Stripped Functionality Logic Locking with Hamming Distance-Based Restore Unit (SFLL-HD)-Unlocked

Fangfei Yang, Ming Tang, Ozgur Sinanoglu

Research output: Contribution to journalArticle

Abstract

Logic locking is a technique that has received significant attention. It protects a hardware design netlist from a variety of hardware security threats, such as tampering, reverse-engineering, and piracy, stemming from untrusted chip foundry and end-users. This technique adds logic and inputs to a given design netlist to make sure that the locked design is functional only when a key is applied from the new inputs; an incorrect key makes the design produce incorrect outputs. The new inputs, referred to as the key inputs, are driven by a tamper-proof memory on the chip, which stores the secret key. Research in this field has shown that this technique, if not implemented properly, may be vulnerable to attacks that extract the key of logic locking. Recently, a logic locking technique called stripped functionality logic locking (SFLL) has been proposed and shown to withstand all known attacks in a provably secure manner. SFLL strips some functionality from the original design by corrupting its output corresponding to a number of 'protected' input patterns. In one version of SFLL, referred to as SFLL-hd, these protected patterns are all of a certain hamming distance h to the key. The modified design is accompanied by additional logic that fixes the output for each protected input pattern only when the key is in the tamper-proof memory. In this paper, we present an attack that breaks SFLL-hd within a minute. Our attack exploits structural traces left behind in the locked design due to the functionality strip operation and is capable of identifying some of the protected patterns. We also present a theoretical framework that helps us develop two different techniques to complete our attack. In the first technique, we use the Gaussian elimination technique to solve a system of equations that we form based on k-identified protected patterns in O k3) time in the best case, where k is the number of key bits in key. The second technique uses one identified protected pattern to query the oracle k times. In both techniques, we successfully recover the key from the protected pattern(s). We show that our attacks work on the SFLL-locked microprocessor design (more than 50 K gates) that the authors of SFLL made available to the public; we extract the 256-bit key within a minute and reveal it in this paper. We also test our attacks on a few other SFLL-hd benchmarks provided by SFLL authors.

Original languageEnglish (US)
Article number8666809
Pages (from-to)2778-2786
Number of pages9
JournalIEEE Transactions on Information Forensics and Security
Volume14
Issue number10
DOIs
StatePublished - Oct 1 2019

Fingerprint

Hamming distance
Data storage equipment
Reverse engineering
Foundries
Microprocessor chips
Hardware

Keywords

  • hamming distance
  • Hardware
  • logic gates
  • reverse engineering
  • security

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this

Stripped Functionality Logic Locking with Hamming Distance-Based Restore Unit (SFLL-HD)-Unlocked. / Yang, Fangfei; Tang, Ming; Sinanoglu, Ozgur.

In: IEEE Transactions on Information Forensics and Security, Vol. 14, No. 10, 8666809, 01.10.2019, p. 2778-2786.

Research output: Contribution to journalArticle

@article{ffe72af3489e4ebf96afbbb9862b1d53,
title = "Stripped Functionality Logic Locking with Hamming Distance-Based Restore Unit (SFLL-HD)-Unlocked",
abstract = "Logic locking is a technique that has received significant attention. It protects a hardware design netlist from a variety of hardware security threats, such as tampering, reverse-engineering, and piracy, stemming from untrusted chip foundry and end-users. This technique adds logic and inputs to a given design netlist to make sure that the locked design is functional only when a key is applied from the new inputs; an incorrect key makes the design produce incorrect outputs. The new inputs, referred to as the key inputs, are driven by a tamper-proof memory on the chip, which stores the secret key. Research in this field has shown that this technique, if not implemented properly, may be vulnerable to attacks that extract the key of logic locking. Recently, a logic locking technique called stripped functionality logic locking (SFLL) has been proposed and shown to withstand all known attacks in a provably secure manner. SFLL strips some functionality from the original design by corrupting its output corresponding to a number of 'protected' input patterns. In one version of SFLL, referred to as SFLL-hd, these protected patterns are all of a certain hamming distance h to the key. The modified design is accompanied by additional logic that fixes the output for each protected input pattern only when the key is in the tamper-proof memory. In this paper, we present an attack that breaks SFLL-hd within a minute. Our attack exploits structural traces left behind in the locked design due to the functionality strip operation and is capable of identifying some of the protected patterns. We also present a theoretical framework that helps us develop two different techniques to complete our attack. In the first technique, we use the Gaussian elimination technique to solve a system of equations that we form based on k-identified protected patterns in O k3) time in the best case, where k is the number of key bits in key. The second technique uses one identified protected pattern to query the oracle k times. In both techniques, we successfully recover the key from the protected pattern(s). We show that our attacks work on the SFLL-locked microprocessor design (more than 50 K gates) that the authors of SFLL made available to the public; we extract the 256-bit key within a minute and reveal it in this paper. We also test our attacks on a few other SFLL-hd benchmarks provided by SFLL authors.",
keywords = "hamming distance, Hardware, logic gates, reverse engineering, security",
author = "Fangfei Yang and Ming Tang and Ozgur Sinanoglu",
year = "2019",
month = "10",
day = "1",
doi = "10.1109/TIFS.2019.2904838",
language = "English (US)",
volume = "14",
pages = "2778--2786",
journal = "IEEE Transactions on Information Forensics and Security",
issn = "1556-6013",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "10",

