Protect Your Chip Design Intellectual Property: An Overview by Knechtel, Johann et al.
Protect Your Chip Design Intellectual Property: An Overview
Johann Knechtel, Satwik Patnaik, and Ozgur Sinanoglu ∗
Tandon School of Engineering, New York University, New York, USA
Division of Engineering, New York University Abu Dhabi, United Arab Emirates
{johann,sp4012,ozgursin}@nyu.edu
ABSTRACT
The increasing cost of integrated circuit (IC) fabrication has driven
most companies to “go fabless” over time. The corresponding out-
sourcing trend gave rise to various attack vectors, e.g., illegal over-
production of ICs, piracy of the design intellectual property (IP),
or insertion of hardware Trojans (HTs). These attacks are possibly
conducted by untrusted entities residing all over the supply chain,
ranging from untrusted foundries, test facilities, even to end-users.
To overcome this multitude of threats, various techniques have
been proposed over the past decade. In this paper, we review the
landscape of IP protection techniques, which can be classified into
logic locking, layout camouflaging, and split manufacturing. We
discuss the history of these techniques, followed by state-of-the-art
advancements, relevant limitations, and scope for future work.
CCS CONCEPTS
• Security and privacy→ Security in hardware;
KEYWORDS
Logic Locking, Layout Camouflaging, Split Manufacturing
ACM Reference Format:
Johann Knechtel, Satwik Patnaik, and Ozgur Sinanoglu . 2019. Protect Your
Chip Design Intellectual Property: An Overview. In INTERNATIONAL CON-
FERENCE ON OMNI-LAYER INTELLIGENT SYSTEMS (COINS), May 5–7, 2019,
Crete, Greece. ACM, New York, NY, USA, 6 pages. https://doi.org/10.1145/
3312614.3312657
1 INTRODUCTION
As our modern lives are more and more dependent on ubiquitous
information technology, it is critical, yet highly challenging, to en-
sure the security and trustworthiness of the underlying integrated
circuits (ICs). For example, researchers have cautioned against pow-
erful attacks on the speculative execution of processor ICs [1, 2],
or profiled the side-channel leakage of cryptographic modules [3].
Besides such concerns regarding security at runtime, protecting
against other threats such as reverse engineering (RE), intellectual
property (IP) piracy, illegal overproduction, or insertion of hard-
ware Trojans (HTs) is another challenge. Note that these threats
arise due to the globalized and distributed nature of modern IC
supply chains, which span across many parties and countries [4].
Over the last decade, a multitude of protection schemes have been
∗J. Knechtel and S. Patnaik contributed equally. This work was supported in part by
NYUAD REF under Grant RE218 and by NYU/NYUAD CCS.
COINS, May 5–7, 2019, Crete, Greece
© 2019 Association for Computing Machinery.
This is the author’s version of the work. It is posted here for your personal use. Not
for redistribution. The definitive Version of Record was published in INTERNATIONAL
CONFERENCE ON OMNI-LAYER INTELLIGENT SYSTEMS (COINS), May 5–7, 2019, Crete,
Greece, https://doi.org/10.1145/3312614.3312657.
Table 1: IP Protection Techniques Versus Untrusted Entities
(✓: Protection Offered, ✗: No Protection Offered)
Technique FEOL/BEOL Foundry Test Facility End-User
Logic Locking ✓/✓ ✓ (see also [5]) ✓
Layout Camouflaging ✗/✗ (✓/✗ [6], ✓/✓ [7]) ✗ (✓ [7]) ✓
Split Manufacturing ✓/✗ (✗/✓ [8]) ✗ ✗ (✓ [9, 10])
proposed (and selectively already implemented in silicon), which
can be broadly classified into logic locking, layout camouflaging,
and split manufacturing. All these techniques seek to protect the
hardware from different attackers, as summarized in Table 1.
In this paper, we present an overview of the different schemes
while discussing the threat models, recent developments, attack
avenues, limitations, and future directions for research. This paper
also serves as a follow-up to an earlier survey [11].
2 LOGIC LOCKING
2.1 Concept
Logic locking (LL) protects the IP by inserting dedicated locks which
are operated by a secret key. The locks are commonly realized by
additional, interposed logic (e.g., XOR/XNOR gates, AND/OR gates
or look-up tables (LUTs)). Only after manufacturing (but before
deployment), the locked IC is to be activated by loading the secret
key onto a dedicated, tamper-proof on-chip memory. Note that
the secure realization of tamper-proof memories remains under
research and development [12, 13].
2.2 Threat Model
In general, a threat model describes the attackers’ capabilities and
the resources at their disposal. It also classifies entities as trusted or
untrusted. The threat model for LL can be summarized as follows:
• The design house is considered trusted, and so are the de-
signers as well as the electronic design automation (EDA)
tools they work with, whereas the foundry, the test facility,
and the end-user(s) are all considered untrusted.
• The attackers know the LL scheme which has been applied.
• The attackers have access to the locked netlist (e.g., by RE).
Hence, they can identify the key inputs and the related logic,
but are oblivious to the actual, secret key.
• The secret key cannot be tampered with, as it is programmed
in a tamper-proof memory.
• The attackers are in possession of an already functional chip,
e.g., bought from the open market. This chip can act as an
“oracle” for evaluating input/output patterns.
Without knowledge of the secret key, LL ensures that: (i) the
details of the original design cannot be fully recovered; (ii) the IC is
non-functional, i.e., it produces incorrect outputs; and (iii) targeted
insertion of HTs is difficult—an attacker, in absence of the recovered
design, cannot readily locate the appropriate places to insert HTs.
ar
X
iv
:1
90
2.
