A Novel Method for Watermarking Sequential ... - Semantic Scholar

5 downloads 6317 Views 347KB Size Report
sequential circuits by embedding a signature via state encoding. The proposed ... houses to purchase and use third party designs known as IP. (Intellectual ...
A Novel Method for Watermarking Sequential Circuits Matthew Lewandowski, Richard Meana, Matthew Morrison, and Srinivas Katkoori Department of Computer Science and Engineering University of South Florida Tampa, Florida { mlewando, rmeana, mamorris, katkoori } @ mail.usf.edu Abstract— We propose a novel technique to watermark sequential circuits by embedding a signature via state encoding. The proposed technique is a greedy heuristic for the sub-graph matching problem, which has two steps: (a) watermark graph construction and (b) watermark embedding in the State Transition Graph of the FSM. Due to combinatorial complexity, reverse engineering and erasing the watermark from the FSM is not feasible with finite resources/time. The signature can be extracted by applying a specific secret sequence which is generated by the embedding algorithm. Experimental results on benchmarks chosen from IWLS’ 93 suite, show that this is a secure and flexible method for protecting sequential circuit based Intellectual Property cores. Index Terms— Circuit Watermarking; Intellectual Property Protection; Sequential Circuits; Finite State Machine Watermarking I. INTRODUCTION As the complexity of electronics has grown leaps and bounds in the past decade, it has become common for design houses to purchase and use third party designs known as IP (Intellectual Property) cores. The business model is such that the IP core owner gets royalty on every unit sold. Thus, it is extremely important for IP owners to protect their designs from unauthorized use. One common way of achieving this is to embed a watermark in the design so it can be used to verify the ownership in case of litigation. Digital watermarking first appeared as the “ E lectronic Water Mark,” to protect Intellectual Property (IP) by embedding an undetectable digital water mark into an image [1]. This idea of protecting one‘s IP through secret changes, known only to the IP‘s owner, was later extended to typography [2] due to the development of computer networks and electronic libraries [3]. Through seemingly invisible typographical manipulations of text within a document, an author can prove their ownership. These manipulations could simply be the shifting of a single word by a mere millimeter. This idea was later extended to field-programmable gate array (FPGA) technologies [4], IC design [5], and physical design method [6]. To the best of our knowledge, it was first applied to sequential circuits by Torunoglu and Charbon [7] with IO generated watermarks, such that the machine at hand will generate a predetermined output sequence for an input sequence which can be interpreted as a secret question/answer pair. In order to do so, the original machine is modified by appropriately augmenting with new inputs, outputs, states

c 978-1-4673-2340-6/12/$31.00 2012 IEEE

and/or state transitions. In this work, we propose a novel technique to watermark sequential circuits by embedding a signature (an image, audio message, text message, etc.) via state encoding. Given a sequential circuit as a state transition graph and a watermark we determine the appropriate state encoding. The proposed scheme consists of two steps, namely, (1) Watermark graph construction; and (2) Watermark embedding. Watermark graph construction: The binary representation of the watermark (for eg., GIF file) is serialized to obtain a binary string (Wstring) which is processed to build a watermark b graph (Gw). Given a block size b, we create 2 nodes in Gw, where each node represents one binary code. We read off two consecutive blocks at the beginning of Wstring, say with codes m and n. We insert a directed edge in Gw from the node representing code m to that representing code n. We now shift right by b bits and read off the next pair and insert appropriate edge if it does not already exist. We repeat the above procedure until the entire Wstring is read. Finally we drop any edgeless nodes in the Gw. Watermark embedding: Let us say GFSM is the state transition graph of the candidate FSM. In this step, we would like to embed Gw in GFSM. There are two possibilities: (a) some sub graph of GFSM is isomorphic to Gw in which case the problem reduces to a sub graph isomorphism problem. (b) No sub graph of GFSM is isomorphic to Gw. In this case, we would have to identify a sub graph of GFSM, that is most similar to Gw so that by adding small number of extra edges to the sub graph, we can make it isomorphic to Gw. The sub graph isomorphism problem is one of the first known NP-complete problems [30]. Therefore, we propose a greedy heuristic for the graph embedding based on the idea that in general, the highest degree nodes in Gw must be embedded with minimal overhead. The details of the heuristic are discussed in Section III (b). The rest of the paper is organized as follows: Section II briefly surveys FSM watermarking schemes reported in the literature. Section III presents the details of the proposed watermarking scheme. Section IV reports experimental results for ten benchmarks chosen from IWLS ‘93 Benchmark Suite [8]. Finally, we present our conclusions in Section V. II. RELATED WORK FSM watermarking schemes reported in the literature can be classified into two types: x State Based Watermarking: Extra states and edges are

21

added to the original FSM so that the watermark can be embedded in these additional states and edges. x Edge Based Watermarking: In this type, the watermark graph is embedded in the original states of the machine. Extra transition edges are added, if necessary. In the rest of this section, we will review the work that falls into the above two categories. A. State Based Watermarking After the owner designs the desired FSM, the owner would then create a password, a sequence of input combinations, which would represent the sequence required to enter the watermarked states. The final steps in the process are the addition of the watermark FSM; this is the machine that would be entered after the correct sequence has been entered, and this watermarked FSM. It is noted that through this method, the two FSMs, watermarked and original are two side-by-side machines, in which upon successfully entering the password will enter the watermarked FSM. Oliveira [9] proposed a scheme that uses MD5 hashing of the watermark that is then implemented into the design. Chakraborty and Bhunia [10] proposed a method for obfuscating the original functionality until the proper sequence is entered. Subbaraman and Nandgawe [11] proposed using sequences to reach a hidden secondary state machine. B. Edge Based Watermarking Abdel-Hamid et al [12] proposed a method that uses the existing edges of the FSM and finds coinciding edges within the watermark that can be mapped into the original FSM. We note that in the worst case scenario, i.e., the original FSM is a completely specified finite state machine (CSFSM), where an edge that does not map is needed and new states must be created. However, this is not the primary watermarking scheme; the main method is to take advantage of an incompletely specified finite state machine (ISFSM), or appropriately sized CSFSM, while mapping and/or creating edges of the watermark in the original FSM. III. PROPOSED STATE ENCODING BASED WATERMARKING SCHEME State encoding is the process of assigning a unique code to each state in an FSM. Researchers [16] – [26] have proposed state assignment based techniques to minimize area, power, and peak current as well as for creating self-checking FSMs. In this work, we propose a state encoding based watermarking scheme. The encoding of a state can represent a subsequence in the watermark. The design approach that was used is shown in Fig. 1. A. Watermark Graph Construction In this preprocessing step, the watermark is processed and transformed into a directed graph. The watermark can be a text message, an audio message, or an image. The binary representation of the watermark (for eg., GIF file) is hashed to obtain a hex string (Wstring) which is processed to build a watermark graph (Gw). Fig. 2 illustrates the Hash to FSM algorithm for building the watermarked FSM. Fig. 3 shows an example watermark logo of approximately 50 KB. This file was Hashed using RIPEMD160, and is

22

illustrated by Fig. 4. The graph is plotted with the Pajek [27] netlist format and Gephi [28] for visualization (tools used for modeling large networks). Note that for the sake of clarity, we did not show directivity of the edges.

Figure 1: Design Flow of State Encoding Based Watermarking system

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Algorithm Build_Watermark_Graph Inputs: (a) Watermark hex string Wstring Outputs: watermark graph Gw(V,E) begin while Wstring ≠ Ø do Map Wstring(Hex) to Wstring(Decimal) if (V) then Insert N into (V) end if if edge (N,Wstring[i], Wstring[i+1]) is not in Gw(E) then Insert edge (N,Wstring[i], Wstring[i+1]) into Gw(E) end if end while end Algorithm Figure 2: Watermark graph generation algorithm

Figure 3: A logo used as a watermark

Figure 4: Hash of Figure 3 as an Undirected Graph

2012 IEEE International Symposium on Hardware-Oriented Security and Trust

B. Watermark Embedding Algorithm Let us say GFSM is the state transition graph in which we would like to embed Gw. There are two possibilities: (a) some sub graph of GFSM is isomorphic to Gw in which case the problem reduces to a sub graph isomorphism problem. (b) No sub graph of GFSM is isomorphic to Gw. In this case, we would have to identify a sub graph of GFSM, that is most similar to Gw so that by adding a small number of extra edges to the sub graph, we can make it isomorphic to Gw. The sub graph isomorphism problem is one of the first known NP-complete problems the two machines begins. First, any node that was not matched has a random, unused state encoding assigned so that it will not interfere with any other states. Then the GFSM nodes that were mapped to Gw states have their encoding set by the Gw state encoding that they were merged with. Finally, any state transitions that exist in GW but not in GFSM are added, along with an extra bit, which acts as a “test” bit, only allowing the watermark transitions when it is held high.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

