Logic locking technology is one of the latest advancement in the improvement of IoT security to protect your devices from cyber attacks. Before knowing that lets talk about Internet of Things (IoT).
What is IoT ?
The Internet of Things (IoT) is a new, but at the same time an old term. This word is first mentioned by Kevin Ashton in 1999, while holding a presentation at Proctor & Gamble. He used the term to link the idea of radiofrequency identification (RFID) to the new topic Internet. Since then the use of this term has blossomed and major companies have predicted an increase in IoT.
For instance, according to Ericsson’s report it is estimated that there will be more than 21 billion IoT devices by 2025. Also the health industry is going to see increased adoption of IoT devices. Additionally Frost and Sullivan say that the internet of medical things has the potential to grow at a compound annual growth rate of 26.2% and reach $72,000 million by 2021. However it will take time to reach general public but many companies are working to implement IoT concept in their products like smart fridge, smart lighting system and many more.
As we all know the development of a technology has its own pros and cons due to which we need to provide security to our devices.
Why Security is needed?
Since major wireless carriers are ready to roll out 5G networks. 5G (fifth-generation cellular wireless) promises greater speed. And the ability connect more smart devices at the same time.
Consequently, faster networks will accumulate more data from your smart devices. This data will be gathered, analyzed and managed to a higher degree. That will fuel innovation at companies that make IoT devices and boost consumer demand for new products.
In today’s scenario, smart home hubs, thermostats, lighting systems, shopping sites and even coffee makers collect data on your habits and patterns of usage. When you set up voice-controlled devices, you allow them to record what you say to them and store those recordings in the cloud. In most cases, the data is collected to help facilitate machine learning.
Machine learning is a type of artificial intelligence that helps computers “learn” without someone having to program them. Companies program the computers in a way that focuses on data that they receive. This new data can then help the machine “learn” what your preferences are and adjust itself accordingly. For instance, when a video website suggests a movie to you, it’s likely based on your preferences based on your past choices.
Because of the personal data that we’re providing to these devices. It becomes very important to analyze the potential IoT security risks.
IoT security Risks
These are some of the most common attacks which the hackers perform on IoT devices to retrieve your personal data and demand ransome for it. This in-turn raises a question that how we cope up with these security risks.
Coping with IoT security Risks
- Noise Cancellation
- Logic Locking
- Research the IoT device’s security track record
- Keep all IoT device software up to date
- For IoT devices that cannot be patched, mitigate the risk
- Segment IoT devices from other parts of the network
- Change defaults and use strong passwords
- Take advantage of IoT security settings
- Connect IoT devices using secure Wi-Fi
- Restrict physical access to IoT devices
- Disable Universal Plug and Play (UPnP) support
- Power-cycle IoT devices periodically
One can cope up with various security risks by using above methods. But IP piracy, overbuilding, and reverse engineering attacks are hard to handle. So our main concern in this article is logic locking to improve the security of IoT based devices to protect us against these threats.
Logic Locking
Overview
It is a relatively new technique which includes adding extra gates to the design for locking “Key gates”. This would change the output and effectively lock the gates correct functionality.
This is a technique that aims at defending against IP piracy, overbuilding, and reverse engineering attacks by locking a design with a secret key. To enable chip-locking features, we add extra logic, e.g., as set of XOR/XNORs gates (key gates) to the original netlist to obtain a locked netlist.
This technique increases the security level over other less secure methods such as IC Camouflaging. Which is the method of introducing dummy contacts, so an attacker could extract an incorrect net list.
In the above figure, We use some XOR gates as key gates which need k1 and k2 to be 0 for the process to continue otherwise the output would hide the original output. When comparing it to an older method (OC Cell) there was a dramatic decrease in the delay without compromising the security. Thus we’ve to dive deep into the threat model of Logic locking to understand it more correctly.
Threat Model of Logic locking
The logic locking threat model assumes that the designer is trusted, i.e., the personnel and the tools used in the design house are trustworthy.
In the above figure we can see how we implement logic locking in a design house. Now comes the question that how it will address the hardware trust issues arising due to these security risks.
Addressing Hardware Trust Issues
- IP piracy and reverse engineering: Even if an adversary steals the locked netlist or obtains it by reverse engineering an IC. The net list will be of no use without the knowledge of the correct key. In XOR logic locking, key gates replace either functional buffers or inverters, introducing ambiguity in design reconstruction without the knowledge of the key values.
- Overbuilding: Although a foundry can overproduce the ICs with the intent of selling them illegally but the foundry cannot unlock those ICs without the secret key.
- Hardware Trojans: Logic locking prevents the insertion of Trojans in a netlist by making it harder for the attacker to identify safe locations for inserting Trojans. The key gates alter the transition probabilities of the signals in a manner unknown to the attacker.
- Counterfeiting: Logic locking is not inherently meant to protect against all forms of counterfeiting. However, it can hinder certain forms of counterfeiting such as cloning that require reverse engineering.
