Abstract
Designers use third-party intellectual property (IP) cores and outsource various steps in the integrated circuit (IC) design and manufacturing flow. As a result, security vulnerabilities have been rising. This is forcing IC designers and end users to re-evaluate their trust in ICs. If attackers get hold of an unprotected IC, they can reverse engineer the IC and pirate the IP. Similarly, if attackers get hold of a design, they can insert malicious circuits or take advantage of “backdoors” in a design. Unintended design bugs can also result in security weaknesses. This tutorial paper provides an introduction to the domain of hardware security through two pedagogical examples of hardware security problems. The first is a walk-through of the scan chain-based side channel attack. The second is a walk-through of logic locking of digital designs. The tutorial material is accompanied by open access digital resources that are linked in this article.
- [1] . 2021. From FPGAs to obfuscated eASICs: Design and security trade-offs. In 2021 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). 1–4.
DOI: Google ScholarCross Ref
- [2] . 2008. Scan based side channel attacks on stream ciphers and their counter-measures. In Progress in Cryptology - INDOCRYPT 2008 (Lecture Notes in Computer Science), , , and (Eds.). Springer, Berlin, 226–238.
DOI: Google ScholarDigital Library
- [3] . 2021. SCOPE: Synthesis-based constant propagation attack on logic locking. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 29, 8 (
Aug. 2021), 1529–1542.DOI: Conference Name: IEEE Transactions on Very Large Scale Integration (VLSI) Systems .Google ScholarDigital Library
- [4] . 2014. Test-mode-only scan attack using the boundary scan chain. In 2014 19th IEEE European Test Symposium (ETS). 1–6.
DOI: ISSN: 1558-1780 .Google ScholarCross Ref
- [5] . 2021. ScanSAT: Unlocking static and dynamic scan obfuscation. IEEE Transactions on Emerging Topics in Computing 9, 4 (
Oct. 2021), 1867–1882.DOI: Conference Name: IEEE Transactions on Emerging Topics in Computing .Google ScholarCross Ref
- [6] . 2019. ScanSAT: Unlocking obfuscated scan chains. In Proceedings of the 24th Asia and South Pacific Design Automation Conference (ASPDAC’19). Association for Computing Machinery, New York, NY, USA, 352–357.
DOI: Google ScholarDigital Library
- [7] . 2012. Dynamically changeable secure scan architecture against scan-based side channel attack. In 2012 International SoC Design Conference (ISOCC). 155–158.
DOI: Google ScholarCross Ref
- [8] . 2021. From cryptography to logic locking: A survey on the architecture evolution of secure scan chains. IEEE Access 9 (2021), 73133–73151.
DOI: Conference Name: IEEE Access .Google ScholarCross Ref
- [9] . 2014. Cryptanalysis of the double-feedback XOR-chain scheme proposed in indocrypt 2013. In Progress in Cryptology – INDOCRYPT 2014 (Lecture Notes in Computer Science), and (Eds.). Springer International Publishing, Cham, 179–196.
DOI: Google ScholarDigital Library
- [10] . 2013. Improved scan-chain based attacks and related countermeasures. In Progress in Cryptology – INDOCRYPT 2013 (Lecture Notes in Computer Science), and (Eds.). Springer International Publishing, Cham, 78–97.
DOI: Google ScholarDigital Library
- [11] . 2019. CAD-base: An attack vector into the electronics supply chain. ACM Transactions on Design Automation of Electronic Systems 24, 4 (
April 2019), 38:1–38:30.DOI: Google ScholarDigital Library
- [12] . 2022. Towards a formal treatment of logic locking. IACR Transactions on Cryptographic Hardware and Embedded Systems (
Feb. 2022), 92–114.DOI: Google ScholarCross Ref
- [13] . 2021. Exploring eFPGA-based redaction for IP protection. In 2021 IEEE/ACM International Conference On Computer Aided Design (ICCAD). 1–9.
DOI: ISSN: 1558-2434 .Google ScholarDigital Library
- [14] . 2018. Special session: Advances and throwbacks in hardware-assisted security. In 2018 International Conference on Compilers, Architectures and Synthesis for Embedded Systems (CASES). IEEE, Turin, 1–10.
DOI: Google ScholarCross Ref
- [15] . 2020. Keynote: A disquisition on logic locking. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 39, 10 (
Oct. 2020), 1952–1972.DOI: Conference Name: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems .Google ScholarCross Ref
- [16] . 2021. SAIL: Analyzing structural artifacts of logic locking using machine learning. IEEE Transactions on Information Forensics and Security 16 (2021), 3828–3842.
DOI: Conference Name: IEEE Transactions on Information Forensics and Security .Google ScholarCross Ref
- [17] . 2009. HARPOON: An obfuscation-based SoC design methodology for hardware protection. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 28, 10 (
Oct. 2009), 1493–1502.DOI: Google ScholarDigital Library
- [18] . 1998. Functional scan chain testing. In Proceedings Design, Automation and Test in Europe. IEEE Comput. Soc, Paris, France, 278–283.