05
33
3v
3 
 [c
s.C
R]
  2
4 F
eb
 20
19
COINS, May 5–7, 2019, Crete, Greece Johann Knechtel, Satwik Patnaik, and Ozgur Sinanoglu
Figure 1: Selected, SAT-resilient locking schemes: (a) SARLock, (b)Anti-SAT, (c) TTLock/SFLL-HD, and (d) SFLL-flex. © 2017 IEEE.
Reprinted, with permission, from [14].
2.3 Logic Locking Schemes and Attacks
Early research proposed random locking (RLL) [15], fault-analysis-
based locking (FLL) [16], and strong interference-based locking
(SLL) [17]—protecting against brute-force and other simple attacks.
These techniques identify suitable but selected locations for embed-
ding the key; multiple attacks have undermined them [17–19].
In 2015, Subramanyan et al. [20] challenged the security of all
then-known LL schemes. Their attack leverages Boolean satisfiabil-
ity (SAT) to compute so-called discriminating input patterns (DIPs).
A DIP generates different outputs for the same input across two
(or more) different keys, indicating that at least one of the keys is
incorrect. The attack step-wise evaluates different DIPs until all
incorrect keys have been pruned. The attack experiences its worst-
case scenario when it can eliminate only one incorrect key per DIP;
here, 2k − 1 DIPs are required to resolve k key bits. In general, the
SAT attack resilience of any locking scheme can be represented by
the number of DIPs required to decipher the correct key [21].
In 2016, SARLock [22] and Anti-SAT [21] were put forward as de-
fense schemes against the SAT-based attack [20]. SARLock (Fig. 1(a))
employs controlled corruption of the output, across all incorrect
keys, for exactly one input pattern. SARLock can also be integrated
with other high-corruptibility schemes (e.g., FLL or SLL) to provide
a two-layer defense. In Anti-SAT [21], two complementary logic
blocks, embedded with the key gates, converge at an AND gate
(Fig. 1(b)). The output of this AND gate is always ‘0’ for the correct
key; for the incorrect key, it may be ‘1’ or ‘0’, depending on the
inputs. This AND gate then feeds an additional XOR gate which
is interposed into the original design, thereby possibly inducing
incorrect outputs for incorrect keys. Both schemes utilize the con-
cept of one-point functions and enforce low output corruptibility to
obtain resilience against the SAT-based attack.
The two-layer defense of SARLock was approximately circum-
vented by AppSAT [23, 24] and Double DIP [25]. In both the attacks,
the combination of a low-corruption part (resilient to SAT attacks)
and a high-corruption part (prone to SAT attacks) is reduced to the
low-corruption part (e.g., SARLock + SLL to SARLock). Moreover,
Double DIP [25] can eliminate at least two incorrect keys in each
iteration, thereby increasing the attack efficiency. For Anti-SAT, the
two complementary blocks at its heart exhibit significant signal
skews, rendering them distinguishable from other logic, which is ex-
ploited by Yasin et al. in the signal probability skew (SPS) attack [26].
Moreover, both SARLock and Anti-SAT are vulnerable to the bypass
attack [27]. This attack picks some key randomly and determines
the inputs that provide incorrect outputs for this chosen key. Then,
additional logic is constructed around theAnti-SAT /SARLock blocks
to recover the overall circuit from these incorrect outputs.
To summarize, although SARLock and Anti-SAT demonstrate
superior resilience against the seminal SAT attack [20], they remain
vulnerable to other variants of SAT attacks (e.g., AppSAT, Double
DIP) as well as structural attacks (e.g., SPS, bypass attack). Also note
that both schemes keep the to-be-protected IP largely as is, thereby
opening the doors to removal attacks [28, 29].
2.4 Advanced Logic Locking Schemes
In TTLock, the original logic is modified for exactly one input pat-
tern [30]. The output for this protected pattern is restored using
a comparator block, as illustrated in Fig. 1(c). Even if an attacker
succeeds to remove the comparator block, she/he obtains a design
different from the original one (albeit for only one input pattern).
Following on the heels of TTLock, Yasin et al. [28] proposed
stripped functionality logic locking (SFLL). SFLL is resilient against
most current attacks, and it enables to trade-off between resilience
against SAT attacks and removal attacks [28]. It is based on the
notion of “strip and restore,” where some part of the original design
is removed and the intended functionality is concealed. The authors
also implemented a chip demonstrator in GLOBALFOUNDRIES
65nm technology. SFLL has three variants, SFLL-HD [28], SFLL-
flex [28], and SFLL-fault [31, 32], which we all discuss briefly below.
SFLL-HD is a generalized version of TTLock which allows the
designer to protect a larger number of selected input patterns. More
specifically, SFLL-HDh protects
(k
h
)
input cubes which are Ham-
ming distance (HD) h away from the k-bit secret key.1 The values
for k and h dictate the trade-off between SAT attack resilience and
removal attack resilience. It should also be noted that SFLL-HD
protects a restricted set of input cubes, which are all underpinned
by one secret key. SFLL-flexc×k , in contrast, allows to protect any c
selected input cubes, each with k specified bits. Here, the protected
patterns are typically represented using a small set of input cubes,
which are then stored in an on-chip LUT (Fig. 1(d)). In SFLL-fault,
fault injection-based heuristics are leveraged to identify and protect
multiple patterns, and to reduce area cost at the same time.
Both SFLL-HD and SFLL-flexc×k utilize AND-trees which leave
structural hints for an opportune attacker. Such an attack has been
demonstrated recently by Sirone et al. [33]; the authors deciphered
the key successfully (even without oracle access). At the time of
writing, no attacks have been demonstrated on SFLL-fault yet.
