FuncTeller: How Well Does eFPGA Hide Functionality?

Hardware intellectual property (IP) piracy is an emerging threat to the global supply chain. Correspondingly, various countermeasures aim to protect hardware IPs, such as logic locking, camouflaging, and split manufacturing. However, these countermeasures cannot always guarantee IP security. A malicious attacker can access the layout/netlist of the hardware IP protected by these countermeasures and further retrieve the design. To eliminate/bypass these vulnerabilities, a recent approach redacts the design's IP to an embedded field-programmable gate array (eFPGA), disabling the attacker's access to the layout/netlist. eFPGAs can be programmed with arbitrary functionality. Without the bitstream, the attacker cannot recover the functionality of the protected IP. Consequently, state-of-the-art attacks are inapplicable to pirate the redacted hardware IP. In this paper, we challenge the assumed security of eFPGA-based redaction. We present an attack to retrieve the hardware IP with only black-box access to a programmed eFPGA. We observe the effect of modern electronic design automation (EDA) tools on practical hardware circuits and leverage the observation to guide our attack. Thus, our proposed method FuncTeller selects minterms to query, recovering the circuit function within a reasonable time. We demonstrate the effectiveness and efficiency of FuncTeller on multiple circuits, including academic benchmark circuits, Stanford MIPS processor, IBEX processor, Common Evaluation Platform GPS, and Cybersecurity Awareness Worldwide competition circuits. Our results show that FuncTeller achieves an average accuracy greater than 85% over these tested circuits retrieving the design's functionality.Comment: To be published in the proceedings of the 32st USENIX Security Symposium, 202

Post-mapping Topology Rewriting for FPGA Area Minimization

Circuit designers require Computer-Aided Design (CAD) tools when compiling designs into Field Programmable Gate Arrays (FPGAs) in order to achieve high quality results due to the complexity of the compilation tasks involved. Technology mapping is one critical step in the FPGA CAD flow. The final mapping result has significant impact on the subsequent steps of clustering, placement and routing, for the objectives of delay, area and power dissipation. While depth-optimal FPGA technology mapping can be solved in polynomial time, area minimization has proven to be NP-hard. Most modern state-of-the-art FPGA technology mappers are structural in nature; they are based on cut enumeration and use various heuristics to yield depth and area minimized solutions. However, the results produced by structural technology mappers rely strongly on the structure of the input netlists. Hence, it is common to apply additional heuristics after technology mapping to further optimize area and reduce the amount of structural bias while not harming depth. Recently, SAT-based Boolean matching has been used for post-mapping area minimization. However, SAT-based matching is computationally complex and too time consuming in practice. This thesis proposes an alternative Boolean matching approach based on NPN equivalence. Using a library of pre-computed topologies, the matching problem becomes as simple as performing NPN encoding followed by a hash lookup which is very efficient. In conjunction with Ashenhurst decomposition, the NPN-based Boolean matching is allowed to handle up to 10-input Boolean functions. When applied to a large set of designs, the proposed algorithm yields, on average, more than 3% reduction in circuit area without harming circuit depth. The priori generation of a library of topologies can be difficult; the potential difficulty in generating a library of topologies represents one limitation of the proposed algorithm

Logic Synthesis for Established and Emerging Computing

Logic synthesis is an enabling technology to realize integrated computing systems, and it entails solving computationally intractable problems through a plurality of heuristic techniques. A recent push toward further formalization of synthesis problems has shown to be very useful toward both attempting to solve some logic problems exactly--which is computationally possible for instances of limited size today--as well as creating new and more powerful heuristics based on problem decomposition. Moreover, technological advances including nanodevices, optical computing, and quantum and quantum cellular computing require new and specific synthesis flows to assess feasibility and scalability. This review highlights recent progress in logic synthesis and optimization, describing models, data structures, and algorithms, with specific emphasis on both design quality and emerging technologies. Example applications and results of novel techniques to established and emerging technologies are reported

Measurements, Models, Systems and Design

531 s.