As CAD tools and semiconductor technology improvements increase market opportunities for reusable hardware components, it becomes more important to produce techniques for protecting intellectual property rights. This work presents a method of fingerprinting an FPGA design component, so that products in the field can be used to identify both the component designer as well as the customer of record. These techniques are efficient, have extremely low impact on design quality, and are resistant to tampering.
Introduction
We will introduce a fingerprinting technique that applies cryptographically encoded signatures to FPGA digital designs in order to support identification of the original recipient (i.e. customer of record). The approach is shown to be capable of encoding long signatures and being secure against malicious collusion while being extremely efficient and requiring low overhead in terms of area and design performance.
A. Motivation
Digital IC design implementation has dramatically increased in complexity. Fortunately, complex systems tend to be assembled using smaller components in order to reduce complexity as well as to take advantage of localized data and control flows. This trend toward partitioning enables design reuse, which is essential to reducing development cost and risk while also shortening design time. Design reuse has been employed by systems designers for years, but what is new is that the boundaries for component partitions have moved inside of the IC packages.
These reusable modules are commonly referred to as intellectual property (IP), as they represent the commercial investment of the originating company but do not have a natural physical representation. Dir,ect theft is a major concern of IP vendors. It is possible for customers, or a third party, to simply sell an IP block as their own without even reverse engineering the design. Because IP blocks are designed to be modular and integrated with other system components, the thief can simply repackage them without bothering to understand either the architecture or implementation.
This paper presents a solution to the risk of such direct misappropriation. The essential idea involves embedding a digital signature, which uniquely identifies the recipient, in an IP block. This signature allows the IP owner to not only verify the physical layout as their property but to identify the source of misappropriation, in a way that is likely to be much more compelling than the existing option of verifying the design against a registered database. This capability is achieved with very low overhead and effort and is protected against recipient collusion.
B. Motivational Example
While the concepts developed here can be applied to a wide range of FPGA architectures, all of the discussion and experimental work will be conducted in the context of the Xilinx XC4000 architecture [ 11. These devices are composed of an array of configurable logic blocks (CLBs), each of which contains two flip-flops and two 16x1 lookup tables (LUTs). A hierarchical and segmented routing network is used to connect CLBs in order to form a specific circuit configuration.
Using a previously developed FPGA watermarking technique [2] , a secure transparent signature can be placed in an FPGA design. Consider the case of PREP Benchmark #4, a large state machine, which can be mapped into a block of 27 CLBs. This mapping results in 3 unused CLBs, or 3*32=96 unused LUT bits. Each unused LUT bit is used to encode one bit of the signature. Fig. 1 shows the layout of the original design as produced by the standard Xilinx backend tools, while Fig. 2 shows the layout for ihe same design after applying the watermark constraints to the three unused CLBs and re-mapping the design. The marked CLBs are then incorporated into the design with unused interconnect and neighboring CLB inmts. further hiding. the signature. An FPGA design partitioning and tiling technique [3] is then used to extend the watermarking technique's capabilities to include fingerprinting. Consider the Boolean function Y=(AAB)A(CVD), which might be implemented in a tile containing four CLBs as shown in Fig. 3 . This configuration contains one spare CLB, making its LUT available for the insertion of a signature. Each recipient could receive this original configuration with a unique signature. Using the same configuration for a different recipient, and therefore a different signature, would facilitate simple comparison collusion (e.g. XOR), as the only difference between the designs would be the signatures. But, each implementation in Fig. 3 is interchangeable with the original, as the interface between the tile and the surrounding areas of the design is fixed and the tile's function remains unchanged. The timing of the circuit may vary, however, due to the changes in routing. With several different instances of the same design, comparison collusion would yield functional differences, thus disguising the differences between the various recipients' signatures.
