Stripped Functionality Logic Locking with Hamming Distance-Based Restore Unit (SFLL-HD)-Unlocked

Fangfei Yang, Ming Tang, Ozgur Sinanoglu

    Research output: Contribution to journalArticle

    Abstract

    Logic locking is a technique that has received significant attention. It protects a hardware design netlist from a variety of hardware security threats, such as tampering, reverse-engineering, and piracy, stemming from untrusted chip foundry and end-users. This technique adds logic and inputs to a given design netlist to make sure that the locked design is functional only when a key is applied from the new inputs; an incorrect key makes the design produce incorrect outputs. The new inputs, referred to as the key inputs, are driven by a tamper-proof memory on the chip, which stores the secret key. Research in this field has shown that this technique, if not implemented properly, may be vulnerable to attacks that extract the key of logic locking. Recently, a logic locking technique called stripped functionality logic locking (SFLL) has been proposed and shown to withstand all known attacks in a provably secure manner. SFLL strips some functionality from the original design by corrupting its output corresponding to a number of 'protected' input patterns. In one version of SFLL, referred to as SFLL-hd, these protected patterns are all of a certain hamming distance h to the key. The modified design is accompanied by additional logic that fixes the output for each protected input pattern only when the key is in the tamper-proof memory. In this paper, we present an attack that breaks SFLL-hd within a minute. Our attack exploits structural traces left behind in the locked design due to the functionality strip operation and is capable of identifying some of the protected patterns. We also present a theoretical framework that helps us develop two different techniques to complete our attack. In the first technique, we use the Gaussian elimination technique to solve a system of equations that we form based on k-identified protected patterns in O k3) time in the best case, where k is the number of key bits in key. The second technique uses one identified protected pattern to query the oracle k times. In both techniques, we successfully recover the key from the protected pattern(s). We show that our attacks work on the SFLL-locked microprocessor design (more than 50 K gates) that the authors of SFLL made available to the public; we extract the 256-bit key within a minute and reveal it in this paper. We also test our attacks on a few other SFLL-hd benchmarks provided by SFLL authors.

    Original languageEnglish (US)
    Article number8666809
    Pages (from-to)2778-2786
    Number of pages9
    JournalIEEE Transactions on Information Forensics and Security
    Volume14
    Issue number10
    DOIs
    StatePublished - Oct 1 2019

    Fingerprint

    Hamming distance
    Data storage equipment
    Reverse engineering
    Foundries
    Microprocessor chips
    Hardware

    Keywords

    • hamming distance
    • Hardware
    • logic gates
    • reverse engineering
    • security

    ASJC Scopus subject areas

    • Safety, Risk, Reliability and Quality
    • Computer Networks and Communications

    Cite this

    Stripped Functionality Logic Locking with Hamming Distance-Based Restore Unit (SFLL-HD)-Unlocked. / Yang, Fangfei; Tang, Ming; Sinanoglu, Ozgur.

    In: IEEE Transactions on Information Forensics and Security, Vol. 14, No. 10, 8666809, 01.10.2019, p. 2778-2786.

    Research output: Contribution to journalArticle

    @article{8b3debf18bdd451fa9857115f4b49ff8,
    title = "Stripped Functionality Logic Locking with Hamming Distance-Based Restore Unit (SFLL-HD)-Unlocked",
    abstract = "Logic locking is a technique that has received significant attention. It protects a hardware design netlist from a variety of hardware security threats, such as tampering, reverse-engineering, and piracy, stemming from untrusted chip foundry and end-users. This technique adds logic and inputs to a given design netlist to make sure that the locked design is functional only when a key is applied from the new inputs; an incorrect key makes the design produce incorrect outputs. The new inputs, referred to as the key inputs, are driven by a tamper-proof memory on the chip, which stores the secret key. Research in this field has shown that this technique, if not implemented properly, may be vulnerable to attacks that extract the key of logic locking. Recently, a logic locking technique called stripped functionality logic locking (SFLL) has been proposed and shown to withstand all known attacks in a provably secure manner. SFLL strips some functionality from the original design by corrupting its output corresponding to a number of 'protected' input patterns. In one version of SFLL, referred to as SFLL-hd, these protected patterns are all of a certain hamming distance h to the key. The modified design is accompanied by additional logic that fixes the output for each protected input pattern only when the key is in the tamper-proof memory. In this paper, we present an attack that breaks SFLL-hd within a minute. Our attack exploits structural traces left behind in the locked design due to the functionality strip operation and is capable of identifying some of the protected patterns. We also present a theoretical framework that helps us develop two different techniques to complete our attack. In the first technique, we use the Gaussian elimination technique to solve a system of equations that we form based on k-identified protected patterns in O k3) time in the best case, where k is the number of key bits in key. The second technique uses one identified protected pattern to query the oracle k times. In both techniques, we successfully recover the key from the protected pattern(s). We show that our attacks work on the SFLL-locked microprocessor design (more than 50 K gates) that the authors of SFLL made available to the public; we extract the 256-bit key within a minute and reveal it in this paper. We also test our attacks on a few other SFLL-hd benchmarks provided by SFLL authors.",
    keywords = "hamming distance, Hardware, logic gates, reverse engineering, security",
    author = "Fangfei Yang and Ming Tang and Ozgur Sinanoglu",
    year = "2019",
    month = "10",
    day = "1",
    doi = "10.1109/TIFS.2019.2904838",
    language = "English (US)",
    volume = "14",
    pages = "2778--2786",
    journal = "IEEE Transactions on Information Forensics and Security",
    issn = "1556-6013",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",
    number = "10",

