Visible to the public Biblio

Filters: Author is Shamsi, Kaveh  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
Shamsi, Kaveh, Li, Meng, Meade, Travis, Zhao, Zheng, Pan, David Z., Jin, Yier.  2017.  Circuit Obfuscation and Oracle-guided Attacks: Who Can Prevail? Proceedings of the on Great Lakes Symposium on VLSI 2017. :357–362.
This paper provides a systematization of knowledge in the domain of integrated circuit protection through obfuscation with a focus on the recent Boolean satisfiability (SAT) attacks. The study systematically combines real-world IC reverse engineering reports, experimental results using the most recent oracle-guided attacks, and concepts in machine-learning and cryptography to draw a map of the state-of-the-art of IC obfuscation and future challenges and opportunities.
Shamsi, Kaveh, Li, Meng, Pan, David Z., Jin, Yier.  2018.  Cross-Lock: Dense Layout-Level Interconnect Locking Using Cross-Bar Architectures. Proceedings of the 2018 on Great Lakes Symposium on VLSI. :147-152.

Logic locking is an attractive defense against a series of hardware security threats. However, oracle guided attacks based on advanced Boolean reasoning engines such as SAT, ATPG and model-checking have made it difficult to securely lock chips with low overhead. While the majority of existing locking schemes focus on gate-level locking, in this paper we present a layout-inclusive interconnect locking scheme based on cross-bars of metal-to-metal programmable-via devices. We demonstrate how this enables configuring a large obfuscation key with a small number of physical key wires contributing to zero to little substrate area overhead. Dense interconnect locking based on these circuit level primitives shows orders of magnitude better SAT attack resiliency compared to an XOR/XNOR gate-insertion locking with the same key length which has a much higher overhead.

Bi, Yu, Hu, X. Sharon, Jin, Yier, Niemier, Michael, Shamsi, Kaveh, Yin, Xunzhao.  2016.  Enhancing Hardware Security with Emerging Transistor Technologies. Proceedings of the 26th Edition on Great Lakes Symposium on VLSI. :305–310.

We consider how the I-V characteristics of emerging transistors (particularly those sponsored by STARnet) might be employed to enhance hardware security. An emphasis of this work is to move beyond hardware implementations of physically unclonable functions (PUFs) and random num- ber generators (RNGs). We highlight how new devices (i) may enable more sophisticated logic obfuscation for IP protection, (ii) could help to prevent fault injection attacks, (iii) prevent differential power analysis in lightweight cryptographic systems, etc.

Shamsi, Kaveh, Pan, David Z., Jin, Yier.  2019.  On the Impossibility of Approximation-Resilient Circuit Locking. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :161–170.

Logic locking, and Integrated Circuit (IC) Camouflaging, are techniques that try to hide the design of an IC from a malicious foundry or end-user by introducing ambiguity into the netlist of the circuit. While over the past decade an array of such techniques have been proposed, their security has been constantly challenged by algorithmic attacks. This may in part be due to a lack of formally defined notions of security in the first place, and hence a lack of security guarantees based on long-standing hardness assumptions. In this paper we take a formal approach. We define the problem of circuit locking (cL) as transforming an original circuit to a locked one which is ``unintelligable'' without a secret key (this can model camouflaging and split-manufacturing in addition to logic locking). We define several notions of security for cL under different adversary models. Using long standing results from computational learning theory we show the impossibility of exponentially approximation-resilient locking in the presence of an oracle for large classes of Boolean circuits. We then show how exact-recovery-resiliency and a more relaxed notion of security that we coin ``best-possible'' approximation-resiliency can be provably guaranteed with polynomial overhead. Our theoretical analysis directly results in stronger attacks and defenses which we demonstrate through experimental results on benchmark circuits.

Shamsi, Kaveh, Li, Meng, Plaks, Kenneth, Fazzari, Saverio, Pan, David Z., Jin, Yier.  2019.  IP Protection and Supply Chain Security through Logic Obfuscation: A Systematic Overview. ACM Transactions on Design Automation of Electronic Systems (TODAES). 24:65:1-65:36.

The globalization of the semiconductor supply chain introduces ever-increasing security and privacy risks. Two major concerns are IP theft through reverse engineering and malicious modification of the design. The latter concern in part relies on successful reverse engineering of the design as well. IC camouflaging and logic locking are two of the techniques under research that can thwart reverse engineering by end-users or foundries. However, developing low overhead locking/camouflaging schemes that can resist the ever-evolving state-of-the-art attacks has been a challenge for several years. This article provides a comprehensive review of the state of the art with respect to locking/camouflaging techniques. We start by defining a systematic threat model for these techniques and discuss how various real-world scenarios relate to each threat model. We then discuss the evolution of generic algorithmic attacks under each threat model eventually leading to the strongest existing attacks. The article then systematizes defences and along the way discusses attacks that are more specific to certain kinds of locking/camouflaging. The article then concludes by discussing open problems and future directions.

Li, Meng, Shamsi, Kaveh, Meade, Travis, Zhao, Zheng, Yu, Bei, Jin, Yier, Pan, David Z..  2016.  Provably Secure Camouflaging Strategy for IC Protection. Proceedings of the 35th International Conference on Computer-Aided Design. :28:1–28:8.

The advancing of reverse engineering techniques has complicated the efforts in intellectual property protection. Proactive methods have been developed recently, among which layout-level IC camouflaging is the leading example. However, existing camouflaging methods are rarely supported by provably secure criteria, which further leads to over-estimation of the security level when countering the latest de-camouflaging attacks, e.g., the SAT-based attack. In this paper, a quantitative security criterion is proposed for de-camouflaging complexity measurements and formally analyzed through the demonstration of the equivalence between the existing de-camouflaging strategy and the active learning scheme. Supported by the new security criterion, two novel camouflaging techniques are proposed, the low-overhead camouflaging cell library and the AND-tree structure, to help achieve exponentially increasing security levels at the cost of linearly increasing performance overhead on the circuit under protection. A provably secure camouflaging framework is then developed by combining these two techniques. Experimental results using the security criterion show that the camouflaged circuits with the proposed framework are of high resilience against the SAT-based attack with negligible performance overhead.