Gate-Level Netlist Reverse Engineering Tool Set for Functionality Recovery and Malicious Logic Detection
Gate-Level Netlist Reverse Engineering Tool Set for Functionality Recovery and Malicious Logic Detection
Tuesday, November 8, 2016: 4:10 PM
110AB (Fort Worth Convention Center)
Summary:
Reliance on third-party resources, including third-party IP cores and fabrication foundries, as well as wide usage of commercial-off-the-shelf (COTS) components has raised concerns that backdoors and/or hardware Trojans may be inserted into fabricated chips. Defending against hardware backdoors and/or Trojans has primarily focused on detection at various stages in the supply chain. Netlist reverse engineering tools have been investigated as an alternative to detection which can help to recover functional netlists from fabricated chips, but fall short of detecting malicious logic or recovering functionality. In this work, we develop a netlist reverse engineering tool-set which recovers high-level functionality from the netlist, thereby aiding malicious logic detection. The tool-set performs state register identification, control logic recovery and datapath tracking, which facilitates validation of encrypted/obfuscated hardware IP cores. Relying on 3-SAT algorithms and topology-based computational methods, we demonstrate that the developed tool-set can handle netlists of various complexities, ranging from small-scale ASICs to large-scale processors.
Reliance on third-party resources, including third-party IP cores and fabrication foundries, as well as wide usage of commercial-off-the-shelf (COTS) components has raised concerns that backdoors and/or hardware Trojans may be inserted into fabricated chips. Defending against hardware backdoors and/or Trojans has primarily focused on detection at various stages in the supply chain. Netlist reverse engineering tools have been investigated as an alternative to detection which can help to recover functional netlists from fabricated chips, but fall short of detecting malicious logic or recovering functionality. In this work, we develop a netlist reverse engineering tool-set which recovers high-level functionality from the netlist, thereby aiding malicious logic detection. The tool-set performs state register identification, control logic recovery and datapath tracking, which facilitates validation of encrypted/obfuscated hardware IP cores. Relying on 3-SAT algorithms and topology-based computational methods, we demonstrate that the developed tool-set can handle netlists of various complexities, ranging from small-scale ASICs to large-scale processors.