    }

    TY - JOUR

    T1 - Stripped Functionality Logic Locking with Hamming Distance-Based Restore Unit (SFLL-HD)-Unlocked

    AU - Yang, Fangfei

    AU - Tang, Ming

    AU - Sinanoglu, Ozgur

    PY - 2019/10/1

    Y1 - 2019/10/1

    N2 - Logic locking is a technique that has received significant attention. It protects a hardware design netlist from a variety of hardware security threats, such as tampering, reverse-engineering, and piracy, stemming from untrusted chip foundry and end-users. This technique adds logic and inputs to a given design netlist to make sure that the locked design is functional only when a key is applied from the new inputs; an incorrect key makes the design produce incorrect outputs. The new inputs, referred to as the key inputs, are driven by a tamper-proof memory on the chip, which stores the secret key. Research in this field has shown that this technique, if not implemented properly, may be vulnerable to attacks that extract the key of logic locking. Recently, a logic locking technique called stripped functionality logic locking (SFLL) has been proposed and shown to withstand all known attacks in a provably secure manner. SFLL strips some functionality from the original design by corrupting its output corresponding to a number of 'protected' input patterns. In one version of SFLL, referred to as SFLL-hd, these protected patterns are all of a certain hamming distance h to the key. The modified design is accompanied by additional logic that fixes the output for each protected input pattern only when the key is in the tamper-proof memory. In this paper, we present an attack that breaks SFLL-hd within a minute. Our attack exploits structural traces left behind in the locked design due to the functionality strip operation and is capable of identifying some of the protected patterns. We also present a theoretical framework that helps us develop two different techniques to complete our attack. In the first technique, we use the Gaussian elimination technique to solve a system of equations that we form based on k-identified protected patterns in O k3) time in the best case, where k is the number of key bits in key. The second technique uses one identified protected pattern to query the oracle k times. In both techniques, we successfully recover the key from the protected pattern(s). We show that our attacks work on the SFLL-locked microprocessor design (more than 50 K gates) that the authors of SFLL made available to the public; we extract the 256-bit key within a minute and reveal it in this paper. We also test our attacks on a few other SFLL-hd benchmarks provided by SFLL authors.

    AB - Logic locking is a technique that has received significant attention. It protects a hardware design netlist from a variety of hardware security threats, such as tampering, reverse-engineering, and piracy, stemming from untrusted chip foundry and end-users. This technique adds logic and inputs to a given design netlist to make sure that the locked design is functional only when a key is applied from the new inputs; an incorrect key makes the design produce incorrect outputs. The new inputs, referred to as the key inputs, are driven by a tamper-proof memory on the chip, which stores the secret key. Research in this field has shown that this technique, if not implemented properly, may be vulnerable to attacks that extract the key of logic locking. Recently, a logic locking technique called stripped functionality logic locking (SFLL) has been proposed and shown to withstand all known attacks in a provably secure manner. SFLL strips some functionality from the original design by corrupting its output corresponding to a number of 'protected' input patterns. In one version of SFLL, referred to as SFLL-hd, these protected patterns are all of a certain hamming distance h to the key. The modified design is accompanied by additional logic that fixes the output for each protected input pattern only when the key is in the tamper-proof memory. In this paper, we present an attack that breaks SFLL-hd within a minute. Our attack exploits structural traces left behind in the locked design due to the functionality strip operation and is capable of identifying some of the protected patterns. We also present a theoretical framework that helps us develop two different techniques to complete our attack. In the first technique, we use the Gaussian elimination technique to solve a system of equations that we form based on k-identified protected patterns in O k3) time in the best case, where k is the number of key bits in key. The second technique uses one identified protected pattern to query the oracle k times. In both techniques, we successfully recover the key from the protected pattern(s). We show that our attacks work on the SFLL-locked microprocessor design (more than 50 K gates) that the authors of SFLL made available to the public; we extract the 256-bit key within a minute and reveal it in this paper. We also test our attacks on a few other SFLL-hd benchmarks provided by SFLL authors.

    KW - hamming distance

    KW - Hardware

    KW - logic gates

    KW - reverse engineering

    KW - security

    UR - http://www.scopus.com/inward/record.url?scp=85067669162&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85067669162&partnerID=8YFLogxK

    U2 - 10.1109/TIFS.2019.2904838

    DO - 10.1109/TIFS.2019.2904838

    M3 - Article

    VL - 14

    SP - 2778

    EP - 2786

    JO - IEEE Transactions on Information Forensics and Security

    JF - IEEE Transactions on Information Forensics and Security

    SN - 1556-6013

    IS - 10

    M1 - 8666809

    ER -