Side-Channel Attacks

Apart from the previously mentioned attacks that exploit the algorithmic weaknesses of logic locking techniques, logic locking is also vulnerable to the emerging class of side-channel attacks, which are the focus of this chapter. The chapter introduces four attacks on logic locking that exploit various side-channels to extract secret key. The differential power analysis attack utilizes the power consumption of a chip to determine the secret logic locking key. The test-data mining attack and the hill climbing attack determine the secret key from the test data. The de-synthesis attack extracts the key by leveraging the traces left in a netlist during logic synthesis. The attacks discussed so far in this book aim at exploiting the algorithmic weaknesses of logic locking techniques. However, secret information may also be leaked through side-channels such as power, electromagnetic radiation, and time [3, 4]. This chapter presents four representative side-channel attacks on logic locking. Section 10.1 presents the differential power analysis (DPA) attack on logic locking. Apart from the traditional side-channels such as timing and power, logic locking has also been shown to be vulnerable to newer classes of side-channel attacks that leverage the vulnerabilities associated with different stages of the IC design flow. Sections 10.2 and 10.3 present the test-data mining (TDM) attack and the hill climbing attack, respectively; both attacks exploit test data to extract sensitive information. Section 10.4 introduces the de-synthesis attack that derives the secret key from the information embedded in a netlist during logic synthesis.