SeqL: Secure Scan-Locking for IP Protection
This addresses IP protection for hardware designers by providing a defense against scan-chain attacks, though it appears incremental as it builds on existing logic-locking methods.
The paper tackles the problem of securing sequential circuits against logic-locking attacks by proposing SeqL, which achieves functional isolation and locks selective flip-flop pairs to render decrypted keys functionally incorrect, resulting in 100% resilience to state-of-the-art attacks on various benchmarks including a RISC-V CPU.
Existing logic-locking attacks are known to successfully decrypt functionally correct key of a locked combinational circuit. It is possible to extend these attacks to real-world Silicon-based Intellectual Properties (IPs, which are sequential circuits) through scan-chains by selectively initializing the combinational logic and analyzing the responses. In this paper, we propose SeqL, which achieves functional isolation and locks selective flip-flop functional-input/scan-output pairs, thus rendering the decrypted key functionally incorrect. We conduct a formal study of the scan-locking problem and demonstrate automating our proposed defense on any given IP. We show that SeqL hides functionally correct keys from the attacker, thereby increasing the likelihood of the decrypted key being functionally incorrect. When tested on pipelined combinational benchmarks (ISCAS,MCNC), sequential benchmarks (ITC) and a fully-fledged RISC-V CPU, SeqL gave 100% resilience to a broad range of state-of-the-art attacks including SAT[1], Double-DIP[2], HackTest[3], SMT[4], FALL[5], Shift-and-Leak[6] and Multi-cycle attacks[7].