Jul 29, 2016 - ... the original design. ⢠Such a partial netlist can take billions of years to crack with brute force. .... in polynomial time. e.g. an instance of Sudoku ...
Implementation And Evaluation Of SATbased Attacks On Hybrid STT-CMOS Circuits For Reverse Engineering Master’s Thesis By Gaurav Shenoy Thesis Advisor: Dr. Houman Homayoun 29 July, 2016 Department of Electrical and Computer Engineering George Mason University
Outline • Introduction
• Proposed Solutions • Attack Model • Implementation • Results
• Conclusion • Future Work
Introduction
Traditional Supply chain Traditionally, simply consists of the IP Design House, Original Chip Manufacturers(OCM), Original Equipment Manufacturers (OEM) and Authorized Distributors
Design
IP Design House
Fabrication
Assembly
OCM
Distribution
Authorized Distributors
Life Time
OEM & Consumers
End of Life
Impact of Technology Scaling • “Technology Scaling” for increasing computational power of chips => Increase in design complexity
=> Cost of Setting up new foundries => Low initial yields leading to increase in time to market => Increase in VLSI test costs • Use of third party foundries and third party IP cores
Threat: IC Counterfeiting • SIA defines as “the act of fraudulently manufacturing, altering, distributing, or offering a product or package that is represented as genuine. ”
Adapted from Guin, Ujjwal, Daniel DiMase, and Mohammad Tehranipoor. "Counterfeit integrated circuits: detection, avoidance, and the challenges ahead." Journal of Electronic Testing 30.1 (2014): 9-23.
Threat: IP Extraction
Proposed Solutions Camouflaging Non-volatile Spin Transfer Torque (NV-STT) based Lookup Tables (LUT)
Camouflaging • Camouflaging is a layout-level technique which hinders image processing-based and pattern recognition based extraction of a gate-level netlist from a semiconductor IC. • Gates are fabricated with dummy contacts => functionalities possible : {NAND, NOR, XOR}. • The idea here is IC protection through increasing the gate functionality in order to thwart the exact netlist extraction => partial netlist of the original design. • Such a partial netlist can take billions of years to crack with brute force.
NV-STT based LUT • Reconfigurable Lookup Tables (LUT) can be implemented as a part of a logic circuit in a programmable form that hides the identity of the hardware. • In this technique, a gate is replaced with a programmable Lookup Table(LUT) thereby providing an exponential increase in the number of possible functionalities with the gate inputs (2**(2**n) functions for n inputs). • In this work, this technique is tested for two input Boolean logic functions which can have a maximum of 16 functionalities.
NV-STT Technology Benefits • More secure than SRAM based Field Programmable Gate Arrays (FPGA) • Reprogrammable Nature => More functionalities • On-die fabrication with conventional CMOS fabric • Offers less leakage for low fan-ins (4-input or less)
Cost-Security Tradeoff • The complexity in predicting the disguised gates directly affects the time taken to reverse engineer them. • Applying each new test pattern comes at a cost to attacker. • Beneficial for IC Design house to increase disguised gates => increased overhead • Tradeoff => optimize gate selection
• In this work, the analysis is performed on netlists with 1%, 5% and 10% disguised gates.
Attack Model
Motive for selecting the SAT-based model • The layout level techniques share a common goal of thwarting netlist extraction. • Possible to obtain a partial netlist. • This accessibility to partial netlist has been exploited in the work by Mohamed El Massad et.al. using SAT-based reverse engineering model. • Model shows ability to identify the camouflaged gates in minutes on ISCAS ’85 and ISCAS ’89 benchmarks.
