23 research outputs found
Secure Scan Design with a Novel Methodology of Scan Camouflaging
Scan based attacks are the major security concerns of a design. These attacks are majorly employed to understand the camouflaged logic during reverse engineering. The state-of-the-art techniques like scan chain scrambling hinder accessibility of scan chains, but are prone to layout level reverse engineering attacks. In the proposed methodology, the scan design is secured by adding an extra scan input port (DSI) to the flipflop using dummy contacts, which ensure that DSI cannot be distinguished from SI port even with layout based reverse engineering techniques. Dummy scan chain connections are introduced in the design by connecting DSI port to the nearby flipflop Q output port. Our proposed method can withstand Reset-and-scan attack, Incremental SAT-based attack and the recent ScanSAT attack. The performance of this concept is measured in terms of frequency and total power consumption on IWLS-2005 benchmark circuits having up to 1380 flipflops with 40nm technology library. The delay is effected by a maximum of 2.2% with 50% obfuscation without any impact on power, pattern generation time and scan test time
Teaching Hardware Reverse Engineering: Educational Guidelines and Practical Insights
Since underlying hardware components form the basis of trust in virtually any
computing system, security failures in hardware pose a devastating threat to
our daily lives. Hardware reverse engineering is commonly employed by security
engineers in order to identify security vulnerabilities, to detect IP
violations, or to conduct very-large-scale integration (VLSI) failure analysis.
Even though industry and the scientific community demand experts with expertise
in hardware reverse engineering, there is a lack of educational offerings, and
existing training is almost entirely unstructured and on the job. To the best
of our knowledge, we have developed the first course to systematically teach
students hardware reverse engineering based on insights from the fields of
educational research, cognitive science, and hardware security. The
contribution of our work is threefold: (1) we propose underlying educational
guidelines for practice-oriented courses which teach hardware reverse
engineering; (2) we develop such a lab course with a special focus on
gate-level netlist reverse engineering and provide the required tools to
support it; (3) we conduct an educational evaluation of our pilot course. Based
on our results, we provide valuable insights on the structure and content
necessary to design and teach future courses on hardware reverse engineering
Stealthy Opaque Predicates in Hardware -- Obfuscating Constant Expressions at Negligible Overhead
Opaque predicates are a well-established fundamental building block for
software obfuscation. Simplified, an opaque predicate implements an expression
that provides constant Boolean output, but appears to have dynamic behavior for
static analysis. Even though there has been extensive research regarding opaque
predicates in software, techniques for opaque predicates in hardware are barely
explored. In this work, we propose a novel technique to instantiate opaque
predicates in hardware, such that they (1) are resource-efficient, and (2) are
challenging to reverse engineer even with dynamic analysis capabilities. We
demonstrate the applicability of opaque predicates in hardware for both,
protection of intellectual property and obfuscation of cryptographic hardware
Trojans. Our results show that we are able to implement stealthy opaque
predicates in hardware with minimal overhead in area and no impact on latency