A Sequential Circuit-Based IP Watermarking Algorithm for Multiple Scan Chains in Design-for-Test

In Very Large Scale Integrated Circuits (VLSI) design, the existing Design-for-Test(DFT) based watermarking techniques usually insert watermark through reordering scan cells, which causes large resource overhead, low security and coverage rate of watermark detection. A novel scheme was proposed to watermark multiple scan chains in DFT for solving the problems. The proposed scheme adopts DFT scan test model of VLSI design, and uses a Linear Feedback Shift Register (LFSR) for pseudo random test vector generation. All of the test vectors are shifted in scan input for the construction of multiple scan chains with minimum correlation. Specific registers in multiple scan chains will be changed by the watermark circuit for watermarking the design. The watermark can be effectively detected without interference with normal function of the circuit, even after the chip is packaged. The experimental results on several ISCAS benchmarks show that the proposed scheme has lower resource overhead, probability of coincidence and higher coverage rate of watermark detection by comparing with the existing methods

Secure Split Test for Preventing IC Piracy by Un-Trusted Foundry and Assembly

In the era of globalization, integrated circuit design and manufacturing is spread across different continents. This has posed several hardware intrinsic security issues. The issues are related to overproduction of chips without knowledge of designer or OEM, insertion of hardware Trojans at design and fabrication phase, faulty chips getting into markets from test centers, etc. In this thesis work, we have addressed the problem of counterfeit IC‟s getting into the market through test centers. The problem of counterfeit IC has different dimensions. Each problem related to counterfeiting has different solutions. Overbuilding of chips at overseas foundry can be addressed using passive or active metering. The solution to avoid faulty chips getting into open markets from overseas test centers is secure split test (SST). The further improvement to SST is also proposed by other researchers and is known as Connecticut Secure Split Test (CSST). In this work, we focus on improvements to CSST techniques in terms of security, test time and area. In this direction, we have designed all the required sub-blocks required for CSST architecture, namely, RSA, TRNG, Scrambler block, study of benchmark circuits like S38417, adding scan chains to benchmarks is done. Further, as a security measure, we add, XOR gate at the output of the scan chains to obfuscate the signal coming out of the scan chains. Further, we have improved the security of the design by using the PUF circuit instead of TRNG and avoid the use of the memory circuits. This use of PUF not only eliminates the use of memory circuits, but also it provides the way for functional testing also. We have carried out the hamming distance analysis for introduced security measure and results show that security design is reasonably good.Further, as a future work we can focus on: • Developing the circuit which is secuered for the whole semiconductor supply chain with reasonable hamming distance and less area overhead

Watermarking FPGA Bitfile for Intellectual Property Protection

Intellectual property protection (IPP) of hardware designs is the most important requirement for many Field Programmable Gate Array (FPGA) intellectual property (IP) vendors. Digital watermarking has become an innovative technology for IPP in recent years. Existing watermarking techniques have successfully embedded watermark into IP cores. However, many of these techniques share two specific weaknesses: 1) They have extra overhead, and are likely to degrade performance of design; 2) vulnerability to removing attacks. We propose a novel watermarking technique to watermark FPGA bitfile for addressing these weaknesses. Experimental results and analysis show that the proposed technique incurs zero overhead and it is robust against removing attacks

Rethinking Watermark: Providing Proof of IP Ownership in Modern SoCs

Intellectual property (IP) cores are essential to creating modern system-on-chips (SoCs). Protecting the IPs deployed in modern SoCs has become more difficult as the IP houses have been established across the globe over the past three decades. The threat posed by IP piracy and overuse has been a topic of research for the past decade or so and has led to creation of a field called watermarking. IP watermarking aims of detecting unauthorized IP usage by embedding excess, nonfunctional circuitry into the SoC. Unfortunately, prior work has been built upon assumptions that cannot be met within the modern SoC design and verification processes. In this paper, we first provide an extensive overview of the current state-of-the-art IP watermarking. Then, we challenge these dated assumptions and propose a new path for future effective IP watermarking approaches suitable for today\u27s complex SoCs in which IPs are deeply embedded