}

TY - JOUR

T1 - Stripped Functionality Logic Locking with Hamming Distance-Based Restore Unit (SFLL-HD)-Unlocked

AU - Yang, Fangfei

AU - Tang, Ming

AU - Sinanoglu, Ozgur

PY - 2019/10/1

Y1 - 2019/10/1

N2 - Logic locking is a technique that has received significant attention. It protects a hardware design netlist from a variety of hardware security threats, such as tampering, reverse-engineering, and piracy, stemming from untrusted chip foundry and end-users. This technique adds logic and inputs to a given design netlist to make sure that the locked design is functional only when a key is applied from the new inputs; an incorrect key makes the design produce incorrect outputs. The new inputs, referred to as the key inputs, are driven by a tamper-proof memory on the chip, which stores the secret key. Research in this field has shown that this technique, if not implemented properly, may be vulnerable to attacks that extract the key of logic locking. Recently, a logic locking technique called stripped functionality logic locking (SFLL) has been proposed and shown to withstand all known attacks in a provably secure manner. SFLL strips some functionality from the original design by corrupting its output corresponding to a number of 'protected' input patterns. In one version of SFLL, referred to as SFLL-hd, these protected patterns are all of a certain hamming distance h to the key. The modified design is accompanied by additional logic that fixes the output for each protected input pattern only when the key is in the tamper-proof memory. In this paper, we present an attack that breaks SFLL-hd within a minute. Our attack exploits structural traces left behind in the locked design due to the functionality strip operation and is capable of identifying some of the protected patterns. We also present a theoretical framework that helps us develop two different techniques to complete our attack. In the first technique, we use the Gaussian elimination technique to solve a system of equations that we form based on k-identified protected patterns in O k3) time in the best case, where k is the number of key bits in key. The second technique uses one identified protected pattern to query the oracle k times. In both techniques, we successfully recover the key from the protected pattern(s). We show that our attacks work on the SFLL-locked microprocessor design (more than 50 K gates) that the authors of SFLL made available to the public; we extract the 256-bit key within a minute and reveal it in this paper. We also test our attacks on a few other SFLL-hd benchmarks provided by SFLL authors.

AB - Logic locking is a technique that has received significant attention. It protects a hardware design netlist from a variety of hardware security threats, such as tampering, reverse-engineering, and piracy, stemming from untrusted chip foundry and end-users. This technique adds logic and inputs to a given design netlist to make sure that the locked design is functional only when a key is applied from the new inputs; an incorrect key makes the design produce incorrect outputs. The new inputs, referred to as the key inputs, are driven by a tamper-proof memory on the chip, which stores the secret key. Research in this field has shown that this technique, if not implemented properly, may be vulnerable to attacks that extract the key of logic locking. Recently, a logic locking technique called stripped functionality logic locking (SFLL) has been proposed and shown to withstand all known attacks in a provably secure manner. SFLL strips some functionality from the original design by corrupting its output corresponding to a number of 'protected' input patterns. In one version of SFLL, referred to as SFLL-hd, these protected patterns are all of a certain hamming distance h to the key. The modified design is accompanied by additional logic that fixes the output for each protected input pattern only when the key is in the tamper-proof memory. In this paper, we present an attack that breaks SFLL-hd within a minute. Our attack exploits structural traces left behind in the locked design due to the functionality strip operation and is capable of identifying some of the protected patterns. We also present a theoretical framework that helps us develop two different techniques to complete our attack. In the first technique, we use the Gaussian elimination technique to solve a system of equations that we form based on k-identified protected patterns in O k3) time in the best case, where k is the number of key bits in key. The second technique uses one identified protected pattern to query the oracle k times. In both techniques, we successfully recover the key from the protected pattern(s). We show that our attacks work on the SFLL-locked microprocessor design (more than 50 K gates) that the authors of SFLL made available to the public; we extract the 256-bit key within a minute and reveal it in this paper. We also test our attacks on a few other SFLL-hd benchmarks provided by SFLL authors.

KW - hamming distance

KW - Hardware

KW - logic gates

KW - reverse engineering

KW - security

UR - http://www.scopus.com/inward/record.url?scp=85067669162&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85067669162&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2019.2904838

DO - 10.1109/TIFS.2019.2904838

M3 - Article

AN - SCOPUS:85067669162

VL - 14

SP - 2778

EP - 2786

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

SN - 1556-6013

IS - 10

M1 - 8666809

ER -