Logic locking refers to a set of techniques that can protect integrated circuits (ICs) from counterfeiting, piracy and malicious functionality changes by an untrusted foundry. It achieves these goals by introducing new inputs, called key inputs, and additional logic to an IC such that the circuit produces the correct output only when the key inputs are set to specific values. The correct values of the key inputs are kept secret from the untrusted foundry and programmed after manufacturing and before distribution, rendering piracy, counterfeiting and malicious design changes infeasible. The security of logic locking relies on the assumption that the untrusted foundry cannot infer the correct values of the key inputs by analysis of the circuit. This paper proposes Functional Analysis attacks on Logic Locking algorithms (abbreviated as FALL attacks). FALL attacks have two stages. Their first stage is dependent on the locking algorithm and involves analyzing structural and functional properties of locked circuits to identify a list of potential locking keys. The second stage is algorithm agnostic and introduces a powerful addition to SAT-based attacks called key confirmation. Key confirmation can identify the correct key from a list of alternatives and works even on circuits that are resilient to the SAT attack. In comparison to past work, the FALL attack is more practical as it can often succeed (90% of successful attempts in our experiments) by only analyzing the locked netlist, without requiring oracle access to an unlocked circuit. Our experimental evaluation shows that FALL attacks are able to defeat 65 out of 80 (81%) circuits locked using Stripped-Functionality Logic Locking (SFLL-HD).
翻译:逻辑锁定的安全依据的假设是,未经信任的铸造机无法通过电路分析推断出80种关键投入的正确值。本文建议对逻辑锁定算法进行功能分析攻击(以法勒攻击为例),因此电路只有在将关键投入设定为特定值时才产生正确的输出。关键输入的正确值与未经信任的铸造机保持秘密,并在制造和分销后编程后,使未经信任的铸造机和恶意设计改变变得不可行。逻辑锁定的准确性取决于以下假设:未经信任的铸造机无法通过电路分析推断出80种关键投入的正确值。本文提议对逻辑锁定算法进行功能分析攻击(以法勒攻击为例),这有两个阶段:关键输入器的正确值取决于锁制算法,并涉及分析锁定电路的结构性和功能性特性,以确定潜在锁定键的列表。第二个阶段只是算法,并在以SAT为基础的攻击中引入一个强有力的附加值,称为关键性确认。关键确认可以确定对逻辑锁定算法勒法攻击的准确性选择,也就是,在不甚易变变法路中,因此需要将FLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL。