Using Scan Side Channel to Detect IP Theft

Similar documents
Instructions. Final Exam CPSC/ELEN 680 December 12, Name: UIN:

Objectives. Combinational logics Sequential logics Finite state machine Arithmetic circuits Datapath

Asynchronous IC Interconnect Network Design and Implementation Using a Standard ASIC Flow

CS61C : Machine Structures

Jin-Fu Li Advanced Reliable Systems (ARES) Laboratory. National Central University

Testability: Lecture 23 Design for Testability (DFT) Slide 1 of 43

nmos transistor Basics of VLSI Design and Test Solution: CMOS pmos transistor CMOS Inverter First-Order DC Analysis CMOS Inverter: Transient Response

Design for Testability

Low Power VLSI Circuits and Systems Prof. Ajit Pal Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

ECE 301 Digital Electronics

Spring 2017 EE 3613: Computer Organization Chapter 5: The Processor: Datapath & Control - 1

Logic Design ( Part 3) Sequential Logic- Finite State Machines (Chapter 3)

Based on slides/material by. Topic 14. Testing. Testing. Logic Verification. Recommended Reading:

Lecture 23 Design for Testability (DFT): Full-Scan (chapter14)

Lecture 23 Design for Testability (DFT): Full-Scan

for Digital IC's Design-for-Test and Embedded Core Systems Alfred L. Crouch Prentice Hall PTR Upper Saddle River, NJ

Level and edge-sensitive behaviour

Bubble Razor An Architecture-Independent Approach to Timing-Error Detection and Correction

Chapter 5 Synchronous Sequential Logic

ELCT201: DIGITAL LOGIC DESIGN

MULTI-CYCLE AT SPEED TEST. A Thesis MALLIKA SHREE POKHAREL

Timing with Virtual Signal Synchronization for Circuit Performance and Netlist Security

Experiment # 12. Traffic Light Controller

ECE321 Electronics I

TKK S ASIC-PIIRIEN SUUNNITTELU

EEC 118 Lecture #9: Sequential Logic. Rajeevan Amirtharajah University of California, Davis Jeff Parkhurst Intel Corporation

Encrypt Flip-Flop: A Novel Logic Encryption Technique For Sequential Circuits

Retiming Sequential Circuits for Low Power

COMP2611: Computer Organization. Introduction to Digital Logic

Testing Sequential Circuits

Overview: Logic BIST

12-bit Wallace Tree Multiplier CMPEN 411 Final Report Matthew Poremba 5/1/2009

Random Access Scan. Veeraraghavan Ramamurthy Dept. of Electrical and Computer Engineering Auburn University, Auburn, AL

COE328 Course Outline. Fall 2007

Synchronization in Asynchronously Communicating Digital Systems

The basic logic gates are the inverter (or NOT gate), the AND gate, the OR gate and the exclusive-or gate (XOR). If you put an inverter in front of

2.6 Reset Design Strategy

Lecture 17: Introduction to Design For Testability (DFT) & Manufacturing Test

CPS311 Lecture: Sequential Circuits

Module 8. Testing of Embedded System. Version 2 EE IIT, Kharagpur 1

Peak Dynamic Power Estimation of FPGA-mapped Digital Designs

VLSI System Testing. BIST Motivation

Testing the Trustworthiness of IC Testing: An Oracle-less Attack on IC Camouflaging

UNIT IV CMOS TESTING. EC2354_Unit IV 1

Metastability Analysis of Synchronizer

Design Project: Designing a Viterbi Decoder (PART I)

Lecture 11: Synchronous Sequential Logic

problem maximum score 1 28pts 2 10pts 3 10pts 4 15pts 5 14pts 6 12pts 7 11pts total 100pts

Chapter 8 Design for Testability

Research Article Ring Counter Based ATPG for Low Transition Test Pattern Generation