Basic idea • Uses two copies of the targeted IC
• Partial netlist obtained has 32 = 9 possibilities • Original circuit provides a unique sequence of the output for a set of inputs • Set of inputs for which output matches with the original circuit only for correct combinations are referred to as “discriminating inputs” (Input, Expected Output) (G1, G2) (XOR, XOR) (XOR, NAND) (XOR, NOR) (NAND, XOR) (NAND, NAND) (NAND, NOR) (NOR, XOR) (NOR, NAND) (NOR, NOR)
(0000, 0) (0001, 0) (0100, 1) Output for particular combination of (G1, G2) 1 1 1 1 0 0 0 0 0 1 1 0 1 0 1 -
Notations Notation
Description
B
Original circuit or Reference circuit or Black box circuit
C
Camouflaged circuit
n, m, k
Number of input bits, output bits and camouflaged gates in C respectively
G
Set of possible gate types e.g. G = {XOR, NAND, NOR}
S
S: [1, k]
CS
S is referred to as a completion of C e.g. CS = {XOR, NOR}
i PI I
G i.e. maps to a gate type in G for one of the indices in [1, k] e.g. S1 = XOR, S2 = NOR
n-bit binary number that assigns one bit to each input pin in circuit Set of all possible primary input patterns A set of inputs which is a subset of PI
B(i)
m-bit output of Original circuit B due to input pattern i
CS(i)
m-bit output of Camouflaged circuit C with S due to input i
Quick look • Set of Discriminating inputs: For a camouflaged circuit C, I is discriminating if: for every correct completion S and iI, CS(i) = B(i) • Model has low computational and query cost.
Complexity Theory • Classifies computation problems as per their inherent difficulty • Quantifies the amount of resources • Classifications in general: P, NP, NP-complete, NP-Hard, EXP,R • P : deterministic approach solvable in polynomial time
e.g. Finding max element in array • NP: decision problems which can be checked in polynomial time e.g. an instance of Sudoku
Decision problem 1 • Easier to eliminate the incorrect completions => find non-discriminating set • Decision problem 1 referred to as NOT-DISC-SET-DEC is the problem of finding the nondiscriminating set given C, B and a set of inputs I and should fulfill two conditions:
(1) Cs1(i) = Cs2(i) = B(i), iI. (2) Cs1(i’) ≠ Cs2(i’).
• Problem is in NP if an efficient certifier proves existence or non-existence of a True instance of the decision problem. • NOT-DISC-SET-DEC problem provides a certificate (S1, S2, i’) for every such true instance in polynomial time and hence is in NP.
Decision problem 2 • Decision Problem 2 is referred to as COMPLETION-DEC is the problem, given the C,B and I, of finding a completion S such that:
iI, CS(i) = B(i) • For every True instance, a certificate is a completion S such that the completed circuit, CS, agrees with the black-box circuit B on all inputs in I. • Problem can be verified in polynomial time => NP
Implementation
Benefits of categorizing the Decision problems • Complexity of the Problems predicts the time to reverse engineer. • Reductions to known problems • Concept of reduction:
• Decision problems are in NP-complete
• Decision Problems are first reduced to CIRCUIT-SAT and then to CNF-SAT
CIRCUIT-SAT Decision Problem • Problem: Given a Boolean Circuit C, of discovering input x such that the output of circuit C is true. • Non-deterministic machine can guess an assignment in polynomial time
• Problem is in NP-complete • E.g.
