The susceptibility of digital systems to tampering is of immense concern to military and commercial organizations. Current defenses against such techniques as reverse engineering and side channel analysis are limited and don't address the underlying vulnerable characteristics of digital circuits. In this paper, we propose a generalized defense methodology named Dynamic Polymorphic Reconfiguration that significantly reduces the probability of successful tampering. We achieve protection through targeted component hiding and the introduction of run-time autonomous defense adaptations. As a result, we establish the feasibility of self-protecting circuits.
INTRODUCTION
The protection of sensitive information and intellectual property that is processed on digital systems is generally regarded as the responsibility of the user. This allows designers to focus on optimizing performance parameters without being limited to an innumerable amount of security concerns. The problem with this approach is that there currently exists a gap between the knowledge of exploitation techniques and the sophistication of applications that these systems are used in. Thus, there is a critical need to provide users with dependable protection methods that meet the level of current threats.
Dynamic Polymorphic Reconfiguration (DPR) offers potential defense against a large class of vulnerabilities. Dynamic reconfiguration is a relatively new concept to the area of circuit security, due in large part to the lack of threat generalization.
That generalization is finally achieved in [1] where it is shown that vulnerabilities to such techniques as reverse engineering and side-channel analysis stem from the ability to recognize component functionality or structure. Thus, the case is made for a defense framework that targets both characteristics. DPR achieves this through a mix of obfuscating transformations and dynamic structure reconfiguration.
TAMPERING

Reverse Engineering
Reverse engineering (RE) encompasses a range of techniques to identify circuit intent and structure using a small set of known characteristics. Black-box and whitebox methods are the two classifications that make up RE. We may define successful black-box analysis as follows:
Given a circuit C→{X, Y}, an arbitrarily large set of pairs IO = {x i , y i | y i = C(x i )} where x ∈ X, y ∈ Y, and an arbitrary element y j ∉ IO, we may consider black-box understandability as the ability to efficiently find x j such that y j = C(x j ) [2] .
This approach involves exercising input combinations and mapping the associated outputs.
A common misconception regarding black-box RE on modern circuits is that it is a futile effort, owing to the increasing I/O space and circuit complexity. However, this technique can be an efficient method even with an I/O space numbering in the thousands [1] . The key idea established in [1] is the ability to recognize patterns in a partial truth table that are  characteristic of common functions White-box analysis is not hindered by such information limitations. Under this method, given the previously defined circuit C and element y j , it is possible to efficiently compute x j by analyzing the circuit structure. The structure can be available in the form of a design netlist, circuit imagery, etc. Avery et al. have conducted work in which optical and electron beam microscopy, pattern recognition, and netlist extraction techniques are combined to reconstruct logic diagrams and VHDL designs from ASICs [3] . In [4] , Nohl et al. apply white-box analysis to the reconstruction of an embedded proprietary cryptographic circuit by creating gate library and targeting on areas dense in XOR. Key to the success of their approach is the fact that cryptographic algorithms rely heavily on bit-wise operations.
Thus, the second requirement for defense is established, namely obfuscating the recognizable structure of common components. 
Side-Channel Analysis
Operation of electronic devices can be measurements of power, time and emissions. The exploitation of these attri a side-channel attack. Information gat channel measurements can be used to de specific data is stored or when certain in available for theft [5, 6, 7] . Taking different methods of side-channel analys the common characteristic is the ability measurements to assumed values. If tho can be altered to bear no resemblance t becomes more difficult to carry Additionally, if the measurements con over time, the chances of creating a corr reduced. This establishes the third goal o carry out continuous reconfiguration at analysis can be carried out.
POLYMORPHISM AND OBF
In [2, 8] , the case is made for techniques of structural substitution an obfuscate digital circuits, targeting intent black and white-box domains to pro encrypted" circuit variants. Polymorphi are at the heart of the encryption proces making an obfuscated variant indistingu original in both I/O relationships and wh These transformations take place at va design's hierarchy -function, componen The line that separates different level dependent and not considered to be defin equivalence is defined in terms of I/O fa representation. Obfuscation at a higher builds upon changes at lower levels.
In [2] 
USCATION
using systematic nd permutation to t protection in both oduce "executably ic transformations sses, which aim at uishable from the hite-box structure. arious levels of a nt, gate, signal [9] . ls is contextually nitive. In all cases anning or semantic r level necessarily ent protection are it, C', must exhibit a different functional outpu circuit, C. As a consequence by itself is not useful in th second goal is to provide original output of C from C' box polymorphism results produce circuits with d input/output patterns. We us component basis as the found DPR creates polymorphic there is a guarantee that add circuit operation and (2) th changed. Specifically, we de that may be performed o replacement, signal hiding, in output signal addition.