C. Contributions
This paper presents the first fingerprinting method for protecting intellectual property, in the form of reusable digital circuits, even after the IP has been delivered in commercial products. By manipulating hardware resources, we are able to encode relatively long messages in a manner that is difficult to observe by a third party, resists tampering and collusion, and has little impact on circuit performance or size. This capability provides three main benefits:
It reduces the risk that a circuit will be stolen, i.e. used illegally without payment or transferred to a third party. It can be used to identify the backend tool chain used to develop a design, and thus be part of the royalty mechanism used for CAD tools. It identifies not only the origin of the design, but also the origin of the misappropriation.
1.
2.
3.
Related Work
There has been a number of fingerprinting efforts reported in data hiding and cryptography literature [4-61. They established a spectrum of protocols which guarantee the protection of both buyers and merchants of digital artifacts. All of them are targeting protection of still artifacts, such as image and audio streams. To the best of our knowledge, this is the first effort which addresses intellectual property protection using fingerprinting. This technique, therefore, provides protection of intellectual integrated circuit properties, such as cores, at a level beyond what is provided by recently introduced watermarking techniques [2, 7] .
Approach
This fingerprinting approach makes use of both the watermarking technique and the design tiling technique to create secure signatures.
A. Watermarking
The watermarking technique is the general approach of inserting signatures in unused CLB LUTs as introduced in the motivational example above. Results from that project demonstrated that the area and timing overhead required for inserting large, cryptographic signatures in a design that identify the circuit origin is extremely low and is protected against most attacks. The only limitation of the approach is that a signature is fundamentally an optional component of a system design. Any signature can be removed by reverse engineering a design to a stage before the signature has been applied. For example, the approach developed here will be used to watermark a design at the physical level by manipulating LUTs and interconnect. The IP vendor will then deliver their technology in the form of a hard macro. If the macro can be reverse engineered to a netlist, the signature will be removed, specifically because it is not a functional part of the circuit operation. A thief can then move forward 13.5.2 through the place and route tools to derive a hard macro that does not contain the signature. Fortunately, most FPGA vendors have taken a business position that they will not reveal the specification of their configuration streams, specifically to complicate the task of reverse engineering and thus protect the investment of their customers. Xilinx does not take any specific actions to make their configurations difficult to reverse engineer. However, they do believe that it is difficult to do in general, and they promise their customers that they will keep the bitstream specification confidential in order to raise the bar for reverse engineering [8] . Essentially, once a design is watermarked, the only option for unauthorized removal is to reverse engineer back to a functional netlist and re-place and route the design.
Directly applying the watermarking technique to fingerprinting (i.e. replace the design origin signature with the recipient's signature for each copy) is susceptible to collusion. Performing a simple comparison between the two bitstreams would reveal that the only differences were due to the individual signatures. Removing the differences would yield a fully functional yet unmarked circuit.
B. Tiling
This problem can be avoided by taking advantage of the flexible nature of FPGAs to create functional differences between design instances. By moving the location of the signature for each instance of the design (i.e. reserve different CLBs for the signature), the functional design will also have a different layout. Therefore, all comparisons that are done yield functional differences, and any attempt to remove the differences would yield a useless circuit.
The design tiling algorithm was developed in connection with a fault-tolerance project, but it applies equally well here.
The algorithm divides a design into a set of tiles that possess the same characteristics as the example in Fig. 3 . That is, each tile has set specific functionality and locked interface with the rest of the design. Several instances of each tile can be generated, and each instance can replace another without affecting the rest of the circuit (except timing) due to the locked interface. For the fault-tolerance project, different instances of each tile reserved different CLBs as unused. In the face of a CLB fault, the appropriate instance can be activated without affecting the rest of the circuit. The same result could be achieved by storing several instances of the entire design, leaving various CLBs free in each instance, but the effort to place and route each instance and the memory required to store each instance makes this approach impractical. Much in the same way that tiling for fault-tolerance reduces the effort required to generate the various faulttolerant instances and the memory to store them, tiling also makes this fingerprinting approach more efficient and practical. Generating an entire layout for each instance of the design would require a trip through the place-and-route tools for the entire circuit. Tiling requires that only a small portion of the design be changed, as the tiles are independent due to the locked interface between tiles. The: various tile instances can then be matched to create one instance of the entire design. This reduces the total number of instances that can be generated, but vastly reduces the effort and memory required to produce each instance.