A Hardware Security Solution against Scan-Based Attacks

Scan based Design for Test (DfT) schemes have been widely used to achieve high fault coverage for integrated circuits. The scan technique provides full access to the internal nodes of the device-under-test to control them or observe their response to input test vectors. While such comprehensive access is highly desirable for testing, it is not acceptable for secure chips as it is subject to exploitation by various attacks. In this work, new methods are presented to protect the security of critical information against scan-based attacks. In the proposed methods, access to the circuit containing secret information via the scan chain has been severely limited in order to reduce the risk of a security breach. To ensure the testability of the circuit, a built-in self-test which utilizes an LFSR as the test pattern generator (TPG) is proposed. The proposed schemes can be used as a countermeasure against side channel attacks with a low area overhead as compared to the existing solutions in literature

A Robust FSM Watermarking Scheme for IP Protection of Sequential Circuit Design

Finite state machines (FSMs) are the backbone of sequential circuit design. In this paper, a new FSM watermarking scheme is proposed by making the authorship information a non-redundant property of the FSM. To overcome the vulnerability to state removal attack and minimize the design overhead, the watermark bits are seamlessly interwoven into the outputs of the existing and free transitions of state transition graph (STG). Unlike other transition-based STG watermarking, pseudo input variables have been reduced and made functionally indiscernible by the notion of reserved free literal. The assignment of reserved literals is exploited to minimize the overhead of watermarking and make the watermarked FSM fallible upon removal of any pseudo input variable. A direct and convenient detection scheme is also proposed to allow the watermark on the FSM to be publicly detectable. Experimental results on the watermarked circuits from the ISCAS'89 and IWLS'93 benchmark sets show lower or acceptably low overheads with higher tamper resilience and stronger authorship proof in comparison with related watermarking schemes for sequential functions

CYBERSECURITY FOR INTELLECTUAL PROPERTY: DEVELOPING PRACTICAL FINGERPRINTING TECHNIQUES FOR INTEGRATED CIRCUITRY

The system on a chip (SoC) paradigm for computing has become more prevalent in modern society. Because of this, reuse of different functional integrated circuits (ICs), with standardized inputs and outputs, make designing SoC systems easier. As a result, the theft of intellectual property for different ICs has become a highly profitable business. One method of theft-prevention is to add a signature, or fingerprint, to ICs so that they may be tracked after they are sold. The contribution of this dissertation is the creation and simulation of three new fingerprinting methods that can be implemented automatically during the design process. In addition, because manufacturing and design costs are significant, three of the fingerprinting methods presented, attempt to alleviate costs by determining the fingerprint in the post-silicon stage of the VLSI design cycle. Our first two approaches to fingerprint ICs, are to use Observability Don’t Cares (ODCs) and Satisfiability Don’t Cares (SDCs), which are almost always present in ICs, to hide our fingerprint. ODCs cause an IC to ignore certain internal signals, which we can utilize to create fingerprints that have a minimal performance overhead. Using a heuristic approach, we are also able to choose the overhead the gate will have by removing some fingerprint locations. The experiments show that this work is effective and can provide a large number of fingerprints for more substantial circuits, with a minimal overhead. SDCs are similar to ODCs except that they focus on input patterns, to gates, that cannot exist. For this work, we found a way to quickly locate most of the SDCs in a circuit and depending on the input patterns that we know will not occur, replace the gates to create a fingerprint with a minimal overhead. We also created two methods to implement this SDC fingerprinting method, each with their own advantages and disadvantages. Both the ODC and SDC fingerprinting methods can be implemented in the circuit design or physical design of the IC, and finalized in the post-silicon phase, thus reducing the cost of manufacturing several different circuits. The third method developed for this dissertation was based on our previous work on finite state machine (FSM) protection to generate a fingerprint. We show that we can edit ICs with incomplete FSMs by adding additional transitions from the set of don’t care transitions. Although the best candidates for this method are those with unused states and transitions, additional states can be added to the circuit to generate additional don’t care transitions and states, useful for generating more fingerprints. This method has the potential for an astronomical number of fingerprints, but the generated fingerprints need to be filtered for designs that have an acceptable design overhead in comparison to the original circuit. Our fourth and final method for IC fingerprinting utilizes scan-chains which help to monitor the internal state of a sequential circuit. By modifying the interconnects between flip flops in a scan chain we can create unique fingerprints that are easy to detect by the user. These modifications are done after the design for test and during the fabrication stage, which helps reduce redesign overhead. These changes can also be finalized in the post-silicon stage, similar to the work for the ODC and SDC fingerprinting, to minimize manufacturing costs. The hope with this dissertation is to demonstrate that these methods for generating fingerprints, for ICs, will improve upon the current state of the art. First, these methods will create a significant number of unique fingerprints. Second, they will create fingerprints that have an acceptable overhead and are easy to detect by the developer and are harder to detect or remove by the adversary. Finally, we show that three of the methods will reduce the cost of manufacturing by being able to be implemented in the later stages of their design cycle

