INTERNATIONAL WORKSHOP ON IP BASED SYNTHESIS AND SYSTEM DESIGN ’99
Title: Digital Fingerprinting of Virtual Components Category: IP Reuse and customization IP business on the WEB VSI Alliance standard Authors: Edoardo Charbon and Ilhami Torunoglu Affiliation: Cadence Design Systems San Jose, CA 95134 U.S.A. Corresponding author: Edoardo Charbon Cadence Design Systems 555 River Oaks Pkwy M/S 2A2 San Jose, CA 95134 U.S.A. Telephone: (408) 428-5137 FAX: (408) 894-3479 E-mail:
[email protected]
1
Digital Fingerprinting of Virtual Components Edoardo Charbon and Ilhami Torunoglu Cadence Design Systems Inc., San Jose, California, 95134
Abstract Fingerprinting is a technique extensively used by law enforcement to identify criminals when traces are left behind which uniquely match a suspect. Digital fingerprinting is a conceptually similar technique. It can be used to trace intellectual property infringement on virtual components already on the market. The method consists of translating virtual components into a compact sequence of symbols, or signature, which is then deposited in a database. Foundries can access the database for every submitted circuit to ensure that it does not embed any illegally obtained virtual components. Unlike watermarking, fingerprinting does not require modifications to a design. Yet the approach is robust and simple.
1 Introduction The intellectual property (IP) contents of the majority of virtual components currently on the market are not protected today. Copyright protection is becoming a major concern with the explosion of IP based commerce. The main concern is not on the distribution channels, which are generally secure, but on the infringement which may occur as a result of reuse of legally obtained IPs. A high degree of protection can be achieved through legal devices, provided that cases of infringement be detectable with great levels of confidence. Recently, several techniques have appeared to address the problem of infringement detection and tracking. A particularly robust method, known as watermarking, consists of implanting a known sequence of symbols, or digital signature, in the context of the IP. The watermark is usually transparent and difficult to remove or change. In [1] a general technique was provided to watermark documents. In [2] a hierarchical watermarking method was proposed for the protection of multiple design abstraction levels and for tracking purposes. Moreover, methods were proposed to watermark physical design phases in full- and semi-custom circuits [3], FPGAs [4, 4], and finite state machines [5, 6]. An alternative approach, known as tagging consists of generating a compressed representation of the hierarchy of a design using a given naming convention. The compressed hierarchy is then stored in a specific layer. The approach is less robust, as it is potentially easy to delete or recreate the hierarchy so as to match changes performed to the original IP. However, the method, currently under examination by the VSIA DWG on IP protection, is relatively simple to implement and it allows rudimentary tracking
capabilities. A third approach, known as fingerprinting, consists of translating designs onto, possibly hierarchical, digital signatures, which can then be “registered”, i.e. stored in a database or signature bank. Digital fingerprints are a unique mark of a given IP. Removing or modifying a fingerprint can be made arbitrarily difficult. IP integrators are also allowed to register fingerprints of designs built using multiple sources. Foundries have access to such banks to verify that designs submitted for fabrication consist of either unregistered IPs or legally obtained registered IPs or both. If one illegally modifies a registered IP and integrates it into a larger design, the fingerprint of such IP will be detected. The algorithm for the creation of a fingerprint is essentially a lossy compression of the design, hence it is not possible to reconstruct the original design from a fingerprint. Thus, the signature bank needs not be secure and the algorithms for fingerprinting, as well as the fingerprints themselves, can be made public. In this paper we present fingerprinting techniques, as well as examples of detection of modified and embedded IPs. The paper is structured as follows, Sections 2 and 3 discuss techniques for fingerprint computation and handling. Section 4 outlines a set of guidelines to define a fingerprinting standard. Section 5 presents a number of examples to illustrate the method.
