TimingCamouflage+: Netlist Security Enhancement With Unconventional Timing

With recent advances in reverse engineering, attackers can reconstruct a netlist to counterfeit chips by opening the die and scanning all layers of authentic chips. This relatively easy counterfeiting is made possible by the use of the standard simple clocking scheme, where all combinational blocks function within one clock period, so that a netlist of combinational logic gates and flip-flops is sufficient to duplicate a design. In this article, we propose to invalidate the assumption that a netlist completely represents the function of a circuit with unconventional timing. With the introduced wave-pipelining (WP) paths, attackers have to capture gate and interconnect delays during reverse engineering, or to test a huge number of combinational paths to identify the WP paths. To hinder the test-based attack, we construct false paths with WP to increase the counterfeiting challenge. The experimental results confirm that WP true paths and false paths can be constructed in benchmark circuits successfully with only a negligible cost, thus thwarting the potential attack techniques.