Security through Obscurity: Layout Obfuscation of Digital Integrated Circuits using Don't Care Conditions

Contemporary integrated circuits are designed and manufactured in a globalized environment leading to concerns of piracy, overproduction and counterfeiting. One class of techniques to combat these threats is circuit obfuscation which seeks to modify the gate-level (or structural) description of a circuit without affecting its functionality in order to increase the complexity and cost of reverse engineering. Most of the existing circuit obfuscation methods are based on the insertion of additional logic (called “key gates”) or camouflaging existing gates in order to make it difficult for a malicious user to get the complete layout information without extensive computations to determine key-gate values. However, when the netlist or the circuit layout, although camouflaged, is available to the attacker, he/she can use advanced logic analysis and circuit simulation tools and Boolean SAT solvers to reveal the unknown gate-level information without exhaustively trying all the input vectors, thus bringing down the complexity of reverse engineering. To counter this problem, some ‘provably secure’ logic encryption algorithms that emphasize methodical selection of camouflaged gates have been proposed previously in literature [1,2,3]. The contribution of this paper is the creation and simulation of a new layout obfuscation method that uses don't care conditions. We also present proof-of-concept of a new functional or logic obfuscation technique that not only conceals, but modifies the circuit functionality in addition to the gate-level description, and can be implemented automatically during the design process. Our layout obfuscation technique utilizes don’t care conditions (namely, Observability and Satisfiability Don’t Cares) inherent in the circuit to camouflage selected gates and modify sub-circuit functionality while meeting the overall circuit specification. Here, camouflaging or obfuscating a gate means replacing the candidate gate by a 4X1 Multiplexer which can be configured to perform all possible 2-input/ 1-output functions as proposed by Bao et al. [4]. It is important to emphasize that our approach not only obfuscates but alters sub-circuit level functionality in an attempt to make IP piracy difficult. The choice of gates to obfuscate determines the effort required to reverse engineer or brute force the design. As such, we propose a method of camouflaged gate selection based on the intersection of output logic cones. By choosing these candidate gates methodically, the complexity of reverse engineering can be made exponential, thus making it computationally very expensive to determine the true circuit functionality. We propose several heuristic algorithms to maximize the RE complexity based on don’t care based obfuscation and methodical gate selection. Thus, the goal of protecting the design IP from malicious end-users is achieved. It also makes it significantly harder for rogue elements in the supply chain to use, copy or replicate the same design with a different logic. We analyze the reverse engineering complexity by applying our obfuscation algorithm on ISCAS-85 benchmarks. Our experimental results indicate that significant reverse engineering complexity can be achieved at minimal design overhead (average area overhead for the proposed layout obfuscation methods is 5.51% and average delay overhead is about 7.732%). We discuss the strengths and limitations of our approach and suggest directions that may lead to improved logic encryption algorithms in the future. References: [1] R. Chakraborty and S. Bhunia, “HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493–1502, 2009. [2] J. A. Roy, F. Koushanfar, and I. L. Markov, “EPIC: Ending Piracy of Integrated Circuits,” in 2008 Design, Automation and Test in Europe, 2008, pp. 1069–1074. [3] J. Rajendran, M. Sam, O. Sinanoglu, and R. Karri, “Security Analysis of Integrated Circuit Camouflaging,” ACM Conference on Computer Communications and Security, 2013. [4] Bao Liu, Wang, B., "Embedded reconfigurable logic for ASIC design obfuscation against supply chain attacks,"Design, Automation and Test in Europe Conference and Exhibition (DATE), 2014 , vol., no., pp.1,6, 24-28 March 2014