TY - GEN
T1 - GNNUnlock
T2 - 2021 Design, Automation and Test in Europe Conference and Exhibition, DATE 2021
AU - Alrahis, Lilas
AU - Patnaik, Satwik
AU - Khalid, Faiq
AU - Hanif, Muhammad Abdullah
AU - Saleh, Hani
AU - Shafique, Muhammad
AU - Sinanoglu, Ozgur
N1 - Funding Information:
ACKNOWLEDGEMENTS This work was carried out in part on the High-Performance Computing resources at Khalifa University. Besides, this work is supported in part by the Center for Cyber Security (CCS) at New York University Abu Dhabi (NYUAD).
Publisher Copyright:
© 2021 EDAA.
PY - 2021/2/1
Y1 - 2021/2/1
N2 - Logic locking is a holistic design-for-trust technique that aims to protect the design intellectual property (IP) from untrustworthy entities throughout the supply chain. Functional and structural analysis-based attacks successfully circumvent state-of-the-art, provably secure logic locking (PSLL) techniques. However, such attacks are not holistic and target specific implementations of PSLL. Automating the detection and subsequent removal of protection logic added by PSLL while accounting for all possible variations is an open research problem. In this paper, we propose GNNUnlock, the first-of-its-kind oracle-less machine learning-based attack on PSLL that can identify any desired protection logic without focusing on a specific syntactic topology. The key is to leverage a well-trained graph neural network (GNN) to identify all the gates in a given locked netlist that belong to the targeted protection logic, without requiring an oracle. This approach fits perfectly with the targeted problem since a circuit is a graph with an inherent structure and the protection logic is a sub-graph of nodes (gates) with specific and common characteristics. GNNs are powerful in capturing the nodes' neighborhood properties, facilitating the detection of the protection logic. To rectify any misclassifications induced by the GNN, we additionally propose a connectivity analysis-based post-processing algorithm to successfully remove the predicted protection logic, thereby retrieving the original design. Our extensive experimental evaluation demonstrates that GNNUnlock is 99.24% - 100% successful in breaking various benchmarks locked using stripped-functionality logic locking [1], tenacious and traceless logic locking [2], and Anti-SAT [3]. Our proposed post-processing enhances the detection accuracy, reaching 100% for all of our tested locked benchmarks. Analysis of the results corroborates that GNNUnlock is powerful enough to break the considered schemes under different parameters, synthesis settings, and technology nodes. The evaluation further shows that GNNUnlock successfully breaks corner cases where even the most advanced state-of-the-art attacks [4], [5] fail. We also open source our attack framework [6].
AB - Logic locking is a holistic design-for-trust technique that aims to protect the design intellectual property (IP) from untrustworthy entities throughout the supply chain. Functional and structural analysis-based attacks successfully circumvent state-of-the-art, provably secure logic locking (PSLL) techniques. However, such attacks are not holistic and target specific implementations of PSLL. Automating the detection and subsequent removal of protection logic added by PSLL while accounting for all possible variations is an open research problem. In this paper, we propose GNNUnlock, the first-of-its-kind oracle-less machine learning-based attack on PSLL that can identify any desired protection logic without focusing on a specific syntactic topology. The key is to leverage a well-trained graph neural network (GNN) to identify all the gates in a given locked netlist that belong to the targeted protection logic, without requiring an oracle. This approach fits perfectly with the targeted problem since a circuit is a graph with an inherent structure and the protection logic is a sub-graph of nodes (gates) with specific and common characteristics. GNNs are powerful in capturing the nodes' neighborhood properties, facilitating the detection of the protection logic. To rectify any misclassifications induced by the GNN, we additionally propose a connectivity analysis-based post-processing algorithm to successfully remove the predicted protection logic, thereby retrieving the original design. Our extensive experimental evaluation demonstrates that GNNUnlock is 99.24% - 100% successful in breaking various benchmarks locked using stripped-functionality logic locking [1], tenacious and traceless logic locking [2], and Anti-SAT [3]. Our proposed post-processing enhances the detection accuracy, reaching 100% for all of our tested locked benchmarks. Analysis of the results corroborates that GNNUnlock is powerful enough to break the considered schemes under different parameters, synthesis settings, and technology nodes. The evaluation further shows that GNNUnlock successfully breaks corner cases where even the most advanced state-of-the-art attacks [4], [5] fail. We also open source our attack framework [6].
KW - Graph Neural Networks
KW - IP protection
KW - Logic locking
KW - Machine Learning
KW - Oracle-less attack
UR - http://www.scopus.com/inward/record.url?scp=85101923273&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85101923273&partnerID=8YFLogxK
U2 - 10.23919/DATE51398.2021.9474039
DO - 10.23919/DATE51398.2021.9474039
M3 - Conference contribution
AN - SCOPUS:85101923273
T3 - Proceedings -Design, Automation and Test in Europe, DATE
SP - 780
EP - 785
BT - Proceedings of the 2021 Design, Automation and Test in Europe, DATE 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 1 February 2021 through 5 February 2021
ER -