The technique relies on hosting the bits of a digital signature at the HDL design level ... Synthesis results show that the application of the proposed watermarking ...
HDL-level automated Watermarking of IP Cores E. Castilloa, U. Meyer-Baeseb, L.Parrillaa, A. Garcíaa, A. Llorisa a Dept. of Electronics and Computer Technology, Campus Universitario Fuentenueva, 18071, Univ. of Granada, Spain. b Dept. of Electrical & Computer Engineering, FAMU-FSU College of Engineering, Florida, USA 32310-6046. ABSTRACT This paper presents significant improvements to our previous watermarking technique for Intellectual Property Protection (IPP) of IP cores. The technique relies on hosting the bits of a digital signature at the HDL design level using resources included within the original system. Thus, any attack trying to change or remove the digital signature will damage the design. The technique also includes a procedure for secure signature extraction requiring minimal modifications to the system. The new advances refer to increasing the applicability of this watermarking technique to any design, not only to those including look-ups, and the provision of an automatic tool for signature hosting purposes. Synthesis results show that the application of the proposed watermarking strategy results in negligible degradation of system performance and very low area penalties and that the use of the automated tool, in addition to easy the signature hosting, leads to reduced area penalties. Keywords: Information Hiding, Digital Watermarking, IP Cores, IPP, FPGA Applications.
1. INTRODUCTION As essential elements of design reuse, IP cores1 are part of the growing electronic design automation (EDA) industry trend towards repeated use of previously designed components. Reuse-based design is one of the most important methodologies on which IC design is based, allowing the assembly of a complex system using smaller components, reducing system design complexity and enabling resource optimization through reduced development time and costs. IP cores fall into one of three categories: soft cores, firm cores or hard cores. The soft cores are described using high level description languages and are the most flexible of the three types of IP cores. The firm cores are described and synthesized for specific libraries. Finally, the hard cores are described at the physical level and these are best for plugand-play applications, although less portable and flexible than the other two types of cores. On the other hand, the growing adoption of reuse-based design methodologies is creating the need for the development of mechanisms to protect the intellectual property rights of the designers. There are several forms of protection available for intellectual property in the electronic design automation industry, including patents, copyrights, mask works or trade secrets2. However, all these methods are insufficient and/or inapplicable for intellectual property protection of reusable cores1. Recently, watermarking3 has been employed as a potential solution for claiming the ownership of IP cores. Watermarking4 is a traditional technique for banknotes and paper manufacturing consisting on hiding or embedding data into a product to help deter people from counterfeiting those specific products. Watermarking is also used in multimedia Intellectual Property protection to securely identify the authenticity of the source of text, image or video. In the last few years, this concept has been extended for IP core protection. Watermarking techniques for IP cores try to enable the protection of author rights in the development and distribution of IC designs as reusable modules4. In particular, watermarking techniques have been applied to Hardware Description Language (HDL) Ips5-6, which are HDL designs or soft cores and are primarily used for RTL design/verification flow. In this paper, we introduce new advances in a previously developed watermarking-based technique for protection of HDL Intellectual Property7. The proposed technique enables the protection of HDL IPs by spreading a digital signature at the high level description of the design through combinational logic included in the IP core. One of the novelties is that the technique can be applied to any design, not being necessary for the design to include memory structures or to force the introduction of some memory structures and the mapping into them part of the design. Other important advance is the development of an automated tool for making easier and optimizing the signature spreading. The technique also Independent Component Analyses, Wavelets, Unsupervised Nano-Biomimetic Sensors, and Neural Networks VI, edited by Harold H. Szu, F. Jack Agee, Proc. of SPIE Vol. 6979, 69790H, (2008) · 0277-786X/08/$18 · doi: 10.1117/12.777963 Proc. of SPIE Vol. 6979 69790H-1 2008 SPIE Digital Library -- Subscriber Archive Copy
offers a method for easy and non-destructive signature extraction that requires just adding low overhead circuitry. This signature detection allows identifying the author and the yielded recipient rights. The watermarking method presented is illustrated with design examples implemented on field-programmable technology. The new technique provides high invulnerability while requiring low area and negligible timing overhead.
