Brice Colombier

Survey of hardware protection of design data for integrated circuits and intellectual properties

This study reviews the current situation regarding design protection in the microelectronics industry. Over the past 10 years, the designers of integrated circuits (IC) and intellectual properties (IP) have faced increasing threats including counterfeiting, reverse-engineering and theft. This is now a critical issue for the microelectronics industry, mainly for fabless designers and IP designers. Coupled with increasing pressure to decrease the cost and increase the performance of ICs, the design of a secure, efficient, lightweight protection scheme for design data is a serious challenge for the hardware security community. However, several published works propose different ways to protect design data including functional locking, hardware obfuscation and IC/IP identification. This study presents a survey of academic research on the protection of design data. It concludes with the need to design an efficient protection scheme based on several properties.

Key Reconciliation Protocols for Error Correction of Silicon PUF Responses

Physical unclonable functions (PUFs) are promising primitives for the lightweight authentication of an integrated circuit (IC). Indeed, by extracting an identifier from random process variations, they allow each instance of a design to be uniquely identified. However, the extracted identifiers are not stable enough to be used as is, and hence, need to be corrected first. This is currently achieved using error-correcting codes in secure sketches that generate helper data through a one-time procedure. As an alternative, we propose key reconciliation protocols. This interactive method, originating from quantum key distribution, allows two entities to correct errors in their respective correlated keys by discussing over a public channel. We believe that this can also be used by a device and a remote server to agree on two different responses to the same challenge from the same PUF obtained at different times. This approach has the advantage of requiring very few logic resources on the device side. The information leakage caused by the key reconciliation process is limited and easily computable. Results of implementation on field-programmable gate array (FPGA) targets are presented, showing that it is the most lightweight error-correction module to date.

From secured logic to IP protection

Design and reuse has become a very common practice in the electronics design industry. IP cores are easily sold by designers to system integrators. However, several cases of counterfeiting and illegal copying have been reported and design protection techniques have been developed in response. Among these techniques, we focus on modifications at logic level aimed at active design protection. This is the first paper to provide a formal description and definition of the following techniques used to protect integrated circuits and IP cores against theft, counterfeiting, cloning and illegal copy: logic encryption, logic obfuscation, logic masking, and logic locking. In the second part of the paper, we present a new technique to insert gates in the data path of a logic circuit in order to lock it. Based on graph analysis, this method involves low overhead implementation and is more than ten thousand times faster than former fault analysis-based logic masking techniques when it comes to selecting the nodes to modify. Finally, we discuss the design requirements of a strong design protection scheme.

Polynomial Structures in Code-Based Cryptography

In this article we discus a probability problem applied in the code based cryptography. It is related to the shape of the polynomials with exactly t different roots. We will show that the structure is very dense and the probability that this type of polynomials has at least one coefficient equal to zero is extremelly low. We treated this issue in our research of natural countermeasures to a timing attack against the polynomial evaluation.

Centrality Indicators for Efficient and Scalable Logic Masking

Modifying the logic at register transfer level can help to protect a circuit against counterfeiting or illegal copying. By adding extra gates, the outputs can be controllably corrupted. Then the circuit operates correctly only if the right value is applied to the extra gates. The main challenge is to select the best position for these gates, to alter the circuits behaviour as much as possible. However, another major point is the computational efficiency of the selection process, which should be as good as possible for integration in EDA tools. State-of-the art methods, based on fault analysis, are very demanding and cannot cope with large netlists in a reasonable runtime. We propose to use centrality indicators instead. Centrality is used to identify the most significant vertices of a graph. We show that, when used to select the nodes to modify, they lead to low correlation between original and altered outputs while being computationally efficient. We give experimental results on combinational benchmarks and compare to other previously proposed heuristics. We show that this method is the only efficient selection heuristic which is able to handle large netlists and integrate smoothly into EDA tools.

Comments on “A PUF-FSM Binding Scheme for FPGA IP Protection and Pay-per-Device Licensing”

IP protection is a recent field of research. If passive protection schemes, mainly IP watermarking and fingerprinting, have been studied for more than fifteen years, active protection schemes using remote activation/unlocking/metering of IPs are highlighted by several recent works. Like any other new field of research, new concepts appear with sometimes not such good ideas. IP unlocking scheme without cryptography, as recently proposed in this journal, is one of these ideas. Expecting to obtain low overhead and high security this way is very hard. This comment proves this by presenting a short yet deep study.

Functional Locking Modules for Design Protection of Intellectual Property Cores

IP cores are now widely used as building blocks in the design of electronic systems. Moreover, since FPGAs are increasingly powerful and contain millions of logic cells, they are now a platform of choice for such electronic systems. Due to their reconfigurability, they are particularly suited to receiving IP cores. However, for the current IP core distribution process to be fair for all parties, the designer needs to maintain control over his IP to limit illegal copying and non-contracted reuse. To this end, a key point is functional locking, which can be used remotely to render the circuit practically useless. Current state-of-the-art lacks a comprehensive comparison of the different locking points that can be found on a usual IP core. This paper presents the first comparative study of the performance of IP core locking schemes.

Complete activation scheme for FPGA-oriented IP cores design protection

Intellectual Property (IP) illegal copying is a major threat in todays integrated circuits industry which is massively based on a design-and-reuse paradigm. In order to fight this threat, a designer must track how many times an IP has been instantiated. Moreover, illegal copies of an IP must be unusable. We propose a hardware/software scheme which allows a designer to remotely activate an IP with minimal area overhead. The software modifies the IP efficiently and can handle very large netlists. Unique identification of hardware instances is achieved by integrating a TERO-PUF along with a lightweight key reconciliation module. A cryptographic core guarantees security and triggers a logic locking/masking module which makes the IP unusable unless the correct encrypted activation word is applied.

Logic Modification-Based IP Protection Methods: An Overview and a Proposal

Intellectual property protection is a major concern for fabless IC designers. Among the proposed protection means, the active ones are preventing counterfeiting and over-usage to occur in the first place. One of the solution to implement an active design data protection scheme is to modify the combinational logic. Several methods are available, called logic encryption, logic obfuscation, logic masking, or logic locking. A formal framework is first provided for these notions. We clearly define those four types of logic modification, and give didactic examples. Then, a new method to achieve logic locking is presented. This method, based on graph analysis, allows to select the insertion sites for the extra gates orders of magnitudes faster than existing techniques. We give experimental results following from a practical implementation and discuss design considerations about integration in an overall, more robust, protection scheme. We also consider existing attacks and propose some countermeasures.

Turning Electronic Circuits Features into On-Chip Locks

In order to fight against counterfeiting and illegal copying of integrated circuits (ICs) and intellectual property (IP) cores, several design data protection schemes have been proposed. One of the key components of such schemes is the one in charge of locking the circuit in case it has been illegally obtained. This is necessary in order to make illegal copies useless. In this chapter, we show that common features, found in most electronic devices, can be turned into on-chip locks. First of all, we identify these features and then show how they can be modify to lock the design. The main point to use existing features is to induce low overhead, which is very interesting for designers. We implemented the proof of concept of the described locks in FPGAs, and present resources overhead for the implementation of them on two reference designs. We also give details on partial locking, which can be used to provide the design in evaluation mode.