On the Security of Sequential Logic Locking Against Oracle-Guided Attacks

On the Security of Sequential Logic Locking Against Oracle-Guided Attacks

The Boolean satisfiability (SAT) attack is an oracle-guided attack that can break most combinational logic locking schemes by efficiently pruning out all the wrong keys from the search space. Extending such an attack to sequential logic locking requires multiple time-consuming rounds of SAT solving,...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on computer-aided design of integrated circuits and systems 2023-11, Vol.42 (11), p.1-1
Hauptverfasser: Hu, Yinghua, Zhang, Yuke, Yang, Kaixin, Chen, Dake, Beerel, Peter A., Nuzzo, Pierluigi
Format: Artikel
Sprache:eng
Schlagworte:
Circuits
Clocks
Cryptography
Electronics packaging
Hardware Security
Integrated circuit modeling
Keys
Locking
Logic
Logic Locking
Model checking
SAT-Based Attack
Sequential circuits
Time factors
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 1
container_issue 11
container_start_page 1
container_title IEEE transactions on computer-aided design of integrated circuits and systems
container_volume 42
creator Hu, Yinghua
Zhang, Yuke
Yang, Kaixin
Chen, Dake
Beerel, Peter A.
Nuzzo, Pierluigi
description The Boolean satisfiability (SAT) attack is an oracle-guided attack that can break most combinational logic locking schemes by efficiently pruning out all the wrong keys from the search space. Extending such an attack to sequential logic locking requires multiple time-consuming rounds of SAT solving, performed using an "unrolled" version of the sequential circuit, and model checking, used to determine the successful termination of the attack. This paper addresses these challenges by formally characterizing the relation between the minimum unrolling depth required to prune out the wrong keys of a SAT-based attack and a notion of functional corruptibility (FC) for sequential circuits, which can be efficiently estimated from a locked circuit to indicate the progress of a SAT-based attack. Based on this analysis, we present an FC-guided SAT-based attack that can significantly reduce unnecessary SAT and model checking tasks. We present two versions of the attack, namely, Fun-SAT and Fun-SAT+, based on whether the attacker has a priori knowledge of the key length. Fun-SAT aims to find the correct key sequence, while Fun-SAT+ aims to retrieve the correct initial state of the circuit. Numerical evaluation shows that Fun-SAT can be, on average, 90× faster than previous attacks against state-of-the-art locking methods. On the other hand, when using an approximate termination condition, Fun-SAT+ can find an initial state that leads to at most 0.1% FC in 76.9% instances that would otherwise time out after one day.
doi_str_mv 10.1109/TCAD.2023.3253428
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_2879381756</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10061617</ieee_id><sourcerecordid>2879381756</sourcerecordid><originalsourceid>FETCH-LOGICAL-c294t-6e9ddb98a39cc2a9774628c54e3a1334d3087b4bc4aa2864dc23d9b31c50d1ed3</originalsourceid><addsrcrecordid>eNpNkMFOAjEQhhujiYg-gImHJp4XO2132x43qEhCwkE8N922YAF3se0eeHuXwMHLzBy-f2byIfQIZAJA1MtqWr9OKKFswmjJOJVXaASKiYJDCddoRKiQBSGC3KK7lLaEAC-pGqH5ssX52-NPb_sY8hF362H-7X2bg9njRbcJdqh2F9oNrjcmtCnjZTR274tZH5x3uM7Z2F26Rzdrs0_-4dLH6Ov9bTX9KBbL2XxaLwpLFc9F5ZVzjZKGKWupUULwikpbcs8MMMYdI1I0vLHcGCor7ixlTjUMbEkceMfG6Pm89xC74c-U9bbrYzuc1FQKxSSIshooOFM2dilFv9aHGH5MPGog-mRMn4zpkzF9MTZkns6Z4L3_x5MKKhDsD0L-ZjQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2879381756</pqid></control><display><type>article</type><title>On the Security of Sequential Logic Locking Against Oracle-Guided Attacks</title><source>IEEE Electronic Library (IEL)</source><creator>Hu, Yinghua ; Zhang, Yuke ; Yang, Kaixin ; Chen, Dake ; Beerel, Peter A. ; Nuzzo, Pierluigi</creator><creatorcontrib>Hu, Yinghua ; Zhang, Yuke ; Yang, Kaixin ; Chen, Dake ; Beerel, Peter A. ; Nuzzo, Pierluigi</creatorcontrib><description>The Boolean satisfiability (SAT) attack is an oracle-guided attack that can break most combinational logic locking schemes by efficiently pruning out all the wrong keys from the search space. Extending such an attack to sequential logic locking requires multiple time-consuming rounds of SAT solving, performed using an "unrolled" version of the sequential circuit, and model checking, used to determine the successful termination of the attack. This paper addresses these challenges by formally characterizing the relation between the minimum unrolling depth required to prune out the wrong keys of a SAT-based attack and a notion of functional corruptibility (FC) for sequential circuits, which can be efficiently estimated from a locked circuit to indicate the progress of a SAT-based attack. Based on this analysis, we present an FC-guided SAT-based attack that can significantly reduce unnecessary SAT and model checking tasks. We present two versions of the attack, namely, Fun-SAT and Fun-SAT+, based on whether the attacker has a priori knowledge of the key length. Fun-SAT aims to find the correct key sequence, while Fun-SAT+ aims to retrieve the correct initial state of the circuit. Numerical evaluation shows that Fun-SAT can be, on average, 90× faster than previous attacks against state-of-the-art locking methods. On the other hand, when using an approximate termination condition, Fun-SAT+ can find an initial state that leads to at most 0.1% FC in 76.9% instances that would otherwise time out after one day.</description><identifier>ISSN: 0278-0070</identifier><identifier>EISSN: 1937-4151</identifier><identifier>DOI: 10.1109/TCAD.2023.3253428</identifier><identifier>CODEN: ITCSDI</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Circuits ; Clocks ; Cryptography ; Electronics packaging ; Hardware Security ; Integrated circuit modeling ; Keys ; Locking ; Logic ; Logic Locking ; Model checking ; SAT-Based Attack ; Sequential circuits ; Time factors</subject><ispartof>IEEE transactions on computer-aided design of integrated circuits and systems, 2023-11, Vol.42 (11), p.1-1</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c294t-6e9ddb98a39cc2a9774628c54e3a1334d3087b4bc4aa2864dc23d9b31c50d1ed3</citedby><cites>FETCH-LOGICAL-c294t-6e9ddb98a39cc2a9774628c54e3a1334d3087b4bc4aa2864dc23d9b31c50d1ed3</cites><orcidid>0000-0003-2984-0364 ; 0000-0002-3863-1196 ; 0000-0002-1596-6700 ; 0000-0002-8283-0168</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10061617$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>315,782,786,798,27933,27934,54767</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10061617$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Hu, Yinghua</creatorcontrib><creatorcontrib>Zhang, Yuke</creatorcontrib><creatorcontrib>Yang, Kaixin</creatorcontrib><creatorcontrib>Chen, Dake</creatorcontrib><creatorcontrib>Beerel, Peter A.</creatorcontrib><creatorcontrib>Nuzzo, Pierluigi</creatorcontrib><title>On the Security of Sequential Logic Locking Against Oracle-Guided Attacks</title><title>IEEE transactions on computer-aided design of integrated circuits and systems</title><addtitle>TCAD</addtitle><description>The Boolean satisfiability (SAT) attack is an oracle-guided attack that can break most combinational logic locking schemes by efficiently pruning out all the wrong keys from the search space. Extending such an attack to sequential logic locking requires multiple time-consuming rounds of SAT solving, performed using an "unrolled" version of the sequential circuit, and model checking, used