Satwik Patnaik

Vasudev Gohil, Hao Guo, Satwik Patnaik et al.

Stealthy hardware Trojans (HTs) inserted during the fabrication of integrated circuits can bypass the security of critical infrastructures. Although researchers have proposed many techniques to detect HTs, several limitations exist, including: (i) a low success rate, (ii) high algorithmic complexity, and (iii) a large number of test patterns. Furthermore, the most pertinent drawback of prior detection techniques stems from an incorrect evaluation methodology, i.e., they assume that an adversary inserts HTs randomly. Such inappropriate adversarial assumptions enable detection techniques to claim high HT detection accuracy, leading to a "false sense of security." Unfortunately, to the best of our knowledge, despite more than a decade of research on detecting HTs inserted during fabrication, there have been no concerted efforts to perform a systematic evaluation of HT detection techniques. In this paper, we play the role of a realistic adversary and question the efficacy of HT detection techniques by developing an automated, scalable, and practical attack framework, ATTRITION, using reinforcement learning (RL). ATTRITION evades eight detection techniques across two HT detection categories, showcasing its agnostic behavior. ATTRITION achieves average attack success rates of $47\times$ and $211\times$ compared to randomly inserted HTs against state-of-the-art HT detection techniques. We demonstrate ATTRITION's ability to evade detection techniques by evaluating designs ranging from the widely-used academic suites to larger designs such as the open-source MIPS and mor1kx processors to AES and a GPS module. Additionally, we showcase the impact of ATTRITION-generated HTs through two case studies (privilege escalation and kill switch) on the mor1kx processor. We envision that our work, along with our released HT benchmarks and models, fosters the development of better HT detection techniques.

Vasudev Gohil, Satwik Patnaik, Hao Guo et al.

Insertion of hardware Trojans (HTs) in integrated circuits is a pernicious threat. Since HTs are activated under rare trigger conditions, detecting them using random logic simulations is infeasible. In this work, we design a reinforcement learning (RL) agent that circumvents the exponential search space and returns a minimal set of patterns that is most likely to detect HTs. Experimental results on a variety of benchmarks demonstrate the efficacy and scalability of our RL agent, which obtains a significant reduction ($169\times$) in the number of test patterns required while maintaining or improving coverage ($95.75\%$) compared to the state-of-the-art techniques.

Satwik Patnaik, Vasudev Gohil, Hao Guo et al.

Reinforcement learning (RL) is a machine learning paradigm where an autonomous agent learns to make an optimal sequence of decisions by interacting with the underlying environment. The promise demonstrated by RL-guided workflows in unraveling electronic design automation problems has encouraged hardware security researchers to utilize autonomous RL agents in solving domain-specific problems. From the perspective of hardware security, such autonomous agents are appealing as they can generate optimal actions in an unknown adversarial environment. On the other hand, the continued globalization of the integrated circuit supply chain has forced chip fabrication to off-shore, untrustworthy entities, leading to increased concerns about the security of the hardware. Furthermore, the unknown adversarial environment and increasing design complexity make it challenging for defenders to detect subtle modifications made by attackers (a.k.a. hardware Trojans). In this brief, we outline the development of RL agents in detecting hardware Trojans, one of the most challenging hardware security problems. Additionally, we outline potential opportunities and enlist the challenges of applying RL to solve hardware security problems.

Lilas Alrahis, Satwik Patnaik, Muhammad Shafique et al.

