Hardware Obfuscation: Techniques and Open Challenges

Abstract

There are many applications for IC reverse-engineering. While there are legitimate reasons for IC reverse-engineering, some have malicious intend such as as IP infringement and technological espionage. Particularly, Intellectual Property (IP) theft and counterfeit products are a major challenge for the industry. In many cases, the initial step in counterfeiting or stealing of IP is to reverse-engineer a chip or IP core in order to integrate the IP into one’s own design illegitimately. Hence, there are various reasons why hardware companies demands obfuscation methods to hamper reverse-engineering of their designs. For security-critical devices reverse-engineering can also be a potential attack vector. An adversary can leverage reverse-engineering to disclose internal details of the design in order to enable further attacks on the system. For example, implementation attacks such as side-channel or fault attacks exploit implementation structures and thus an attacker gaining knoledge of the used implementation and countermeasures gains a significant attack advantage. In addition to these malicious goals, reverse-engineering can also be used to detect patent infringements and IP theft as well as to identify Hardware Trojans. As a consequence, hardware obfuscation techniques that hamper reverse- engineering are of great interest. In this chapter, we present and discuss state-of-the-art hardware obfuscation techniques at two distinct levels. Hard- ware obfuscation at the layout level targets the extraction of the device’s netlist. To be more precise, the underlying principle is to prevent the distinct identification of combinatorial gates. In Section 1.2, we provide a summary of the proposed layout-level obfuscation techniques and additionally a security evaluation. However, not every case of IP piracy starts with reverse-engineering of the targeted Integrated Circuit (IC). For example, most IP provides do not manufacture their own chips, but only sell IP cores in the form of hard and soft IP cores. In these scenarios, the adversary is already in possession of the 3 4 1 Hardware Obfuscation: Techniques and Open Challenges netlist (without the need of IC reverse-engineering). In order to prevent the disclosure of internal details, obfuscation transforma- tions at the netlist level are required. In Section 1.3, we present and discuss the state-of-the-art proposed netlist-level obfuscation methods and automatic reverse-engineering capabilities. Furthermore, we address various limitations and open challenges for the different netlist-level obfuscation techniques.