L11/12: Reconfigurable Logic Architectures

140 IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 12, NO. 2, FEBRUARY 2004

Administrative issues. Sequential logic

Further Details Contact: A. Vinay , , #301, 303 & 304,3rdFloor, AVR Buildings, Opp to SV Music College, Balaji

Department of Electrical and Computer Engineering University of Wisconsin Madison. Fall Final Examination CLOSED BOOK

Sequential Circuit Design: Principle

REDUCING DYNAMIC POWER BY PULSED LATCH AND MULTIPLE PULSE GENERATOR IN CLOCKTREE

CS3350B Computer Architecture Winter 2015

L5 Sequential Circuit Design

Logic Design II (17.342) Spring Lecture Outline

Power Efficient Design of Sequential Circuits using OBSC and RTPG Integration

4. Formal Equivalence Checking

Sequential Design Basics

Final Exam CPSC/ECEN 680 May 2, Name: UIN:

Combinational vs Sequential

EECS150 - Digital Design Lecture 3 Synchronous Digital Systems Review. Announcements

Memory elements. Topics. Memory element terminology. Variations in memory elements. Clock terminology. Memory element parameters. clock.

CHAPTER 4 RESULTS & DISCUSSION

Boolean, 1s and 0s stuff: synthesis, verification, representation This is what happens in the front end of the ASIC design process

K.T. Tim Cheng 07_dft, v Testability

Scan. This is a sample of the first 15 pages of the Scan chapter.

Clock Gate Test Points

CS 110 Computer Architecture. Finite State Machines, Functional Units. Instructor: Sören Schwertfeger.

CMOS Testing-2. Design for testability (DFT) Design and Test Flow: Old View Test was merely an afterthought. Specification. Design errors.

To design a sequential logic circuit using D-Flip-flop. To implement the designed circuit.

Previous Lecture Sequential Circuits. Slide Summary of contents covered in this lecture. (Refer Slide Time: 01:55)

Based on slides/material by. Topic Testing. Logic Verification. Testing

Figure.1 Clock signal II. SYSTEM ANALYSIS

Outline. EECS150 - Digital Design Lecture 27 - Asynchronous Sequential Circuits. Cross-coupled NOR gates. Asynchronous State Transition Diagram

COPY RIGHT. To Secure Your Paper As Per UGC Guidelines We Are Providing A Electronic Bar Code

Using on-chip Test Pattern Compression for Full Scan SoC Designs

First Name Last Name November 10, 2009 CS-343 Exam 2

DC Ultra. Concurrent Timing, Area, Power and Test Optimization. Overview

Sequential Logic Notes

Reconfigurable FPGA Implementation of FIR Filter using Modified DA Method

Dev Bhoomi Institute Of Technology Department of Electronics and Communication Engineering PRACTICAL INSTRUCTION SHEET

Lecture 18 Design For Test (DFT)

Unit V Design for Testability

EE141-Fall 2010 Digital Integrated Circuits. Announcements. Homework #8 due next Tuesday. Project Phase 3 plan due this Sat.

Combinational / Sequential Logic

Course Administration

Sequential Logic Circuits

Full scan testing of handshake circuits. Frank J. te Beest

EXPERIMENT: 1. Graphic Symbol: OR: The output of OR gate is true when one of the inputs A and B or both the inputs are true.

Bachelor Level/ First Year/ Second Semester/ Science Full Marks: 60 Computer Science and Information Technology (CSc. 151) Pass Marks: 24

CS 151 Final. Instructions: Student ID. (Last Name) (First Name) Signature

Controlling Peak Power During Scan Testing

More Digital Circuits

Unit 11. Latches and Flip-Flops

Hybrid STT-CMOS Designs for Reverse-engineering Prevention

Transcription:

Using Scan Side Channel to Detect IP Theft Leonid Azriel, Ran Ginosar, Avi Mendelson Technion Israel Institute of Technology Shay Gueron, University of Haifa and Intel Israel 1

Outline IP theft issue in SoC Reverse Engineering with Scan Junta Learning Clustering and Graph Completion The Test Case: BitCoin SHA-256 Conclusions 2

