on the difficulty of fsm based hardware obfuscation
play

On the Difficulty of FSM-based Hardware Obfuscation CHES 2018, - PowerPoint PPT Presentation

Aug 01, 2023 •643 likes •1.02k views

On the Difficulty of FSM-based Hardware Obfuscation CHES 2018, September 10, 2018 Marc Fyrbiak 1 , Sebastian Wallat 2 , Jonathan Dchelotte 3 , Nils Albartus 1 , Sinan Bcker 1 Russell Tessier 2 , Christof Paar 1,2 1 Ruhr-Universitt Bochum 2

  1. On the Difficulty of FSM-based Hardware Obfuscation CHES 2018, September 10, 2018 Marc Fyrbiak 1 , Sebastian Wallat 2 , Jonathan Déchelotte 3 , Nils Albartus 1 , Sinan Böcker 1 Russell Tessier 2 , Christof Paar 1,2 1 Ruhr-Universität Bochum 2 University of Massachusetts Amherst 3 University of Bordeaux

  2. Motivation • IP cores transparent to numerous stakeholders • Problem for IP owner(s): piracy 2/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  3. Motivation • IP cores transparent to numerous stakeholders • Problem for IP owner(s): piracy • Solution: IP theft protection and obfuscation 2/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  4. Motivation • IP cores transparent to numerous stakeholders • Problem for IP owner(s): piracy • Solution: IP theft protection and obfuscation • State-of-the-Art: FSM obfuscation assumed to provide strong protection 0 0 1 ◦ HARPOON ◦ Dynamic State Deflection S 0 S 1 ◦ Active Hardware Metering 1 ◦ Interlocking Obfuscation 2/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  5. Motivation • IP cores transparent to numerous stakeholders • Problem for IP owner(s): piracy • Solution: IP theft protection and obfuscation • State-of-the-Art: FSM obfuscation assumed to provide strong protection 0 0 1 ◦ HARPOON ◦ Dynamic State Deflection S 0 S 1 ◦ Active Hardware Metering 1 ◦ Interlocking Obfuscation Our Research Question: How secure are these schemes? 2/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  6. Adversary Model Assumptions: • Access to flattened gate-level netlist equipped with FSM obfuscation • No information about module hierarchies, synthesis options, and names Goal: • Deobfuscate design to commit IP infringement 3/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  7. FSM Obfuscation - Dynamic State Deflection • Obfuscation FSM and blackhole FSM are added to original FSM • Enabling key only known to honest parties 4/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  8. FSM Obfuscation - Dynamic State Deflection • Obfuscation FSM and blackhole FSM are added to original FSM • Enabling key only known to honest parties • How challenging is FSM reverse engineering and how secure is this scheme? 4/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  9. Agenda 1 Automated FSM Reverse Engineering 2 Case Study: Deobfuscation of Dynamic State Deflection 3 Hardware Nanomites 4 Conclusion 5/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  10. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  11. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. • FSM Property I: Register control signals State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  12. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. • FSM Property II: Strongly connected component State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  13. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. • FSM Property III: Combinational logic feedback path State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  14. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. • FSM Property IV: Control behavior State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  15. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; output O; wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( . IN (o_G2) , .O(O) ) ; endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  16. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( . IN (o_G2) , .O(O) ) ; endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  17. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 . IN (o_G2) , .O(O) ) ; 1 endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  18. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( 0 .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 . IN (o_G2) , .O(O) ) ; 1 endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  19. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( 0 1 .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 S 1 . IN (o_G2) , .O(O) ) ; 1 0 endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  20. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( 0 0 1 .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 S 1 . IN (o_G2) , .O(O) ) ; 1 0 endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  21. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( 0 0 1 .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 S 1 . IN (o_G2) , .O(O) ) ; 1 0 endmodule 1 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  22. Automated FSM Reverse Engineering FSM FSMs Candidates Boolean Topological Gate Function -level Analysis Netlist Analysis 8/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  23. Automated FSM Reverse Engineering FSM FSMs Candidates Boolean Topological Gate Function -level Analysis Netlist Analysis • Boolean Function Analysis: O ( | S | · 2 | I | ) ◦ | S | = Number of FSM states | I | = Number of FSM inputs 8/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  24. Agenda 1 Automated FSM Reverse Engineering 2 Case Study: Deobfuscation of Dynamic State Deflection 3 Hardware Nanomites 4 Conclusion 9/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  25. Reminder: Dynamic State Deflection • Obfuscation FSM and blackhole FSM are added to original FSM • Enabling key only known to honest parties • Case Study: AES + DSD ◦ 12-bit enabling key ◦ 14 obfuscation states ◦ 5 blackhole states per original one 10/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

Recommend

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
Obfuscation Source: www.constructionknowledge.net Stealthy Opaque Predicates in Hardware | CHES