2. RELATED WORK 3
Recently, digital watermarking has emerged as a candidate solution for the copyright protection problem of digital media. Especially, digital watermarking in IP cores consists of hiding some type of watermark or identification mark, which is permanently embedded in the design. The watermark may contain information about ownership, user identity or description of the original data. The embedded watermark uniquely identifies both the design origin and recipient of an IP block. One of the most important issues when trying to apply any watermarking-based technique for IP protection is that the IP core utility relies on its correct functionality. For multimedia contents, the watermark can be easily embedded into the digital media as minor changes. While in multimedia this alteration is invisible to the human eyes, in designs and CAD tools it could have unacceptable impact on the functionality and correctness. The biggest challenge of IPP techniques for IP cores will consist on how to hide the digital signature without changing the design functionality. Some others requirements for a watermarking-based IPP technique are minimal overhead cost, transparency to existing CAD tools and designs, strong proof of authorship, high probability of uniqueness, difficult to detect or to remove and proportional component protection. Watermarking techniques for IP core protection can be categorized according to watermark application levels as follows: physical-level watermarks8, synthesis-level watermarks9 and high-level watermarks5-6. As watermarking techniques are applied at any of the above levels, the protection propagates to later stages in the design flow. In this paper, we have focused on watermarking techniques at high-level design. The advantage provided by watermarking techniques at highlevel design resides in the difficulty to remove the watermark. The embedding of a watermark at this design level provides the most tampering-resistant schemes since the signature is embedded in preliminary stages, so it is dragged through the whole design flow. In addition, the watermark could be embedded as a functional part of the design. However, for a given digital signature length, this type of watermarking usually results in higher overhead of the final circuitry. The HDL watermarking technique proposed in this paper gets to solve this drawback: large and secure signatures, a crucial fact for high authorship credibility, and some dedicate circuitry for signature extraction are introduced into the design examples with minimal system overhead. The essence of the HDL-level watermarking technique proposed in a previous work7 is to protect digital systems by spreading the bits of a digital signature into the design. The signature spreading has been realized through non used or used memory positions of memory structures. If the original design included look-up tables, the watermarking technique could be applied directly7, 10 and in case the design did not include them, it was possible to introduce some tables and to map into them part of the design not included in the critical path7, 10. In addition, the proposed watermarking technique includes an easy and secure procedure for non-destructive signature extraction. This procedure requires some hardware to be included into the system. This hardware will detect the petition for signature extraction and will show the signature bits as a data sequence at the output of the protected system. The proposed watermarking techniques makes the signature bits to be part of the original design, while the system itself extracts the signature bits when it is required to do so. An important feature is that both signature spreading and extraction processes can be performed without disrupting the functionality of the original design.
3. NEW ADVANCES IN THE HDL-WATERMAKING STRATEGY Memory structures are sometimes used as look-ups for mapping combinational logic, thus, the content of the memory structures also represents output patterns of the corresponding combinational logic. In this way, those patterns might be used for forcing the spreading of signature bits into the combinational logic of the system during HDL description. As a natural extension of the previous ideas7,, it is possible to look for or to identify blocks of the signature bits within the output patterns of the combinational logic included in the design, independently of the logic structure used for its implementation (look-up, logic gate networks, etc.). Thus, the new advances in the watermarking strategy propose to host the bits of the digital signature through output patterns of combinational logic included in the high-level description
Proc. of SPIE Vol. 6979 69790H-2
of the original design. Thus, the watermarking technique could be applied to any design without being necessary that it includes look-up tables or other memory structures or to map into them part of the design. In addition, the signature hosting does not require additional system resources and any attempt to modify or to remove one single bit of the hosted signature will change the functionality of the combinational parts of the design, thus modifying the proper functioning of the system. The new progress in the watermarking technique also includes the development of a tool that has a double advantage: to automate the search of the signature bits blocks within the output patterns of the combinational logic and to make that search in a way that the signature extraction logic require as few resources as possible. It is important to clarify that the proposed watermarking strategy is not related in any way with the resources that will be used for the physical implementation of the design. Moreover, they are neither related to the logic resources or primitives derived from the logic synthesis process. The signature bits are hosted at the high-level HDL description of the design, taking advantage of output patterns of combinational logic included into the original design description. Because of this, the proposed watermarking technique propagates through the whole design flow down to the physical implementation, so the system is protected from the first stages of logic synthesis without requiring any re-synthesis, keeps this protection through place&route for whatever target technology is considered (ASIC, FPGA, etc.) and the final physical implementation is also protected. All the processes involve in the proposed watermarking strategy and the new advances are detailed in the following. 3.1 Signature preparation and signature hosting The selected signature (text, video, image,…) is converted into a bit-stream or digital signature using a cryptographic hash function11, for instance MD5 or SHA1, that allows the prevention of forging attacks. The digital signature have to be prepared to be hosted into the design. It involves partitioning the digital signature in blocks that are adequate for their hosting. The signature blocks are required to have a bit length equal or minor to that of the output patterns that will host them. As it was commented above, the signature hosting consist of identifying blocks of the signature bits within the output patterns of the combinational logic included in the design. The resulting locations or positions of this search would be the Signature Locations (SLs), which have to be pointed to for signature extraction. For example, a BCD to 7-segment decoder can be employed to show an example of signature hosting strategy. Fig. 1 shows an example of the VHDL code that describes the BCD to 7-segment decoder, so if it is part of a given design, it would be possible to identify part of the selected digital signature with the decoder output patterns. If a block of the digital signature is “1111110”, it could be hosted in the output pattern corresponding to the input pattern “0001”. The signature bits are hosted instead of embedded, since these bits are output patterns of the combinational logic that describes the decoder and are required for the correct functioning of both the unprotected and watermarked systems. with DCBA select abcdefg
