TY - JOUR
T1 - Testing the Trustworthiness of IC Testing
T2 - An Oracle-Less Attack on IC Camouflaging
AU - Yasin, Muhammad
AU - Sinanoglu, Ozgur
AU - Rajendran, Jeyavijayan
N1 - Funding Information:
Manuscript received February 13, 2017; revised May 11, 2017; accepted May 22, 2017. Date of publication June 1, 2017; date of current version August 1, 2017. This work was supported in part by the Army Research Office under Grant 65513-CS, in part by the National Science Foundation, Division of Computer and Network Systems, under Grant 1652842, and in part by the New York University/New York University Abu Dhabi Center for Cyber Security. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Jean-Luc Danger. (Corresponding author: Muhammad Yasin.) M. Yasin is with New York University, Brooklyn, NY 11201 USA (e-mail: [email protected]).
PY - 2017/11
Y1 - 2017/11
N2 - Test of integrated circuits (ICs) is essential to ensure their quality; the test is meant to prevent defective and out-of-spec ICs from entering into the supply chain. The test is conducted by comparing the observed IC output with the expected test responses for a set of test patterns; the test patterns are generated using automatic test pattern generation algorithms. Existing test-pattern generation algorithms aim to achieve higher fault coverage at lower test costs. In an attempt to reduce the size of test data, these algorithms reveal the maximum information about the internal circuit structure. This is realized through sensitizing the internal nets to the outputs as much as possible, unintentionally leaking the secrets embedded in the circuit as well. In this paper, we present HackTest, an attack that extracts secret information generated in the test data, even if the test data do not explicitly contain the secret. HackTest can break the existing intellectual property protection techniques, such as camouflaging, within 2 min for our benchmarks using only the camouflaged layout and the test data. HackTest applies to all existing camouflaged gate-selection techniques and is successful even in the presence of the state-of-The-Art test infrastructure, i.e., test data compression circuits. Our attack necessitates that the IC test data generation algorithms can be reinforced with security.
AB - Test of integrated circuits (ICs) is essential to ensure their quality; the test is meant to prevent defective and out-of-spec ICs from entering into the supply chain. The test is conducted by comparing the observed IC output with the expected test responses for a set of test patterns; the test patterns are generated using automatic test pattern generation algorithms. Existing test-pattern generation algorithms aim to achieve higher fault coverage at lower test costs. In an attempt to reduce the size of test data, these algorithms reveal the maximum information about the internal circuit structure. This is realized through sensitizing the internal nets to the outputs as much as possible, unintentionally leaking the secrets embedded in the circuit as well. In this paper, we present HackTest, an attack that extracts secret information generated in the test data, even if the test data do not explicitly contain the secret. HackTest can break the existing intellectual property protection techniques, such as camouflaging, within 2 min for our benchmarks using only the camouflaged layout and the test data. HackTest applies to all existing camouflaged gate-selection techniques and is successful even in the presence of the state-of-The-Art test infrastructure, i.e., test data compression circuits. Our attack necessitates that the IC test data generation algorithms can be reinforced with security.
KW - IC camouflaging
KW - IP piracy
KW - VLSI testing
KW - hardware security
KW - reverse engineering
UR - http://www.scopus.com/inward/record.url?scp=85029423877&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85029423877&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2017.2710954
DO - 10.1109/TIFS.2017.2710954
M3 - Article
AN - SCOPUS:85029423877
SN - 1556-6013
VL - 12
SP - 2668
EP - 2682
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
IS - 11
M1 - 7937844
ER -