Security-Aware Resource Binding to Enhance Logic Obfuscation

Logic obfuscation mitigates the unauthorized use of design IP by untrusted partners during integrated circuit (IC) fabrication. To do so, these techniques produce gate-level errors that derail typical applications run on the IC. Recent research has derived a link between the error rate and the Boolean satisfiability (SAT) attack resilience of logic obfuscation. As a result, it has been shown to be difficult for obfuscation to inject sufficient gate-level error to derail application-level function while maintaining resilience to SAT-style attacks. In this work, we explore use of architectural knowledge during the resource binding phase of high-level synthesis to automate the design of locked architectures capable of high-corruption and SAT resilience simultaneously. To do so, we bifurcate logic obfuscation schemes into two families based on their error profile: distributed error locking and critical minterm locking. We then develop security-focused binding/locking algorithms for each locking family and use them to bind/lock 11 MediaBench benchmarks. For distributed error locking, our proposed security-aware binding algorithms designed locked circuits capable of corrupting a typical application for 52% more wrong keys than a circuit bound with conventional algorithms. For critical minterm locking, our proposed security-aware binding algorithms designed locked circuits capable of corrupting a typical application for 100% of wrong keys while also exhibiting $26\times $ more application errors than a circuit bound with conventional algorithms. Regardless of locking family, our security-aware algorithms improved corruption without degrading SAT resilience or incurring sizable design overheads to do so. Obfuscation applied post-binding could not achieve high-corruption and SAT resilience simultaneously in these benchmarks.