Secure Scan Design with a Novel Methodology of Scan Camouflaging

Scan based attacks are the major security concerns of a design. These attacks are majorly employed to understand the camouflaged logic during reverse engineering. The state-of-the-art techniques like scan chain scrambling hinder accessibility of scan chains, but are prone to layout level reverse engineering attacks. In the proposed methodology, the scan design is secured by adding an extra scan input port (DSI) to the flipflop using dummy contacts, which ensure that DSI cannot be distinguished from SI port even with layout based reverse engineering techniques. Dummy scan chain connections are introduced in the design by connecting DSI port to the nearby flipflop Q output port. Our proposed method can withstand Reset-and-scan attack, Incremental SAT-based attack and the recent ScanSAT attack. The performance of this concept is measured in terms of frequency and total power consumption on IWLS-2005 benchmark circuits having up to 1380 flipflops with 40nm technology library. The delay is effected by a maximum of 2.2% with 50% obfuscation without any impact on power, pattern generation time and scan test time

Teaching Hardware Reverse Engineering: Educational Guidelines and Practical Insights

Since underlying hardware components form the basis of trust in virtually any computing system, security failures in hardware pose a devastating threat to our daily lives. Hardware reverse engineering is commonly employed by security engineers in order to identify security vulnerabilities, to detect IP violations, or to conduct very-large-scale integration (VLSI) failure analysis. Even though industry and the scientific community demand experts with expertise in hardware reverse engineering, there is a lack of educational offerings, and existing training is almost entirely unstructured and on the job. To the best of our knowledge, we have developed the first course to systematically teach students hardware reverse engineering based on insights from the fields of educational research, cognitive science, and hardware security. The contribution of our work is threefold: (1) we propose underlying educational guidelines for practice-oriented courses which teach hardware reverse engineering; (2) we develop such a lab course with a special focus on gate-level netlist reverse engineering and provide the required tools to support it; (3) we conduct an educational evaluation of our pilot course. Based on our results, we provide valuable insights on the structure and content necessary to design and teach future courses on hardware reverse engineering

Stealthy Opaque Predicates in Hardware -- Obfuscating Constant Expressions at Negligible Overhead

Opaque predicates are a well-established fundamental building block for software obfuscation. Simplified, an opaque predicate implements an expression that provides constant Boolean output, but appears to have dynamic behavior for static analysis. Even though there has been extensive research regarding opaque predicates in software, techniques for opaque predicates in hardware are barely explored. In this work, we propose a novel technique to instantiate opaque predicates in hardware, such that they (1) are resource-efficient, and (2) are challenging to reverse engineer even with dynamic analysis capabilities. We demonstrate the applicability of opaque predicates in hardware for both, protection of intellectual property and obfuscation of cryptographic hardware Trojans. Our results show that we are able to implement stealthy opaque predicates in hardware with minimal overhead in area and no impact on latency