Evaluating the Security of Delay-Locked Circuits

In order to enhance the security of logic obfuscation schemes, delay locking has been proposed in combination with traditional functional logic locking approaches. A circuit obfuscated using this approach preserves the original functionality only when both correct functional and delay keys are provided. In this article, we develop a novel SAT formulation-based attack approach called TimingSAT to deobfuscate the functionalities of such delay-locked designs. The proposed technique models the timing characteristics of various types of gates present in a design as Boolean functions to build a timing profile embedded SAT formulation in terms of targeted key inputs. TimingSAT attack works in two stages. In the first stage, the functional key is found using the conventional SAT attack approach, and in the second stage, the delay key is determined using the aforementioned timing profile embedded SAT formulation of the circuit. In both stages of the attack, wrong keys are iteratively eliminated till a key belonging to the correct equivalence class is obtained. We perform experiments to demonstrate the effectiveness of our proposed TimingSAT attack to break delay-locked benchmarks within a few hours. Subsequently, we propose a countermeasure called stripped-functionality delay locking (SFDL) which not only thwarts TimingSAT attack but also resists all known attacks against logic obfuscation. SFDL combines the concept of delay locking with a stripped-functionality-based logic locking approach to realize an effective IP security solution for hardware designs. Unlike existing logic locking schemes, SFDL simultaneously achieves strong SAT attack resiliency as well as significantly high output corruptibility.