The Evolution of Logic Locking: Towards Next Generation Logic Locking Countermeasures
Date
2021
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
The globalization of the design and implementation of integrated circuits has drastically increased, particularly in the past two decades. This is when high-tech companies try (1) to reduce the cost of manufacturing, (2) to access technology that is inclusively available by a limited number of suppliers, (3) to reduce time to market, and (4) to meet the market demand. However, it results in emerging many security threats and trust challenges. Some of these threats include Hardware Trojan insertion, reverse engineering, and IP theft. To combat these threats, numerous Design-for-Trust (DfTr) techniques have been proposed, one of them is logic obfuscation, a.k.a logic locking. In logic locking, the designer adds post-manufacturing programmability into the design controlled by programmable values referred to as the key. The key value is driven from an on-chip tamper-proof non-volatile memory (tpNVM), and it will be initiated after fabrication via a trusted party. The security and the strength of the primitive logic locking techniques have been called into question by various attacks, especially by the Boolean satisfiability (SAT) based attack. To thwart the SAT attack, over the past few years, researchers have investigated different directions, such as point function techniques, cyclic-based locking, and behavioral logic locking. However, many of them are vulnerable to newer attacks. The main aim of this thesis is to open a new direction as a means of logic locking. Unlike almost all previous logic locking solutions that rely on XOR-based locking, we will investigate and evaluate non-XOR-based logic locking solutions, including LUT-based and MUX-based logic locking. We first introduce LUT-Lock as a LUT-based logic locking technique, which relies on some heuristic placement strategies. LUT-Lock is resilient against the existing attacks, especially the SAT attack. However, our comprehensive design space exploration on LUT-based logic locking shows its inefficiency (in terms of overhead) compared to other techniques making this form almost impractical. Then, we introduce Full-Lock as a new MUX-based routing locking solution. We show how MUX-based routing blocks could create SAT-hard instances while the overhead is considerably lower than the LUT-based locking solution. Although Full-Lock guarantees the resiliency against state-of-the-art attacks, we introduce a new attack, called CP&SAT, in which a satisfiability-based routing optimization will be introduced showing how routing-based locking techniques are still vulnerable. With this in mind, we introduce a security-enhanced routing locking technique, called InterLock. Interlock mitigates the weakness of existing routing-based obfuscation techniques against the proposed CP&SAT attack. In InterLock, the routing modules are intercorrelated with actual logic gates. Hence, since the logic is truly twisted with routing all controlled by the key, the adversary cannot convert and model the routing modules using the satisfiability-based routing optimization techniques, and then the CP&SAT attack is no longer applicable to them. We implement InterLock based on three different technologies: (1) transmission-gate (Tgate) CMOS, (2) programmable-via using anti-fuse elements (PVIA), and (3) three-independent-gate field-effect transistors (TIGFET). It helps us to provide a better illustration of the area/delay overhead of routing-based locking. We also show that by implementing in the lower level of abstraction, the area/delay overhead of InterLock could be even below ~10% to make the design resilient against the prevailing attacks at a reasonable area overhead. Since the availability of design-for-testability (DFT) structure, i.e. scan chain pins, is a mandatory requirement of the powerful SAT attack or its derivatives, we also take a step further, and by introducing SCRAMBLE, we evaluate the possibility of using MUX-based routing blocks as a means for locking the DFT. By locking the DFT structure, the SAT attack fails to be applied on SCRAMBLE-locked circuits. We also investigate the modeling/mapping of the logic using small-size memories optimized using the input-multiplexing technique. We will show how the integration of logic in memory and routing blocks will resist different de-obfuscation attacks at low overhead with no test compromising. Apart from locking the DFT structure, we also propose a key-trapped design-for-security (kt-DFS) architecture, which is a DFT blockage mechanism that limits/blocks any unauthorized access to the scan chain. DFT blockage techniques provide resiliency against a wide range of de-obfuscation attacks at lower overhead compared to DFT locking techniques. In kt-DFS, we introduce a new scan chain secure cell, which is designated for safeguarding the logic locking key against any form of key leakage. We will evaluate and compare kt-DFS with other state-of-the-art logic-locking-oriented DFS architectures in terms of overhead, test coverage, and leakage.