A Look at the Dark Side of Hardware Reverse Engineering – A Case Study

by   Sebastian Wallat, et al.

A massive threat to the modern and complex IC production chain is the use of untrusted off-shore foundries which are able to infringe valuable hardware design IP or to inject hardware Trojans causing severe loss of safety and security. Similarly, market dominating SRAM-based FPGAs are vulnerable to both attacks since the crucial gate-level netlist can be retrieved even in field for the majority of deployed device series. In order to perform IP infringement or Trojan injection, reverse engineering (parts of) the hardware design is necessary to understand its internal workings. Even though IP protection and obfuscation techniques exist to hinder both attacks, the security of most techniques is doubtful since realistic capabilities of reverse engineering are often neglected. The contribution of our work is twofold: first, we carefully review an IP watermarking scheme tailored to FPGAs and improve its security by using opaque predicates. In addition, we show novel reverse engineering strategies on proposed opaque predicate implementations that again enables to automatically detect and alter watermarks. Second, we demonstrate automatic injection of hardware Trojans specifically tailored for third-party cryptographic IP gate-level netlists. More precisely, we extend our understanding of adversary's capabilities by presenting how block and stream cipher implementations can be surreptitiously weakened.



There are no comments yet.


page 1

page 2

page 3

page 4

page 5

page 6


Hardware Reverse Engineering: Overview and Open Challenges

Hardware reverse engineering is a universal tool for both legitimate and...

SCARE: Side Channel Attack on In-Memory Computing for Reverse Engineering

In-memory computing architectures provide a much needed solution to ener...

Teaching Hardware Reverse Engineering: Educational Guidelines and Practical Insights

Since underlying hardware components form the basis of trust in virtuall...

EOP: An Encryption-Obfuscation Solution for Protecting PCBs Against Tampering and Reverse Engineering

PCBs are the core components for the devices ranging from the consumer e...

Dynamic FPGA Detection and Protection of Hardware Trojan: A Comparative Analysis

Hardware Trojan detection and protection is becoming more crucial as mor...

From IP ID to Device ID and KASLR Bypass (Extended Version)

IP headers include a 16-bit ID field. Our work examines the generation o...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.