on the difficulty of fsm based hardware obfuscation
play

On the Difficulty of FSM-based Hardware Obfuscation CHES 2018, - PowerPoint PPT Presentation

Aug 01, 2023 •643 likes •1.02k views

On the Difficulty of FSM-based Hardware Obfuscation CHES 2018, September 10, 2018 Marc Fyrbiak 1 , Sebastian Wallat 2 , Jonathan Dchelotte 3 , Nils Albartus 1 , Sinan Bcker 1 Russell Tessier 2 , Christof Paar 1,2 1 Ruhr-Universitt Bochum 2

  1. On the Difficulty of FSM-based Hardware Obfuscation CHES 2018, September 10, 2018 Marc Fyrbiak 1 , Sebastian Wallat 2 , Jonathan Déchelotte 3 , Nils Albartus 1 , Sinan Böcker 1 Russell Tessier 2 , Christof Paar 1,2 1 Ruhr-Universität Bochum 2 University of Massachusetts Amherst 3 University of Bordeaux

  2. Motivation • IP cores transparent to numerous stakeholders • Problem for IP owner(s): piracy 2/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  3. Motivation • IP cores transparent to numerous stakeholders • Problem for IP owner(s): piracy • Solution: IP theft protection and obfuscation 2/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  4. Motivation • IP cores transparent to numerous stakeholders • Problem for IP owner(s): piracy • Solution: IP theft protection and obfuscation • State-of-the-Art: FSM obfuscation assumed to provide strong protection 0 0 1 ◦ HARPOON ◦ Dynamic State Deflection S 0 S 1 ◦ Active Hardware Metering 1 ◦ Interlocking Obfuscation 2/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  5. Motivation • IP cores transparent to numerous stakeholders • Problem for IP owner(s): piracy • Solution: IP theft protection and obfuscation • State-of-the-Art: FSM obfuscation assumed to provide strong protection 0 0 1 ◦ HARPOON ◦ Dynamic State Deflection S 0 S 1 ◦ Active Hardware Metering 1 ◦ Interlocking Obfuscation Our Research Question: How secure are these schemes? 2/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  6. Adversary Model Assumptions: • Access to flattened gate-level netlist equipped with FSM obfuscation • No information about module hierarchies, synthesis options, and names Goal: • Deobfuscate design to commit IP infringement 3/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  7. FSM Obfuscation - Dynamic State Deflection • Obfuscation FSM and blackhole FSM are added to original FSM • Enabling key only known to honest parties 4/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  8. FSM Obfuscation - Dynamic State Deflection • Obfuscation FSM and blackhole FSM are added to original FSM • Enabling key only known to honest parties • How challenging is FSM reverse engineering and how secure is this scheme? 4/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  9. Agenda 1 Automated FSM Reverse Engineering 2 Case Study: Deobfuscation of Dynamic State Deflection 3 Hardware Nanomites 4 Conclusion 5/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  10. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  11. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. • FSM Property I: Register control signals State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  12. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. • FSM Property II: Strongly connected component State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  13. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. • FSM Property III: Combinational logic feedback path State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  14. Problem I: Determine FSM Gates in Gate-level Netlist • Ideas build upon previous work by Shi et al. and Meade et al. • FSM Property IV: Control behavior State Memory Transition Logic Output Logic 6/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  15. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; output O; wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( . IN (o_G2) , .O(O) ) ; endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  16. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( . IN (o_G2) , .O(O) ) ; endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  17. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 . IN (o_G2) , .O(O) ) ; 1 endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  18. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( 0 .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 . IN (o_G2) , .O(O) ) ; 1 endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  19. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( 0 1 .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 S 1 . IN (o_G2) , .O(O) ) ; 1 0 endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  20. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( 0 0 1 .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 S 1 . IN (o_G2) , .O(O) ) ; 1 0 endmodule 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  21. Problem II: Determine State Transition Graph from FSM Gates • Ideas build upon previous work by Shi et al. and Meade et al. module FSM (CLK, I , O) ; input CLK, I ; G1 G3 O output O; I G2 wire o_G1 , o_G2 ; XOR G1 ( . IN1 (o_G2) , . IN2 ( I ) , .O(o_G1) ) ; DFF G2 ( 0 0 1 .CLK(CLK) , .D(o_G1) , .Q(o_G2) ) ; INV G3 ( S 0 S 1 . IN (o_G2) , .O(O) ) ; 1 0 endmodule 1 7/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  22. Automated FSM Reverse Engineering FSM FSMs Candidates Boolean Topological Gate Function -level Analysis Netlist Analysis 8/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  23. Automated FSM Reverse Engineering FSM FSMs Candidates Boolean Topological Gate Function -level Analysis Netlist Analysis • Boolean Function Analysis: O ( | S | · 2 | I | ) ◦ | S | = Number of FSM states | I | = Number of FSM inputs 8/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  24. Agenda 1 Automated FSM Reverse Engineering 2 Case Study: Deobfuscation of Dynamic State Deflection 3 Hardware Nanomites 4 Conclusion 9/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

