TimingCamouflage: Improving circuit security against counterfeiting by unconventional timing

Zhang, Grace Li; Li, Bing; Yu, Bei; Pan, David Z.; Schlichtmann, Ulf

doi:10.23919/date.2018.8341985

Cited by 41 publications

(21 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The adversary already possesses the first two, but must generate/estimate the others. A gate-level netlist can be effortlessly obtained from the victim's layout through extraction [17]- [19], while the timing constraint can be estimated to a certain degree [20]- [22]. Our novel trojan insertion framework is shown in Fig.…”

Section: Threat Model and Attacker Capabilitiesmentioning

confidence: 99%

Side-Channel Trojan Insertion - a Practical Foundry-Side Attack via ECO

Perez

Imran

Vaz

et al. 2021

2021 IEEE International Symposium on Circuits and Systems (ISCAS)

View full text Add to dashboard Cite

Design companies often outsource their integrated circuit (IC) fabrication to third parties where ICs are susceptible to malicious acts such as the insertion of a side-channel hardware trojan horse (SCT). In this paper, we present a framework for designing and inserting an SCT based on an engineering change order (ECO) flow, which makes it the first to disclose how effortlessly a trojan can be inserted into an IC. The trojan is designed with the goal of leaking multiple bits per power signature reading. Our findings and results show that a rogue element within a foundry has, today, all means necessary for performing a foundry-side attack via ECO.Index Terms-hardware security, manufacturing-time attack, hardware trojan horse, side-channel attack, VLSI, ASIC.

show abstract

Section: Threat Model and Attacker Capabilitiesmentioning

confidence: 99%

Side-Channel Trojan Insertion - a Practical Foundry-Side Attack via ECO

Perez

Imran

Vaz

et al. 2021

2021 IEEE International Symposium on Circuits and Systems (ISCAS)

View full text Add to dashboard Cite

show abstract

“…An example of relaxed modeling is seen in TimingSAT [15], an attack methodology for TimingCamouflage [31]. TimingCamouflage substitutes flip-flops with combinational logic delays.…”

Section: Relaxed Modelsmentioning

confidence: 99%

Modeling techniques for logic locking

Sweeney

Heule

Pileggi

2020

Proceedings of the 39th International Conference on Computer-Aided Design

View full text Add to dashboard Cite

“…For example, some techniques try to exponentially increase the number of iterations (DIPs) required to find the correct key [38,39,57]. Some techniques try to lock the timing of the circuit using either custom-designed cell or flip-flop relocation [13,58], which cannot be modeled by the SAT solver. In some other techniques, since the SAT attack is only applicable to DAG, the combinational cycles are added for obfuscation purposes, which might trap the iterative structure of the SAT attack in an infinite loop, or it leads to an incorrect key [4,5,28,47,48].…”

Section: Hard Sat Instances In Logic Obfuscationmentioning

confidence: 99%