Shamsi et al. [34] presented a layout-centric LL scheme, based
on routing cross-bars comprising obfuscated and configurable vias.
Finally, the notion of cyclic locking has been proposed in [35]
and extended in [36]. The idea is to create supposedly unresolvable
locking instances by introducing feedback cycles. However, tailored
SAT formulations have challenged such locking schemes [37, 38].
1Input cubes are partially-specified input patterns; some input bits are set (to ‘0’ or ‘1’)
while others are set to don’t care (‘X’). An n-bit input cube with k set bits (or care bits)
encompasses 2n−k input patterns [28].
Protect Your Chip Design Intellectual Property: An Overview COINS, May 5–7, 2019, Crete, Greece
2.5 Future Directions for Logic Locking
Recent works have proposed parametric locking [30, 39–41]; the
essence is to lock design parameters and profiles. For example,
in [39], the key not only protects the functionality of the design but
also its timing profile. A functionally-correct but timing-incorrect
key will result in timing violations, thereby leading to circuit mal-
functions. A timing-based SAT attack, presented in [42], circum-
vented the timing locking approach in [39]. Therefore, further re-
search into parametric locking is required. Finally, mixed-signal
locking has been advocated recently as well, e.g., in [43, 44].
3 LAYOUT CAMOUFLAGING
3.1 Concept
The objective for layout camouflaging (LC) is to mitigate RE attacks,
i.e., reverse engineering of the chip IP (conducted by malicious end-
users). LC seeks to alter the appearance of a chip in order to cloak
the chip IP. That is, LC obfuscates the design information at the
device level (Fig. 2). Obfuscation can also be conducted at the logic
and system level (e.g., obfuscating the finite state machine [45]);
such techniques are orthogonal to LC. See also [46] for an overview.
3.2 Threat Model
The threat model for LC is summarized as follows:
• The design house and foundry are trusted, the test facility is
either trusted or untrusted, and the end-user is untrusted.
• The adversary holds one or multiple functional chip copies,
and is armed with more or less sophisticated equipment and
know-how to conduct RE. The resilience of any LC scheme
ultimately depends on the latter.
• The adversary is aware of the LC scheme, and she/he can
identify the camouflaged gates, infer all the possible func-
tions implemented by the camouflaged cell, but cannot read-
ily infer the actual functionality.
3.3 Layout Camouflaging Schemes and Attacks
Similar to LL, early studies focused on the selection of gates to cam-
ouflage (and the design of camouflaged cells). In their seminal work,
Rajendran et al. [47] proposed a camouflaged NAND-NOR-XOR
cell. The authors also proposed clique-based selection for LC, based
on their own finding that a random selection of gates to camou-
flage can be resolved by sensitization-based attacks [47]. Massad
et al. [48] and Yu et al. [49] formulated independently SAT-based
attacks (with oracle access) which challenged the security of [47]
nevertheless.2 These attacks could readily circumvent small-scale
LC for various benchmarks with up to 256 gates being camouflaged.
A parallel SAT attack providing an average speedup of 3.6×
over prior attacks was presented by Wang et al. [50]. Keshavarz et
al. [51] proposed a SAT-based formulation augmented by probing
and fault injection capabilities, where the authors were able to
RE an S-Box. Still, it remains to be seen whether the attack can
tackle larger designs. In [52], Yasin et al. demonstrated how an
untrusted test facility can circumvent the security promise of LC,
even without access to an oracle. The authors deciphered LC as
in [47] successfully by analyzing the test patterns provided by the
2The essence of these attacks is similar to [20] and omitted here for brevity; interested
readers are also referred to [48, 49].
Dopant
Manipulation
Contact
Manipulation
Via
Manipulation
Active Layer
Metal Layers
Figure 2: Device-level concepts for camouflaging.
design house. To the best of our knowledge, none of the LC schemes
proposed thus far have been able to mitigate this kind of attack,
except for the dynamic camouflaging scheme discussed in [7].
Many existing LC schemes, e.g., [47, 53–55], exhibit a signifi-
cant cost with respect to power, performance, and area (PPA). For
example, the NAND-NOR-XOR gate proposed in [47] incurs 5.5×
power, 1.6× delay, and 4× area cost when compared to a regular
2-input NAND gate. A detailed investigation of PPA cost for various
schemes is given in [6]. Most LC schemes also require modifications
for the front-end-of-line (FEOL) manufacturing process, which can
incur financial cost on top of PPA overheads. Therefore, LC is ap-
plied rather selectively, to limit PPA cost and the impact on FEOL
processing. As indicated above, however, the selective application
of LC schemes can compromise their security, especially in the light
of oracle-guided SAT attacks such as [48–50].
The notion of provably secure camouflaging was put forward
in [56, 57]. CamoPerturb [56] seeks to minimally perturb the func-
tionality of the design by either removing or adding one minterm
(i.e., the product term of all variables). A separate block, called
CamoFix, is then added to restore the minterm; CamoFix is built
up using camouflaged INV/BUF cells. Inspired by LL, Li et al. [57]
leverage AND-trees as well as OR-trees for LC. Depending on the
desired security level, tree structures inherently present in the de-
sign are leveraged, or additional trees are inserted. Then, the inputs
of the trees are camouflaged using dopant-obfuscated cells.
