Exploiting the Lock: Leveraging MiG-V's Logic Locking for Secret-Data Extraction

TL;DR

This paper demonstrates that logic locking in the MiG-V RISC-V processor can be exploited to completely recover cryptographic keys during runtime, exposing a critical security vulnerability.

Contribution

It uncovers a novel security flaw where altering the logic locking key leads to full cryptographic key recovery, highlighting risks beyond traditional key-recovery attacks.

Findings

Changing one bit of the logic lock exposes the entire cryptographic key.

Logic locking can be exploited to leak secret data during runtime.

The security of logic-locked processors needs comprehensive evaluation.

Abstract

The MiG-V was designed for high-security applications and is the first commercially available logic-locked RISC-V processor on the market. In this context logic locking was used to protect the RISC-V processor design during the untrusted manufacturing process by using key-driven logic gates to obfuscate the original design. Although this method defends against malicious modifications, such as hardware Trojans, logic locking's impact on the RISC-V processor's data confidentiality during runtime has not been thoroughly examined. In this study, we evaluate the impact of logic locking on data confidentiality. By altering the logic locking key of the MiG-V while running SSL cryptographic algorithms, we identify data leakages resulting from the exploitation of the logic locking hardware. We show that changing a single bit of the logic locking key can expose 100% of the cryptographic encryption key. This research reveals a critical security flaw in logic locking, highlighting the need for comprehensive security assessments beyond logic locking key-recovery attacks.