DOI: Google ScholarCross Ref
- [19] . 2018. Confidentiality, Integrity and Availability - The CIA Triad. https://www.certmike.com/confidentiality-integrity-and-availability-the-cia-triad/.Google Scholar
- [20] . 2020. DECOY: DEflection-driven HLS-based computation partitioning for obfuscating intellectual PropertY. In 2020 57th ACM/IEEE Design Automation Conference (DAC). 1–6.
DOI: ISSN: 0738-100X .Google ScholarCross Ref
- [21] . 2022. Predictive model attack for embedded FPGA logic locking. In Proceedings of the ACM/IEEE International Symposium on Low Power Electronics and Design (ISLPED’22). Association for Computing Machinery, New York, NY, USA, 1–6.
DOI: Google ScholarDigital Library
- [22] . 2022. State of the Union: New EU cybersecurity rules. https://ec.europa.eu/commission/presscorner/detail/en/ip_22_5374.Google Scholar
- [23] . 2013. Research Needs for Trustworthy, and Reliable Semiconductors.
Technical Report . https://www.src.org/calendar/e004965/sa-ts-workshop-report-final.pdf.Google Scholar - [24] . 2019. A comprehensive survey of hardware-assisted security: From the edge to the cloud. Internet of Things 6 (
June 2019), 100055.DOI: Google ScholarCross Ref
- [25] . 2022. Semiconductor Research Corporation - SRC. https://www.src.org/program/grc/hws/.Google Scholar
- [26] . 2022. CWE - CWE-1194: Hardware Design (4.1). https://cwe.mitre.org/data/definitions/1194.html.Google Scholar
- [27] . 2017. Why current secure scan designs fail and how to fix them? Integration 56 (
Jan. 2017), 105–114.DOI: Google ScholarDigital Library
- [28] . 2020. DARPA Selects Teams to Increase Security of Semiconductor Supply Chain. https://www.darpa.mil/news-events/2020-05-27.Google Scholar
- [29] 2022. 2022 Semiconductor Industry Outlook.
Technical Report . https://www2.deloitte.com/us/en/pages/technology-media-and-telecommunications/articles/semiconductor-industry-outlook.html.Google Scholar - [30] . 2019. Characterization of locked combinational circuits via ATPG. In 2019 IEEE International Test Conference (ITC). 1–10.
DOI: .ISSN: 2378-2250 .Google ScholarCross Ref
- [31] . 2019. Characterization of locked sequential circuits via ATPG. In 2019 IEEE International Test Conference in Asia (ITC-Asia). 97–102.
DOI: Google ScholarCross Ref
- [32] . 1996. Algorithms for the Satisfiability (SAT) Problem: A Survey.
Technical Report . Cincinnati Univ. Ohio, Dept. of Electrical and Computer Engineering. https://apps.dtic.mil/sti/citations/ADA326042.Section: Technical Reports .Google Scholar - [33] . 2018. Robust design-for-security architecture for enabling trust in IC manufacturing and test. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 26, 5 (
May 2018), 818–830.DOI: Conference Name: IEEE Transactions on Very Large Scale Integration (VLSI) Systems .Google ScholarCross Ref
- [34] . 2004. Scan design and secure chip [secure IC testing]. In IOLTS: International On-Line Testing Symposium. IEEE, Madeira Island, Portugal, 219–224.
DOI: Google ScholarCross Ref
- [35] . 2008. Survey of scan chain diagnosis. IEEE Design & Test of Computers 25, 3 (
May 2008), 240–248.DOI: Google ScholarDigital Library
- [36] . 2013. IEEE standard for test access port and boundary-scan architecture. IEEE Std 1149.1-2013 (Revision of IEEE Std 1149.1-2001) (
May 2013), 1–444.DOI: Google ScholarCross Ref
- [37] . 2019. Towards hardware-assisted security for IoT systems. In 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). 632–637.
DOI: ISSN: 2159-3477 .Google ScholarCross Ref
- [38] . 2018. Encrypt Flip-Flop: A Novel Logic Encryption Technique For Sequential Circuits.
DOI: arXiv:1801.04961 [cs] .Google ScholarCross Ref
- [39] . 2020. A scan obfuscation guided design-for-security approach for sequential circuits. IEEE Transactions on Circuits and Systems II: Express Briefs 67, 3 (
March 2020), 546–550.DOI: Conference Name: IEEE Transactions on Circuits and Systems II: Express Briefs .Google ScholarCross Ref
- [40] . 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA). 361–372.