  25. Reminder: Dynamic State Deflection • Obfuscation FSM and blackhole FSM are added to original FSM • Enabling key only known to honest parties • Case Study: AES + DSD ◦ 12-bit enabling key ◦ 14 obfuscation states ◦ 5 blackhole states per original one 10/19 On the Difficulty of FSM-based Hardware Obfuscation | CHES 2018 | Amsterdam | September 10, 2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection

HOST Circuit Obfuscation I ECE 525 Hardware Obfuscation (Drawn from "Hardware Protection thr Obfuscation) Circuit modification techniques designed to conceal or lock the functionality and/or circuit structure The modifications are designed

157 views • 11 slides
HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth

HOP: Hardware makes Obfuscation Practical Kartik Nayak With Chris Fletcher, Ling Ren, Nishanth Chandran, Satya Lokam, Elaine Shi and Vipul Goyal 1 Compression 1 KB 1 MB Used by everyone, perhaps license it - VBB Obfuscation No one should

942 views • 34 slides
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai,

Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation ( ) has emerged as a central hub

648 views • 36 slides
Obfuscation Source: www.constructionknowledge.net Stealthy Opaque Predicates in Hardware | CHES

Obfuscation Source: www.constructionknowledge.net Stealthy Opaque Predicates in Hardware | CHES

Stealthy Opaque Predicates in Hardware - Obfuscating Constant Expressions at Negligible Overhead Max Hoffmann, Christof Paar Ruhr University Bochum, Horst-Grtz Institute for IT-Security, Germany CHES 2018 | Amsterdam 10.09.2018 Obfuscation

1.02k views • 53 slides
Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt

Obfuscation Lecture 26 Different Flavours VBB Obfuscation Note: Considers only corrupt receiver x 1 Virtual f O(f) F B f(x 1) Black-Box x 2 (VBB) f(x 2) Obfuscation : A Secure (and f Family f Family b b single

466 views • 18 slides
) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation

) UNION SELECT `This_Talk` AS ('New Optimization and Obfuscation Optimization and Obfuscation Techniques)%00 Techniques)%00 Roberto Salgado Co-founder of Websec Provide information security solutions Pen-testing, training

1.11k views • 93 slides
A Text Alignment Algorithm Based on Prediction of Obfuscation Types Using SVM Neural Network

A Text Alignment Algorithm Based on Prediction of Obfuscation Types Using SVM Neural Network

Persian Plagdet 2016 A Text Alignment Algorithm Based on Prediction of Obfuscation Types Using SVM Neural Network Fatemeh Mashhadirajab, Mehrnoush Shamsfard NLP Research Lab, Faculty of Computer Science and Engineering, Shahid Beheshti

569 views • 31 slides
OB-PWS: Obfuscation-Based Private Web Search Ero Balsa , Carmela Troncoso and Claudia Diaz

OB-PWS: Obfuscation-Based Private Web Search Ero Balsa , Carmela Troncoso and Claudia Diaz

OB-PWS: Obfuscation-Based Private Web Search Ero Balsa , Carmela Troncoso and Claudia Diaz ESAT/COSIC, IBBT - KU Leuven Wednesday, 23 May 2012 Introduction Modelling OB-PWS The Privacy Problem Existing OB-PWS Systems Our contribution

775 views • 35 slides
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON

Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Introduction Control flow obfuscation Data flow obfuscation Python obfuscation Prelude Introduction Control flow obfuscation Data

1.23k views • 76 slides
OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan

OBFUSCURO : : A Commodity Obfuscation Engine for Intel SGX Adil Ahmad *, Byunggill Joe*, Yuan Xiao Yinqian Zhang, Insik Shin, Byoungyoung Lee (* denotes equal contribution) Program Obfuscation Program Obfuscation Trusted Untrusted (except

1.34k views • 116 slides
Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . .

Obfuscation from LWE? proofs, attacks, candidates Hoeteck Wee CNRS & ENS . . . . . . . . C x C x C x C C c obfuscation [ BGIRSVY01, H00, GR07, GGHRSW13 ] . . . . . . . . C x C x C x C C c obfuscation [

1.03k views • 92 slides
Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20

Authorship Obfuscation Using Heuristic Search Masters Thesis Defence by Janek Bevendorff on 20 June 2018 Supervisors: Prof. Dr. Benno Stein, PD Dr. Andreas Jakoby Unmasking for short texts Obfuscation against unmasking Obfuscation

