A Novel Topology-Guided Attack and Its Countermeasure Towards Secure Logic Locking

TL;DR

This paper introduces a new topology-guided attack on logic locking that bypasses SAT-resilience by analyzing circuit topology, and proposes a countermeasure to enhance security against such attacks.

Contribution

It presents a novel oracle-less attack based on topological analysis and a countermeasure to improve logic locking security.

Findings

The attack can find secret keys within minutes.

The attack is effective against SAT-resilient logic locking.

A proposed countermeasure enhances circuit resilience.

Abstract

The outsourcing of the design and manufacturing of integrated circuits (ICs) in the current horizontal semiconductor integration flow has posed various security threats due to the presence of untrusted entities, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Properties (IPs). Consequently, logic locking emerged as one of the prominent design for trust techniques. Unfortunately, these locking techniques are now inclined to achieve complete Boolean satisfiability (SAT) resiliency after the seminal work published in [47]. In this paper, we propose a novel oracle-less attack that is based on the topological analysis of the locked netlist even though it is SAT-resilient. The attack relies on identifying and constructing unit functions with a hypothesis key to be searched in the entire netlist to find its replica. The proposed graph search algorithm efficiently finds the duplicate functions in the netlist, making it a self-referencing attack. This proposed attack is extremely efficient and can determine the secret key within a few minutes. We have also proposed a countermeasure to make the circuit resilient against this topology-guided attack to progress towards a secure logic locking technique.