TY - JOUR
T1 - Hide and Seek
T2 - Seeking the (Un)-Hidden Key in Provably-Secure Logic Locking Techniques
AU - Patnaik, Satwik
AU - Limaye, Nimisha
AU - Sinanoglu, Ozgur
N1 - Publisher Copyright:
© 2005-2012 IEEE.
PY - 2022
Y1 - 2022
N2 - Logic locking is a holistic countermeasure that protects an integrated circuit (IC) from hardware-focused threats such as piracy of design intellectual property and unauthorized overproduction throughout the globalized IC supply chain. Out of the several techniques proposed by the hardware security community, provably-secure logic locking (PSLL) has acquired a foothold due to its algorithmic and provable-security guarantees. However, the security of these techniques are regularly questioned by attackers that exploit the vulnerabilities arising from the underlying hardware implementation. Unfortunately, such attacks (i) are predominantly specific to locking techniques and (ii) lack generality and scalability. This leads to a plethora of attacks and researchers, especially defenders, find it challenging to ascertain the security of newly developed PSLL techniques. Additionally, there is no public repository of locked circuits that attackers can use to benchmark (and compare) their developed attacks. Driven by these challenges, we aim to develop a generalized attack that can recover the secret key across a breadth of PSLL techniques. To that end, we first categorize the existing PSLL techniques into two generic categories. Then, we extract functional and structural properties depending on the underlying hardware construction of the PSLL techniques and develop two attacks based on the concepts of VLSI testing and Boolean transformations. We evaluate our attacks on 30,000 locked circuits across 14 PSLL techniques, including nine unbroken techniques. Our attacks successfully recover the secret key (100% accuracy) for all the considered techniques. Further, our experimentation across different (i) technology libraries, (ii) commercial and academic synthesis tools, and (iii) logic optimization settings provide several interesting insights. For instance, our attacks can recover the secret key by only using the locked circuit when an academic synthesis tool is used. Additionally, designers can use our attacks as a verification tool to ascertain the lower-bound security achieved by hardware implementations. Finally, we release our artifacts, which could help foster the development of future attacks and defenses in the PSLL domain.
AB - Logic locking is a holistic countermeasure that protects an integrated circuit (IC) from hardware-focused threats such as piracy of design intellectual property and unauthorized overproduction throughout the globalized IC supply chain. Out of the several techniques proposed by the hardware security community, provably-secure logic locking (PSLL) has acquired a foothold due to its algorithmic and provable-security guarantees. However, the security of these techniques are regularly questioned by attackers that exploit the vulnerabilities arising from the underlying hardware implementation. Unfortunately, such attacks (i) are predominantly specific to locking techniques and (ii) lack generality and scalability. This leads to a plethora of attacks and researchers, especially defenders, find it challenging to ascertain the security of newly developed PSLL techniques. Additionally, there is no public repository of locked circuits that attackers can use to benchmark (and compare) their developed attacks. Driven by these challenges, we aim to develop a generalized attack that can recover the secret key across a breadth of PSLL techniques. To that end, we first categorize the existing PSLL techniques into two generic categories. Then, we extract functional and structural properties depending on the underlying hardware construction of the PSLL techniques and develop two attacks based on the concepts of VLSI testing and Boolean transformations. We evaluate our attacks on 30,000 locked circuits across 14 PSLL techniques, including nine unbroken techniques. Our attacks successfully recover the secret key (100% accuracy) for all the considered techniques. Further, our experimentation across different (i) technology libraries, (ii) commercial and academic synthesis tools, and (iii) logic optimization settings provide several interesting insights. For instance, our attacks can recover the secret key by only using the locked circuit when an academic synthesis tool is used. Additionally, designers can use our attacks as a verification tool to ascertain the lower-bound security achieved by hardware implementations. Finally, we release our artifacts, which could help foster the development of future attacks and defenses in the PSLL domain.
KW - Key recovery
KW - provably secure logic locking
UR - http://www.scopus.com/inward/record.url?scp=85139393761&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85139393761&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2022.3207361
DO - 10.1109/TIFS.2022.3207361
M3 - Article
AN - SCOPUS:85139393761
SN - 1556-6013
VL - 17
SP - 3290
EP - 3305
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
ER -