On the Difficulty of FSM-based Hardware Obfuscation

  • Marc Fyrbiak Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum
  • Sebastian Wallat University of Massachusetts Amherst, MA
  • Jonathan Déchelotte University of Bordeaux
  • Nils Albartus Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum
  • Sinan Böcker Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum
  • Russell Tessier University of Massachusetts Amherst, MA
  • Christof Paar Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany; University of Massachusetts Amherst, MA
Keywords: Hardware Reverse Engineering, Hardware Obfuscation, Hardware Nanomites, FSM-based Hardware Obfuscation

Abstract

In today’s Integrated Circuit (IC) production chains, a designer’s valuable Intellectual Property (IP) is transparent to diverse stakeholders and thus inevitably prone to piracy. To protect against this threat, numerous defenses based on the obfuscation of a circuit’s control path, i.e. Finite State Machine (FSM), have been proposed and are commonly believed to be secure. However, the security of these sequential obfuscation schemes is doubtful since realistic capabilities of reverse engineering and subsequent manipulation are commonly neglected in the security analysis. The contribution of our work is threefold: First, we demonstrate how high-level control path information can be automatically extracted from third-party, gate-level netlists. To this end, we extend state-of-the-art reverse engineering algorithms to deal with Field Programmable Gate Array (FPGA) gate-level netlists equipped with FSM obfuscation. Second, on the basis of realistic reverse engineering capabilities we carefully review the security of state-of-the-art FSM obfuscation schemes. We reveal several generic strategies that bypass allegedly secure FSM obfuscation schemes and we practically demonstrate our attacks for a several of hardware designs, including cryptographic IP cores. Third, we present the design and implementation of Hardware Nanomites, a novel obfuscation scheme based on partial dynamic reconfiguration that generically mitigates existing algorithmic reverse engineering.

Published
2018-08-14
How to Cite
Fyrbiak, M., Wallat, S., Déchelotte, J., Albartus, N., Böcker, S., Tessier, R., & Paar, C. (2018). On the Difficulty of FSM-based Hardware Obfuscation. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(3), 293-330. https://doi.org/10.13154/tches.v2018.i3.293-330
Section
Articles