SAT-based reverse engineering of gate-level schematics using fault injection and probing

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2018-02-24 DOI:10.1109/HST.2018.8383918

S. Keshavarz, Falk Schellenberg, Bastian Richter, C. Paar, Daniel E. Holcomb

{"title":"SAT-based reverse engineering of gate-level schematics using fault injection and probing","authors":"S. Keshavarz, Falk Schellenberg, Bastian Richter, C. Paar, Daniel E. Holcomb","doi":"10.1109/HST.2018.8383918","DOIUrl":null,"url":null,"abstract":"Gate camouflaging is a known security enhancement technique that tries to thwart reverse engineering by hiding the functions of gates or the connections between them. A number of works on SAT-based attacks have shown that it is often possible to reverse engineer a circuit function by combining a camouflaged circuit model and the ability to have oracle access to the obfuscated combinational circuit. Especially in small circuits it is easy to reverse engineer the circuit function in this way, but SAT-based reverse engineering techniques provide no guarantees of recovering a circuit that is gate-by-gate equivalent to the original design. In this work we show that an attacker who doesn't know gate functions or connections of an aggressively camouflaged circuit cannot learn the correct gate-level schematic even if able to control inputs and probe all combinational nodes of the circuit. We then present a stronger attack that extends SAT-based reverse engineering with fault analysis to allow an attacker to recover the correct gate-level schematic. We analyze our reverse engineering approach on an S-Box circuit.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"27 1","pages":"215-220"},"PeriodicalIF":0.0000,"publicationDate":"2018-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2018.8383918","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Gate camouflaging is a known security enhancement technique that tries to thwart reverse engineering by hiding the functions of gates or the connections between them. A number of works on SAT-based attacks have shown that it is often possible to reverse engineer a circuit function by combining a camouflaged circuit model and the ability to have oracle access to the obfuscated combinational circuit. Especially in small circuits it is easy to reverse engineer the circuit function in this way, but SAT-based reverse engineering techniques provide no guarantees of recovering a circuit that is gate-by-gate equivalent to the original design. In this work we show that an attacker who doesn't know gate functions or connections of an aggressively camouflaged circuit cannot learn the correct gate-level schematic even if able to control inputs and probe all combinational nodes of the circuit. We then present a stronger attack that extends SAT-based reverse engineering with fault analysis to allow an attacker to recover the correct gate-level schematic. We analyze our reverse engineering approach on an S-Box circuit.

查看原文本刊更多论文

基于sat的门级原理图逆向工程的故障注入和探测

门伪装是一种众所周知的安全增强技术，它试图通过隐藏门的功能或它们之间的连接来阻止逆向工程。许多基于sat的攻击表明，通过结合伪装电路模型和对混淆组合电路的oracle访问能力，通常可以对电路功能进行反向工程。特别是在小型电路中，用这种方法很容易对电路功能进行反向工程，但是基于sat的反向工程技术不能保证恢复与原始设计等效的逐个门的电路。在这项工作中，我们表明，不知道门函数或积极伪装电路连接的攻击者即使能够控制输入并探测电路的所有组合节点，也无法学习正确的门级原理图。然后，我们提出了一种更强大的攻击，它扩展了基于sat的逆向工程和故障分析，允许攻击者恢复正确的门级原理图。我们在S-Box电路上分析了我们的逆向工程方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

自引率

0.00%

发文量