SnapShot – CAD for Assurance

By: Dominik Sisejkovic (RWTH Aachen University), Farhad Merchant (RWTH Aachen University), Lennart M. Reimann (RWTH Aachen University), Harshit Srivastava (RWTH Aachen University), Ahmed Hallawa (RWTH Aachen University) and Rainer Leupers (RWTH Aachen University)

Stage: RTL, Gate-Level

Summary

SnapShot is an oracle-less attack on logic locking that utilizes machine learning/deep learning methods to extract (predict) the correct key out of a locked gate-level netlist (both combinational and sequential). Hereby, SnapShot can perform the prediction by just “looking” at the post-resynthesized netlist, without the need to reconstruct the pre-resynthesized design. The major aspects of SnapShot are as follows:

The attack is applicable without a golden reference.
The attack flow can be adapted to any logic locking scheme. Note that, in principle, SnapShot can be applied to multiple design levels (e.g., RTL, gate-level or even layout).
SnapShot has a linear time complexity with respect to the key length.
Any machine learning/deep learning model can be used inside SnapShot for attack exploration.

Contact

Dominik Sisejkovic

Input/Output Interface

Input: Logic locked post-resynthesized gate-level netlist
Output: Predicted activation key bits

Dependencies

Synthesis tool (e.g., Synopsys DC)

Licensing Info

For now: the tool is not yet available online

References

Sisejkovic, Dominik; Merchant, Farhad; Reimann, Lennart M; Srivastava, Harshit; Hallawa, Ahmed; Leupers, Rainer

Challenging the Security of Logic Locking Schemes in the Era of Deep Learning: A Neuroevolutionary Approach Journal Article

In: J. Emerg. Technol. Comput. Syst., vol. 17, no. 3, 2021, ISSN: 1550-4832.

Abstract | Links | BibTeX

@article{10.1145/3431389,

title = {Challenging the Security of Logic Locking Schemes in the Era of Deep Learning: A Neuroevolutionary Approach},

author = {Dominik Sisejkovic and Farhad Merchant and Lennart M Reimann and Harshit Srivastava and Ahmed Hallawa and Rainer Leupers},

url = {https://doi.org/10.1145/3431389},

doi = {10.1145/3431389},

issn = {1550-4832},

year  = {2021},

date = {2021-01-01},

journal = {J. Emerg. Technol. Comput. Syst.},

volume = {17},

number = {3},

publisher = {Association for Computing Machinery},

address = {New York, NY, USA},

abstract = {Logic locking is a prominent technique to protect the integrity of hardware designs throughout the integrated circuit design and fabrication flow. However, in recent years, the security of locking schemes has been thoroughly challenged by the introduction of various deobfuscation attacks. As in most research branches, deep learning is being introduced in the domain of logic locking as well. Therefore, in this article we present SnapShot, a novel attack on logic locking that is the first of its kind to utilize artificial neural networks to directly predict a key bit value from a locked synthesized gate-level netlist without using a golden reference. Hereby, the attack uses a simpler yet more flexible learning model compared to existing work. Two different approaches are evaluated. The first approach is based on a simple feedforward fully connected neural network. The second approach utilizes genetic algorithms to evolve more complex convolutional neural network architectures specialized for the given task. The attack flow offers a generic and customizable framework for attacking locking schemes using machine learning techniques. We perform an extensive evaluation of SnapShot for two realistic attack scenarios, comprising both reference combinational and sequential benchmark circuits as well as silicon-proven RISC-V core modules. The evaluation results show that SnapShot achieves an average key prediction accuracy of 82.60% for the selected attack scenario, with a significant performance increase of 10.49 percentage points compared to the state of the art. Moreover, SnapShot outperforms the existing technique on all evaluated benchmarks. The results indicate that the security foundation of common logic locking schemes is built on questionable assumptions. Based on the lessons learned, we discuss the vulnerabilities and potentials of logic locking uncovered by SnapShot. The conclusions offer insights into the challenges of designing future logic locking schemes that are resilient to machine learning attacks.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Logic locking is a prominent technique to protect the integrity of hardware designs throughout the integrated circuit design and fabrication flow. However, in recent years, the security of locking schemes has been thoroughly challenged by the introduction of various deobfuscation attacks. As in most research branches, deep learning is being introduced in the domain of logic locking as well. Therefore, in this article we present SnapShot, a novel attack on logic locking that is the first of its kind to utilize artificial neural networks to directly predict a key bit value from a locked synthesized gate-level netlist without using a golden reference. Hereby, the attack uses a simpler yet more flexible learning model compared to existing work. Two different approaches are evaluated. The first approach is based on a simple feedforward fully connected neural network. The second approach utilizes genetic algorithms to evolve more complex convolutional neural network architectures specialized for the given task. The attack flow offers a generic and customizable framework for attacking locking schemes using machine learning techniques. We perform an extensive evaluation of SnapShot for two realistic attack scenarios, comprising both reference combinational and sequential benchmark circuits as well as silicon-proven RISC-V core modules. The evaluation results show that SnapShot achieves an average key prediction accuracy of 82.60% for the selected attack scenario, with a significant performance increase of 10.49 percentage points compared to the state of the art. Moreover, SnapShot outperforms the existing technique on all evaluated benchmarks. The results indicate that the security foundation of common logic locking schemes is built on questionable assumptions. Based on the lessons learned, we discuss the vulnerabilities and potentials of logic locking uncovered by SnapShot. The conclusions offer insights into the challenges of designing future logic locking schemes that are resilient to machine learning attacks.