Algorithm Embed_Watermark Inputs: (a) Graph GW(V,E); (b) Graph GFSM(V,E) Outputs: list of node Matches begin N = max degree node in GFSM J = node in GW with minimum cost to match with N. match N and J insert N into node set M while unmatched node in GW do for each unmatched node I connected to N in descending degree if connecting edge between N and I is out going then if no unmatched node on outgoing edge from J then continue end if K = node connected by outgoing edge to J with minimum match cost. else if no unmatched node on incoming edge to J then continue end if K = node connected by incoming edge to J with minimum match cost. end if Match I and K insert I into set M end for insert N into set F N = highest degree node in M not in F end while end Algorithm Figure 5: Watermark embedding algorithm

This algorithm iterates through all of the nodes in GW looking for the best cost match for the highest degree node in GFSM, which has a runtime of where N is the number of nodes in GW. Once this match is completed it repeats a process of using the matching with the highest degree that hasn‘t been through this process yet and attempts to match a node from GW that has an edge to the match to the highest degree unmatched node in GFSM. As the average degree of GFSM increases, this loop spends more time on each matched searching through its edges but less nodes get used as possible centers so that the runtime of this loop also ends up being Finally, it is important to point out that the algorithm expects the nodes to be listed in decreasing order of degree, so that the graph must be sorted, with a runtime of Ο(NlogN) . This leads to an overall runtime of 2*Ο(N)+Ο(NlogN), which is simply Ο(NlogN). IV. EXPERIMENTAL RESULTS We report the experimental results for eight benchmarks chosen from IWLS 93 benchmark suite. For these benchmarks, the proposed watermark embedding algorithm ran in less than 1 second. The embedding algorithm was coded in C++ and ran on Windows PC with 2GB RAM and P4 3.19 GHz processor. Table 1 summarizes the results. Columns 2— 3 report the size of the FSM (states, and state transitions). Column 9 reports the additional LUTs added by the watermark embedding algorithm after Xilinx 13.2 Synthesis was run. The watermarked FSM is specified in behavioral VHDL, synthesized, and placed and routed using Xilinx 13.2 ISE tool suite. The target architecture is Virtex 5 (device XC5VLX110T3FF1136). We observe that the percentage area overhead is in the range of -352% (improvement) to 55% (overhead) with an average of a 57.5% reduction. Column 5 and 7 report the clock speed as reported by Xilinx ISE timing analyzer. The difference of speed is given by column 8, and has an average of 67 MHz performance increase. For each benchmark, we added two extra inputs which are used in the watermark extraction mode. We attribute the area overhead due to two factors: (a) the greedy nature of the algorithm resulting in poor sub graph matching; (b) as the watermark graph is usually dense (i.e., a complete sub graph), we cannot avoid adding extra edges. For ten out of the ten benchmarks, the speed difference has shown increase using our encoding scheme. We plan to investigate in the following directions to reduce the area overhead: (a) employ a better sub graph matching algorithms reported in the literature (for eg., SubGemini [32]) and (b) the size of the watermark has significant impact on the added edges. Therefore, we will investigate what types of watermarks are better suited for this approach, such as alternative, collision free hashing algorithms. V. CONCLUSIONS In this work, we have proposed a state encoding based watermarking scheme that can be used for sequential IP protection. The scheme employs a near-linear sub graph embedding algorithm. The algorithm has considerable area overhead and reasonable speed overheads. The proposed scheme was implemented on the ten largest benchmarks from the IWLS 93 Logic Synthesis Benchmark suite. In each FSM,

2012 IEEE International Symposium on Hardware-Oriented Security and Trust

23

we embedded a hashed 50KB long watermark image. After embedding, we synthesized and implemented the FSM using Xilinx ISE tool suite (target device is Virtex-5 XC5VLX110T3FF1136). Across all the benchmarks, the average area (LUT usage) is a reduction of 57.5% with a range of -352.4% -55.70%. From the experimentation, we can conclude that at the expense of area and speed overheads, we can embed complex watermarks in an FSM.

