IC Protection and Logic Locking
Introduction to problem
We all know about IC’s – Integrated Chips. These chips are the basic fundamental building blocks of all the electronic devices we use today. When it comes to the part of the devices which are more famous or important, the security of the chip design becomes very important.
Usually, a chip is designed at one place and manufactured at other geographically place due to constraint over money, for cheap labor availability or minimize the cost. That is why most of the chips are manufactured in China and many companies set up their plants nearby so the security of these chips becomes very important.
Recently a case has come up where a Court ordered Samsung to pay over 3000 crores to Apple for use of designs of Apple.
Basically, we understand why the security of design is important.
Introduction to mechanism
The procedure of a chip from design to manufacturing is
NetList(logic design) -> Layout (a design layout provided to manufacturer) -> fabrication
Companies don’t sell the layouts to earn money and they can’t do it due to their bond with the company so theft of design occurs at some other part.
Actually, a person goes to market buys a chip and opens it to extract the design using IC Reverse Engineering. This process consists of mainly three steps
- Package teardown
- Depackaging and delayering
- Imaging using SEM ( scanning through Electron Microscope)
First part teardown IC to find the layers. Second part de-package it by removing layer by layer. Each layer is made up of different metals and has some circuit over it. The third part is scanning those layers to extract the logic design. After successful design extraction, we can rebuild that architecture and pirate it.
How to prevent it?
One way is by obfuscating the architecture. This is achieved by using Key gates which effectively locks the circuit.
It is like putting some extra gate in the circuit to make it obfuscate. A person who gets the design would be able to get the logic circuit out of it only when he knows the values of those Key gates that we put there knowingly. The actual answer of the key gates is known to authorized users only. This way we can secure our logic circuit.
The types of gates used are: XOR/XNOR based gates, MUX based gates, LUT based gates
The types of algorithms to insert those Key Gates are: Random, fault analysis, interference analysis
How the insertion of these key gates ensure the security?
Each Key gate behave as a lock in the circuit and without inserting the right key you can’t get the correct output, so you need the key. Even if a person steals the IC and tries to find the design he can’t extract the exact circuit unless he knows the key. So overall price concludes over finding the key.
How to attack such security?
One Naive answer is a brute force but it is feasible only when the key is small else it is computationally infeasible.
Another type of Attack is a SAT-based attack. This attack cannot be prevented by any means by this date. It uses SAT Solver to attack the circuit by formulating a boolean function and predicting key iteratively. The basic idea of SAT-based attack is to find those inputs for which we can distinguish between correct and incorrect keys. As SAT is a very time-consuming algorithm thus one need to have high computational resources to find the key.
How to prevent SAT-based Attacks?
In each iteration of SAT Solver, it will definitely be able to eliminate one incorrect key. So the task of design engineers is to make such a design that during a SAT-based attack the SAT solver is able to decide the only key as incorrect in one iteration to make the attack exhaustive and unfeasible.
How to implement such a design?
There are many techniques three of them are:
- SAR Lock Protection Scheme
- TT Lock Protection Scheme
- SFLL Stripped functionality Logic Lock
What I Propose?
I think we can use a similar kind of security feature used in blockchain and bitcoin to protect it against any malicious attack. If the time required by an adversary to find the key is more than the time in which our Key changes then this kind of attack can be prevented. This idea still needs to be explored and experimented.
These hardware need protection as they are at the core of the business.
We are still unable to fully secure these circuits as there exists one attack that can find the key.