摘要
传统硬件混淆从物理级、逻辑级、行为级等进行单层次混淆,没有发挥多级协同优势,存在安全隐患。该文通过对物理版图、电路逻辑和状态跳变行为的关系研究,提出多级协同混淆的硬件IP核防护方法。该方案首先在自下而上协同混淆中,采用虚拟孔设计版图级伪装门的方式进行物理-逻辑级混淆,采用过孔型物理不可克隆函数(PUF)控制状态跳变的方式实现物理-行为级混淆;然后,在自上而下协同混淆中,利用密钥控制密钥门进行行为-逻辑级混淆,利用并行-支路混淆线的方法完成行为-物理级混淆;最后提出混淆电路在网表的替换机制,设计物理-逻辑-行为的3级协同混淆,实现多级协同混淆的IP核安全防护。ISCAS-89基准电路测试结果表明,在TSMC65 nm工艺下,多级协同混淆IP核在较大规模测试电路中的面积开销占比平均为11.7%,功耗开销占比平均为5.1%,正确密钥和错误密钥下的寄存器翻转差异低于10%,所提混淆方案可有效抵御暴力攻击、逆向工程、SAT等攻击。
Most of the reported hardware obfuscations are single-level ones focusing on physical level, logical level or behavior level, in which the lack of synergy among different levels commonly results in limited security performance. Based on study of the relationships among circuit layout, logic and states transition, a multi-level co-obfuscation scheme is proposed to protect hardware IP cores. In bottom-up collaborative confusion design,dummy vias are introduced into camouflage gates layout to perform physical-logic obfuscation, and via-PUF(Physical Unclonable Fuction) are utilized in state transition control to realize physical-behavior obfuscation.Then, in top-down collaborative obfuscation design, logic locks are used to perform behavior-logic obfuscation,and parallel-branch obfuscation wire technique is designed to complete the behavior-physical confusion. Finally,a substitution algorithm of the obfuscation gates into the circuit’s netlist is proposed, and the three-level cooperative obfuscation is realized to achieve IP core security protection. ISCAS-89 Benchmarks and a typical cryptogram algorithm are used to verify the correctness and efficiency of the proposed IP core protection scheme. The test results show that under TSMC 65 nm process, the average area cost percentage of the proposed co-obfuscation in large-scale circuits is 11.7%, the average power consumption accounts for 5.1%, The difference of register toggle between correct and wrong keys is less than 10%, and the proposed scheme can effectively resist violence attack, reverse engineering, boolean SATisfiability(SAT) attack.
作者
张会红
李憬
吴秋丰
张跃军
汪鹏君
ZHANG Huihong;LI Jing;WU Qiufeng;ZHANG Yuejun;WANG Pengjun(Faculty of Electrical Engineering and Computer Science,Ningbo University,Ningbo 315211,China;College of Electrical and Electronic Engineering,Wenzhou University,Wenzhou 325035,China)
出处
《电子与信息学报》
EI
CSCD
北大核心
2021年第9期2458-2465,共8页
Journal of Electronics & Information Technology
基金
国家自然科学基金(61874078,61871244)
浙江省省属高校基本科研业务费专项资金(SJLY2020015)
宁波市公益性计划(202002N3134)
宁波市自然科学基金(202003N4107)。
关键词
硬件安全
IP核防护
硬件混淆
多级协同
Hardware security
IP core protection
Hardware obfuscation
Multi-level co-obfuscation