Gate Replacement
Cut-sets are localized gro reconfiguration and are made input level and output leve replacement as a substitution for another (different) one. D gates at the input level, replacement combinations c gate types (AND, OR, XOR ut pattern than the original of achieving the first goal, C' he design. Accordingly, the a capability to recover the '. As Fig. 1 illustrates, reconfigurations such that (1) ditional signals are integral to he original I/O mapping is elineate four basic operations on a circuit cut-set: gate nput signal/gate addition, and oupings of gates targeted for up of two levels, noted as the l (Fig. 2) . We define a gate n of one functional node type DPR invokes replacement on giving us thirty possible corresponding to six possible R, NAND, NOR, XNOR) and the fact that a gate cannot be replaced with itself. The choice for replacement is randomly selected from thirty.
Signal Hiding
We define targeted signal hiding as a white-box transformation that affects the intermediate semantic representation of a circuit. Signal hiding refers to the information that the signal transfers, not the instantiation of the signal itself [2] . For DPR cut-sets, signal e, f, and g are of interest for signal hiding purposes where we wish to change or eliminate the original bit signatures. Using the cut-set notation in Fig. 2 the four possible output bits of signal e are , , , . After signal hiding, signature e is transformed to e' and the possible states are , , , .
Signal hiding occurs iff ≢ . Gate replacement induces signal hiding when the gate that we choose to replace corresponds to the signal that we want to hide. Following replacement, the cut-set will exhibit a new structural (white-box) make-up and potentially, a new functional (black-box) operation.
Input Signal Addition or Gate Addition
We can describe the addition of an input signal or a single gate as the same operation, with the new signal representing the output signature of the new gate. When DPR adds a signal, the gate and signal is integrated into the circuit in such a way so that we affect the semantics of the original component.
Consider the addition of a signal to a cut-set. As the first step, we choose how that signal (h) will be integrated. The method chosen by DPR is to add a gate (D) between the input and output levels for which the new signal will be one input and the other input will come from the first level. DPR chooses the type of intermediary gate randomly. The second step is to ensure that the output of the cut-set is changed. This is accomplished by connecting the output of the new gate (i) to the input of the gate that serves as the cut-set output as shown in Fig. 3. 
Output Signal Addition
Adding an additional output is a necessary capability so that new inputs can originate internally instead of only at the circuit boundary. Consequently, steps for adding an output signal are straight-forward: take any collection of cut-set signals and combine them using a randomly chosen gate. The gate output becomes a component output.
RECOVERY KEY
The second part of dynamic polymorphic reconfiguration concerns the remainder of the system within which we reintegrate the reconfigured component. It also addresses the issue of maintaining overall semantic equivalence of the circuit in which the component resides. We use the term convergence to describe how all related changes induced by a reconfigured component have to be reversed at a single point. For this, we employ the idea of a recovery key [2] . Without the key, the remainder of the circuit will see only the reconfigured output (which has a different signature than that of the original component), with which it cannot operate correctly. The intent of the key then, is to recover the original semantic representation of the component and therefore allow the overall circuit to retain functional equivalence. We observe one notable characteristic of DPR related to these recovery keys: only the last original cut-set in a ser series of component reconfigurations is needed to create a key. This property reduces the size of the final reconfigured circuit because we can make several changes without creating keys for them individually. Here, we formulate two methods for key development: standalone and encoded. Standalone key offers a less complex approach that is easier to analyze. The encoded key scheme is an extension of the standalone approach and offers a preferred method for extending black-box component changes to other parts of the circuit with degrees of variability.
Standalone Key
A standalone key component is a component that takes as input the transformed output signal of a reconfigured component and then outputs the recovered / original output signal of the component. To accomplish this, DPR uses the result from a comparison between the full output signature of the original and reconfigured cut-sets. In basic terms, the key outputs the necessary function to XOR with the new output. The XOR function is chosen for its U.S. Government work not protected by U.S. copyright unique property of having no single controlling value and so it can provide any desired output regardless of the fixed value on one input. Convergence becomes an issue with the use of standalone keys because the original signal is locatable if a component that uses the reconfigured output can be identified (Fig. 4) . The key can then be considered part of the reconfigured component. A considerable amount of white-box obfuscation may have taken place, but the black-box obfuscation is negligible. The solution to this problem is encoding the key.
Encoded Key
Using encoding, a component's reconfiguration takes place with knowledge of changes to other cut-sets that produce its inputs. Consider a circuit that is made up of two connected components, A and B, which can be distinguished from one another. Once A has been reconfigured so that its output is changed, its key is encoded into B (see Fig. 5 ). The difference between the reconfiguration processes on A and B is that the latter is necessarily more deterministic. Determinism in this case does not mean that reconfiguration is predetermined; there remains a random quality to all the transforming operations. What is predetermined is that at some point in B, the changes will converge. The natural break between components no longer exists which is the limitation of standalone keys (5). The original function of A cannot be recovered unless it is separated from B and all of B's previous transformations, which may involve other components that A is not associated with.
AUTONOMOUS / DYNAMIC OPERATION
With the proper entry and terminating conditions, each of the transformations becomes programmatically employable. Therefore, we may use algorithms to implement each transformation. The creation of an encoded key is dependent on the components that are connected to the reconfigured output. Specifically, a cutset in a connected component must be identified as the location for convergence. This is the point at which the original functionality of the circuit will be preserved, i.e. where a standalone key will be created. The fewer points of convergence created, the better the obfuscation.
