International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the Difficulty of FSM-based Hardware Obfuscation

Authors:
Marc Fyrbiak , Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum
Sebastian Wallat , University of Massachusetts Amherst, MA
Jonathan Déchelotte , University of Bordeaux
Nils Albartus , Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum
Sinan Böcker , Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum
Russell Tessier , University of Massachusetts Amherst, MA
Christof Paar , Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany; University of Massachusetts Amherst, MA
Download:
DOI: 10.13154/tches.v2018.i3.293-330
URL: https://tches.iacr.org/index.php/TCHES/article/view/7277
Search ePrint
Search Google
Abstract: In today’s Integrated Circuit (IC) production chains, a designer’s valuable Intellectual Property (IP) is transparent to diverse stakeholders and thus inevitably prone to piracy. To protect against this threat, numerous defenses based on the obfuscation of a circuit’s control path, i.e. Finite State Machine (FSM), have been proposed and are commonly believed to be secure. However, the security of these sequential obfuscation schemes is doubtful since realistic capabilities of reverse engineering and subsequent manipulation are commonly neglected in the security analysis. The contribution of our work is threefold: First, we demonstrate how high-level control path information can be automatically extracted from third-party, gate-level netlists. To this end, we extend state-of-the-art reverse engineering algorithms to deal with Field Programmable Gate Array (FPGA) gate-level netlists equipped with FSM obfuscation. Second, on the basis of realistic reverse engineering capabilities we carefully review the security of state-of-the-art FSM obfuscation schemes. We reveal several generic strategies that bypass allegedly secure FSM obfuscation schemes and we practically demonstrate our attacks for a several of hardware designs, including cryptographic IP cores. Third, we present the design and implementation of Hardware Nanomites, a novel obfuscation scheme based on partial dynamic reconfiguration that generically mitigates existing algorithmic reverse engineering.
BibTeX
@article{tches-2018-29058,
  title={On the Difficulty of FSM-based Hardware Obfuscation},
  journal={IACR Trans. Cryptogr. Hardw. Embed. Syst.},
  publisher={Ruhr-Universität Bochum},
  volume={2018, Issue 3},
  pages={293-330},
  url={https://tches.iacr.org/index.php/TCHES/article/view/7277},
  doi={10.13154/tches.v2018.i3.293-330},
  author={Marc Fyrbiak and Sebastian Wallat and Jonathan Déchelotte and Nils Albartus and Sinan Böcker and Russell Tessier and Christof Paar},
  year=2018
}