing for ic reverse engineer-
ing,” in 2014 IEEE 11th International Multi-Conference on
Systems, Signals & Devices (SSD14), pp. 1–4, IEEE, 2014.
[63] B. Lippmann, M. Werner, N. Unverricht, A. Singla, P. Egger,
A. Du¨botzky, H. Gieser, M. Rasche, O. Kellermann, and
H. Graeb, “Integrated flow for reverse engineering of nanoscale
technologies,” in Proceedings of the 24th Asia and South
Pacific Design Automation Conference, pp. 82–89, ACM,
2019.
[64] F. Courbon, “Practical partial hardware reverse engineering
analysis,” Journal of Hardware and Systems Security, pp. 1–
22
10, 2019.
[65] M. C. Hansen, H. Yalcin, and J. P. Hayes, “Unveiling the iscas-
85 benchmarks: A case study in reverse engineering,” IEEE
Design & Test of Computers, vol. 16, no. 3, pp. 72–80, 1999.
[66] W. Li, Z. Wasson, and S. A. Seshia, “Reverse engineering
circuits using behavioral pattern mining,” in 2012 IEEE inter-
national symposium on hardware-oriented security and trust,
pp. 83–88, IEEE, 2012.
[67] W. Li, A. Gascon, P. Subramanyan, W. Y. Tan, A. Tiwari,
S. Malik, N. Shankar, and S. A. Seshia, “Wordrev: Finding
word-level structures in a sea of bit-level gates,” in 2013 IEEE
international symposium on hardware-oriented security and
trust (HOST), pp. 67–74, IEEE, 2013.
[68] P. Subramanyan, N. Tsiskaridze, K. Pasricha, D. Reisman,
A. Susnea, and S. Malik, “Reverse engineering digital circuits
using functional analysis,” in 2013 Design, Automation & Test
in Europe Conference & Exhibition (DATE), pp. 1277–1280,
IEEE, 2013.
[69] R. R. Chavan, S. A. Chavan, G. D. Dokhe, M. B. Wagh, and
A. S. Vaidya, “Quality control of pcb using image processing,”
International Journal of Computer Applications, vol. 975,
p. 8887, 2016.
[70] V. Chaudhary, I. R. Dave, and K. P. Upla, “Automatic visual
inspection of printed circuit board for defect detection and
classification,” in 2017 International Conference on Wireless
Communications, Signal Processing and Networking (WiSP-
NET), pp. 732–737, IEEE, 2017.
[71] B. Kaur, G. Kaur, and A. Kaur, “Detection and classification of
printed circuit board defects using image subtraction method,”
in 2014 Recent Advances in Engineering and Computational
Sciences (RAECS), pp. 1–5, IEEE, 2014.
[72] X. Huang, S. Zhu, X. Huang, B. Su, C. Ou, and W. Zhou,
“Detection of plated through hole defects in printed circuit
board with x-ray,” in 2015 16th International Conference on
Electronic Packaging Technology (ICEPT), pp. 1296–1301,
IEEE, 2015.
[73] X. Tian, L. Zhao, and H. Dong, “Application of image pro-
cessing in the detection of printed circuit board,” in 2014
IEEE Workshop on Electronics, Computer and Applications,
pp. 157–159, IEEE, 2014.
[74] F. R. Leta, F. F. Feliciano, and F. P. Martins, “Computer
vision system for printed circuit board inspection,” in ABCM
Symposium Series in Mechatronics, vol. 3, pp. 623–632, 2008.
[75] C. Benedek, O. Krammer, M. Jano´czki, and L. Jakab, “Sol-
der paste scooping detection by multilevel visual inspection
of printed circuit boards,” IEEE Transactions on Industrial
Electronics, vol. 60, no. 6, pp. 2318–2331, 2012.
[76] M. E. Scaman and L. Economikos, “Computer vision for
automatic inspection of complex metal patterns on multichip
modules (mcm-d),” IEEE Transactions on Components, Pack-
aging, and Manufacturing Technology: Part B, vol. 18, no. 4,
pp. 675–684, 1995.
[77] W.-C. Wang, S.-L. Chen, L.-B. Chen, and W.-J. Chang, “A
machine vision based automatic optical inspection system for
measuring drilling quality of printed circuit boards,” IEEE
Access, vol. 5, pp. 10817–10833, 2016.
[78] J.-O. Kim, Y.-A. Lee, and T.-H. Park, “Automatic extraction
of component inspection regions from printed circuit board,”
in 2012 IEEE/SICE International Symposium on System Inte-
gration (SII), pp. 871–876, IEEE, 2012.
[79] P. Viola and M. J. Jones, “Robust real-time face detection,”
International journal of computer vision, vol. 57, no. 2,
pp. 137–154, 2004.
[80] J. Redmon, S. Divvala, R. Girshick, and A. Farhadi, “You only
look once: Unified, real-time object detection,” in Proceedings
of the IEEE conference on computer vision and pattern recog-
nition, pp. 779–788, 2016.
[81] Y. LeCun, F. J. Huang, L. Bottou, et al., “Learning methods
for generic object recognition with invariance to pose and
lighting,” in CVPR (2), pp. 97–104, Citeseer, 2004.
[82] S. Sural, G. Qian, and S. Pramanik, “Segmentation and
histogram generation using the hsv color space for image
retrieval,” in Proceedings. International Conference on Image
Processing, vol. 2, pp. II–II, IEEE, 2002.