1.38k views • 95 slides
Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of

Engineering Code Obfuscation ISSISP 2017 - Obfuscation I Christian Collberg Department of Computer Science University of Arizona http://collberg.cs.arizona.edu collberg@gmail.com Supported by NSF grants 1525820 and 1318955 and by the

924 views • 69 slides
Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu,

Fakultt fr Informatik T echnische Universitt Mnchen Dagstuhl Seminar 17281 Characterizing the Strength of Software Obfuscation Against Automated Attacks Sebastian Banescu, BMW Group Outline 1 Introduction 2 Obfuscation in Theory 3

815 views • 69 slides
Dynamic Game Difficulty Scaling Using Adaptive Behavior-Based AI Chin Hiong Tan, Kay Chen Tan,

Dynamic Game Difficulty Scaling Using Adaptive Behavior-Based AI Chin Hiong Tan, Kay Chen Tan,

Dynamic Game Difficulty Scaling Using Adaptive Behavior-Based AI Chin Hiong Tan, Kay Chen Tan, and Arthur Tay Presented by Nick Brusso 11/28/2012 In IEEE Transactions on Computational Intelligence and AI in Games, Volume 3 Issue 4 (2011), pp.

615 views • 13 slides
Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R

Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R

Calculus without Limits C. K. Raju Introduction The size of calculus texts Calculus without Limits: The difficulty of limits the Theory The difficulty of defining R Current pedagogy of the calculus: a critique Imitating the European

1.82k views • 133 slides
Planning and Optimization F1. Markov Decision Processes Malte Helmert and Thomas Keller

Planning and Optimization F1. Markov Decision Processes Malte Helmert and Thomas Keller

Planning and Optimization F1. Markov Decision Processes Malte Helmert and Thomas Keller Universit at Basel November 27, 2019 Motivation Markov Decision Process Policy Summary Content of this Course Foundations Logic Classical

549 views • 35 slides
Learning in Autonomous Systems Proff. Luca Iocchi, Giorgio Grisetti A.Y. 2015/2016 Luca Iocchi

Learning in Autonomous Systems Proff. Luca Iocchi, Giorgio Grisetti A.Y. 2015/2016 Luca Iocchi

Sapienza University of Rome, Italy - Learning in Autonomous Systems (2015/16) University of Rome La Sapienza Master in Artificial Intelligence and Robotics Learning in Autonomous Systems Proff. Luca Iocchi, Giorgio Grisetti A.Y. 2015/2016

479 views • 26 slides
What Do We Need? Markov Decision Processes } AI systems must be able to handle complex, uncertain

What Do We Need? Markov Decision Processes } AI systems must be able to handle complex, uncertain

What Do We Want AI and ML to Do? } Short answer: Lots of things! } Intelligent robot and vehicle navigation } Better web search } Automated personal assistants } Scheduling for delivery vehicles, air traffic control, industrial processes, }

463 views • 7 slides
Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice,

Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice,

Finite State Machines: Definitions; Verification Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Finite State Machine: Definition A (deterministic) finite state machine

130 views • 11 slides
Software Architecture Bertrand Meyer ETH Zurich, March-July 2007 Lecture 1: Introduction Goal

Software Architecture Bertrand Meyer ETH Zurich, March-July 2007 Lecture 1: Introduction Goal

Last update: 20 March 2007 Software Architecture Bertrand Meyer ETH Zurich, March-July 2007 Lecture 1: Introduction Goal of the course Introduce you to the techniques of building large software systems of high quality, in particular:

839 views • 59 slides
Statecharts - Tool Joo Pimentel O CTOBER /2014 REQUIREMENTS ENGINEERING LAB Agenda

Statecharts - Tool Joo Pimentel O CTOBER /2014 REQUIREMENTS ENGINEERING LAB Agenda

Statecharts - Tool Joo Pimentel O CTOBER /2014 REQUIREMENTS ENGINEERING LAB Agenda Introduction Using the tool Installing & Running Creating a project Creating statecharts Getting to know the environment

1.05k views • 70 slides
boost::statechart visualisation Antons Jelkins Meeting C++ 2019 . . . . . . . . . .

boost::statechart visualisation Antons Jelkins Meeting C++ 2019 . . . . . . . . . .

boost::statechart visualisation Antons Jelkins Meeting C++ 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Antons Jelkins boost::statechart visualisation Meeting

411 views • 12 slides
A Virtual Machine Supporting Multiple Statechart Extensions Thomas Huining Feng Supervisor:

A Virtual Machine Supporting Multiple Statechart Extensions Thomas Huining Feng Supervisor:

SVM (Statechart Virtual Machine) A Virtual Machine Supporting Multiple Statechart Extensions Thomas Huining Feng Supervisor: Prof. Hans Vangheluwe MSDL, McGill http://msdl.cs.mcgill.ca/people/tfeng/ hfeng2@cs.mcgill.ca Introduction The goal

478 views • 16 slides

More recommend