Logic locking has received considerable interest as a prominent technique for protecting the design intellectual property from untrusted entities, especially the foundry. Recently, machine learning (ML)-based attacks have questioned the security guarantees of logic locking, and have demonstrated considerable success in deciphering the secret key without relying on an oracle, hence, proving to be very useful for an adversary in the fab. Such ML-based attacks have triggered the development of learning-resilient locking techniques. The most advanced state-of-the-art deceptive MUX-based locking (D-MUX) and the symmetric MUX-based locking techniques have recently demonstrated resilience against existing ML-based attacks. Both defense techniques obfuscate the design by inserting key-controlled MUX logic, ensuring that all the secret inputs to the MUXes are equiprobable. In this work, we show that these techniques primarily introduce local and limited changes to the circuit without altering the global structure of the design. By leveraging this observation, we propose a novel graph neural network (GNN)-based link prediction attack, MuxLink, that successfully breaks both the D-MUX and symmetric MUX-locking techniques, relying only on the underlying structure of the locked design, i.e., in an oracle-less setting. Our trained GNN model learns the structure of the given circuit and the composition of gates around the non-obfuscated wires, thereby generating meaningful link embeddings that help decipher the secret inputs to the MUXes. The proposed MuxLink achieves key prediction accuracy and precision up to 100% on D-MUX and symmetric MUX-locked ISCAS-85 and ITC-99 benchmarks, fully unlocking the designs. We open-source MuxLink [1].

Lilas Alrahis, Satwik Patnaik, Muhammad Abdullah Hanif et al.

Logic locking aims to prevent intellectual property (IP) piracy and unauthorized overproduction of integrated circuits (ICs). However, initial logic locking techniques were vulnerable to the Boolean satisfiability (SAT)-based attacks. In response, researchers proposed various SAT-resistant locking techniques such as point function-based locking and symmetric interconnection (SAT-hard) obfuscation. We focus on the latter since point function-based locking suffers from various structural vulnerabilities. The SAT-hard logic locking technique, InterLock [1], achieves a unified logic and routing obfuscation that thwarts state-of-the-art attacks on logic locking. In this work, we propose a novel link prediction-based attack, UNTANGLE, that successfully breaks InterLock in an oracle-less setting without having access to an activated IC (oracle). Since InterLock hides selected timing paths in key-controlled routing blocks, UNTANGLE reveals the gates and interconnections hidden in the routing blocks upon formulating this task as a link prediction problem. The intuition behind our approach is that ICs contain a large amount of repetition and reuse cores. Hence, UNTANGLE can infer the hidden timing paths by learning the composition of gates in the observed locked netlist or a circuit library leveraging graph neural networks. We show that circuits withstanding SAT-based and other attacks can be unlocked in seconds with 100% precision using UNTANGLE in an oracle-less setting. UNTANGLE is a generic attack platform (which we also open source [2]) that applies to multiplexer (MUX)-based obfuscation, as demonstrated through our experiments on ISCAS-85 and ITC-99 benchmarks locked using InterLock and random MUX-based locking.

Vasudev Gohil, Satwik Patnaik, Dileep Kalathil et al.

Machine learning has shown great promise in addressing several critical hardware security problems. In particular, researchers have developed novel graph neural network (GNN)-based techniques for detecting intellectual property (IP) piracy, detecting hardware Trojans (HTs), and reverse engineering circuits, to name a few. These techniques have demonstrated outstanding accuracy and have received much attention in the community. However, since these techniques are used for security applications, it is imperative to evaluate them thoroughly and ensure they are robust and do not compromise the security of integrated circuits. In this work, we propose AttackGNN, the first red-team attack on GNN-based techniques in hardware security. To this end, we devise a novel reinforcement learning (RL) agent that generates adversarial examples, i.e., circuits, against the GNN-based techniques. We overcome three challenges related to effectiveness, scalability, and generality to devise a potent RL agent. We target five GNN-based techniques for four crucial classes of problems in hardware security: IP piracy, detecting/localizing HTs, reverse engineering, and hardware obfuscation. Through our approach, we craft circuits that fool all GNNs considered in this work. For instance, to evade IP piracy detection, we generate adversarial pirated circuits that fool the GNN-based defense into classifying our crafted circuits as not pirated. For attacking HT localization GNN, our attack generates HT-infested circuits that fool the defense on all tested circuits. We obtain a similar 100% success rate against GNNs for all classes of problems.

