Transient Key-based Obfuscation for HLS in an Untrusted Cloud Environment

Hannah Badier1,a, Jean-Christophe Le Lann1,b, Philippe Coussy2,c and Guy Gogniat2,d
1ENSTA Bretagne, Lab-STICC, Brest
ahannah.badier@ensta-bretagne.org
blelannje@ensta-bretagne.fr
2Universite de Bretagne Sud, Lab-STICC, Lorient
cphilippe.coussy@univ-ubs.fr
dguy.gogniat@univ-ubs.fr

ABSTRACT


Recent advances in cloud computing have led to the advent of Business-to-Business Software as a Service (SaaS) solutions, opening new opportunities for EDA. High-Level Synthesis (HLS) in the cloud is likely to offer great opportunities to hardware design companies. However, these companies are still reluctant to make such a transition, due to the new risks of Behavioral Intellectual Property (BIP) theft that a cloudbased solution presents. In this paper, we introduce a keybased obfuscation approach to protect BIPs during cloud-based HLS. The source-to-source transformations we propose hide functionality and make normal behavior dependent on a series of input keys. In our process, the obfuscation is transient: once an obfuscated BIP is synthesized through HLS by a service provider in the cloud, the obfuscation code can only be removed at Register Transfer Level (RTL) by the design company that owns the correct obfuscation keys. Original functionality is thus restored and design overhead is kept at a minimum. Our method significantly increases the level of security of cloud-based HLS at low performance overhead. The average area overhead after obfuscation and subsequent de-obfuscation with tests performed on ASIC and FPGA is 0.39%, and over 95% of our tests had an area overhead under 5%.

Keywords: High-Level Synthesis, Cloud, IP theft, Obfuscation.



Full Text (PDF)