Library-Attack: Reverse Engineering Approach for Evaluating Hardware IP Protection
Aritra Dasgupta, Sudipta Paria, Christopher Sozio, Andrew Lukefahr, Swarup Bhunia
TL;DR
Library-Attack targets hardware IP protection by leveraging privileged access to supply-chain design information and knowledge of countermeasures to reverse-engineer the original IP. The method constructs a transformed-design library $\mathcal{TD}$ from a candidate set $\mathcal{OD}$ of size $m$ with $n$ variants per candidate, and uses cut-point matching to score similarity with the protected design $TD_0$. The authors demonstrate successful recovery of the original design $OD_0$ across two countermeasures (128-bit XOR Locking and 128-bit LUT Obfuscation) applied to ISCAS89 benchmarks, highlighting vulnerabilities even for small benchmarks and standard cells. An updated threat model is proposed to account for highly skilled adversaries with privileged supply-chain access and familiarity with EDA tools. These results motivate stronger protections and integrated assessment of SPoF-type threats in hardware IP protection.
Abstract
Existing countermeasures for hardware IP protection, such as obfuscation, camouflaging, and redaction, aim to defend against confidentiality and integrity attacks. However, within the current threat model, these techniques overlook the potential risks posed by a highly skilled adversary with privileged access to the IC supply chain, who may be familiar with critical IP blocks and the countermeasures implemented in the design. To address this scenario, we introduce Library-Attack, a novel reverse engineering technique that leverages privileged design information and prior knowledge of security countermeasures to recover sensitive hardware IP. During Library-Attack, a privileged attacker uses known design features to curate a design library of candidate IPs and employs structural comparison metrics from commercial EDA tools to identify the closest match. We evaluate Library-Attack on transformed ISCAS89 benchmarks to demonstrate potential vulnerabilities in existing IP-level countermeasures and propose an updated threat model to incorporate them.