C. Fingerprinting
After each instance for each tile is generated, the instances are prepared for the signature. Every unused CLB in each instance is incorporated into tlhe design with unused interconnect and neighboring CLB inputs, and timing statistics are generated for each instance. Depending on the timing specifications of the design, some instances may be discarded. The remaining instances are collected in a database. For example, MCNC benchmark c499 can be divided into 6 tiles, each with 8 instances, creating the possibility for 86 = 262,144 different instances of the total design.
When a copy of the design in neelded for distribution, an instance from each tile is selected from the database and the recipient's signature is inserted in the unused CLBs of each tile.
A group of people colluding to remove their signatures from their instances of the design may be able to find that they have instance matches among some of their tiles, thus allowing for tile comparison collusion, but it extremely unlikely that matches will be found among all or even a large portion of the tiles. Therefore, the colluding recipients may be able to remove a small portion of their signatures, but the vast majority of the signatures will remain intact. The key to this approach is efficiently introducing wide variation among the functional parts of the designs as well, so that collusion cannot be used to separate functional components from identifying markers.
The following pseudo-code summarizes the approach: 1. create initial non-fingerprinted design; 2. extract timing and area information; 3. while (!complete) { 4.
partition design into tiles; 5. if (!(signature size && collusion praltection)) break; 6.
for (i=l;i<=# of tiles;i++) { 7. 
13.5.3
Lines 1 and 2 initialize the process by establishing the physical layout for the non-fingerprinted design, on which all area and timing overhead is based.
Lines 3-12 perform the tiling technique, creating a database of tile instances. The variables for this section are signature size, collusion protection (level of security based on presumed number of collaborators), and timing requirements. Signature size and collusion protection affect the tiling approach, while the timing requirements define the instance yield (i.e. individual tile instances are accepted contingent upon their meeting the timing requirements).
Lines 13-17 are executed for each distributed instance of the design. Line 14 derives the unique recipient signature with asymmetric fingerprinting techniques [5, 6] .
Experimental Results
We conducted an evaluation of the proposed approach on nine MCNC designs. Table 1 shows the cost (area) metrics of the designs before and after the application of the fingerprinting approach. A number of factors complicate the task of calculating the physical resource overhead. The place-androute tools will indicate the number of CLBs that are used for a particular placement. However, these utilized CLBs rarely are packed into a minimal area. Unused CLBs introduce flexibility into the place-and-route step that may be essential for completion or good performance. For example, the initial c880 design possesses a concave region that contains 42 utilized CLBs but also 10 unutilized CLBs (19%). Therefore, we will report overhead in terms of the area used by the fingerprinted design minus the total area of the original design, including unused CLBs such as the 19% measure above. The average, median and worst-case area overheads were 5.4%, 5.3%, and 9.8% respectively. The size of the signature that can be encoded is dependent on this overhead. If a larger signature is desired, extra CLBs can be added thus increases overhead linearly with the size of the additional signature length. instance yield (i.e. number of tile instances that meet the timing specifications I total number of tile instances) is shown as the timing specifications (measured as percent increase over the original, non-fingerprinted design timing) grow more lenient. The results reveal that a 20% increase in timing yields approximately 90% of total tile instances as acceptable. Relatively small changes in a circuit netlist or routing constraints can often result in a dramatically different placement and a corresponding change in speed. It appears that the impact of fingerprinting on performance is well below this characteristic variance. 
Conclusion
As digital IC design complexity increases, forcing an increase in design reuse and third party macros distribution, intellectual property protection will continue to become more important. The fingerprinting approach presented here creates such protection for FPGA intellectual property, uniquely identifying both the origin and recipient of a design, while require very low overhead in terms of area and timing.