Both techniques [56, 57] have been shown to exhibit vulnerabili-
ties: [57] was circumvented by a so-called sensitization-guided SAT
attack (SGS) [29], while Jiang et al. [58] circumvented CamoPerturb
using sensitization and implication principles leveraged from auto-
mated test pattern generation (ATPG). In general, these schemes
are also vulnerable to approximate attacks outlined in [23–25]. A
follow-up work to [57] is presented in [59], where the authors dis-
cuss how structural attacks like SPS [26] can be rendered ineffective
when the trees are obfuscated both structurally and functionally.
Besides the various analytical attacks, RE may also compromise
LC schemes directly. For example, ambiguous gates [47, 60] or
secretly configured MUXes [55] rely on dummy contacts and/or
dummy channels, which will induce different charge accumula-
tions at runtime. Courbon et al. [61] leveraged scanning electron
microscopy in the passive voltage contrast mode (SEM PVC) for
measurement of charge accumulations, whereupon they succeeded
in reading out a secured memory. Furthermore, monitoring the
photon emission at runtime, as for example proposed by Lohrke et
al. [62], can presumably also help to uncover LC.
3.4 Advanced Layout Camouflaging Schemes
Threshold voltage-based camouflaging (TVC) has gained significant
traction recently. The essence of TVC is a selective manipulation
COINS, May 5–7, 2019, Crete, Greece Johann Knechtel, Satwik Patnaik, and Ozgur Sinanoglu
of dopants at the transistor level, to create cells which are identi-
cal structurally but operate with different functionality. Nirmala
et al. [53] proposed TVC cells which can operate as NAND, NOR,
OR, AND, XOR, or XNOR. Erbagci et al. [63] proposed TVC cells
operating as XOR or XNOR, based on the selective use of high- and
low-threshold transistors. Collantes et al. [54] adopted domino logic
to implement their TVCs. Recently, Iyengar et al. [64] demonstrated
two flavors of TVC in STMicroelectronics 65nm technology. In prin-
ciple, TVC schemes offer better resilience than other LC schemes as
regular etching and optical-imaging techniques are ineffective. Still,
TVC may be revealed eventually, e.g., by leveraging SEM PVC [65].
Another interesting avenue is the camouflaging of the back-
end-of-line (BEOL), i.e., the interconnects [6, 34, 66, 67]. Chen et
al. [66, 68] explored the use of real vias (magnesium, Mg) along with
dummy vias (magnesium oxide, MgO). The authors (and others, e.g.,
[69]) have shown that Mg can oxidize quickly into MgO, thereby
hindering an identification by an RE attacker. Recently, Patnaik et
al. [6] extended the concept of BEOL camouflaging in conjunction
with split manufacturing (Sec. 4), to protect against an untrusted
FEOL foundry, which was a first for LC. Patnaik et al. developed cus-
tomized cells and design stages for BEOL camouflaging, whereupon
they succeeded to demonstrate full-chip camouflaging at lower PPA
cost than prior works. Their study also explored how large-scale
(BEOL) camouflaging can thwart SAT-based attacks, “simply” by
inducing overly large and complex SAT instances.
3.5 Future Directions for Layout Camouflaging
Most schemes discussed so far cannot be configured post-fabrication,
i.e., they implement static camouflaging. In contrast, Akkaya et
al. [70] demonstrated a reconfigurable LC scheme which leverages
hot-carrier injection. The authors succeeded to fabricate a proto-
type in 65nm technology; however, they report significant PPA cost
(e.g., in comparison to regular NAND gates, they report 9.2×, 6.6×,
and 7.3× for power, performance, and area, respectively).
Zhang et al. [71] introduced timing-based LC, based on wave-
pipelining and false paths. However, this scheme was circumvented
in [72]. Besides, emerging devices are gaining traction as well in the
context of LC [7, 73–75]. For example, Rangarajan et al. [7] explore
magneto-electric spin-orbit (MESO) devices for reconfigurable LC.
In short, future work should seek to make LC more RE-resilient,
leverage new devices and circuit principles, reduce dependencies
on foundries, and yet enable low overheads.
4 SPLIT MANUFACTURING
4.1 Concept
Split manufacturing (SM) protects the design IP from untrustworthy
foundries during manufacturing time [76]. The idea is to split up
the manufacturing flow, typically into the FEOL and BEOL process
steps (Fig. 3). Considered individually, the physical layout becomes
a “sea of largely unconnected gates” for the FEOL foundry, whereas
it becomes system-level wiring without any gate-level information
for the BEOL foundry. Such splitting into FEOL and BEOL is prac-
tical for multiple reasons: (i) outsourcing the FEOL is desired, as
it requires some high-end and costly facilities, (ii) BEOL fabrica-
tion on top of the FEOL is significantly less complex than FEOL
fabrication itself, (iii) the sole difference for the supply chain is the
preparation and shipping of FEOL wafers to the BEOL facility.
M1
M2
V12
V23
M3
V34
M4
V45
M5
M6
M7
V56
V67
Active
Layer
Contacts
FEOL: made at
untrusted, out-
sourced fab
BEOL: made at
trusted fab, on
top of FEOL
Figure 3: Classical split manufacturing, i.e., the separation
into FEOL and BEOL parts. © 2018 IEEE. Reprinted, with per-
mission, from [77].
4.2 Threat Model
The basic, most common threat model is summarized as follows:
• The design house and end-user are trustworthy, while the
FEOL foundry is deemed untrustworthy. SM necessitates a
trusted BEOL foundry, with assembly and testing facilities
typically also considered as trustworthy.
• With the design house and end-user being trusted, the adver-
sary cannot obtain a chip copy from those entities. Besides,
the chip has typically not been manufactured before; the
chip is then unavailable altogether for RE attacks.
• The objective for the adversary is to infer the missing BEOL
connections from the given but incomplete FEOL layout.
