Characterization of Locked Sequential Circuits via ATPG

Hardware security-related threats such as the insertion of malicious circuits, overproduction, and reverse engineering are of increasing concern in the IC industry. To mitigate these threats, various design-for-trust techniques have been developed, including sequential logic locking. Sequential logic locking protects a non-scanned design by employing a key-controlled entrance FSM, key-controlled transitions, or a combination of both techniques. Current methods for characterizing (attacking) the security of sequentially locked circuits do not have the scalability to be applicable to modern circuits. In addition, current methods often require the use of an oracle, which is a working, unlocked circuit that is assumed to be fully initializable and controllable. In this work, an oracle-free, ATPG-based approach is proposed for characterizing the security of a locked sequential circuit. This method is of several in a tool box called CLIC-A (Characterization of Locked ICs via ATPG). Experiments using CLIC-A demonstrate it is effective at recovering the key sequence from various sequentially locked circuits that have been locked using different locking methods.