to determine the successful termination of the attack. This paper addresses these challenges by formally characterizing the relation between the minimum unrolling depth required to prune out the wrong keys of a SAT-based attack and a notion of functional corruptibility (FC) for sequential circuits, which can be efficiently estimated from a locked circuit to indicate the progress of a SAT-based attack. Based on this analysis, we present an FC-guided SAT-based attack that can significantly reduce unnecessary SAT and model checking tasks. We present two versions of the attack, namely, Fun-SAT and Fun-SAT+, based on whether the attacker has a priori knowledge of the key length. Fun-SAT aims to find the correct key sequence, while Fun-SAT+ aims to retrieve the correct initial state of the circuit. Numerical evaluation shows that Fun-SAT can be, on average, 90× faster than previous attacks against state-of-the-art locking methods. On the other hand, when using an approximate termination condition, Fun-SAT+ can find an initial state that leads to at most 0.1% FC in 76.9% instances that would otherwise time out after one day.</description><subject>Circuits</subject><subject>Clocks</subject><subject>Cryptography</subject><subject>Electronics packaging</subject><subject>Hardware Security</subject><subject>Integrated circuit modeling</subject><subject>Keys</subject><subject>Locking</subject><subject>Logic</subject><subject>Logic Locking</subject><subject>Model checking</subject><subject>SAT-Based Attack</subject><subject>Sequential circuits</subject><subject>Time factors</subject><issn>0278-0070</issn><issn>1937-4151</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkMFOAjEQhhujiYg-gImHJp4XO2132x43qEhCwkE8N922YAF3se0eeHuXwMHLzBy-f2byIfQIZAJA1MtqWr9OKKFswmjJOJVXaASKiYJDCddoRKiQBSGC3KK7lLaEAC-pGqH5ssX52-NPb_sY8hF362H-7X2bg9njRbcJdqh2F9oNrjcmtCnjZTR274tZH5x3uM7Z2F26Rzdrs0_-4dLH6Ov9bTX9KBbL2XxaLwpLFc9F5ZVzjZKGKWupUULwikpbcs8MMMYdI1I0vLHcGCor7ixlTjUMbEkceMfG6Pm89xC74c-U9bbrYzuc1FQKxSSIshooOFM2dilFv9aHGH5MPGog-mRMn4zpkzF9MTZkns6Z4L3_x5MKKhDsD0L-ZjQ</recordid><startdate>20231101</startdate><enddate>20231101</enddate><creator>Hu, Yinghua</creator><creator>Zhang, Yuke</creator><creator>Yang, Kaixin</creator><creator>Chen, Dake</creator><creator>Beerel, Peter A.</creator><creator>Nuzzo, Pierluigi</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-2984-0364</orcidid><orcidid>https://orcid.org/0000-0002-3863-1196</orcidid><orcidid>https://orcid.org/0000-0002-1596-6700</orcidid><orcidid>https://orcid.org/0000-0002-8283-0168</orcidid></search><sort><creationdate>20231101</creationdate><title>On the Security of Sequential Logic Locking Against Oracle-Guided Attacks</title><author>Hu, Yinghua ; Zhang, Yuke ; Yang, Kaixin ; Chen, Dake ; Beerel, Peter A. ; Nuzzo, Pierluigi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c294t-6e9ddb98a39cc2a9774628c54e3a1334d3087b4bc4aa2864dc23d9b31c50d1ed3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Circuits</topic><topic>Clocks</topic><topic>Cryptography</topic><topic>Electronics packaging</topic><topic>Hardware Security</topic><topic>Integrated circuit modeling</topic><topic>Keys</topic><topic>Locking</topic><topic>Logic</topic><topic>Logic Locking</topic><topic>Model checking</topic><topic>SAT-Based Attack</topic><topic>Sequential circuits</topic><topic>Time factors</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Hu, Yinghua</creatorcontrib><creatorcontrib>Zhang, Yuke</creatorcontrib><creatorcontrib>Yang, Kaixin</creatorcontrib><creatorcontrib>Chen, Dake</creatorcontrib><creatorcontrib>Beerel, Peter A.