Towards this end, she/he (i) is aware of the underlying pro-
tection scheme, if any, and (ii) has access to the utilized EDA
tools, libraries, and other supporting information.
An “inverted model” model was explored in [8], where the BEOL
facility is untrustworthy and the FEOL fab is trustworthy. Since
fabricating the FEOL is more costly than the BEOL, the practical
relevance of this model remains questionable.
Another variation of the threat model was explored by Chen and
Vemuri [78]. The authors assume that a working chip is available
which is then used as an oracle for a SAT-based formulation to
recover the missing BEOL connections. While it is not explicitly
stated in [78], we presume that the authors seek to recover the
gate-level details of some design whose functionality is otherwise
already available/known. For an attacker, doing so can be relevant,
e.g., for inserting HTs during re-implementation of some existing
design, or to obtain the IP without RE of the available chip copy.
Imeson et al. [79] further proposed a “strong model” in the con-
text of HTs. Here, the attacker already holds the netlist and is inter-
ested in inserting HTs into appropriate locations. This work [79],
also known as k-security, has been further extended in [80].
4.3 Split Manufacturing Schemes and Attacks
A first attack on SM was proposed by Rajendran et al. [81]. The
notion of this so-called proximity attack is as follows: although the
layout is split into FEOL and BEOL, it is still designed holistically (at
least when using regular EDA tools); therefore, various hints on the
BEOL can remain in the FEOL. Rajendran et al. [81] infer from the
proximity of cells which is readily observable in the FEOL, whether
they have to be connected in the BEOL. While that attack shows
a good accuracy for small designs, the same is not true for larger
Protect Your Chip Design Intellectual Property: An Overview COINS, May 5–7, 2019, Crete, Greece
designs.Wang et al. [82] extended this attack, by taking into account
a multitude of FEOL-level hints: (i) physical proximity of gates,
(ii) avoidance of combinatorial loops (which are rare in practice),
(iii) timing and load constraints, and (iv) orientation of “dangling
wires” (i.e., the wires remaining unconnected in the top-most FEOL
layer). Magaña et al. [83] proposed various routing-based attack
techniques, and they conclude that such attacks are more effective
than solely placement-centric attacks. Recently, Zhang et al. [84]
and Li et al. [85] leveragedmachine learning as an attack framework.
However, neither attack [83–85] recovers the actual netlist; rather,
they provide most probable BEOL connections.
Various techniques have been proposed to safeguard FEOL lay-
outs against proximity attacks, e.g., [77, 81–83, 86–91]. They can
be categorized into (i) placement-centric, (ii) routing-centric, and
(iii) both placement- and routing-centric defenses.
Among others, Wang et al. [82] and Sengupta et al. [87] propose
placement perturbation. Layout randomization is most secure, espe-
cially when splitting at the first metal layer, as shown by Sengupta
et al. [87]. However, this technique has limited scalability and sig-
nificant layout cost for larger designs. In general, placement-centric
works caution that splitting at higher metal layers—which helps to
limit financial cost and practical hurdles for SM [77, 92]—can under-
mine their resilience. That is because any placement perturbation
is eventually offset by routing at higher layers.
Routing-centric schemes as those in [77, 81, 83, 88, 89] resolve
proximity and other hints at the FEOL routing. Rajendran et al. [81]
proposed to swap pins of IP modules and to re-route those nets,
thereby obfuscating the design hierarchy. As these swaps cover only
part of the interconnects, this scheme cannot protect against gate-
level IP piracy. In fact, 87% of the connections could be correctly
recovered on the ISCAS-85 benchmarks [81]. In general, routing-
centric schemes are subject to routing resources and PPA budgets,
which can ease proximity attacks. For example, [88, 89] consider
short routing detours, and [83] consider few routing blockages.
4.4 Advanced Split Manufacturing Schemes
Patnaik et al. [77] proposed various heuristics as well as custom cells
for lifting wires to the BEOL in a concerted manner. The authors
demonstrated a superior resilience; the state-of-the-art attack [82]
could not infer any of the protected connections correctly. Later
on, Patnaik et al. [90] proposed randomization at the netlist level,
which is carried through the EDA flow, thereby resulting in an
erroneous and misleading FEOL layout. The original design is only
restored at the BEOL, using customized routing cells. This work is
one of the first to address holistic protection of both placement and
routing. The authors also demonstrated superior resilience.
Inspired by LL, Sengupta et al. [93] realize IP protection at man-
ufacturing time by locking the FEOL and subsequent unlocking of
the BEOL. The authors also formalize the problem of SM.
As mentioned before, Imeson et al. [79] formulated the notion
of k-security to prevent targeted insertion of HTs. The idea is to
create k isomorphic structures in the FEOL by guided lifting of
wires to the BEOL. Now, an attacker cannot uniquely map these
k structures to some specific target in the already-known design;
she/he has to either randomly guess (with a probability of 1/k) or
insert multiple HTs. Li et al. [80] extended k-security in various
ways. Most notably, they leverage additional gates and wires to be
able to elevate the security levels beyond those achieved in [79].
Recently, Xu et al. [94] questioned the theoretical security of k-
security by pattern matching attacks conducted on the layout level.
Vaidyanathan et al. [95] advocate testing of the untrusted FEOL
against HT insertion, using BEOL stacks dedicated for testability.
Finally, Xiao et al. [92] propose the notion of obfuscated built-in
self-authentication (OBISA) to hinder IP piracy and HT insertion.
