TY - JOUR
T1 - RESCUE
T2 - Resilient, Scalable, High-Corruption, Compact-Key-Set Locking Framework
AU - Limaye, Nimisha
AU - Sinanoglu, Ozgur
N1 - Funding Information:
This work was supported in part by the Center for Cyber Security (CCS), New York University New York/Abu Dhabi (NYU/NYUAD) and in part by the Defense Advanced Research Projects Agency (DARPA)'s Automatic Implementation of Secure Silicon Program under Contract M2002062. This article was recommended by Associate Editor Y. Jin
Publisher Copyright:
© 2022 IEEE.
PY - 2023/9/1
Y1 - 2023/9/1
N2 - Logic locking has gained traction for protecting the intellectual property (IP) of integrated circuits (ICs) from untrusted foundries, test facilities, and end users. A working chip or an oracle is a significant resource for an attacker to retrieve the secret locking key. Recently, a radically different logic locking shield (DisORC) was proposed to safeguard an IC against oracle-guided attacks such as satisfiability (SAT)-based attacks which rely on scan access. This scheme was shown to be resilient on larger circuits with large sequential depths; however, it fails to protect smaller circuits, such as specialized controllers, even for large key sizes as attacks can succeed even without scan access. A truly random logic locking (TRLL) technique was proposed to thwart learning-based attacks, by making random decisions on absorbing inverters in the design into key-gates. However, small design blocks may not contain enough inverters to replace, and thereby when locked with TRLL, they may not resist learning-based attacks. Further, for large key sizes, high corruption schemes, such as TRLL, produce multiple correct keys, simplifying the key recovery for an attacker. In this work, we propose a scalable, learning-resilient, high-corruption technique to protect even small design blocks from all known oracle-less and oracle-guided attacks all the while returning only a few correct keys. Our technique 1) randomly generates enough inversions in the design to provably thwart learning-based attacks; 2) strategically inserts key-gates to return only a few correct keys and obtain high output corruption; and 3) heuristically selects key-gate locations to improve resilience against sequential SAT-based attacks. We regress our technique on 14 representative ISCAS-89 and ITC-99 benchmarks.
AB - Logic locking has gained traction for protecting the intellectual property (IP) of integrated circuits (ICs) from untrusted foundries, test facilities, and end users. A working chip or an oracle is a significant resource for an attacker to retrieve the secret locking key. Recently, a radically different logic locking shield (DisORC) was proposed to safeguard an IC against oracle-guided attacks such as satisfiability (SAT)-based attacks which rely on scan access. This scheme was shown to be resilient on larger circuits with large sequential depths; however, it fails to protect smaller circuits, such as specialized controllers, even for large key sizes as attacks can succeed even without scan access. A truly random logic locking (TRLL) technique was proposed to thwart learning-based attacks, by making random decisions on absorbing inverters in the design into key-gates. However, small design blocks may not contain enough inverters to replace, and thereby when locked with TRLL, they may not resist learning-based attacks. Further, for large key sizes, high corruption schemes, such as TRLL, produce multiple correct keys, simplifying the key recovery for an attacker. In this work, we propose a scalable, learning-resilient, high-corruption technique to protect even small design blocks from all known oracle-less and oracle-guided attacks all the while returning only a few correct keys. Our technique 1) randomly generates enough inversions in the design to provably thwart learning-based attacks; 2) strategically inserts key-gates to return only a few correct keys and obtain high output corruption; and 3) heuristically selects key-gate locations to improve resilience against sequential SAT-based attacks. We regress our technique on 14 representative ISCAS-89 and ITC-99 benchmarks.
KW - High output corruption
KW - large-scale locking
KW - learning-resilient
KW - logic locking
KW - sequential satisfiability (SAT)-based attacks
UR - http://www.scopus.com/inward/record.url?scp=85146244963&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85146244963&partnerID=8YFLogxK
U2 - 10.1109/TCAD.2022.3231174
DO - 10.1109/TCAD.2022.3231174
M3 - Article
AN - SCOPUS:85146244963
SN - 0278-0070
VL - 42
SP - 2826
EP - 2838
JO - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
JF - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
IS - 9
ER -