Saeid Rajabi, Chengmo Yang, Satwik Patnaik

Formal Verification (FV) relies on high-quality SystemVerilog Assertions (SVAs), but the manual writing process is slow and error-prone. Existing LLM-based approaches either generate assertions from scratch or ignore structural patterns in hardware designs and expert-crafted assertions. This paper presents STELLAR, the first framework that guides LLM-based SVA generation with structural similarity. STELLAR represents RTL blocks as AST structural fingerprints, retrieves structurally relevant (RTL, SVA) pairs from a knowledge base, and integrates them into structure-guided prompts. Experiments show that STELLAR achieves superior syntax correctness, stylistic alignment, and functional correctness, highlighting structure-aware retrieval as a promising direction for industrial FV.

Lilas Alrahis, Satwik Patnaik, Johann Knechtel et al.

Logic locking aims to protect the intellectual property (IP) of integrated circuit (IC) designs throughout the globalized supply chain. The SAIL attack, based on tailored machine learning (ML) models, circumvents combinational logic locking with high accuracy and is amongst the most potent attacks as it does not require a functional IC acting as an oracle. In this work, we propose UNSAIL, a logic locking technique that inserts key-gate structures with the specific aim to confuse ML models like those used in SAIL. More specifically, UNSAIL serves to prevent attacks seeking to resolve the structural transformations of synthesis-induced obfuscation, which is an essential step for logic locking. Our approach is generic; it can protect any local structure of key-gates against such ML-based attacks in an oracle-less setting. We develop a reference implementation for the SAIL attack and launch it on both traditionally locked and UNSAIL-locked designs. In SAIL, a change-prediction model is used to determine which key-gate structures to restore using a reconstruction model. Our study on benchmarks ranging from the ISCAS-85 and ITC-99 suites to the OpenRISC Reference Platform System-on-Chip (ORPSoC) confirms that UNSAIL degrades the accuracy of the change-prediction model and the reconstruction model by an average of 20.13 and 17 percentage points (pp) respectively. When the aforementioned models are combined, which is the most powerful scenario for SAIL, UNSAIL reduces the attack accuracy of SAIL by an average of 11pp. We further demonstrate that UNSAIL thwarts other oracle-less attacks, i.e., SWEEP and the redundancy attack, indicating the generic nature and strength of our approach. Detailed layout-level evaluations illustrate that UNSAIL incurs minimal area and power overheads of 0.26% and 0.61%, respectively, on the million-gate ORPSoC design.

Lilas Alrahis, Satwik Patnaik, Faiq Khalid et al.

In this paper, we propose GNNUnlock, the first-of-its-kind oracle-less machine learning-based attack on provably secure logic locking that can identify any desired protection logic without focusing on a specific syntactic topology. The key is to leverage a well-trained graph neural network (GNN) to identify all the gates in a given locked netlist that belong to the targeted protection logic, without requiring an oracle. This approach fits perfectly with the targeted problem since a circuit is a graph with an inherent structure and the protection logic is a sub-graph of nodes (gates) with specific and common characteristics. GNNs are powerful in capturing the nodes' neighborhood properties, facilitating the detection of the protection logic. To rectify any misclassifications induced by the GNN, we additionally propose a connectivity analysis-based post-processing algorithm to successfully remove the predicted protection logic, thereby retrieving the original design. Our extensive experimental evaluation demonstrates that GNNUnlock is 99.24%-100% successful in breaking various benchmarks locked using stripped-functionality logic locking, tenacious and traceless logic locking, and Anti-SAT. Our proposed post-processing enhances the detection accuracy, reaching 100% for all of our tested locked benchmarks. Analysis of the results corroborates that GNNUnlock is powerful enough to break the considered schemes under different parameters, synthesis settings, and technology nodes. The evaluation further shows that GNNUnlock successfully breaks corner cases where even the most advanced state-of-the-art attacks fail.

Mohammed Nabeel, Mohammed Ashraf, Satwik Patnaik et al.

Dedicated, after acceptance and publication, in memory of the late Vassos Soteriou. For the first time, we leverage the 2.5D interposer technology to establish system-level security in the face of hardware- and software-centric adversaries. More specifically, we integrate chiplets (i.e., third-party hard intellectual property of complex functionality, like microprocessors) using a security-enforcing interposer. Such hardware organization provides a robust 2.5D root of trust for trustworthy, yet powerful and flexible, computation systems. The security paradigms for our scheme, employed firmly by design and construction, are: 1) stringent physical separation of trusted from untrusted components, and 2) runtime monitoring. The system-level activities of all untrusted commodity chiplets are checked continuously against security policies via physically separated security features. Aside from the security promises, the good economics of outsourced supply chains are still maintained; the system vendor is free to procure chiplets from the open market, while only producing the interposer and assembling the 2.5D system oneself. We showcase our scheme using the Cortex-M0 core and the AHB-Lite bus by ARM, building a secure 64-core system with shared memories. We evaluate our scheme through hardware simulation, considering different threat scenarios. Finally, we devise a physical-design flow for 2.5D systems, based on commercial-grade design tools, to demonstrate and evaluate our 2.5D root of trust.

Haocheng Li, Satwik Patnaik, Abhrajit Sengupta et al.

The notion of integrated circuit split manufacturing which delegates the front-end-of-line (FEOL) and back-end-of-line (BEOL) parts to different foundries, is to prevent overproduction, piracy of the intellectual property (IP), or targeted insertion of hardware Trojans by adversaries in the FEOL facility. In this work, we challenge the security promise of split manufacturing by formulating various layout-level placement and routing hints as vector- and image-based features. We construct a sophisticated deep neural network which can infer the missing BEOL connections with high accuracy. Compared with the publicly available network-flow attack [1], for the same set of ISCAS-85 benchmarks, we achieve 1.21X accuracy when splitting on M1 and 1.12X accuracy when splitting on M3 with less than 1% running time.

Johann Knechtel, Satwik Patnaik, Mohammed Nabeel et al.

Side-channel attacks have empowered bypassing of cryptographic components in circuits. Power side-channel (PSC) attacks have received particular traction, owing to their non-invasiveness and proven effectiveness. Aside from prior art focused on conventional technologies, this is the first work to investigate the emerging Negative Capacitance Transistor (NCFET) technology in the context of PSC attacks. We implement a CAD flow for PSC evaluation at design-time. It leverages industry-standard design tools, while also employing the widely-accepted correlation power analysis (CPA) attack. Using standard-cell libraries based on the 7nm FinFET technology for NCFET and its counterpart CMOS setup, our evaluation reveals that NCFET-based circuits are more resilient to the classical CPA attack, due to the considerable effect of negative capacitance on the switching power. We also demonstrate that the thicker the ferroelectric layer, the higher the resiliency of the NCFET-based circuit, which opens new doors for optimization and trade-offs.

Satwik Patnaik, Mohammed Ashraf, Ozgur Sinanoglu et al.

Layout camouflaging can protect the intellectual property of modern circuits. Most prior art, however, incurs excessive layout overheads and necessitates customization of active-device manufacturing processes, i.e., the front-end-of-line (FEOL). As a result, camouflaging has typically been applied selectively, which can ultimately undermine its resilience. Here, we propose a low-cost and generic scheme---full-chip camouflaging can be finally realized without reservations. Our scheme is based on obfuscating the interconnects, i.e., the back-end-of-line (BEOL), through design-time handling for real and dummy wires and vias. To that end, we implement custom, BEOL-centric obfuscation cells, and develop a CAD flow using industrial tools. Our scheme can be applied to any design and technology node without FEOL-level modifications. Considering its BEOL-centric nature, we advocate applying our scheme in conjunction with split manufacturing, to furthermore protect against untrusted fabs. We evaluate our scheme for various designs at the physical, DRC-clean layout level. Our scheme incurs a significantly lower cost than most of the prior art. Notably, for fully camouflaged layouts, we observe average power, performance, and area overheads of 24.96%, 19.06%, and 32.55%, respectively. We conduct a thorough security study addressing the threats (attacks) related to untrustworthy FEOL fabs (proximity attacks) and malicious end-users (SAT-based attacks). An empirical key finding is that only large-scale camouflaging schemes like ours are practically secure against powerful SAT-based attacks. Another key finding is that our scheme hinders both placement- and routing-centric proximity attacks; correct connections are reduced by 7.47X, and complexity is increased by 24.15X, respectively, for such attacks.