[13]

[14] [15]

[16]

TABLE I EXPERIMENTAL RESULTS FOR BENCHMARKS CHOSEN FROM IWLS ’93 SUITE S

E

One- OneUser User Hot Hot LUT* MHz* LUT MHz

MHz Diff.

LUT Ovrhead

Bbara _bbtas

30

268

141

281.54 195

263.512

18.027

-38.30

Keyb

19

170

197

275.36 223

268.55

6.816

-13.20

Kirkman

16

381

377

264.67 167

219.549

45.127

55.70

S298

218 1096 527

254.51 2384 136.9

117.609 -352.37

S820

25

232

152

349.83 211

268.723

81.11

S832

25

245

144

359.15 226

245.724

113.423 -56.94

S1488

48

251

522

247.28 612

184.567

62.713

[17]

[18]

[19]

-38.82 [20] -17.24

S1494

48

250

405

274.54 626

158.446

116.093 -54.57

Sand

23

186

561

217.8

373

191.847

25.952

tbk

28

1569 254

307.98 489

198.909

109.066 -92.52

[21]

33.51

[22]

REFERENCES [23] [1]

Tirkel, A.Z.; Rankin, G.A.; van Schyndel, R.M.; Ho, W.J.; Mee, N.R.A.; Osborne, C.F.;, “Electronic Water Mark,” Digital Image Computing: Techniques and Applications, 1993., vol., no., pp.xx-xx, 1993 [2] Brassil, J.T.; Low, S.; Maxemchuk, N.F.; O'Gorman, L.; , "Electronic marking and identification techniques to discourage document copying," Selected Areas in Communications, IEEE Journal on , vol.13, no.8, pp.1495-1504, Oct 1995 [3] Lancaster, F.W.;, “The Evolution of Electronic Publishing,” Library Trends, 1995, vol. 43, no. 4, pp.518-527, Spring 1995 [4] Lach, J.; Mangione-Smith, W.H.; Potkonjak, M.; , "FPGA fingerprinting techniques for protecting intellectual property ," Custom Integrated Circuits Conference, 1998. Proceedings of the IEEE 1998, vol., no., pp.299-302, 11-14 May 1998 [5] Charbon, E.; , "Hierarchical watermarking in IC design," Custom Integrated Circuits Conference, 1998. Proceedings of the IEEE 1998, vol., no., pp.295-298, 11-14 May [6] Kahng, A.B.; Mantik, S.; Markov, I.L.; Potkonjak, M.; Tucker, P.; Huijuan Wang; Wolfe, G.; , "Robust IP watermarking methodologies for physical design," Design Automation Conference, 1998. Proceedings, vol., no., pp. 782- 787, 15-19 Jun 1998 [7] Torunoglu, I.; Charbon, E.;, "Watermarking-based copyright protection of sequential functions," Custom Integrated Circuits, 1999. Proceedings of the IEEE 1999, vol., no., pp.35-38, [8] International Workshop on Logic Synthesis, IWLS’93, http://www.iwls.org [9] Oliveira, A.L.;, “Robust Techniques for Watermarking Sequential Circuit Designs,” Design Automation Conference, 1999. Proceedings, vol., no., pp.837-842, 1999 [10] Charkraborty, R.S.; Bhunia, S.;, “HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection,” Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, vol. 28, no. 10,pp.1493-1502,Oct 2009 [11] Subbaraman, S.; Nandgawe, P.S.;, “Intellectual Property Protection of Sequential Circuits Using Digital Watermarking,” Industrial and Information Systems, First International Conference on, ICIIS 2006, vol., no., pp.556-560, 8-11 August [12] Abdel-Hamid, A.T.; Tahar, S.; Aboulhamid, E.M.; , "A public-key watermarking technique for IP designs," Design, Automation and Test in

24

[24]

[25]

[26]

[27] [28]

[29]

[30]

