Existing logic-locking attacks are known to successfully decrypt functionally correct key of a locked combinational circuit. It is possible to extend these attacks to real-world Silicon-based Intellectual Properties (IPs, which are sequential circuits) through scan-chains by selectively initializing the combinational logic and analyzing the responses. In this paper, we propose SeqL, which achieves functional isolation and locks selective flip-flop functional-input/scan-output pairs, thus rendering the decrypted key functionally incorrect. We conduct a formal study of the scan-locking problem and demonstrate automating our proposed defense on any given IP. We show that SeqL hides functionally correct keys from the attacker, thereby increasing the likelihood of the decrypted key being functionally incorrect. When tested on pipelined combinational benchmarks (ISCAS,MCNC), sequential benchmarks (ITC) and a fully-fledged RISC-V CPU, SeqL gave 100% resilience to a broad range of state-of-the-art attacks including SAT[1], Double-DIP[2], HackTest[3], SMT[4], FALL[5], Shift-and-Leak[6] and Multi-cycle attacks[7].
翻译:已知现有的逻辑锁定攻击成功地解密了锁定组合电路功能上正确的关键,通过有选择地初始化组合逻辑和分析反应,有可能将这些攻击扩大到真实世界的硅基知识属性(IP,即相继电路),通过扫描链,有选择地启动组合逻辑和分析反应。在本文中,我们建议SeqL实现功能隔离并锁定选择性的翻滚功能输入/扫描输出对配,从而使被解密的关键在功能上错误。我们正式研究了扫描锁定的问题,并展示了我们对任何特定IP的拟议防御的自动化。我们表明SeqL从攻击器中隐藏了功能正确的密钥,从而增加了被解密钥匙功能上不正确的可能性。在对管道组合基准(ISCAS,MCNC)、顺序基准(ITC)和完全成熟的RISC-VCPU进行测试时,SeqL给予包括SAT[1]、双重DIP[2]、HAL-LASY[4]、HAL-RABL[3]、HAL-RULASY[3]、FMSTL[3]和FMSLASY[4]、HLARTV]、H[3]。
相关内容
微信扫码咨询专知VIP会员