Litcius/Paper detail

Is Register Transfer Level Locking Secure?

Chandan Karfa, Ramanuj Chouksey, Christian Pilato, Siddharth Garg, Ramesh Karri

202028 citationsDOIOpen Access PDF

Abstract

Register Transfer Level (RTL) locking seeks to prevent intellectual property (IP) theft of a design by locking the RTL description that functions correctly on the application of a key. This paper evaluates the security of a state-of-the-art RTL locking scheme using a satisfiability modulo theories (SMT) based algorithm to retrieve the secret key. The attack first obtains the high-level behavior of the locked RTL, and then use an SMT based formulation to find so-called distinguishing input patterns (DIP) <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">1</sup> The attack methodology has two main advantages over the gate-level attacks. First, since the attack handles the design at the RTL, the method scales to large designs. Second, the attack does not apply separate unlocking strategies for the combinational and sequential parts of a design; it handles both styles via a unifying abstraction. We demonstrate the attack on locked RTL generated by TAO [1], a state-of-the-art RTL locking solution. Empirical results show that we can partially or completely break designs locked by TAO.

Topics & Concepts

Computer scienceKey (lock)ModuloSatisfiability modulo theoriesAbstractionRegister-transfer levelState (computer science)Scheme (mathematics)Theoretical computer scienceAlgorithmLogic synthesisLogic gateComputer securityMathematicsDiscrete mathematicsMathematical analysisEpistemologyPhilosophyPhysical Unclonable Functions (PUFs) and Hardware SecurityCryptographic Implementations and SecuritySecurity and Verification in Computing
Is Register Transfer Level Locking Secure? | Litcius