[83] R. Smith, “An overview of the tesseract ocr engine,” in
Ninth International Conference on Document Analysis and
Recognition (ICDAR 2007), vol. 2, pp. 629–633, IEEE, 2007.
[84] W. Li, S. Neullens, M. Breier, M. Bosling, T. Pretz, and
D. Merhof, “Text recognition for information retrieval in
images of printed circuit boards,” in IECON 2014-40th An-
nual Conference of the IEEE Industrial Electronics Society,
pp. 3487–3493, IEEE, 2014.
[85] N. Dave, V. Tambade, B. Pandhare, and S. Saurav, “Pcb defect
detection using image processing and embedded system,”
International Research Journal of Engineering and Technology
(IRJET), vol. 3, no. 5, pp. 1897–1901, 2016.
[86] S. Tang, F. He, X. Huang, and J. Yang, “Online pcb de-
fect detector on a new pcb defect dataset,” arXiv preprint
arXiv:1902.06197, 2019.
[87] M. Brown and D. G. Lowe, “Automatic panoramic image
stitching using invariant features,” International journal of
computer vision, vol. 74, no. 1, pp. 59–73, 2007.
[88] B. Ma, T. Zimmermann, M. Rohde, S. Winkelbach, F. He,
W. Lindenmaier, and K. E. Dittmar, “Use of autostitch for
automatic stitching of microscope images,” Micron, vol. 38,
no. 5, pp. 492–499, 2007.
[89] C.-W. Fu, G.-X. Zeng, D.-S. Qiu, and H.-Z. Wang, “System
and method for generating a bill of material file,” Mar. 29
2007. US Patent App. 11/309,173.
[90] S.-H. Jin, “Method for transforming original bill-of-material
for printed circuit board into standard bill-of-material,” Mar. 21
2000. US Patent 6,041,268.
[91] B. Naveen and K. Raghunathan, “An automatic netlist-to-
schematic generator,” IEEE Design & Test of Computers,
vol. 10, no. 1, pp. 36–41, 1993.
[92] X. Hong, D. Cheng, Y. Shi, T. Lin, and B. H. Gwee, “Deep
learning for automatic ic image analysis,” in 2018 IEEE 23rd
International Conference on Digital Signal Processing (DSP),
pp. 1–5, IEEE, 2018.
[93] C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan,
I. Goodfellow, and R. Fergus, “Intriguing properties of neural
networks,” arXiv preprint arXiv:1312.6199, 2013.
[94] J. Su, D. V. Vargas, and K. Sakurai, “One pixel attack for fool-
ing deep neural networks,” IEEE Transactions on Evolutionary
Computation, 2019.
[95] D.-u. Lim, Y.-G. Kim, and T.-H. Park, “Smd classification for
automated optical inspection machine using convolution neural
network,” in 2019 Third IEEE International Conference on
Robotic Computing (IRC), pp. 395–398, IEEE, 2019.
[96] K. Qiao, L. Zeng, J. Chen, J. Hai, and B. Yan, “Wire
segmentation for printed circuit board using deep convolutional
neural network and graph cut model,” IET Image Processing,
vol. 12, no. 5, pp. 793–800, 2018.
[97] V. L. Zavadsky, V. Gont, E. Keyes, J. Abt, and S. Begg,
“Method of design analysis of existing integrated circuits,”
Jan. 5 2010. US Patent 7,643,665.
[98] J. Baehr, A. Bernardini, G. Sigl, and U. Schlichtmann, “Ma-
chine learning and structural characteristics for reverse engi-
neering,” in Proceedings of the 24th Asia and South Pacific
Design Automation Conference, pp. 96–103, ACM, 2019.
[99] M. Schobert, “Gnu software degate,” Webpage: http://www.
degate. org.
[100] O. THOMAS, S. Texplained, and D. Nedospasov, “On the
impact of automating the ic analysis process,”
[101] S. Chen, J. Chen, D. Forte, J. Di, M. Tehranipoor, and L. Wang,
“Chip-level anti-reverse engineering using transformable inter-
connects,” in 2015 IEEE International Symposium on Defect
and Fault Tolerance in VLSI and Nanotechnology Systems
23
(DFTS), pp. 109–114, IEEE, 2015.
[102] H. Gomez, C. Duran, and E. Roa, “Defeating silicon reverse
engineering using a layout-level standard cell camouflage,”
IEEE Transactions on Consumer Electronics, vol. 65, no. 1,
pp. 109–118, 2019.
[103] H. Gomez, C. Duran, and E. Roa, “Standard cell camouflage
method to counter silicon reverse engineering,” in 2018 IEEE
International Conference on Consumer Electronics (ICCE),
pp. 1–4, IEEE, 2018.
[104] R. P. Cocchi, J. P. Baukus, L. W. Chow, and B. J. Wang,
“Circuit camouflage integration for hardware ip protection,”
in Proceedings of the 51st Annual Design Automation Confer-
ence, pp. 1–5, ACM, 2014.
[105] Z. Guo, M. Tehranipoor, D. Forte, and J. Di, “Investigation of
obfuscation-based anti-reverse engineering for printed circuit
boards,” in 2015 52nd ACM/EDAC/IEEE Design Automation
Conference (DAC), pp. 1–6, IEEE, 2015.
