A Look at the Dark Side of Hardware Reverse Engineering -- A Case Study

TL;DR

This paper examines the vulnerabilities of hardware reverse engineering, demonstrating how existing IP protection can be bypassed and how hardware Trojans can be automatically injected, highlighting security challenges in modern ICs and FPGAs.

Contribution

It improves FPGA IP watermarking security with opaque predicates and develops reverse engineering strategies to detect and modify watermarks, along with methods for automatic Trojan injection.

Findings

Opaque predicates can be used to enhance watermark security.

Reverse engineering strategies can detect and alter watermarks.

Automatic Trojan injection can weaken cryptographic IPs.

Abstract

A massive threat to the modern and complex IC production chain is the use of untrusted off-shore foundries which are able to infringe valuable hardware design IP or to inject hardware Trojans causing severe loss of safety and security. Similarly, market dominating SRAM-based FPGAs are vulnerable to both attacks since the crucial gate-level netlist can be retrieved even in field for the majority of deployed device series. In order to perform IP infringement or Trojan injection, reverse engineering (parts of) the hardware design is necessary to understand its internal workings. Even though IP protection and obfuscation techniques exist to hinder both attacks, the security of most techniques is doubtful since realistic capabilities of reverse engineering are often neglected. The contribution of our work is twofold: first, we carefully review an IP watermarking scheme tailored to FPGAs and improve its security by using opaque predicates. In addition, we show novel reverse engineering strategies on proposed opaque predicate implementations that again enables to automatically detect and alter watermarks. Second, we demonstrate automatic injection of hardware Trojans specifically tailored for third-party cryptographic IP gate-level netlists. More precisely, we extend our understanding of adversary's capabilities by presenting how block and stream cipher implementations can be surreptitiously weakened.