Satwik Patnaik, Mohammed Ashraf, Ozgur Sinanoglu et al.

Split manufacturing (SM) and layout camouflaging (LC) are two promising techniques to obscure integrated circuits (ICs) from malicious entities during and after manufacturing. While both techniques enable protecting the intellectual property (IP) of ICs, SM can further mitigate the insertion of hardware Trojans (HTs). In this paper, we strive for the "best of both worlds," that is we seek to combine the individual strengths of SM and LC. By jointly extending SM and LC techniques toward 3D integration, an up-and-coming paradigm based on stacking and interconnecting of multiple chips, we establish a modern approach to hardware security. Toward that end, we develop a security-driven CAD and manufacturing flow for 3D ICs in two variations, one for IP protection and one for HT prevention. Essential concepts of that flow are (i) "3D splitting" of the netlist to protect, (ii) obfuscation of the vertical interconnects (i.e., the wiring between stacked chips), and (iii) for HT prevention, a security-driven synthesis stage. We conduct comprehensive experiments on DRC-clean layouts of multi-million-gate DARPA and OpenCores designs (and others). Strengthened by extensive security analysis for both IP protection and HT prevention, we argue that entering the third dimension is eminent for effective and efficient hardware security.

Johann Knechtel, Jacek Gosciniak, Alabi Bojesomo et al.

The omnipresent digitalization trend has enabled a number of related malicious activities, ranging from data theft to disruption of businesses, counterfeiting of devices, and identity fraud, among others. Hence, it is essential to implement security schemes and to ensure the reliability and trustworthiness of electronic circuits. Toward this end, the concept of physically unclonable functions (PUFs) has been established at the beginning of the 21st century. However, most PUFs have eventually, at least partially, fallen short of their promises, which are unpredictability, unclonability, uniqueness, reproducibility, and tamper resilience. That is because most PUFs directly utilize the underlying microelectronics, but that intrinsic randomness can be limited and may thus be predicted, especially by machine learning. Optical PUFs, in contrast, are still considered as promising---they can derive strong, hard-to-predict randomness independently from microelectronics, by using some kind of "optical token." Here we propose a novel concept for plasmonics-enhanced optical PUFs, or peo-PUFs in short. For the first time, we leverage two highly nonlinear phenomena in conjunction by construction: (i) light propagation in a silicon disk resonator, and (ii) surface plasmons arising from nanoparticles arranged randomly on top of the resonator. We elaborate on the physical phenomena, provide simulation results, and conduct a security analysis of peo- PUFs for secure key generation and authentication. This study highlights the good potential of peo-PUFs, and our future work is to focus on fabrication and characterization of such PUFs.

Johann Knechtel, Satwik Patnaik, Ozgur Sinanoglu

We review threats and selected schemes concerning hardware security at design and manufacturing time as well as at runtime. We find that 3D integration can serve well to enhance the resilience of different hardware security schemes, but it also requires thoughtful use of the options provided by the umbrella term of 3D integration. Toward enforcing security at runtime, we envision secure 2.5D system-level integration of untrusted chips and "all around" shielding for 3D ICs.

Mohammed Nabeel, Mohammed Ashraf, Satwik Patnaik et al.

Leveraging 2.5D interposer technology, we advocate the integration of untrusted commodity components/chiplets with physically separate, entrusted logic components. Such organization provides a modern root of trust for secure system-level integration. We showcase our scheme by utilizing industrial ARM components that are interconnected via a security-providing active interposer, and thoroughly evaluate the achievable security via different threat scenarios. Finally, we provide detailed end-to-end physical design results to demonstrate the efficacy of our proposed methodology.