Obfuscation Source: www.constructionknowledge.net Stealthy Opaque Predicates in Hardware | CHES

Stealthy Opaque Predicates in Hardware - Obfuscating Constant Expressions at Negligible Overhead Max Hoffmann, Christof Paar Ruhr University Bochum, Horst-Grtz Institute for IT-Security, Germany CHES 2018 | Amsterdam 10.09.2018 Obfuscation

1.02k views • 53 slides
Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
A Text Alignment Algorithm Based on Prediction of Obfuscation Types Using SVM Neural Network

A Text Alignment Algorithm Based on Prediction of Obfuscation Types Using SVM Neural Network

Persian Plagdet 2016 A Text Alignment Algorithm Based on Prediction of Obfuscation Types Using SVM Neural Network Fatemeh Mashhadirajab, Mehrnoush Shamsfard NLP Research Lab, Faculty of Computer Science and Engineering, Shahid Beheshti

569 views • 31 slides
OB-PWS: Obfuscation-Based Private Web Search Ero Balsa , Carmela Troncoso and Claudia Diaz

OB-PWS: Obfuscation-Based Private Web Search Ero Balsa , Carmela Troncoso and Claudia Diaz

OB-PWS: Obfuscation-Based Private Web Search Ero Balsa , Carmela Troncoso and Claudia Diaz ESAT/COSIC, IBBT - KU Leuven Wednesday, 23 May 2012 Introduction Modelling OB-PWS The Privacy Problem Existing OB-PWS Systems Our contribution

775 views • 35 slides
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

1.23k views • 76 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
Dynamic Game Difficulty Scaling Using Adaptive Behavior-Based AI Chin Hiong Tan, Kay Chen Tan,

Dynamic Game Difficulty Scaling Using Adaptive Behavior-Based AI Chin Hiong Tan, Kay Chen Tan,

Dynamic Game Difficulty Scaling Using Adaptive Behavior-Based AI Chin Hiong Tan, Kay Chen Tan, and Arthur Tay Presented by Nick Brusso 11/28/2012 In IEEE Transactions on Computational Intelligence and AI in Games, Volume 3 Issue 4 (2011), pp.

615 views • 13 slides
Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R

Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R

Calculus without Limits C. K. Raju Introduction The size of calculus texts Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R Current pedagogy of the calculus: a critique Imitating the European

1.82k views • 133 slides
based Approaches KERRI KRAMER UNDERGRADUATE STUDENT ARKANSAS STATE UNIVERSITY Dys-lex-ia A

based Approaches KERRI KRAMER UNDERGRADUATE STUDENT ARKANSAS STATE UNIVERSITY Dys-lex-ia A

Teaching Students with Dyslexia: Research- based Approaches KERRI KRAMER UNDERGRADUATE STUDENT ARKANSAS STATE UNIVERSITY Dys-lex-ia A word meaning difficulty with language or difficulty with words, from the Greek morphemes dys

568 views • 20 slides
Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing

Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing

Introduction Attack Model k -Security Layout Randomization Summary Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation Frank Imeson ECE, University of Waterloo USENIX Security 13

540 views • 43 slides
based Hardware Verification Makai Mann, Clark Barrett Hardware Verification SAT is king

based Hardware Verification Makai Mann, Clark Barrett Hardware Verification SAT is king

Finding Critical Clauses in SMT- based Hardware Verification Makai Mann, Clark Barrett Hardware Verification SAT is king Still faces scaling issues, particularly for data-path properties Satisfiability Modulo Theories (SMT) can

605 views • 5 slides
Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R

Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R

Calculus without Limits C. K. Raju Introduction Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R Current pedagogy of the calculus: a critique The difficulty of set theory The integral C. K. Raju

1.36k views • 107 slides
Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from

Projective Arithmetic Functional Encryption and Indistinguishability Obfuscation (iO) from Degree-5 Multilinear maps Prabhanjan Ananth Amit Sahai Constructions of iO All current constructions of iO are based on multilinear maps [GGHRSW13,

649 views • 39 slides
On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and

On The Complexity of Compressing Obfuscation Gilad Asharov, Naomi Ephraim, Ilan Komargodski, and Rafael Pass Cornell University and Cornell Tech CRYPTO 2018 Indistinguishability Obfuscation (iO) An obfuscator is a compiler which preserves

1.01k views • 86 slides
INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh

INDISTINGUISHABILITY OBFUSCATION Mark Zhandry Stanford University * Joint work with Dan Boneh Program Obfuscation Intuition: Mangle a program Same functionality as original Hides all implementation details Potential uses: IP

295 views • 28 slides
Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems

Obfuscation and Diversity: Probabilistic System Security Kyle Croman CS6410: Advanced Systems Definitions Obfuscation: T o be evasive, unclear, or confusing* In context, this means making a system difficult to understand and

665 views • 38 slides

More recommend