IP Piracy Modern SoC development mode: global and distributed IP passes dozens of hands IP block 2 IP block 1 Integration Fabrication IP block 3 Backend Issue of Trust Test

Preventing IP theft Watermarks allow identification without altering the function State Machine Encoding Constraints on physical layout More Detection Proof Forensic techniques Direct detection 4

Outline IP theft issue Reverse Engineering with Scan Junta Learning Clustering and Graph Completion The Test Case: BitCoin SHA-256 Conclusions 5

Reverse Engineering of an ASIC Phase 1 Invasive Physical Circuit Delayering SEM Nanoscale Imaging Cross-section Phase 2 Algorithmic Circuit Spec FSM Extraction Model Checking SAT 6

Reverse Engineering of an ASIC Phase 1 Invasive Physical Circuit Delayering SEM Nanoscale Imaging Cross-section Phase 2 Algorithmic Circuit Spec FSM Extraction Model Checking SAT Solvers Scan Side Channel makes phase 1 non-invasive 7

The Scan Technique Goal: automate production testing 8

The Scan Technique Need to verify every net is functional 9

The Scan Technique Sequential Cells (FFs / Latches) 10

The Scan Technique Scan Insertion 11

The Scan Technique Production Tester 010 Shift In 12

The Scan Technique Production Tester 1 0 0 1 1 Capture 13

The Scan Technique Production Tester 0 1 1 0 0 Shift Out 14

Unfolding Sequential Circuits with Scan Combinational Function Scan turns the SoC to a stateless circuit Mapped to the Boolean Function Learning problem: {0,1} n {0,1} n Exhaustive Search: Extract the Truth Table by running queries for all inputs Exponential Size 15

Unfolding Sequential Circuits with Scan 0 1 0 0 0 Combinational Function Scan turns the ASIC to a stateless circuit F = 1 1 0 0 1 0 1 1................. Mapped to the Boolean Function Learning problem: {0,1} n {0,1} n Exhaustive Search: Extract the Truth Table by running queries for all inputs Exponential Size: 2Number of Registers 16

Unfolding Sequential Circuits with Scan 0 1 0 0 0 Combinational Function Scan turns the ASIC to a stateless circuit F = 1 1 0 0 1 0 1 1................. Mapped to the Boolean Function Learning problem: {0,1} n {0,1} n Exhaustive Search: Extract the Truth Table by running queries for all inputs Exponential Size: 2 n 17

Outline IP theft issue Reverse Engineering with Scan Junta Learning Clustering and Graph Completion The Test Case: BitCoin SHA-256 Conclusions 18

Limited Transitive Fan-in In practice, logic cones have limited number of inputs: Transitive Fan In = K 19

Dependency Graph Flip-flop Outputs Flip-flop Inputs Bipartite graph represents flip-flop dependencies The goal: Find dependencies Complexity: 2 n 2 k : Scalable with the chip size 20

The K-Junta Algorithm y f (), x x { x, x,, x, x, x,, x} 1 2 i i1 j n f x Generate random queries y () 21

The K-Junta Algorithm y f (), x x { x, x,, x, x, x,, x} 1 2 i i1 j n a {0,0, 0,0,0,0,0,,0,0},f(a) 0 f x Generate random queries y () b {1,0, 1,0,1,0,0,,0,1},f(b) 1 22

The K-Junta Algorithm y f (), x x { x, x,, x, x, x,, x} 1 2 i i1 j n a {0,0, 0,0,0,0,0,,0,0},f(a) 0 a { 1,0, 0,0,0,0,0,,0,0},f() a 0 b {1,0, 1,0,1,0,0,,0,1},f(b) 1 23

The K-Junta Algorithm y f (), x x { x, x,, x, x, x,, x} 1 2 i i1 j n a {0,0, 0,0,0,0,0,,0,0},f(a) 0 a { 1,0, 0,0,0,0,0,,0,0},f() a 0 a {1,0, 1,0,0,0,0,,0,0},f() a 0 b {1,0, 1,0,1,0,0,,0,1},f(b) 1 24

