Security Closure of IC Layouts Against Hardware Trojans

TL;DR

This paper introduces a layout-level security method using multiplexer-based logic locking to prevent hardware Trojan insertion in ICs, resilient against advanced machine learning attacks, and integrated into standard design flows.

Contribution

The work presents a novel layout-level Trojan prevention scheme that is secure against oracle-less machine learning attacks and compatible with commercial design processes.

Findings

Resilient against state-of-the-art Trojan attacks

Achieves security with reasonable overheads

Provides comprehensive security analysis on benchmark suites

Abstract

Due to cost benefits, supply chains of integrated circuits (ICs) are largely outsourced nowadays. However, passing ICs through various third-party providers gives rise to many threats, like piracy of IC intellectual property or insertion of hardware Trojans, i.e., malicious circuit modifications. In this work, we proactively and systematically harden the physical layouts of ICs against post-design insertion of Trojans. Toward that end, we propose a multiplexer-based logic-locking scheme that is (i) devised for layout-level Trojan prevention, (ii) resilient against state-of-the-art, oracle-less machine learning attacks, and (iii) fully integrated into a tailored, yet generic, commercial-grade design flow. Our work provides in-depth security and layout analysis on a challenging benchmark suite. We show that ours can render layouts resilient, with reasonable overheads, against Trojan insertion in general and also against second-order attacks (i.e., adversaries seeking to bypass the locking defense in an oracle-less setting). We release our layout artifacts for independent verification [29] and we will release our methodology's source code.