skip to main content

Explore Research Products in the NSF-PAR

This content will become publicly available on June 5, 2024

Title: Exploiting Logic Locking for a Neural Trojan Attack on Machine Learning Accelerators
Logic locking has been proposed to safeguard intellectual property (IP) during chip fabrication. Logic locking techniques protect hardware IP by making a subset of combinational modules in a design dependent on a secret key that is withheld from untrusted parties. If an incorrect secret key is used, a set of deterministic errors is produced in locked modules, restricting unauthorized use. A common target for logic locking is neural accelerators, especially as machine-learning-as-a-service becomes more prevalent. In this work, we explore how logic locking can be used to compromise the security of a neural accelerator it protects. Specifically, we show how the deterministic errors caused by incorrect keys can be harnessed to produce neural-trojan-style backdoors. To do so, we first outline a motivational attack scenario where a carefully chosen incorrect key, which we call a trojan key, produces misclassifications for an attacker-specified input class in a locked accelerator. We then develop a theoretically-robust attack methodology to automatically identify trojan keys. To evaluate this attack, we launch it on several locked accelerators. In our largest benchmark accelerator, our attack identified a trojan key that caused a 74% decrease in classification accuracy for attacker-specified trigger inputs, while degrading accuracy by only 1.7% for other inputs on average.  more » « less
Award ID(s):
2245573
NSF-PAR ID:
10478243
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
ACM
Date Published:
Journal Name:
GLSVLSI '23: Proceedings of the Great Lakes Symposium on VLSI 2023
Page Range / eLocation ID:
351 to 356
Subject(s) / Keyword(s):
["Logic Locking","Neural Trojan","Untrusted Foundry Problem","Machine Learning Accelerator"]
Format(s):
Medium: X
Location:
Knoxville TN USA
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ( , ACM Transactions on Design Automation of Electronic Systems)
    null (Ed.)
    Due to the globalization of semiconductor manufacturing and test processes, the system-on-a-chip (SoC) designers no longer design the complete SoC and manufacture chips on their own. This outsourcing of the design and manufacturing of Integrated Circuits (ICs) has resulted in several threats, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Properties (IPs). Logic locking has emerged as a promising defense strategy against these threats. However, various attacks about the extraction of secret keys have undermined the security of logic locking techniques. Over the years, researchers have proposed different techniques to prevent existing attacks. In this article, we propose a novel attack that can break any logic locking techniques that rely on the stored secret key. This proposed TAAL attack is based on implanting a hardware Trojan in the netlist, which leaks the secret key to an adversary once activated. As an untrusted foundry can extract the netlist of a design from the layout/mask information, it is feasible to implement such a hardware Trojan. All three proposed types of TAAL attacks can be used for extracting secret keys. We have introduced the models for both the combinational and sequential hardware Trojans that evade manufacturing tests. An adversary only needs to choose one hardware Trojan out of a large set of all possible Trojans to launch the TAAL attack. 
    more » « less
  2. ; ; ( , 2020 IEEE Physical Assurance and Inspection of Electronics (PAINE))
    null (Ed.)
    Logic Locking is a well-accepted protection technique to enable trust in the outsourced design and fabrication processes of integrated circuits (ICs) where the original design is modified by incorporating additional key gates in the netlist, resulting in a key-dependent functional circuit. The original functionality of the chip is recovered once it is programmed with the secret key, otherwise, it produces incorrect results for some input patterns. Over the past decade, different attacks have been proposed to break logic locking, simultaneously motivating researchers to develop more secure countermeasures. In this paper, we propose a novel stuck-at fault-based differential fault analysis (DFA) attack, which can be used to break logic locking that relies on a stored secret key. This proposed attack is based on self-referencing, where the secret key is determined by injecting faults in the key lines and comparing the response with its fault-free counterpart. A commercial ATPG tool can be used to generate test patterns that detect these faults, which will be used in DFA to determine the secret key. One test pattern is sufficient to determine one key bit, which results in at most |K| test patterns to determine the entire secret key of size |K|. The proposed attack is generic and can be extended to break any logic locked circuits. 
    more » « less
  3. ; ; ; ; ( , IEEE Transactions on Emerging Topics in Computing)
    null (Ed.)
    Similar to digital circuits, analog and mixed-signal (AMS) circuits are also susceptible to supply-chain attacks, such as piracy, overproduction, and Trojan insertion. However, unlike digital circuits, the supply-chain security of AMS circuits is less explored. In this work, we propose to perform "logic-locking" on the digital section of the AMS circuits. The idea is to make the analog design intentionally suffer from the effects of process variations, which impede the operation of the circuit. Only on applying the correct key, the effect of process variations are mitigated, and the analog circuit performs as desired. To this end, we render certain components in the analog circuit configurable. We propose an analysis to dictate which components need to be configurable to maximize the effect of an incorrect key. We conduct our analysis on the bandpass filter (BPF), low-noise amplifier (LNA), and low-dropout voltage regulator LDO) for both correct and incorrect keys to the locked optimizer. We also show experimental results for our technique on a BPF. We also analyze the effect of aging on our locking technique to ensure the reliability of the circuit with the correct key. 
    more » « less
  4. ; ; ( , IEEE Asian Hardware Oriented Security and Trust Symposium)
    The development of hardware intellectual properties (IPs) has faced many challenges due to malicious modifications and piracy. One potential solution to protect IPs against these attacks is to perform a key-based logic locking process that disables the functionality and corrupts the output of the IP when the incorrect key value is applied. However, many attacks on logic locking have been introduced to break the locking mechanism and obtain the key. In this paper, we present SWEEP, a constant propagation attack that exploits the change in characteristics of the IP when a single key-bit value is hard-coded. The attack process starts with analyzing design features that are generated from the synthesis tool and establishes a correlation between these features and the correct key values. In order to perform the attack, the logic locking tool needs to be available. The level of accuracy of the extracted key mainly depends on the type of logic locking approach used to obfuscate the IP. Our attack was applied to ISCAS85, and MCNC benchmarks obfuscated using various logic locking techniques and has obtained an average accuracy of 92.09%. 
    more » « less
  5. ; ( , Proceedings of International Symposium on Quality Electronic Design (ISQED))
    The semiconductor industry must deal with different hardware threats like piracy and overproduction as a result of outsourcing manufacturing. While there are many proposals to lock the circuit using a global protected key only known to the designer, there exist numerous oracle-guided attacks that can examine the locked netlist with the assistance of an activated IC and extract the correct key. In this paper, by adopting a low-overhead structural method, we propose DK Lock, a novel Dual Key locking method that securely protects sequential circuits with two different keys that are applied to one set of key inputs at different times. DK Lock structurally adds an activation phase to the sequential circuit, and a correct key must be applied for several cycles to exit this phase. Once the circuit has been successfully activated, a new functional key must be applied to the same set of inputs to resume normal operation. DK Lock opens up new avenues for hardware IP protection by simultaneously refuting the single static key assumption of the existing attacks and overcoming the state explosion problem of state-of-the-art sequential logic locking methods. Our experiments confirm that DK Lock maintains a high degree of security with reasonable power and area overheads. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email