Oracle-based Logic Locking Attacks: Protect the Oracle Not Only the Netlist
Emmanouil Kalligerosa, Nikolaos Karousosb and Irene G. Karybalic
Information & Comm. Systems Eng. Dept., University of the Aegean Samos, Greece
akalliger@aegean.gr
bnkarousos@aegean.gr
ckarybali@aegean.gr
ABSTRACT
Logic locking has received a lot of attention in the literature due to its very attractive hardware-security characteristics: it can protect against IP piracy and overproduction throughout the whole IC supply chain. However, a large class of logic-locking attacks, the oracle-based ones, take advantage of a functional copy of the chip, the oracle, to extract the key that protects the chip. So far, the techniques dealing with oraclebased attacks focus on the netlist that the attacker possesses, assuming that the oracle is always available. For this reason, they are usually overcome by new attacks. In this paper, we propose a hardware security scheme that targets the protection of the oracle circuit, by locking the circuit when the, necessary for setting the inputs and observing the outputs, scan in/out process begins. Hence, no correct input/output pairs can be acquired to perform the attacks. The proposed scheme is not based on controlling global signals like test enable or scan enable, whose values can be easily suppressed by the attacker. Security threats are identified, discussed and addressed. The developed scheme is combined with a traditional logic locking technique with high output corruptibility, to achieve increased levels of protection.
Keywords: Hardware security, Logic locking, Oracle-based Attacks, Scan Chains, LFSRs.