4.5 Future Directions for Split Manufacturing
While advanced attacks such as [84, 85] are on the rise, SM becomes
inherently more resilient for larger, industrial designs. In fact, none
of the existing attack works succeeded yet in fully recovering all
missing BEOL connections for larger designs. Still, the crux for
SM—to resolve hints from the FEOL—remains. Thus, schemes which
further reduce the dependency on EDA tools (and cost) are required.
Although [93] explores the formalism of SM, a notion of provably
secure SM remains an open problem. Finally, “entering the next
dimension of SM,” by leveraging the up-and-coming techniques
for 3D integration, has been initiated in [9, 10, 79, 96, 97]. Further
research towards this end seems promising as well.
5 SUMMARY
A multitude of techniques have been proposed to protect your chip
design from attacks such as illegal overproduction, IP piracy, and
insertion of Trojans. We presented an overview on logic locking,
layout camouflaging, and split manufacturing—the three main cat-
egories for IP protection. We also outlined shortcomings, attack
avenues, and promising directions for future research.
REFERENCES
[1] P. Kocher et al., “Spectre attacks: Exploiting speculative execution,” arXiv, vol.
abs/1801.01203, 2018.
[2] M. Lipp et al., “Meltdown,” arXiv, vol. abs/1801.01207, 2018.
[3] L. Lerman et al., “Start simple and then refine: Bias-variance decomposition as
a diagnosis tool for leakage profiling,” Trans. Comp., vol. 67, no. 2, pp. 268–283,
2018.
[4] M. Rostami et al., “A primer on hardware security: Models, methods, and metrics,”
Proc. IEEE, vol. 102, no. 8, pp. 1283–1295, 2014.
[5] M. Yasin et al., “Activation of logic encrypted chips: Pre-test or post-test?” in
Proc. DATE, 2016, pp. 139–144.
[6] S. Patnaik et al., “Obfuscating the interconnects: Low-cost and resilient full-chip
layout camouflaging,” in Proc. ICCAD, 2017, pp. 41–48.
[7] N. Rangarajan et al., “Opening the doors to dynamic camouflaging: Harnessing
the power of polymorphic devices,” arXiv, vol. abs/1811.06012, 2018.
[8] Y. Wang et al., “Front-end-of-line attacks in split manufacturing,” in Proc. ICCAD,
2017.
[9] S. Patnaik et al., “Best of both worlds: Integration of split manufacturing and
camouflaging into a security-driven CAD flow for 3D ICs,” in Proc. ICCAD, 2018.
[10] P. Gu et al., “Cost-efficient 3D integration to hinder reverse engineering during
and after manufacturing,” in Proc. AsianHOST, 2018, pp. 74–79.
[11] J. Rajendran et al., “Regaining trust in VLSI design: Design-for-trust techniques,”
Proc. IEEE, vol. 102, no. 8, pp. 1266–1282, 2014.
[12] P. Tuyls et al., “Read-proof hardware from protective coatings,” in Proc. CHES,
2006, pp. 369–383.
[13] S. Anceau et al., “Nanofocused X-ray beam to reprogram secure circuits,” in Proc.
CHES, 2017, pp. 175–188.
[14] M. Yasin et al., “Evolution of logic locking,” in Proc. VLSI SoC, 2017.
[15] J. A. Roy et al., “Ending piracy of integrated circuits,” Computer, vol. 43, no. 10,
pp. 30–38, 2010.
[16] J. Rajendran et al., “Fault analysis-based logic encryption,” Trans. Comp., vol. 64,
no. 2, pp. 410–424, 2015.
[17] J. Rajendran et al., “Security analysis of logic obfuscation,” in Proc. DAC, 2012.
[18] S. M. Plaza et al., “Solving the third-shift problem in IC piracy with test-aware
logic locking,” Trans. CAD Integ. Circ. Sys., vol. 34, no. 6, pp. 961–971, 2015.
[19] L. Li et al., “Piercing logic locking keys through redundancy identification,” in
Proc. DATE, 2019.
COINS, May 5–7, 2019, Crete, Greece Johann Knechtel, Satwik Patnaik, and Ozgur Sinanoglu
[20] P. Subramanyan et al., “Evaluating the security of logic encryption algorithms,”
in Proc. HOST, 2015, pp. 137–143.
[21] Y. Xie et al., “Mitigating SAT attack on logic locking,” in Proc. CHES, 2016.
[22] M. Yasin et al., “SARLock: SAT attack resistant logic locking,” in Proc. HOST, 2016.
[23] K. Shamsi et al., “AppSAT: Approximately deobfuscating integrated circuits,” in
Proc. HOST, 2017, pp. 95–100.
[24] K. Shamsi et al., “On the approximation resiliency of logic locking and IC camou-
flaging schemes,” Trans. Inf. Forens. Sec., 2018.
[25] Y. Shen et al., “Double DIP: Re-evaluating security of logic encryption algorithms,”
in Proc. GLSVLSI, 2017, pp. 179–184.
[26] M. Yasin et al., “Security analysis of Anti-SAT,” Proc. ASPDAC, pp. 342–347, 2016.
[27] X. Xu et al., “Novel bypass attack and BDD-based tradeoff analysis against all
known logic locking attacks,” in Proc. CHES, 2017.
[28] M. Yasin et al., “Provably-secure logic locking: From theory to practice,” in Proc.
CCS, 2017, pp. 1601–1618.
[29] M. Yasin et al., “Removal attacks on logic locking and camouflaging techniques,”
Trans. Emerg. Top. Comp., vol. PP, no. 99, 2017.
[30] M. Yasin et al., “What to lock?: Functional and parametric locking,” in Proc.
GLSVLSI, 2017, pp. 351–356.