The K-Junta Algorithm y f (), x x { x, x,, x, x, x,, x} 1 2 i i1 j n a {0,0, 0,0,0,0,0,,0,0},f(a) 0 a { 1,0, 0,0,0,0,0,,0,0},f() a 0 a {1,0, 1,0,0,0,0,,0,0},f() a 0 a {1,0, 1,0, 1,0,0,,0,0},f() a 1 b {1,0, 1,0,1,0,0,,0,1},f(b) 1 25

The K-Junta Algorithm y f (), x x { x, x,, x, x, x,, x} 1 2 i i1 j n a {0,0, 0,0,0,0,0,,0,0},f(a) 0 a { 1,0, 0,0,0,0,0,,0,0},f() a 0 a {1,0, 1,0,0,0,0,,0,0},f() a 0 a {1,0, 1,0, 1,0,0,,0,0},f() a 1 O nlog nk2 k b {1,0, 1,0,1,0,0,,0,1},f(b) 1 Relevant Variable 26

Partial Dependency Graph Flip-flop Outputs Flip-flop Inputs If k is too high Partial dependency graph Influence = sensitivity of a function to a variable K-Junta works for Influence >1/2 K 27

Outline IP theft issue Reverse Engineering with Scan Junta Learning Clustering and Graph Completion The Test Case: BitCoin SHA-256 Conclusions 28

The Adder Example n n-1 n-2 n-3 4 3 2 1 Dependencies across many bits are not likely to appear Influence too low Close neighbor dependencies are discovered Need to group all the nodes of the adder 29

SNN Clustering n n-1 n-2 n-3 4 3 2 1 Shared Nearest Neighbors Clustering Every pair of nodes with >threshold shared dependencies assigned to the same cluster 30

SNN Clustering Flip-flop Outputs Flip-flop Inputs Shared Nearest Neighbors Clustering Every pair of nodes with >threshold shared dependencies assigned to the same cluster 31

Enumeration of the Adder Nodes Fan-In Actual 4 3 2 1 Detected n n-1 n-2 n-3 4 3 2 1 Sort outputs in a cluster by their fan-in Sort inputs accordingly Handle the plateau by iterative enumeration Higher order inputs feed higher order outputs 32

Completing the graph Flip-flop Outputs Flip-flop Inputs Assuming the learner is looking for an adder Add dependencies of output bit i on all input bits 0 to i. 33

Outline IP theft issue Reverse Engineering with Scan Junta Learning Clustering and Graph Completion The Test Case: BitCoin SHA-256 Conclusions 34

SHA-256 Structure Mostly adders! 35

Learning Strategy The implementation is not known in advance But there are building blocks inherent to SHA- 256 7-way adder 5-way adder We search for structures that look like adders 36

BitCoin SHA-256 Accelerator Open source design from opencores.org Performance oriented, heavily pipelined ~80,000 registers Used a software simulator 37

After K-Junta and Clustering 64-sized clusters match 2 32-bit adders Compression Stage 32-sized clusters match 1 32-bit adder Message Schedule SNN Clustering Error Number of stages suggests two SHA-256 instances, but not necessarily 38

Zooming in into a cluster Sort by enumeration How to detect individual operands? Fan-in 300 250 200 150 100 50 0 1 11 21 31 41 51 61 Node in the sorted list 39

Detecting operands by fanout Fanout components Bit order Number of functions Function type 40

Returning to sequential Flip-flop Outputs Flip-flop Inputs Flattened Folded 41

Summary A novel method of IP theft detection By non-invasive reverse engineering with scan Boolean function analysis and graph methods Works with or without watermarks Learned a 80,000-register SHA-256 accelerator What next More test cases Detecting Trojan hardware 42

Thanks! 43

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback