Deep RNN-Oriented Paradigm Shift through BOCANet: Broken Obfuscated Circuit Attack
This work addresses hardware security vulnerabilities for chip designers and manufacturers, offering a more efficient attack method that could impact countermeasures against counterfeiting and reverse engineering.
The paper tackles the problem of attacking hardware obfuscation circuits, which are vulnerable to existing methods like SAT-based attacks, by proposing BOCANet, a deep RNN-oriented approach that achieves over 20x faster attack speeds with high success rates and can reconstruct secret keys using less than 0.5% of I/O pairs.
This is the first work augmenting hardware attacks mounted on obfuscated circuits by incorporating deep recurrent neural network (D-RNN). Logic encryption obfuscation has been used for thwarting counterfeiting, overproduction, and reverse engineering but vulnerable to attacks. There have been efficient schemes, e.g., satisfiability-checking (SAT) based attack, which can potentially compromise hardware obfuscation circuits. Nevertheless, not only there exist countermeasures against such attacks in the state-of-the-art (including the recent delay+logic locking (DLL) scheme in DAC'17), but the sheer amount of time/resources to mount the attack could hinder its efficacy. In this paper, we propose a deep RNN-oriented approach, called BOCANet, to (i) compromise the obfuscated hardware at least an order-of magnitude more efficiently (>20X faster with relatively high success rate) compared to existing attacks; (ii) attack such locked hardware even when the resources to the attacker are only limited to insignificant number of I/O pairs (< 0.5\%) to reconstruct the secret key; and (iii) break a number of experimented benchmarks (ISCAS-85 c423, c1355, c1908, and c7552) successfully.