Implementation: Reduction to CIRCUIT-SAT • Each disguised gate replaced with a MUX implementation • Inputs to MUX Possible identities e.g.{NAND, NOR, XOR}
• Select lines of the Multiplexer a bit vector of Completion S e.g. S = {00, 01, 10}
NOT-DISC-SET-DEC to CIRCUIT-SAT Condition1: Cs1(i) = Cs2(i) = B(i), iI
Assumption: Set I = {“0000”}
Condition2: Cs1(i’) ≠ Cs2(i’)
COMPLETION-DEC to CIRCUIT-SAT Condition: iI, CS(i) = B(i)
Assumption: Set I = {“0000”, “0001”}
CNF-SAT Decision Problem • Problem: Given a Boolean Equation E written using only AND, OR and NOT of variables, does there exist an assignment to the variables in E such that it delivers a true instance for E. • E is represented in the form of Conjunctive Normal Form (CNF). The CNF formula is built on the following structures: - Literal: A Boolean variable or its negation (e.g. x1, ¬x1). - Clause: Contains one or more literals connected with a disjunction (e.g. (x1˅¬x2)). - Formula/Expression: Consists of a conjunction of clauses (e.g. (x1˅¬x2) ˄ (¬x1˅x2)). • Reduction of CIRCUIT-SAT to CNF-SAT performed using Tseitin Transformation
SAT Solver: MiniSAT • SAT Solver: A tool which takes CNF as an input file and finds a solution for every True instance of E • This work uses MiniSAT
• Two instances of the Solver required: - Solver1 : NOT-DISC-SET-DEC - Solver2 : COMPLETION-DEC • E.g. CIRCUIT-SAT representation
CNF-SAT using Tseitin
MiniSAT representation
transformation (A̅˅ B̅˅C) ˄
-1 -2 3 0
(A˅C̅) ˄
1 -3 0
(B˅C̅)
2 -3 0
Algorithm
outer_loop = True inner_loop = False - Keeps track of all the initial inputs tried during the attack on the current circuit instance Initial_Input_tried = Null while (outer_loop ≠ False): - Drives i’s. Any True instance gives a certificate with first input i’ to I. (S1, S2, i’) ← Solver1(C, Initial_Input_tried) if (S1, S2, i’) ≠ Null: Initial_Input_tried = {i’} I ← i’ outer_loop = False inner_loop = True else: break end if while (inner_loop ≠ False): - The input to Solver1 grows with I (S1, S2, i’) ← Solver1(C, I, B(I)) - if Solver1 gives an “UNSAT” then no new i’ is found if (S1, S2, i’) ≠ Null: I ← {i’} else: inner_loop = False end if end while end while - Solver2 uses I and yields a certificate with predicted gates (S1, S2) ← Solver2(C, I, B(I))
Extension of the attack to STT-based LUT • Extending the attack model to test increased gate types • Disguised gates are assumed to be two input logic functions • Maximum of 16 gate types per gate. • Gate types for LUT assumed to range from 3-8.
Results
Methodology • Model was developed in Python • Solvers implemented using MiniSAT • Partial netlist files created using ISCAS’85 and ISCAS’89 bench circuits • Disguised Gates selected at random • Characteristics of circuits to depict varied impact: Circuit
Gates
% of Missing gates
Inputs Outputs
1%
5%
10%
c432
160
36
7
1
8
16
s832
292
18
19
2
14
29
c1355
546
41
32
5
27
54
s1423
731
17
5
7
36
73
c3540
1669
50
22
16
83
166
c5315
2307
178
123
23
115
230
Time to reverse engineer Impact of increasing the number of gate types: • Time to reverse engineer increases with gate types and size of circuit
• Similar impact observed keeping % of missing gates constant • Time to reverse engineer grows in proportion to size of the discriminating set
Number of Discriminating Inputs to Reverse Engineer Impact of increasing the number of missing gates • Trends show significant increase in the time taken and size of the discriminating set • Similar trends observed keeping gate types constant • Inference: Gate Types as an alternative to increase in number of missing gates
Reverse Engineering bigger netlists Impact of increasing circuit size on the attack model: • Substantial increase in time and size of discriminating set • For 8 gate type and 10% missing gates, c5315 needs around 58 hours to be cracked • Model does not scale well
Conclusion • Goal: Test and analyze the security offered by Hybrid STT-CMOS circuits against SAT-based reverse engineering model. • Analyzed the security mechanism for two-input missing gates with a maximum functionality of 16 gate types with each gate chosen randomly. • The trends observed show increase in security with the metrics selected for testing the vulnerability against reverse engineering. • Attack model does not scale well. • Hybrid STT-CMOS circuits show substantial increase in security.
Future work • Hybrid STT-CMOS circuits security need to be tested with respect to: 1. Increase in number of inputs of each missing gate => more gate types 2. Gate selection algorithms
3. More reverse engineering models • The exploration of these additional factors to truly verify the sustainability of this security approach and also adopt it as a means for the future.
Q&A Thank you for your time !
