Using Scan Side Channel to Detect IP Theft

In the growing heterogeneous Internet of Things market, which embraces a plurality of vendors and service providers, IP protection plays a central role. This paper proposes a process for the detection of IP theft in VLSI devices that exploits the internal test scan chains, designed for production te...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on very large scale integration (VLSI) systems Vol. 25; no. 12; pp. 3268 - 3280
Main Authors Azriel, Leonid, Ginosar, Ran, Gueron, Shay, Mendelson, Avi
Format Journal Article
LanguageEnglish
Published New York IEEE 01.12.2017
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Boolean algebra
Boolean functions
Built-in self-test
Chains
Clustering
Computer architecture
Flip-flops
Flow control
Hardware security
Integrated circuits
intellectual property protection
IP (Internet Protocol)
IP networks
Pipelines
Reverse engineering
scan side channel
side channel attacks
Theft
Very large scale integration
Watermarking
Online AccessGet full text

Cover

More Information
Summary:In the growing heterogeneous Internet of Things market, which embraces a plurality of vendors and service providers, IP protection plays a central role. This paper proposes a process for the detection of IP theft in VLSI devices that exploits the internal test scan chains, designed for production test automation. The scan chains supply direct access to the internal registers in the device, enabling combinational analysis of the device logic. By using Boolean function learning methods, the learner creates a partial dependence graph of the internal flip-flops. The graph is further partitioned using the shared nearest neighbors graph clustering method, and individual blocks of combinational logic are isolated. These blocks can be matched with known building blocks that compose the original function. This enables reconstruction of the function implementation to the level of pipeline structure. The IP owner can compare the resulting structure with his own implementation to confirm whether an IP violation has occurred. We demonstrate the power of the presented approach with a test case of an open source Bitcoin SHA-256 accelerator, containing more than 80 000 registers. With the presented method, we discover the microarchitecture of the module, locate all the main components of the SHA-256 algorithm, and learn the module's flow control. In addition to the direct recognition of the IP content, we also demonstrate a combination of reverse engineering and watermark methods. We define a new watermark structure-pipeline-associated watermark (PAW), combined with pipeline stages that can be detected with the scan-based reverse engineering method.
ISSN:1063-8210
1557-9999
DOI:10.1109/TVLSI.2017.2715188