</creatorcontrib><creatorcontrib>Nuzzo, Pierluigi</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005–Present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on computer-aided design of integrated circuits and systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Hu, Yinghua</au><au>Zhang, Yuke</au><au>Yang, Kaixin</au><au>Chen, Dake</au><au>Beerel, Peter A.</au><au>Nuzzo, Pierluigi</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>On the Security of Sequential Logic Locking Against Oracle-Guided Attacks</atitle><jtitle>IEEE transactions on computer-aided design of integrated circuits and systems</jtitle><stitle>TCAD</stitle><date>2023-11-01</date><risdate>2023</risdate><volume>42</volume><issue>11</issue><spage>1</spage><epage>1</epage><pages>1-1</pages><issn>0278-0070</issn><eissn>1937-4151</eissn><coden>ITCSDI</coden><abstract>The Boolean satisfiability (SAT) attack is an oracle-guided attack that can break most combinational logic locking schemes by efficiently pruning out all the wrong keys from the search space. Extending such an attack to sequential logic locking requires multiple time-consuming rounds of SAT solving, performed using an "unrolled" version of the sequential circuit, and model checking, used to determine the successful termination of the attack. This paper addresses these challenges by formally characterizing the relation between the minimum unrolling depth required to prune out the wrong keys of a SAT-based attack and a notion of functional corruptibility (FC) for sequential circuits, which can be efficiently estimated from a locked circuit to indicate the progress of a SAT-based attack. Based on this analysis, we present an FC-guided SAT-based attack that can significantly reduce unnecessary SAT and model checking tasks. We present two versions of the attack, namely, Fun-SAT and Fun-SAT+, based on whether the attacker has a priori knowledge of the key length. Fun-SAT aims to find the correct key sequence, while Fun-SAT+ aims to retrieve the correct initial state of the circuit. Numerical evaluation shows that Fun-SAT can be, on average, 90× faster than previous attacks against state-of-the-art locking methods. On the other hand, when using an approximate termination condition, Fun-SAT+ can find an initial state that leads to at most 0.1% FC in 76.9% instances that would otherwise time out after one day.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TCAD.2023.3253428</doi><tpages>1</tpages><orcidid>https://orcid.org/0000-0003-2984-0364</orcidid><orcidid>https://orcid.org/0000-0002-3863-1196</orcidid><orcidid>https://orcid.org/0000-0002-1596-6700</orcidid><orcidid>https://orcid.org/0000-0002-8283-0168</orcidid></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 0278-0070
ispartof IEEE transactions on computer-aided design of integrated circuits and systems, 2023-11, Vol.42 (11), p.1-1
issn 0278-0070
1937-4151
language eng
recordid cdi_proquest_journals_2879381756
source IEEE Electronic Library (IEL)
subjects Circuits
Clocks
Cryptography
Electronics packaging
Hardware Security
Integrated circuit modeling
Keys
Locking
Logic
Logic Locking
Model checking
SAT-Based Attack
Sequential circuits
Time factors
title On the Security of Sequential Logic Locking Against Oracle-Guided Attacks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-03T09%3A39%3A21IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=On%20the%20Security%20of%20Sequential%20Logic%20Locking%20Against%20Oracle-Guided%20Attacks&rft.jtitle=IEEE%20transactions%20on%20computer-aided%20design%20of%20integrated%20circuits%20and%20systems&rft.au=Hu,%20Yinghua&rft.date=2023-11-01&rft.volume=42&rft.issue=11&rft.spage=1&rft.epage=1&rft.pages=1-1&rft.issn=0278-0070&rft.eissn=1937-4151&rft.coden=ITCSDI&rft_id=info:doi/10.1109/TCAD.2023.3253428&rft_dat=%3Cproquest_RIE%3E2879381756%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2879381756&rft_id=info:pmid/&rft_ieee_id=10061617&rfr_iscdi=true