2 Computing Fingerprints Let be the set of all strings in a finite alphabet , e.g. 0 1 . Assume there exists a fingerprint for a given design at some abstraction levels. Let be the corresponding digital signature for one such abstraction level . Let us define signature mapping as the mapping of abstraction-dependent design features onto a signature: :
(1)
where is one of all possible implementations of the design. Note that is a non-unique, possibly lossy mapping and may or may not be defined for all abstraction levels. Moreover, once a signature is derived at a specific abstraction level, its contents/inherent structure are abstraction-independent. There exist several techniques to create a from a given design. We propose to use three schemes. The first scheme, call it , is indicated for processing layouts (hard IPs), the second scheme, , is used in firm IPs, while the last scheme, , is targeted towards HDL or behavioral models (soft IPs).
Consider scheme . The scheme consists of converting the layout onto a set of primitive graphical objects called bubbles [7]. Let be the ordered finite set of all such objects. It is possible to partition the entire space into planar shapes delimited by bubbles, using, for example, Delauney Triangulation. Optimal algorithms exist to perform the triangulation in time [8, p. 241]. Using standard line segment intersection algorithm, one can identify the exact cutting of layout features into the triangulation edges. The complexity of this operation is again [8, p. 285]. By coding all cuts in a layout onto a symbol or a sequence of symbols, one can construct a symbolic sequence representing the layout topology. Such sequence is the digital signature applied to the physical design context [7]. Scheme utilizes a set of predefined constraints on the topology of each net as a key for the coding. The constraints relate to the number of pins per net, their type, and the modules they are attached to. Such topological constraints can also be coded onto a sequence independent of the specific names of pins and nets, as the method relies on the name coding during the process [2]. Scheme is applied to sequential circuits, in particular completely specified finite state machines (FSMs). The technique consists of finding a sequence of states in the state transition diagram which is activated by a given sequence of (not necessarily legal) inputs. The corresponding sequence of outputs is also identified and the resulting sequence of input/outputs is called IO signature [5]. Unlike other approaches found in the literature [3, 4, 9], fingerprints do not require any modification of the original designs and they are used merely as a verification tool. Identical fingerprints are however extremely unlikely to be achieved in significantly different designs. The odds that such an event occurs are denominated as . Non-extensive tampering deviates the original signature in predictable patterns, thus allowing for simple errorcorrection techniques to be applied. Nonetheless, the probability that a signature coincides with one of another design is nonzero. Signatures need be generated so as to keep these two probabilities low, typically less than 10 10.
3 Handling Fingerprints Figure 1 shows the proposed approach. IP providers register all virtual components for which copyright protection is sought. IP integrators may also register their IPs in this scheme, thus ensuring that proprietary circuits be properly accounted for ( in Figure 1). Foundries may access the signature bank to build a map of all registered IPs of which the design is composed. If any registered IPs are found which may have been obtained illegally, the foundry can reserve the right not to fabricate the chip. Note that even though a signature can be generated from any given design, it does not contain sufficient information to allow one to reverse engineer the original design. Thus, the bank of IP signatures could be stored by a third party so as to ensure impartiality in case of litigation. It is often necessary to trace pirated IPs to the source. Hi-
A B
C E
D F
G
Figure 2: Tracing forgery via hierarchical fingerprinting
erarchical fingerprinting provides this capability by allowing to register a new fingerprint at each level of abstraction. As an illustration, consider the design of Figure 2. Fingerprint was generated by an integrator, by an IP firm, and by a library provider. Suppose IPs originally licensed to are acquired by , then any application of will contain and . If the breach is due to , then and will be inherited. Hierarchical designs will contain multiple signatures, which can be extracted in form of information trees, thus allowing tracing infringement to the source, as suggested in [2]. When determining the fingerprints present in a given design, the foundry may want to identify a given IP with a certain level of confidence or conversely it may want to compute the rate of similarity between the given signature and the extracted one, even when fragmentary. If no manipulation occurred, using the original algorithm one can obtain the extracted fingerprint which will be identical to exactly one signature in the bank. If the virtual component has been embedded in a larger one, then more advanced extraction techniques must be used to derive the orientation and scaling applied to the IP [10]. Let us now assume that the design has been tampered with. Since the fingerprint was originally computed using a given algorithm and only some isolated parts of the IP are typically modified, only some sections of the fingerprint will be degraded. Such modifications can be symbol shifting and/or partial scrambling. To cope with this problem a technique known as genome search or any other code correction algorithm can be used [2]. In [7] a tampering model of tampering is presented in detail, along with a complete confidence analysis for that model.