DOI: ISSN: 1063-6897 .Google ScholarCross Ref
- [41] . 2019. Spectre attacks: Exploiting speculative execution. In 40th IEEE Symposium on Security and Privacy (S&P’19).Google Scholar
- [42] . 2020. Dedicated security chips in the age of secure enclaves. IEEE Security Privacy 18, 5 (
Sept. 2020), 38–46.DOI: Conference Name: IEEE Security Privacy .Google ScholarDigital Library
- [43] . 2019. Piercing logic locking keys through redundancy identification. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE). 540–545.
DOI: ISSN: 1558-1101 .Google ScholarCross Ref
- [44] . 2021. Thwarting all logic locking attacks: Dishonest Oracle with truly random logic locking. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 40, 9 (
Sept. 2021), 1740–1753.DOI: Conference Name: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems .Google ScholarCross Ref
- [45] . 2019. Is robust design-for-security robust enough? Attack on locked circuits with restricted scan chain access. In 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 1–8.
DOI: ISSN: 1558-2434 .Google ScholarCross Ref
- [46] . 2018. Meltdown: Reading kernel memory from user space. In 27th USENIX Security Symposium (USENIX Security 18).Google Scholar
- [47] . 2009. Attacking smart card systems: Theory and practice. Information Security Technical Report 14, 2 (
May 2009), 46–56.DOI: Google ScholarDigital Library
- [48] . 2022. CWE - CWE Most Important Hardware Weaknesses. https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html.Google Scholar
- [49] . 2021. Hardware redaction via designer-directed fine-grained eFPGA insertion. In Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, Virtual, 6.Google Scholar
Cross Ref
- [50] . 2020. RowHammer: A retrospective. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 39, 8 (
Aug. 2020), 1555–1571.DOI: Google ScholarDigital Library
- [51] . 1999. Data Encryption Standard (DES).
Technical Report Federal Information Processing Standard (FIPS) PUB 46-3. U.S. Department of Commerce National Institute of Standards and Technology. https://csrc.nist.gov/csrc/media/publications/fips/46/3/archive/1999-10-25/documents/fips46-3.pdf.Google Scholar - [52] . 2001. Advanced Encryption Standard (AES).
Technical Report Federal Information Processing Standard (FIPS) 197. U.S. Department of Commerce National Institute of Standards and Technology.DOI: Google ScholarCross Ref
- [53] . 2020. One exploit to rule them all? On the security of drop-in replacement and counterfeit microcontrollers. In 14th USENIX Workshop on Offensive Technologies (WOOT 20). USENIX Association. https://www.usenix.org/conference/woot20/presentation/obermaier.Google Scholar
- [54] 2022. Obviating multiple attacks with enhanced logic locking. In Proceedings of the 2022 Fourteenth International Conference on Contemporary Computing (IC3-2022). Association for Computing Machinery, New York, NY, USA, 162–167.
DOI: Google ScholarDigital Library
- [55] . 2022. Practical Implementation of Robust State Space Obfuscation for Hardware IP Protection.
DOI: Google ScholarCross Ref
- [56] . 2012. Security analysis of logic obfuscation. In DAC Design Automation Conference 2012. 83–89.
DOI: ISSN: 0738-100X .Google ScholarDigital Library
- [57] . 2004. Security as a new dimension in embedded system design. In Proceedings of the 41st Annual Conference on Design Automation - DAC’04. ACM Press, San Diego, CA, USA, 753.
DOI: Google ScholarDigital Library
- [58] . 2014. A primer on hardware security: Models, methods, and metrics. Proc. IEEE 102, 8 (
Aug. 2014), 1283–1295.DOI: Google ScholarCross Ref
- [59] . 2008. EPIC: Ending piracy of integrated circuits. In Proceedings of the Conference on Design, Automation and Test in Europe (DATE’08). ACM, New York, NY, USA, 1069–1074.
DOI: Google ScholarDigital Library
- [60] . 2014. The CIA strikes back: Redefining confidentiality, integrity and availability in security. Journal of Information System Security 10, 3 (
July 2014).Google Scholar - [61] . 2021. Pipeline attack yields urgent lessons about U.S. cybersecurity. The New York Times (
May 2021). https://www.nytimes.com/2021/05/14/us/politics/pipeline-hack.html.Google Scholar - [62] . 2007. Secured flipped scan-chain model for crypto-architecture. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 26, 11 (
Nov. 2007), 2080–2084.DOI: Conference Name: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems .Google ScholarDigital Library
- [63] . 2020. Truly stripping functionality for logic locking: A fault-based perspective. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (2020), 1–1.
DOI: Google ScholarCross Ref
- [64] . 2017. AppSAT: Approximately deobfuscating integrated circuits. In 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 95–100.
DOI: ISSN: null .Google ScholarCross Ref
- [65] . 2017. Cyclic obfuscation for creating SAT-unresolvable circuits. In Proceedings of the on Great Lakes Symposium on VLSI 2017 (GLSVLSI’17). Association for Computing Machinery, Banff, Alberta, Canada, 173–178.