Europe, 2005. Proceedings, vol., no., pp. 330- 335 Vol. 1, 7-11 March 2005 Moore, E.F.;, “Gedanken-Experiments on Sequential Machines,” IEEE Criteria for Class IE Electric Systems (Standards style), IEEE Standard 308, 1969. Mealy, G.H.;, “A Method for Synthesizing Sequential Circuits,” Symbolic Logic, The Journal of, vol. 22, no. 3, pp.334-335, Sep 1957 Langholz, G.; Kandel, A.; Mott, J.L.;, “State Assignment,” in Foundations of Digital Logic Design, Singapore: World Scientific Publishing, p. 385, Aug 1998 De-Sheng Chen; Sarrafzadeh, M.; Yeap, G.K.H.; , "State encoding of finite state machines for low power design," Circuits and Systems, 1995. ISCAS '95., 1995 IEEE International Symposium on , vol.3, no., pp.23092312 vol.3, 30 Apr-3 May 1995 Chattopadhyay, S.; Yadav, P.; Singh, R.K.; , "Multiplexer targeted finite state machine encoding for area and power minimization," India Annual Conference, 2004. Proceedings of the IEEE INDICON 2004. First, vol., no., pp. 12- 16, 20-22 Dec. 2004 Perkowski, M.A.; Nguyen, L.B.; , "The encoding program for concurrent finite state machines realized using PLD devices," Circuits and Systems, 1990., Proceedings of the 33rd Midwest Symposium on , vol., no., pp.204207 vol.1, 12-14 Aug 1990 Bolchini, C.; Montandon, R.; Salice, F.; Sciuto, D.; , "A state encoding for self-checking finite state machines," Design Automation Conference, 1995. Proceedings of the ASP-DAC '95/CHDL '95/VLSI '95., IFIP International Conference on Hardware Description Languages; IFIP International Conference on Very Large Scale Integration., Asian and South Pacific , vol., no., pp.711-716, 29 Aug-1 Sep 1995 Mengibar, L.; Entrena, L.; Lorenz, M.G.; Millan, E.S.; , "Partitioned state encoding for low power in FPGAs," Electronics Letters , vol.41, no.17, pp. 948- 949, 18 Aug. 2005 De Micheli, G.; Brayton, R.K.; Sangiovanni-Vincentelli, A.; , "Optimal State Assignment for Finite State Machines," Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, vol.4, no.3, pp. 269- 285, July 1985 Devadas, S.; , "General Decomposition of Sequential Machines: Relationships to State Assignment," Design Automation, 1989. 26th Conference on , vol., no., pp. 314- 320, 25-29 June 1989 Du, X.; Hachtel, G.; Moceyunas, P.; , "MUSE: a multilevel symbolic encoding algorithm for state assignment," System Sciences, 1990., Proceedings of the Twenty-Third Annual Hawaii International Conference on , vol.i, no., pp.367-376 vol.1, 2-5 Jan 1990 Olson, E.; Kang, S.M.; , "State assignment for low-power FSM synthesis using genetic local search," Custom Integrated Circuits Conference, 1994., Proceedings of the IEEE 1994 , vol., no., pp.140-143, 1-4 May 1994 Yongho Lee; Kiyoung Choi; Taewhan Kim;, "SAT-based state encoding for peak current Minimization," SoC Design Conference (ISOCC), 2009 International , vol., no., pp.432-435, 22-24 Nov. 2009 Kuusilinna, K.; Lahtinen, V.; Hamalainen, T.; Saarinen, J.;, "Finite state machine encoding for VHDL synthesis," Computers and Digital Techniques, IEE Proceedings - , vol.148, no.1, pp.23-30, 2001 Batagelj, V.; Mrvar, A.;, “Pajek – Program for Large Network Analysis,” Connections 21, 1998, pp. 47-57, 1998. Bastian M.; Heymann, S.; Jacomy, M.;, “Gephi: An Open Source Software for Exploring and Manipulating Networks,” Weblogs and Social Media, 2009., Proceedings of the Third International AAAI ICWSM Conference on, vol., no., pp. 361-362 Yang, S.;, “Logic Synthesis and Optimization Benchmarks User Guide Version 3.0,” Microelectronics Center of North Carolina (MCNC), 1991, vol., no., pp.1-45, 1991 Garey, M.R.; Johnson, D.S. (1979). Computers and Intractability: A Guide to the Theory of NP-Completeness. New York: W.H. Freeman. ISBN 0-7167-1045-5.

2012 IEEE International Symposium on Hardware-Oriented Security and Trust