Abstract
In the growing heterogeneous Internet of Things market, which embraces a plurality of vendors and service providers, IP protection plays a central role. This paper proposes a process for the detection of IP theft in VLSI devices that exploits the internal test scan chains, designed for production test automation. The scan chains supply direct access to the internal registers in the device, enabling combinational analysis of the device logic. By using Boolean function learning methods, the learner creates a partial dependence graph of the internal flip-flops. The graph is further partitioned using the shared nearest neighbors graph clustering method, and individual blocks of combinational logic are isolated. These blocks can be matched with known building blocks that compose the original function. This enables reconstruction of the function implementation to the level of pipeline structure. The IP owner can compare the resulting structure with his own implementation to confirm whether an IP violation has occurred. We demonstrate the power of the presented approach with a test case of an open source Bitcoin SHA-256 accelerator, containing more than 80 000 registers. With the presented method, we discover the microarchitecture of the module, locate all the main components of the SHA-256 algorithm, and learn the module's flow control. In addition to the direct recognition of the IP content, we also demonstrate a combination of reverse engineering and watermark methods. We define a new watermark structure - pipeline-associated watermark (PAW), combined with pipeline stages that can be detected with the scan-based reverse engineering method.
Original language | English |
---|---|
Article number | 7967626 |
Pages (from-to) | 3268-3280 |
Number of pages | 13 |
Journal | IEEE Transactions on Very Large Scale Integration (VLSI) Systems |
Volume | 25 |
Issue number | 12 |
DOIs | |
State | Published - Dec 2017 |
Bibliographical note
Publisher Copyright:© 1993-2012 IEEE.
Keywords
- Hardware security
- intellectual property protection
- reverse engineering
- scan side channel
- side channel attacks
ASJC Scopus subject areas
- Software
- Hardware and Architecture
- Electrical and Electronic Engineering