Testing the Trustworthiness of IC Testing

An Oracle-Less Attack on IC Camouflaging

Muhammad Yasin, Ozgur Sinanoglu, Jeyavijayan Rajendran

    Research output: Contribution to journalArticle

    Abstract

    Test of integrated circuits (ICs) is essential to ensure their quality; the test is meant to prevent defective and out-of-spec ICs from entering into the supply chain. The test is conducted by comparing the observed IC output with the expected test responses for a set of test patterns; the test patterns are generated using automatic test pattern generation algorithms. Existing test-pattern generation algorithms aim to achieve higher fault coverage at lower test costs. In an attempt to reduce the size of test data, these algorithms reveal the maximum information about the internal circuit structure. This is realized through sensitizing the internal nets to the outputs as much as possible, unintentionally leaking the secrets embedded in the circuit as well. In this paper, we present HackTest, an attack that extracts secret information generated in the test data, even if the test data do not explicitly contain the secret. HackTest can break the existing intellectual property protection techniques, such as camouflaging, within 2 min for our benchmarks using only the camouflaged layout and the test data. HackTest applies to all existing camouflaged gate-selection techniques and is successful even in the presence of the state-of-The-Art test infrastructure, i.e., test data compression circuits. Our attack necessitates that the IC test data generation algorithms can be reinforced with security.

    Original languageEnglish (US)
    Article number7937844
    Pages (from-to)2668-2682
    Number of pages15
    JournalIEEE Transactions on Information Forensics and Security
    Volume12
    Issue number11
    DOIs
    StatePublished - Nov 1 2017

    Fingerprint

    Integrated circuit testing
    Integrated circuits
    Testing
    Networks (circuits)
    Automatic test pattern generation
    Intellectual property
    Data compression
    Supply chains
    Costs

    Keywords

    • hardware security
    • IC camouflaging
    • IP piracy
    • reverse engineering
    • VLSI testing

    ASJC Scopus subject areas

    • Safety, Risk, Reliability and Quality
    • Computer Networks and Communications

    Cite this

    Testing the Trustworthiness of IC Testing : An Oracle-Less Attack on IC Camouflaging. / Yasin, Muhammad; Sinanoglu, Ozgur; Rajendran, Jeyavijayan.

    In: IEEE Transactions on Information Forensics and Security, Vol. 12, No. 11, 7937844, 01.11.2017, p. 2668-2682.

    Research output: Contribution to journalArticle

    Yasin, Muhammad ; Sinanoglu, Ozgur ; Rajendran, Jeyavijayan. / Testing the Trustworthiness of IC Testing : An Oracle-Less Attack on IC Camouflaging. In: IEEE Transactions on Information Forensics and Security. 2017 ; Vol. 12, No. 11. pp. 2668-2682.
    @article{bbed97f2acbb46289a6e749981a64a75,
    title = "Testing the Trustworthiness of IC Testing: An Oracle-Less Attack on IC Camouflaging",
    abstract = "Test of integrated circuits (ICs) is essential to ensure their quality; the test is meant to prevent defective and out-of-spec ICs from entering into the supply chain. The test is conducted by comparing the observed IC output with the expected test responses for a set of test patterns; the test patterns are generated using automatic test pattern generation algorithms. Existing test-pattern generation algorithms aim to achieve higher fault coverage at lower test costs. In an attempt to reduce the size of test data, these algorithms reveal the maximum information about the internal circuit structure. This is realized through sensitizing the internal nets to the outputs as much as possible, unintentionally leaking the secrets embedded in the circuit as well. In this paper, we present HackTest, an attack that extracts secret information generated in the test data, even if the test data do not explicitly contain the secret. HackTest can break the existing intellectual property protection techniques, such as camouflaging, within 2 min for our benchmarks using only the camouflaged layout and the test data. HackTest applies to all existing camouflaged gate-selection techniques and is successful even in the presence of the state-of-The-Art test infrastructure, i.e., test data compression circuits. Our attack necessitates that the IC test data generation algorithms can be reinforced with security.",
    keywords = "hardware security, IC camouflaging, IP piracy, reverse engineering, VLSI testing",
    author = "Muhammad Yasin and Ozgur Sinanoglu and Jeyavijayan Rajendran",
    year = "2017",
    month = "11",
    day = "1",
    doi = "10.1109/TIFS.2017.2710954",
    language = "English (US)",
    volume = "12",
    pages = "2668--2682",
    journal = "IEEE Transactions on Information Forensics and Security",
    issn = "1556-6013",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",
    number = "11",

    }

    TY - JOUR

    T1 - Testing the Trustworthiness of IC Testing

    T2 - An Oracle-Less Attack on IC Camouflaging

    AU - Yasin, Muhammad

    AU - Sinanoglu, Ozgur

    AU - Rajendran, Jeyavijayan

    PY - 2017/11/1

    Y1 - 2017/11/1

    N2 - Test of integrated circuits (ICs) is essential to ensure their quality; the test is meant to prevent defective and out-of-spec ICs from entering into the supply chain. The test is conducted by comparing the observed IC output with the expected test responses for a set of test patterns; the test patterns are generated using automatic test pattern generation algorithms. Existing test-pattern generation algorithms aim to achieve higher fault coverage at lower test costs. In an attempt to reduce the size of test data, these algorithms reveal the maximum information about the internal circuit structure. This is realized through sensitizing the internal nets to the outputs as much as possible, unintentionally leaking the secrets embedded in the circuit as well. In this paper, we present HackTest, an attack that extracts secret information generated in the test data, even if the test data do not explicitly contain the secret. HackTest can break the existing intellectual property protection techniques, such as camouflaging, within 2 min for our benchmarks using only the camouflaged layout and the test data. HackTest applies to all existing camouflaged gate-selection techniques and is successful even in the presence of the state-of-The-Art test infrastructure, i.e., test data compression circuits. Our attack necessitates that the IC test data generation algorithms can be reinforced with security.

    AB - Test of integrated circuits (ICs) is essential to ensure their quality; the test is meant to prevent defective and out-of-spec ICs from entering into the supply chain. The test is conducted by comparing the observed IC output with the expected test responses for a set of test patterns; the test patterns are generated using automatic test pattern generation algorithms. Existing test-pattern generation algorithms aim to achieve higher fault coverage at lower test costs. In an attempt to reduce the size of test data, these algorithms reveal the maximum information about the internal circuit structure. This is realized through sensitizing the internal nets to the outputs as much as possible, unintentionally leaking the secrets embedded in the circuit as well. In this paper, we present HackTest, an attack that extracts secret information generated in the test data, even if the test data do not explicitly contain the secret. HackTest can break the existing intellectual property protection techniques, such as camouflaging, within 2 min for our benchmarks using only the camouflaged layout and the test data. HackTest applies to all existing camouflaged gate-selection techniques and is successful even in the presence of the state-of-The-Art test infrastructure, i.e., test data compression circuits. Our attack necessitates that the IC test data generation algorithms can be reinforced with security.

    KW - hardware security

    KW - IC camouflaging

    KW - IP piracy

    KW - reverse engineering

    KW - VLSI testing

    UR - http://www.scopus.com/inward/record.url?scp=85029423877&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85029423877&partnerID=8YFLogxK

    U2 - 10.1109/TIFS.2017.2710954

    DO - 10.1109/TIFS.2017.2710954

    M3 - Article

    VL - 12

    SP - 2668

    EP - 2682

    JO - IEEE Transactions on Information Forensics and Security

    JF - IEEE Transactions on Information Forensics and Security

    SN - 1556-6013

    IS - 11

    M1 - 7937844

    ER -