Satwik Patnaik, Nikhil Rangarajan, Johann Knechtel et al.

Protecting intellectual property (IP) has become a serious challenge for chip designers. Most countermeasures are tailored for CMOS integration and tend to incur excessive overheads, resulting from additional circuitry or device-level modifications. On the other hand, power density is a critical concern for sub-50 nm nodes, necessitating alternate design concepts. Although initially tailored for error-tolerant applications, imprecise computing has gained traction as a general-purpose design technique. Emerging devices are currently being explored to implement ultra-low-power circuits for inexact computing applications. In this paper, we quantify the security threats of imprecise computing using emerging devices. More specifically, we leverage the innate polymorphism and tunable stochastic behavior of spin-orbit torque (SOT) devices, particularly, the giant spin-Hall effect (GSHE) switch. We enable IP protection (by means of logic locking and camouflaging) simultaneously for deterministic and probabilistic computing, directly at the GSHE device level. We conduct a comprehensive security analysis using state-of-the-art Boolean satisfiability (SAT) attacks; this study demonstrates the superior resilience of our GSHE primitive when tailored for deterministic computing. We also demonstrate how probabilistic computing can thwart most, if not all, existing SAT attacks. Based on this finding, we propose an attack scheme called probabilistic SAT (PSAT) which can bypass the defense offered by logic locking and camouflaging for imprecise computing schemes. Further, we illustrate how careful application of our GSHE primitive can remain secure even on the application of the PSAT attack. Finally, we also discuss side-channel attacks and invasive monitoring, which are arguably even more concerning threats than SAT attacks.

Nikhil Rangarajan, Satwik Patnaik, Johann Knechtel et al.

The storage industry is moving toward emerging non-volatile memories (NVMs), including the spin-transfer torque magnetoresistive random-access memory (STT-MRAM) and the phase-change memory (PCM), owing to their high density and low-power operation. In this paper, we demonstrate, for the first time, circuit models and performance benchmarking for the domain wall (DW) reversal-based magnetoelectric-antiferromagnetic random access memory (ME-AFMRAM) at cell-level and at array-level. We also provide perspectives for coherent rotation-based memory switching with topological insulator-driven anomalous Hall read-out. In the coherent rotation regime, the ultra-low power magnetoelectric switching coupled with the terahertz-range antiferromagnetic dynamics result in substantially lower energy-per-bit and latency metrics for the ME-AFMRAM compared to other NVMs including STTMRAM and PCM. After characterizing the novel ME-AFMRAM, we leverage its unique properties to build a dense, on-chip, secure NVM platform, called SMART: A Secure Magnetoelectric Antiferromagnet- Based Tamper-Proof Non-Volatile Memory. New NVM technologies open up challenges and opportunities from a data-security perspective. For example, their sensitivity to magnetic fields and temperature fluctuations, and their data remanence after power-down make NVMs vulnerable to data theft and tampering attacks. The proposed SMART memory is not only resilient against data confidentiality attacks seeking to leak sensitive information but also ensures data integrity and prevents Denial-of-Service (DoS) attacks on the memory. It is impervious to particular power side-channel (PSC) attacks which exploit asymmetric read/write signatures for 0 and 1 logic levels, and photonic side-channel attacks which monitor photo-emission signatures from the chip backside.

Johann Knechtel, Satwik Patnaik, Ozgur Sinanoglu

The increasing cost of integrated circuit (IC) fabrication has driven most companies to "go fabless" over time. The corresponding outsourcing trend gave rise to various attack vectors, e.g., illegal overproduction of ICs, piracy of the design intellectual property (IP), or insertion of hardware Trojans (HTs). These attacks are possibly conducted by untrusted entities residing all over the supply chain, ranging from untrusted foundries, test facilities, even to end-users. To overcome this multitude of threats, various techniques have been proposed over the past decade. In this paper, we review the landscape of IP protection techniques, which can be classified into logic locking, layout camouflaging, and split manufacturing. We discuss the history of these techniques, followed by state-of-the-art advancements, relevant limitations, and scope for future work.