[31] A. Sengupta et al., “ATPG-based cost-effective, secure logic locking,” in Proc. VTS,
2018, pp. 1–6.
[32] A. Sengupta et al., “Customized locking of IP blocks on a multi-million-gate SoC,”
in Proc. ICCAD, 2018, pp. 59:1–59:7.
[33] D. Sirone et al., “Functional analysis attacks on logic locking,” in Proc. DATE, 2019.
[34] K. Shamsi et al., “Cross-Lock: Dense layout-level interconnect locking using
cross-bar architectures,” in Proc. GLSVLSI, 2018, pp. 147–152.
[35] K. Shamsi et al., “Cyclic obfuscation for creating SAT-unresolvable circuits,” in
Proc. GLSVLSI, 2017, pp. 173–178.
[36] S. Roshanisefat et al., “SRCLock: SAT-resistant cyclic logic locking for protecting
the hardware,” in Proc. GLSVLSI, 2018, pp. 153–158.
[37] H. Zhou et al., “CycSAT: SAT-based attack on cyclic logic encryptions,” in Proc.
ICCAD, 2017, pp. 49–56.
[38] Y. Shen et al., “BeSAT: Behavioral SAT-based attack on cyclic logic encryption,”
in Proc. ASPDAC, 2019, pp. 657–662.
[39] Y. Xie et al., “Delay locking: Security enhancement of logic locking against IC
counterfeiting and overproduction,” in Proc. DAC, 2017, pp. 9:1–9:6.
[40] M. Zaman et al., “Towards provably-secure performance locking,” in Proc. DATE,
2018, pp. 1592–1597.
[41] A. Chakraborty et al., “GPU obfuscation: attack and defense strategies,” in Proc.
DAC, 2018, pp. 122:1–122:6.
[42] A. Chakraborty et al., “TimingSAT: timing profile embedded SAT attack,” in Proc.
ICCAD, 2018, pp. 6:1–6:6.
[43] N. G. Jayasankaran et al., “Towards provably-secure analog and mixed-signal
locking against overproduction,” in Proc. ICCAD, 2018, pp. 7:1–7:8.
[44] J. Leonhard et al., “MixLock: Securing mixed-signal circuits via logic locking,” in
Proc. DATE, 2019.
[45] Y. Lao et al., “Obfuscating DSP circuits via high-level transformations,” Trans.
VLSI Syst., vol. 23, no. 5, pp. 819–830, 2015.
[46] A. Vijayakumar et al., “Physical design obfuscation of hardware: A comprehensive
investigation of device- and logic-level techniques,” Trans. Inf. Forens. Sec., vol. 12,
no. 1, pp. 64–77, 2017.
[47] J. Rajendran et al., “Security analysis of integrated circuit camouflaging,” in Proc.
CCS, 2013, pp. 709–720.
[48] M. E. Massad et al., “Integrated circuit (IC) decamouflaging: Reverse engineering
camouflaged ICs within minutes,” in Proc. NDSS, 2015, pp. 1–14.
[49] C. Yu et al., “Incremental SAT-based reverse engineering of camouflaged logic
circuits,” Trans. CAD Integ. Circ. Sys., vol. 36, no. 10, pp. 1647–1659, 2017.
[50] X. Wang et al., “Parallelizing SAT-based de-camouflaging attacks by circuit parti-
tioning and conflict avoiding,” Integration, 2018.
[51] S. Keshavarz et al., “SAT-based reverse engineering of gate-level schematics using
fault injection and probing,” in Proc. HOST, 2018, pp. 215–220.
[52] M. Yasin et al., “Testing the trustworthiness of IC testing: An oracle-less attack
on IC camouflaging,” Trans. Inf. Forens. Sec., vol. 12, no. 11, pp. 2668–2682, 2017.
[53] I. R. Nirmala et al., “A novel threshold voltage defined switch for circuit camou-
flaging,” in Proc. ETS, 2016, pp. 1–2.
[54] M. I. M. Collantes et al., “Threshold-dependent camouflaged cells to secure circuits
against reverse engineering attacks,” in Proc. ISVLSI, 2016, pp. 443–448.
[55] X. Wang et al., “Secure and low-overhead circuit obfuscation technique with
multiplexers,” in Proc. GLSVLSI, 2016, pp. 133–136.
[56] M. Yasin et al., “CamoPerturb: Secure IC camouflaging for minterm protection,”
in Proc. ICCAD, 2016, pp. 29:1–29:8.
[57] M. Li et al., “Provably secure camouflaging strategy for IC protection,” in Proc.
ICCAD, 2016, pp. 28:1–28:8.
[58] S. Jiang et al., “An efficient technique to reverse engineer minterm protection
based camouflaged circuit,” J. Comp. Sci. Tech., vol. 33, no. 5, pp. 998–1006, 2018.
[59] M. Li et al., “Provably secure camouflaging strategy for IC protection,” Trans.
CAD Integ. Circ. Sys., vol. PP, no. 99, 2017.
[60] R. P. Cocchi et al., “Circuit camouflage integration for hardware IP protection,”
in Proc. DAC, 2014, pp. 1–5.
[61] F. Courbon et al., “Direct charge measurement in floating gate transistors of flash
EEPROM using scanning electron microscopy,” in Proc. ISTFA, 2016, pp. 1–9.
[62] H. Lohrke et al., “No place to hide: Contactless probing of secret data on FPGAs,”
in Proc. CHES, 2016, pp. 147–167.
[63] B. Erbagci et al., “A secure camouflaged threshold voltage defined logic family,”
in Proc. HOST, 2016, pp. 229–235.