DOI: Google ScholarDigital Library
- [66] . 2019. KC2: Key-condition crunching for fast sequential circuit deobfuscation. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE). 534–539.
DOI: ISSN: 1558-1101 .Google ScholarCross Ref
- [67] . 2019. IcySAT: Improved SAT-based attacks on cyclic locked circuits. In 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 1–7.
DOI: ISSN: 1558-2434 .Google ScholarCross Ref
- [68] . 2019. BeSAT: Behavioral SAT-based attack on cyclic logic encryption. In Proceedings of the 24th Asia and South Pacific Design Automation Conference. ACM, Tokyo Japan, 657–662.
DOI: Google ScholarDigital Library
- [69] . 2019. Design obfuscation through selective post-fabrication transistor-level programming. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE). 528–533.
DOI: ISSN: 1558-1101 .Google ScholarCross Ref
- [70] . 2014. Threat Modeling: Designing for Security. John Wiley & Sons.Google Scholar
Digital Library
- [71] . 2021. Challenging the security of logic locking schemes in the era of deep learning: A neuroevolutionary approach. ACM Journal on Emerging Technologies in Computing Systems 17, 3 (
May 2021), 30:1–30:26.DOI: Google ScholarDigital Library
- [72] . 2021. Logic locking at the frontiers of machine learning: A survey on developments and opportunities. In 2021 IFIP/IEEE 29th International Conference on Very Large Scale Integration (VLSI-SoC). 1–6.
DOI: ISSN: 2324-8440 .Google ScholarCross Ref
- [73] . 2014. Microcontrollers as (In)security devices for pervasive computing applications. Proc. IEEE 102, 8 (
Aug. 2014), 1157–1173.DOI: Conference Name: Proceedings of the IEEE .Google ScholarCross Ref
- [74] . 2015. Evaluating the security of logic encryption algorithms. In 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 137–143.
DOI: Google ScholarCross Ref
- [75] . 2022. Logictools. http://logictools.org.Google Scholar
- [76] . 2022. Challenges and opportunities for hardware-assisted security improvements in the field. In 2022 23rd International Symposium on Quality Electronic Design (ISQED). 90–95.
DOI: ISSN: 1948-3295 .Google ScholarCross Ref
- [77] . 2020. Benchmarking at the Frontier of Hardware Security: Lessons from Logic Locking. http://arxiv.org/abs/2006.06806.Google Scholar
- [78] . 2022. ALICE: An automatic design flow for eFPGA redaction. In Proceedings of the 59th ACM/IEEE Design Automation Conference (DAC’22). Association for Computing Machinery, New York, NY, USA, 781–786.
DOI: Google ScholarDigital Library
- [79] . 1983. On the complexity of derivation in propositional calculus. In Automation of Reasoning, and (Eds.). Springer Berlin, Berlin, 466–483.
DOI: Google ScholarCross Ref
- [80] . 2001. The Day DES Died.
Technical Report 22. SANS Institute.Google Scholar - [81] . 2016. Hardware Trojans: Lessons learned after one decade of research. ACM Transactions on Design Automation of Electronic Systems (TODAES) 22, 1 (
May 2016), 6:1–6:23.DOI: Google ScholarDigital Library
- [82] . 2004. Scan based side channel attack on dedicated hardware implementations of Data Encryption Standard. In 2004 International Conference on Test. 339–344.
DOI: Google ScholarCross Ref
- [83] . 2006. Secure scan: A design-for-test architecture for crypto chips. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 25, 10 (
Oct. 2006), 2287–2293.DOI: Google ScholarDigital Library
- [84] . 2017. Provably-secure logic locking: From theory to practice. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS’17). Association for Computing Machinery, Dallas, Texas, USA, 1601–1618.
DOI: Google ScholarDigital Library
- [85] . 2017. Dynamically obfuscated scan for protecting IPs against scan-based attacks throughout supply chain. In 2017 IEEE 35th VLSI Test Symposium (VTS). 1–6.
DOI: ISSN: 2375-1053 .Google ScholarCross Ref
- [86] . 2017. CycSAT: SAT-based attack on cyclic logic encryptions. In 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 49–56.
DOI: ISSN: 1558-2434 .Google ScholarDigital Library
- [87] . 2021. Hermes attack: Steal DNN models with lossless inference accuracy. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 1973–1988. https://www.usenix.org/conference/usenixsecurity21/presentation/zhu.Google Scholar
Index Terms
High-Level Approaches to Hardware Security: A Tutorial
Recommendations
Teaching security defense through web-based hacking at the undergraduate level
The attack surface for hackers and attackers is growing every day. Future cybersecurity professionals must have the knowledge and the skills to defend against these cyber attacks. Learning defensive techniques and tools can help defend against today's ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...






Comments