Thwarting All Logic Locking Attacks: Dishonest Oracle with Truly Random Logic Locking

While logic locking is a promising defense to protect hardware designs, many attacks have been shown to undermine its security by retrieving the secret key. All the powerful attacks rely on a working chip, i.e., an oracle, and in particular, heavily use the test access. The proposed technique DisORC turns the oracle into a dishonest one whenever a potential attack is detected. DisORC works on the premise that structural testing of chips need not be performed with the correct functionality. We implement this capability by adding circuitry around a logic-locked design that reconfigures its functionality upon detecting access to scan chains. Any attempt to access scan chains disconnects the secret key from the circuit, and clears all of its traces, isolating and securing it. We also pair this defense with a truly random logic locking (TRLL) scheme that makes random decisions in inserting key gates and retaining signal polarities without relying on any logic synthesis technique to perform bubble pushing. Any netlist analysis-based attack, known or anticipated, will then learn nothing useful to infer the key values. The combined defense DisORC + TRLL thwarts oracle-based and netlist analysis-based attacks while delivering sufficient corruption levels at the outputs. We also show that the proposed defense is cost effective and can be integrated into the design flow easily. The proposed logic locking defense provides protection against untrusted foundry, testing facility, end users, and any combination of them colluding together.