A broad classification of Logic Locking
We broadly classify it in two types:
1. Sequential Logic Locking
In sequential logic locking, we introduce additional logic (black) states in the state transition graph. We need to modify the state transition graph in such a way that the design reaches a valid state only on the application of a correct sequence of key bits. If we withdraw the key, the design, once again, ends up in a black state, and becomes non-functional.
Another sequential locking approach is to withhold a part of the design and replace it with programmable logic/look-up tables (LUTs). This way, the IP owner hides a part of the design from exposure to the rogue elements during manufacturing stages. The withheld design is then programmed using the programmable logic. The circuit will function correctly only when we program and configure these elements correctly.
However, the introduction of programmable memory elements into the circuit incurs significant performance overhead.
2. Combinational Logic Locking
In combinational logic locking, also referred to as logic encryption or logic obfuscation in the literature. The manufacturer needs to insert different combinational logic elements in a circuit to conceal the functionality of a design. These elements can be XOR/XNOR gates, AND/OR gates, multiplexers or a combination of these elements. The choice of the combinational elements depends upon security objective(s), metric(s) used for logic locking, and the performance overhead.
Logic Locking Techniques
Here we are going to learn about various ways by which we apply in the ICs.
1) Random Logic Locking
This technique locks a design by inserting XOR key-gates at random locations in a netlist. Figure (a) in the above image shows an example of a netlist locked with two key-gates, K1 and K2, using random logic locking. The key gates are spread uniformly in the entire netlist. The interference among the key gates tends to be minimal, rendering random logic locking vulnerable to attacks. It is vulnerable to sensitization, key-pruning, hill climbing, test-data mining, and DPA attacks.
2) Fault Analysis based Logic Locking
Fault analysis based logic locking aims at preventing black-box usage of an IC. In random logic locking, even incorrect keys may lead to correct output for certain input patterns. This technique ensures maximum corruption at the output bits when incorrect keys are used. We measure output corruption in terms of percentage Hamming distance between the correct output and the incorrect output, obtained upon applying incorrect keys.
So in fault analysis based logic locking, one require to insert the key gates at the most influential locations in the circuit. The influential location is one which impact the most number of outputs when we input incorrect key values. Applying incorrect key values has the same effect as exciting stuck-at faults on the output of key gates. Thus, we can use fault analysis/simulation tools to find the most influential locations in a circuit.
Figure (b) in the above image shows a netlist locked using fault analysis based logic locking. The key gates inserted in back-to-back fashion, which under-mines the security of logic locking as this creates multiple correct key values. Fault analysis based logic locking is vulnerable to sensitization, hill climbing, test-data mining, key-pruning, and DPA attacks.
3) Key-Interference based Logic Locking
It is also referred to as strong logic locking. It attempts to mitigate the sensitization attack by inserting key gates in a way that maximizes the interference among the key-gates and prevents sensitization of the key bits on an individual basis. With an increase in interference among key-gates, the attacker needs to brute-force an exponentially increasing number of key combinations.
Consider the netlist in Figure (c). The netlist has two key-gates K1 and K2 and we use the key-interference based logic locking algorithm to insert them. One can find that K1 and K2 interfere each other’s path to the primary outputs. It is not possible for an attacker to sensitize either K1 or K2 to a primary output on an individual basis.
While key-interference based logic locking thwarts sensitization, hill climbing and DPA attacks, it is vulnerable to key-pruning attacks.
4) Complementary-Functions based Logic Locking
This technique thwarts key-pruning (SAT-based) at- tacks by minimizing the number of keys that are pruned by a single DIP. The key-pruning attack requires the maximum number of DIPs to eliminate all incorrect keys when each DIP eliminates at most one incorrect key in an iteration; then, the number of required attack iterations is exponential in the number of key inputs, rendering the attack computationally infeasible for large key inputs.
5) One-Way Function based Logic Locking
This technique integrates one-way random functions (ORF), such as fixed-key AES, with existing techniques to achieve resilience against the SAT attack. A subset of the key inputs in the locked netlist is connected to the outputs of ORF. The inputs of the one-way function are the secret keys stored in tamper-proof memory. The overall circuit represents a hard SAT instance that becomes infeasible for a SAT solver when K1 is large. The execution time of the key-pruning attack on one-way function based logic locking. The attack execution time grows exponentially as we integrate more key inputs with the ORF circuit.
AES with a fixed key performs as a pseudorandom function. The manufacturer should synthesize the two circuits (one-way function circuit, and the locked netlist) together to prevent removal attack. Another property of the fixed-key AES is that it is computationally infeasible to determine the inputs of AES from its outputs when the key is unknown. Thus, it is infeasible to backtrace from the outputs of the design and determine the inputs to the AES.
Conclusion
Logic locking seems to be taking off current methods not as secure as common crypto primitives opportunity to develop solutions that stand the test of time. Modern logic locking techniques offer significant security advantages, like high corruptibility of the locked circuit’s outputs when applying random keys (50% Hamming Distance-HD-compared to the correct outputs), or resilience to the key-sensitization attack.