4 Attributes of a Standard for Fingerprinting A standard for digital fingerprinting should be aimed at defining a format and an alphabet for the signatures. The potential encryption to be used during the registration and detection processes should also be defined. Possibly hierarchical fingerprinting algorithms should be made public, while the details of the implementation should be left to the tool developers. A fingerprint can be computed using several subsets of the circuit’s features. These subsets should be defined by a standard and coded in the fingerprint itself so as to allow proper detection. The structure of the signature bank, as well as its management
Integrator
IP Provider
IP*
Registration
IP1
IP2
IP3
IP*
Registration IP1 Registration
IP Provider
IP2
IP Provider
IP3
Foundry
Signature Bank
Detection Registration
IP1... IP2... IP3... IP*
Figure 1: Registration and detection
policies and status should be very precisely defined, while no restrictions should be imposed on who and when should access the information in it.
5 Examples
circ.
dev./ IO/nets
ECO density 5% 10 %
redes.
CPU [s]
69/5/96
99.05
96.68
8.24
76.9
s27
2
s27
3
100
100
7.80
53.0
s27
10
100
100
4.28
43.0
s444
The flow of Figure 1 was used in our examples in order to verify the suitability of the approach. The tools utilized in the flow were implemented in C/C++ running under UNIX/LINUX operating systems. All CPU times are referred to a Sun UltraSparc 2 with 256MB of memory. The experiments were based on a set of MCNC 86 and ISCAS 85/89 benchmarks. Each circuit was synthesized and mapped to a SCMOS technology using SIS[11]. Place&route was performed by TIMBERWOLFSC-4.1[12]. To simulate the registration phase, a signature was generated for each benchmark. Then, small modifications were introduced in every benchmark to check whether the signature was resilient to “official” Engineering Change Orders (ECOs) and scaling. Later, a variable number of random moves were performed on the benchmark’s layout so as to maximize the potential damage to the circuit. Changes were introduced in pins, Steiner points, and nets, uniformly distributed over the entire circuit. Three types of modifications were implemented: (1) translation/rotation, (2) swap, and (3) stretch, aimed at simulating illegal tampering. The signatures associated to the modified designs were compared with the original ones. Finally, the benchmarks were entirely redesigned and the signatures were again compared to the original ones, thus estimating the event that a design could be mistakenly detected even when a “legal” redesign had taken place. Table 1 reports circuit data, such as device, IO pin, and net count. The signature matching rates are given for several modification densities, simulating an ECO applied to the circuit. The signature was constructed with a minimum net size of 2, 3, 4 or 10 terminals, while no net size upperbound was used. As expected, small ECOs generally resulted in perfect matching, while re-designs resulted in very low matching rates. Moreover, small circuits were less robust to tampering than large ones, due
/
s444
2
709/9/932
10
s832
4
s832
10
s1196
10
100 100
1686/37/2127
2105/28/2682
93.0 93.5
10
6
1598
10
6
1087 1950
100
-
10
6
100
-
10
6
1620
100
96.0
10
6
2383
Table 1: Signature matching with ECOs and re-design
to the lower number of degrees of freedom available to their design. For the detection phase a large benchmark was selected as the host design. Small benchmarks were embedded, at random locations, in the host. The detection algorithm was run on this example to extract the original signature of the host as well as that of the embedded designs. In various experiments the embedded circuits made up 1% to 10% of the entire host. Finally, tampered circuits were embedded in the host to verify the robustness of the approach in the presence of multiple levels of tampering. Figure 3 shows an example of a single inclusion of benchmark “s27” into “s444”. Table 2 summarizes the results of the detection experiment. Despite the presence of embedded circuits, the host still maintained high signature matching (rows 3-6 in Table 2). The recognition algorithm performed well in identifying both untampered embedded circuits and heavily tampered ones.
