TimingCamouflage+: Netlist Security Enhancement with Unconventional Timing (with Appendix)
This addresses chip security for hardware designers by making reverse engineering more difficult, though it is incremental as it builds on existing timing-based defenses.
The paper tackles the problem of chip counterfeiting by reverse engineering netlists, proposing to use unconventional timing with wave-pipelining to invalidate the assumption that a netlist fully represents circuit function, resulting in successful construction of true and false paths with negligible cost to thwart attacks.
With recent advances in reverse engineering, attackers can reconstruct a netlist to counterfeit chips by opening the die and scanning all layers of authentic chips. This relatively easy counterfeiting is made possible by the use of the standard simple clocking scheme, where all combinational blocks function within one clock period, so that a netlist of combinational logic gates and flip-flops is sufficient to duplicate a design. In this paper, we propose to invalidate the assumption that a netlist completely represents the function of a circuit with unconventional timing. With the introduced wave-pipelining paths, attackers have to capture gate and interconnect delays during reverse engineering, or to test a huge number of combinational paths to identify the wave-pipelining paths. To hinder the test-based attack, we construct false paths with wave-pipelining to increase the counterfeiting challenge. Experimental results confirm that wave-pipelining true paths and false paths can be constructed in benchmark circuits successfully with only a negligible cost, thus thwarting the potential attack techniques.