Polymorphic reconfiguration is easily extended to a dynamic operation when utilizing a FPGA that enables the targeting of specific look-up tables (LUTs). DPR adds protection in the sense that a design is stable only for the length of time necessary to carry out an operation. Stability in this case can be expressed both in terms of location and structure. Because the transformations used by DPR are at the gate level, it is natural to look at this technique in terms of changing LUT definitions. Fig. 4 . Standalone key. Although the original circuit has been reconfigured to hide signal e, the added security is insufficient. The reconfigured circuit and recovery key can be combined to form the original circuit. 
EVALUATION PLATFORM
A custom reconfigurable platform is required to handle the communication requirements of dynamic reconfiguration. An array of VHDL coded, 1-bit LUTs is created on a Xilinx Virtex-II Pro FPGA. Each LUT takes as input two 1-bit operands and a 4-bit configuration identification code. The combination of the inputs dictates the 1-bit output. In lieu of building complex networks to handle information transfer, an embedded PowerPC core and software defined registers are utilized. The registers are VHDL instantiated constructs, four assigned to each LUT. It is in these registers that a LUT's input, output, and configuration are communicated. Control is provided by a C program running on the PowerPC core.
REVERSE ENGINEERING MITIGATION
DPR's effect on reverse engineering is first described in terms of proofs. This method is used because it eliminates the need for exhaustive case study analysis. The proofs are important because they show that the deterministic use of DPR in fact achieves effective obfuscation.
Gate Replacement
A gate replacement operation changes the gate type of A. The reconfiguration results in two black-box and one white-box changes. The first is e is given a new signature: f A' (a, b) → e'. Because A has changed and necessarily exhibits a different function, e will differ from e' in at least one bit location.
Proof Sketch A: Given f A (a, b) → e and f A' (a, b) → e'. The second change is a potential black-box change resulting from the fact that a replaced gate may affect the output of the cut-set. When the input-level of a cut-set contains a gate (B) that produces a controlling value regardless of the input, changes in the other gate (A) will be masked. However, if there exists an input combination for which B does not produce a controlling value, then the change in A will be reflected in the cut-set output signature.
Proof Sketch B: Given f A (a, b) → e, f B (c, d) → f, and f C (e, f) → g. Let the controlling input of C be e x and the non-controlling value f y for some 0 ≤ x, y ≥ 3. After a gate replacement operation on A, g' ≢ g iff e x is not changed to or from f y . However, we know from Proof A that e' ≢ e after a gate replacement and thus g' ≢ g. The final change that results from gate replacement is a white-box change to the structure of the cut-set, which follows by definition.
Signal Hiding
Signal hiding is achieved through gate replacement, with the cut-set chosen in such a way that the gate from which the targeted signal originates is the gate which is replaced. Proof A confirms the correctness of this operation in meeting the established definition of hiding a signal.
Input Signal Addition or Gate Addition
Signal/gate addition results in an increase in the number of input signals and a change in the netlist connections. From an I/O perspective, the effort to identify a complete cut-set mapping is increased from 2 to 2 . Secondly, in the case that B does not always produce the controlling value for C, it is not possible to recover g from g' using black-box techniques. This is proven as follows:
Proof Sketch C: Given f A (a, b) → e, f B (c, d) → f, f D (e, h) → i and f C (i, f) → g. Let be the output for which f y is not the controlling value.
is recoverable from iff for both values of h (0,1). This requires e to always be the controlling value for D. However, this is impossible with the implementable set of gates.
Side-channel Analysis Mitigation
During the examination of DPR's operational impact, both timing and power are affected in terms of the gate delay and amount of gate activities from input to output. This is evident in the cut-sets that are reconfigured. Because both timing and power analysis makes use of statistical comparisons between expected and measured functional delays and power consumption, varying the time and amount of gate activities take to complete those particular operations is a strong defense. The addition of a gate with the AddGate routine results in an increase of two gate delays to a cut-set. There is also an additional delay associated with adding the routing information, which varies with the particular instance of reconfiguration. Since each LUT corresponds to a single gate, the delay is at least 0.172ns per call of the AddGate routine. For each input that is added with the AddInput routine, there is a 1.4% increase in dynamic power. For each gate that is added to the computation path, the change is 0.006%.
CONCLUSION
Commercial devices offer little protection against the exploitation of vulnerabilities such as reverse engineering and side-channel analysis. The idea of using DPR to improve that defense offers significant possibilities. By continuously employing obfuscating transformations, DPR injects confusion into a circuit's and thereby reduces the likelihood of successful reverse engineering. Secondly, the ability to provide this protection autonomously and in a dynamic fashion allows for a circuit to protect itself from tampering without the need for user interaction. Finally, the use of transforming algorithms that mix random and deterministic methods ensures that the protective measures cannot be easily undone, increasing any analysis effort above that which would be required for an exhaustive functional mapping.
