Objective: The learning objective of this module is for trainees to gain comprehensive, hands-on experience on how to conduct an optical probing attack against a logic locking scheme. This module provides a basic understanding of the laser assisted optical attacks using both ASIC and FPGA platforms. Trainees will learn how to extract security-critical information, like a locking key, from hardware systems that incorporate logic locking circuitry. By doing so, the locking scheme is essentially rendered useless, as its defensiveness is based on the key remaining secure. This module makes use of Electro-Optical Probing (EOP) for time-domain analysis and Electro-Optical Frequency Mapping (EOFM) for frequency-domain analysis, both of which can be utilized on the PHEMOS-1000 machine in the FICS lab.
Target Audience: Government officers, Scientists
Prerequisite Knowledge and Skills:
- basic programming, basic knowledge of ASIC and FPGA platforms and EDA tools
Resources Provided at the Training | Deliverables:
- Detailed description of set-ups used in training
- A video demo of the module
- Verilog scripts examples for analysis
Learning Outcome: In this module, we presented that irrespective of the security of the locking schemes, storing the key on the same chip makes the entire obfuscation vulnerable to adversaries with different capabilities. Unfortunately, to this date, researchers have focused on securing the IP by inserting more gates, sacrificing area and power overhead, believing that the key is safe under the roof of tamper/read-proof memories. This is a demonstration that proves even if tamper-proof or secure memories exist, the key movement between the memory and key gates of the locked circuit during the bootup process of the chip creates additional vulnerability, which can be used by an attacker to extract the key. Considering the several different countermeasures researchers have proposed to protect chip assets from optical backside attacks, we conclude that there is no guaranteed universal method. Thus, it is vital to develop an attack vs. countermeasure matrix to assist IC designers to incorporate more robust IC security measures without impacting the cost, applicability, and reliability of the device.