Measuring Security Metrics of Locked Circuits with Test

The development of integrated circuits (ICs) at smaller technology nodes has led to an increase in fabrication costs. Consequently, many companies are outsourcing their fabrication to third parties. The outsourcing of fabrication to a third party company allows an uncontrolled and potentially untrusted source access to a design. This then leads to an increase of security threats such as chip overproduction, intellectual property theft, and reverse engineering. Various hardware security defenses have been introduced to combat threats in the design chain including logic locking. Logic locking adds additional circuitry to a design such that it requires a correct key to make available the correct functionality. Many methods to lock a circuit exist, with some using purely combinational circuit elements and others using sequential elements. The effectiveness of logic locking is highly dependent on an adversary not being able to deduce any of the key values. However, researchers evaluating the security of logic locking have shown that it is possible to find the partial, if not the complete key value for a locked circuit through various attacks. 

Most of the work concerning the security of logic locking pertains to key strength, the difficulty of extracting a correct key from a locked circuit using a particular attack method. As a result, the development of new locking methods is typically designed to prevent a particular attack. However, key strength is not the only important security metric that should be considered in lock design. In this thesis, we examine key strength, corruptibility, and confidentiality on locked circuits using automatic test pattern generation (ATPG) and demonstrate why these metrics are necessary. Our use of commercial ATPG tools in the methodologies ensures that these metrics are measurable on commercial circuits. 

Although key strength has been heavily researched in prior literature, this work continues to investigate key strength because evaluating a lock using multiple attack angles further eliminates vulnerabilities. Additionally, our ATPG-based attack is applicable to multiple lock types allowing for the comparison of different locking methods on a common attack surface. Moveover, experimental results show this evaluation method is successful on sequential locking methods, where sequential locking methods have been evaluated far less than combinational ones. 

Corruptibility measures the level of error in the circuit outputs if an incorrect key is applied to a locked circuit. Corruptibility has been mentioned in previous work regarding logic locking, however it is typically estimated through random simulation. In this work, the corruptibility of incorrect keys is measured on circuits too large to exhaustively simulate using ATPG test vectors. Additionally, the measurements are extended to a sequential circuits, and corruptibility for a given functional workload of a device. 

Lastly, this work measures the confidentiality introduced by a locking method. Confidentiality measures the change in the function of a circuit with the application of a security defense. In this work, confidentiality is measured as the change in entropy and sensitivity when a locking method is applied. Results demonstrate that applying testing techniques allows for the measurement of confidentiality at a larger scale. By providing methods to measure key strength, corruptibility, and confidentiality at a large scale, the work in this dissertation allows for the evaluation of logic locking security at three different dimensions.