Satwik Patnaik, Mohammed Ashraf, Ozgur Sinanoglu et al.

With the globalization of manufacturing and supply chains, ensuring the security and trustworthiness of ICs has become an urgent challenge. Split manufacturing (SM) and layout camouflaging (LC) are promising techniques to protect the intellectual property (IP) of ICs from malicious entities during and after manufacturing (i.e., from untrusted foundries and reverse-engineering by end-users). In this paper, we strive for "the best of both worlds," that is of SM and LC. To do so, we extend both techniques towards 3D integration, an up-and-coming design and manufacturing paradigm based on stacking and interconnecting of multiple chips/dies/tiers. Initially, we review prior art and their limitations. We also put forward a novel, practical threat model of IP piracy which is in line with the business models of present-day design houses. Next, we discuss how 3D integration is a naturally strong match to combine SM and LC. We propose a security-driven CAD and manufacturing flow for face-to-face (F2F) 3D ICs, along with obfuscation of interconnects. Based on this CAD flow, we conduct comprehensive experiments on DRC-clean layouts. Strengthened by an extensive security analysis (also based on a novel attack to recover obfuscated F2F interconnects), we argue that entering the next, third dimension is eminent for effective and efficient IP protection.

Nikhil Rangarajan, Satwik Patnaik, Johann Knechtel et al.

The era of widespread globalization has led to the emergence of hardware-centric security threats throughout the IC supply chain. Prior defenses like logic locking, layout camouflaging, and split manufacturing have been researched extensively to protect against intellectual property (IP) piracy at different stages. In this work, we present dynamic camouflaging as a new technique to thwart IP reverse engineering at all stages in the supply chain, viz., the foundry, the test facility, and the end-user. Toward this end, we exploit the multi-functionality, post-fabrication reconfigurability, and run-time polymorphism of spin-based devices, specifically the magneto-electric spin-orbit (MESO) device. Leveraging these unique properties, dynamic camouflaging is shown to be resilient against state-of-the-art analytical SAT-based attacks and test-data mining attacks. Such dynamic reconfigurability is not afforded in CMOS owing to fundamental differences in operation. For such MESO-based camouflaging, we also anticipate massive savings in power, performance, and area over other spin-based camouflaging schemes, due to the energy-efficient electric-field driven reversal of the MESO device. Based on thorough experimentation, we outline the promises of dynamic camouflaging in securing the supply chain end-to-end along with a case study, demonstrating the efficacy of dynamic camouflaging in securing error-tolerant image processing IP.

Satwik Patnaik, Mohammed Ashraf, Johann Knechtel et al.

Split manufacturing (SM) seeks to protect against piracy of intellectual property (IP) in chip designs. Here we propose a scheme to manipulate both placement and routing in an intertwined manner, thereby increasing the resilience of SM layouts. Key stages of our scheme are to (partially) randomize a design, place and route the erroneous netlist, and restore the original design by re-routing the BEOL. Based on state-of-the-art proximity attacks, we demonstrate that our scheme notably excels over the prior art (i.e., 0% correct connection rates). Our scheme induces controllable PPA overheads and lowers commercial cost (the latter by splitting at higher layers).

Satwik Patnaik, Nikhil Rangarajan, Johann Knechtel et al.

Protecting intellectual property (IP) in electronic circuits has become a serious challenge in recent years. Logic locking/encryption and layout camouflaging are two prominent techniques for IP protection. Most existing approaches, however, particularly those focused on CMOS integration, incur excessive design overheads resulting from their need for additional circuit structures or device-level modifications. This work leverages the innate polymorphism of an emerging spin-based device, called the giant spin-Hall effect (GSHE) switch, to simultaneously enable locking and camouflaging within a single instance. Using the GSHE switch, we propose a powerful primitive that enables cloaking all the 16 Boolean functions possible for two inputs. We conduct a comprehensive study using state-of-the-art Boolean satisfiability (SAT) attacks to demonstrate the superior resilience of the proposed primitive in comparison to several others in the literature. While we tailor the primitive for deterministic computation, it can readily support stochastic computation; we argue that stochastic behavior can break most, if not all, existing SAT attacks. Finally, we discuss the resilience of the primitive against various side-channel attacks as well as invasive monitoring at runtime, which are arguably even more concerning threats than SAT attacks.

