Reverse Engineering of Cryptographic Cores by Structural Interpretation Through Graph Analysis

Werner, Michael; Lippmann, Bernhard; Baehr, Johanna; Gräb, Helmut

doi:10.1109/ivsw.2018.8494896

Cited by 23 publications

(3 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Werner et al [78] apply the Louvain method for graph partitioning to iteratively optimize the quality of the partition of the network, which is also called modularity. Initially, each vertex is treated as its own cluster.…”

Section: Circuit Partitioningmentioning

confidence: 99%

A survey of algorithmic methods in IC reverse engineering

et al. 2021

View full text Add to dashboard Cite

The discipline of reverse engineering integrated circuits (ICs) is as old as the technology itself. It grew out of the need to analyze competitor's products and detect possible IP infringements. In recent years, the growing hardware Trojan threat motivated a fresh research interest in the topic. The process of IC reverse engineering comprises two steps: netlist extraction and specification discovery. While the process of netlist extraction is rather well understood and established techniques exist throughout the industry, specification discovery still presents researchers with a plurality of open questions. It therefore remains of particular interest to the scientific community. In this paper, we present a survey of the state of the art in IC reverse engineering while focusing on the specification discovery phase. Furthermore, we list noteworthy existing works on methods and algorithms in the area and discuss open challenges as well as unanswered questions. Therefore, we observe that the state of research on algorithmic methods for specification discovery suffers from the lack of a uniform evaluation approach. We point out the urgent need to develop common research infrastructure, benchmarks, and evaluation metrics. KeywordsHardware reverse engineering • Survey • Boolean function learning • Logical equivalence checking IntroductionReverse engineering of integrated circuits serves a multitude of purposes [32]. For example, understanding the details of a competitor's IC helps to conduct a competitive analysis. Furthermore, patent infringements can be detected by locating the stolen IP in a competitor's IC. In addition, a particularly growing topic in recent years is the detection of hardware B Leonid Azriel

show abstract

Section: Circuit Partitioningmentioning

confidence: 99%

A survey of algorithmic methods in IC reverse engineering

et al. 2021

View full text Add to dashboard Cite

show abstract

“…This is a divide-and-conquer approach to analyse all submodules separately. Various approaches for netlist partitioning exist, like for example separation along the data path by word identification [16], functional block identification [17] or graph partitioning [18]. Input/Output (I/O) Signal Identification.…”

Section: Functional Re -Netlist Abstractionmentioning

confidence: 99%

CRESS: Framework for Vulnerability Assessment of Attack Scenarios in Hardware Reverse Engineering

Ludwig¹,

Hepp²,

Brunner³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Trust and security of microelectronic systems are a major driver for game-changing trends like autonomous driving or the internet of things. These trends are endangered by threats like soft- and hardware attacks or IP tampering -- wherein often hardware reverse engineering (RE) is involved for efficient attack planning. The constant publication of new RE-related scenarios and countermeasures renders a profound rating of these extremely difficult. Researchers and practitioners have no tools or framework which aid a common, consistent classification of these scenarios. In this work, this rating framework is introduced: the common reverse engineering scoring system (CRESS). The framework allows a general classification of published settings and renders them comparable. We introduce three metrics: exploitability, impact, and a timestamp. For these metrics, attributes are defined which allow a granular assessment of RE on the one hand, and attack requirements, consequences, and potential remediation strategies on the other. The system is demonstrated in detail via five case studies and common implications are discussed. We anticipate CRESS to evaluate possible vulnerabilities and to safeguard targets more proactively.

show abstract

“…7. Netlist Abstraction: Abstraction is done, for instance, by structural graph-analysis [18] or structural block analysis [19].…”

Section: A Hardware Reverse Engineeringmentioning

confidence: 99%

ViTaL: Verifying Trojan-Free Physical Layouts through Hardware Reverse Engineering

Ludwig¹,

Bette²,

Lippmann³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

The semiconductor industry is heavily relying on outsourcing of design, fabrication, and testing to third parties. The threat of possibly malicious actors in this ramified supply-chain poses a risk for the integrity of integrated circuits (ICs) and hardware Trojans (HTs) are a heavily discussed topic in academia and the industry. A variety of pre- and post-silicon HT prevention and detection techniques has been suggested in prior works. Hardware reverse engineering has the potential to detect potential modification in physical layouts. Yet, there is no model to qualitatively and quantitatively rate the complex and expensive reverse engineering (RE) process addressing its inherent process aberrations and consequently provide a tool for layout verification. The ViTaL framework introduces a statistical validation technique, based on physical layout verification through RE and considers all potential sources of errors. The golden-model based framework is technology-agnostic, scaleable, and user input is optional. For the first time, results of fine pitch metallization layers of a CMOS 40nm process node IC are presented quantitatively and the limitations and possibilities are discussed.<br>

show abstract

Reverse Engineering of Cryptographic Cores by Structural Interpretation Through Graph Analysis

Cited by 23 publications

References 1 publication

A survey of algorithmic methods in IC reverse engineering

A survey of algorithmic methods in IC reverse engineering

CRESS: Framework for Vulnerability Assessment of Attack Scenarios in Hardware Reverse Engineering

ViTaL: Verifying Trojan-Free Physical Layouts through Hardware Reverse Engineering

Contact Info

Product

Resources

About