6 Conclusions Digital Fingerprinting is proposed as an alternative to tagging and watermarking for the copyright protection of intellectual
embedded circ.
host circ.
s27
s1196
s27
s1196
s27
/
ECO density 0% 10 %
CPU [s]
1
73.8
73.8
218
2
72.7
72.7
218
s1196
5
72.7
72.7
218
s1196
-
1
100.0
99.2
1241
s1196
-
2
100.0
99.0
1241
s1196
-
5
100.0
98.6
1241
Table 2: Signature matching with embedded circuits
Figure 3: Detection of embedded circuit
property contents in virtual components. The method’s main advantage is that no modifications are necessary on existing virtual components. Moreover, infringement can be detected efficiently and with low expected misses due to the high level of robustness of fingerprints.
References [1] H. Berghel and L. O’Gormian, “Protecting Ownership Rights through Digital Watermarking”, IEEE Trans. on Computers, vol. 29, n. 7, pp. 101–103, July 1996. [2] E. Charbon, “Hierarchical Watermarking in IC Design”, in Proc. IEEE Custom Integrated Circuit Conference, pp. 295–298, May 1998. [3] A. Kahng, S. Mantik, I. L. Markov, M. Potkonjak, P. Tucker, H. Wang and G. Wolfe, “Robust IP Watermarking Methodologies for Physical Design”, in Proc. IEEE/ACM Design Automation Conference, pp. 782–787, June 1998. [4] J. Lach, W. H. Mangione-Smith and M. Potkonjak, “Signature Hiding Techniques for FPGA Intellectual Property Protection”, in Proc. IEEE International Conference on Computer Aided Design, pp. 194–198, November 1998.
[5] I. Torunoglu and E. Charbon, “Watermarking-Based Copyright Protection of Sequential Functions”, in Proc. IEEE Custom Integrated Circuit Conference, pp. 35–38, May 1999. [6] A. L. Oliveira, “Robust Techniques for Watermarking Sequential Circuit Designs”, in Proc. IEEE/ACM Design Automation Conference, pp. 837–842, June 1999. [7] E. Charbon and I. Torunoglu, “Intellectual Property Protection Via Hierarchical Watermarking”, in Int’l Workshop On IP Based Synthesis And System Design, December 1998. [8] F. P. Preparata and M. I. Shamos, Computational Geometry. An Introduction, Springer, second Edition, 1988. [9] J. Lach, W. H. Mangione-Smith and M. Potkonjak, “FPGA Fingerprinting Techniques for Protecting Intellectual Property”, in Proc. IEEE Custom Integrated Circuit Conference, pp. 299–302, May 1998. [10] E. Charbon and I. Torunoglu, “Copyright Protection of Designs Based on Multi Source IPs”, in Proc. IEEE International Conference on Computer Aided Design, November 1999. [11] E. M. Sentovich, K. J. Singh, L. Lavagno, C. Moon, R. Murgai, A. Saldanha, H. Savoj, P. R. Stephan, R. K. Brayton and A. L. Sangiovanni-Vincentelli, “SIS: A System for Sequential Circuit Synthesis”, Memorandum UCB/ERL M92/41, UCB, Univ. of California, Berkeley, CA 94720, May 1992. [12] C. Sechen and A. L. Sangiovanni-Vincentelli, “Timberwolf3.2: A New Standard Cell Placement and Global Routing Package”, in Proc. IEEE/ACM Design Automation Conference, pp. 432–439, 1986.