Satwik Patnaik, Johann Knechtel, Mohammed Ashraf et al.

Here we advance the protection of split manufacturing (SM)-based layouts through the judicious and well-controlled handling of interconnects. Initially, we explore the cost-security trade-offs of SM, which are limiting its adoption. Aiming to resolve this issue, we propose effective and efficient strategies to lift nets to the BEOL. Towards this end, we design custom "elevating cells" which we also provide to the community. Further, we define and promote a new metric, Percentage of Netlist Recovery (PNR), which can quantify the resilience against gate-level theft of intellectual property (IP) in a manner more meaningful than established metrics. Our extensive experiments show that we outperform the recent protection schemes regarding security. For example, we reduce the correct connection rate to 0\% for commonly considered benchmarks, which is a first in the literature. Besides, we induce reasonably low and controllable overheads on power, performance, and area (PPA). At the same time, we also help to lower the commercial cost incurred by SM.

Satwik Patnaik, Mohammed Ashraf, Johann Knechtel et al.

Layout camouflaging (LC) is a promising technique to protect chip design intellectual property (IP) from reverse engineers. Most prior art, however, cannot leverage the full potential of LC due to excessive overheads and/or their limited scope on an FEOL-centric and accordingly customized manufacturing process. If at all, most existing techniques can be reasonably applied only to selected parts of a chip---we argue that such "small-scale or custom camouflaging" will eventually be circumvented, irrespective of the underlying technique. In this work, we propose a novel LC scheme which is low-cost and generic---full-chip LC can finally be realized without any reservation. Our scheme is based on obfuscating the interconnects (BEOL); it can be readily applied to any design without modifications in the device layer (FEOL). Applied with split manufacturing in conjunction, our approach is the first in the literature to cope with both the FEOL fab and the end-user being untrustworthy. We implement and evaluate our primitives at the (DRC-clean) layout level; our scheme incurs significantly lower cost than most of the previous works. When comparing fully camouflaged to original layouts (i.e., for 100% LC), we observe on average power, performance, and area overheads of 12%, 30%, and 48%, respectively. Here we also show empirically that most existing LC techniques (as well as ours) can only provide proper resilience against powerful SAT attacks once at least 50% of the layout is camouflaged---only large-scale LC is practically secure. As indicated, our approach can deliver even 100% LC at acceptable cost. Finally, we also make our flow publicly available, enabling the community to protect their sensitive designs.

Abhrajit Sengupta, Satwik Patnaik, Johann Knechtel et al.

Split manufacturing is a promising technique to defend against fab-based malicious activities such as IP piracy, overbuilding, and insertion of hardware Trojans. However, a network flow-based proximity attack, proposed by Wang et al. (DAC'16) [1], has demonstrated that most prior art on split manufacturing is highly vulnerable. Here in this work, we present two practical layout techniques towards secure split manufacturing: (i) gate-level graph coloring and (ii) clustering of same-type gates. Our approach shows promising results against the advanced proximity attack, lowering its success rate by 5.27x, 3.19x, and 1.73x on average compared to the unprotected layouts when splitting at metal layers M1, M2, and M3, respectively. Also, it largely outperforms previous defense efforts; we observe on average 8x higher resilience when compared to representative prior art. At the same time, extensive simulations on ISCAS'85 and MCNC benchmarks reveal that our techniques incur an acceptable layout overhead. Apart from this empirical study, we provide---for the first time---a theoretical framework for quantifying the layout-level resilience against any proximity-induced information leakage. Towards this end, we leverage the notion of mutual information and provide extensive results to validate our model.