[64] A. S. Iyengar et al., “Threshold defined camouflaged gates in 65nm technology
for reverse engineering protection,” in Proc. ISLPED, 2018, pp. 6:1–6:6.
[65] T. Sugawara et al., “Reversing stealthy dopant-level circuits,” J. Cryptogr. Eng.,
vol. 5, no. 2, pp. 85–94, 2015.
[66] S. Chen et al., “Chip-level anti-reverse engineering using transformable intercon-
nects,” in Proc. DFT, 2015, pp. 109–114.
[67] J.-W. Jang et al., “Threshold-defined logic and interconnect for protection against
reverse engineering,” Trans. CAD Integ. Circ. Sys., vol. PP, no. 99, 2018.
[68] S. Chen et al., “A chip-level anti-reverse engineering technique,” J. Emerg. Tech.
Comp. Sys., vol. 14, no. 2, pp. 29:1–29:20, 2018.
[69] S.-W. Hwang et al., “A physically transient form of silicon electronics,” Science,
vol. 337, no. 6102, pp. 1640–1644, 2012.
[70] N. E. C. Akkaya et al., “A secure camouflaged logic family using postmanufactur-
ing programming with a 3.6GHz adder prototype in 65nm CMOS at 1V nominal
VDD,” in Proc. ISSCC, 2018.
[71] G. L. Zhang et al., “TimingCamouflage: Improving circuit security against coun-
terfeiting by unconventional timing,” in Proc. DATE, 2018, pp. 91–96.
[72] M. Li et al., “TimingSAT: Decamouflaging timing-based logic obfuscation,” in
Proc. ITC, 2018, pp. 1–10.
[73] Y. Bi et al., “Emerging technology-based design of primitives for hardware secu-
rity,” J. Emerg. Tech. Comp. Sys., vol. 13, no. 1, pp. 3:1–3:19, 2016.
[74] F. Parveen et al., “Hybrid polymorphic logic gate with 5-terminal magnetic
domain wall motion device,” in Proc. ISVLSI, 2017, pp. 152–157.
[75] S. Patnaik et al., “Advancing hardware security using polymorphic and stochastic
spin-hall effect devices,” in Proc. DATE, 2018, pp. 97–102.
[76] C. McCants, “Trusted integrated chips (TIC),” IARPA, 2011.
[77] S. Patnaik et al., “Concerted wire lifting: Enabling secure and cost-effective split
manufacturing,” in Proc. ASPDAC, 2018, pp. 251–258.
[78] S. Chen et al., “On the effectiveness of the satisfiability attack on split manufac-
tured circuits,” in Proc. VLSI SoC, 2018.
[79] F. Imeson et al., “Securing computer hardware using 3D integrated circuit (IC)
technology and split manufacturing for obfuscation,” in Proc. USENIX, 2013.
[80] M. Li et al., “A practical split manufacturing framework for trojan prevention via
simultaneous wire lifting and cell insertion,” in Proc. ASPDAC, 2018, pp. 265–270.
[81] J. Rajendran et al., “Is split manufacturing secure?” in Proc. DATE, 2013.
[82] Y. Wang et al., “The cat and mouse in split manufacturing,” in Proc. DAC, 2016.
[83] J. Magaña et al., “Are proximity attacks a threat to the security of split manufac-
turing of integrated circuits?” in Proc. ICCAD, 2016, pp. 90:1–90:7.
[84] B. Zhang et al., “Analysis of security of split manufacturing using machine
learning,” in Proc. DAC, 2018, pp. 141:1–141:6.
[85] H. Li et al., “Attacking split manufacturing from a deep learning perspective,” in
Proc. DAC, 2019.
[86] K. Vaidyanathan et al., “Efficient and secure intellectual property (IP) design with
split fabrication,” in Proc. HOST, 2014, pp. 13–18.
[87] A. Sengupta et al., “Rethinking split manufacturing: An information-theoretic
approach with secure layout techniques,” in Proc. ICCAD, 2017, pp. 329–336.
[88] Y. Wang et al., “Routing perturbation for enhanced security in split manufactur-
ing,” in Proc. ASPDAC, 2017, pp. 605–610.
[89] L. Feng et al., “Making split fabrication synergistically secure andmanufacturable,”
in Proc. ICCAD, 2017.
[90] S. Patnaik et al., “Raise your game for split manufacturing: Restoring the true
functionality through BEOL,” in Proc. DAC, 2018, pp. 140:1–140:6.
[91] S. Chen et al., “Improving the security of split manufacturing using a novel BEOL
signal selection method,” in Proc. GLSVLSI, 2018, pp. 135–140.
[92] K. Xiao et al., “Efficient and secure split manufacturing via obfuscated built-in
self-authentication,” in Proc. HOST, 2015, pp. 14–19.
[93] A. Sengupta et al., “A new paradigm in split manufacturing: Lock the FEOL,
unlock at the BEOL,” in Proc. DATE, 2019.
[94] W. Xu et al., “Layout recognition attacks on split manufacturing,” in Proc. ASPDAC,
2019, pp. 45–50.
[95] K. Vaidyanathan et al., “Detecting reliability attacks during split fabrication using
test-only BEOL stack,” in Proc. DAC, 2014, pp. 156:1–156:6.
[96] J. Valamehr et al., “A 3-D split manufacturing approach to trustworthy system
development,” Trans. CAD Integ. Circ. Sys., vol. 32, no. 4, pp. 611–615, 2013.
[97] J. Knechtel et al., “Large-scale 3D chips: Challenges and solutions for design
automation, testing, and trustworthy integration,” Trans. Sys. LSI Des. Method.,
vol. 10, pp. 45–62, 2017.
