Hardware intellectual property (IP) piracy and misuse have introduced new challenges in the semiconductor industry as untrusted parties in the IP’s life cycle may clone, reverse-engineer, or extract important design secrets from an IP. A promising solution to protect a hardware IP against such attacks is to perform logic locking, where additional logic controlled by a secret key is inserted in strategic locations of an IP to lock the functionality when the correct key is not available. As a multitude of logic locking techniques has emerged in the past decade, the research community has also developed strong attacks against them to expose various vulnerabilities that can be exploited by an adversary to break the protection. While state-of-the-art logic locking solutions have demonstrated provable robustness against known attacks, there is a critical need to explore new attack vectors and mitigate them to achieve a higher level of protection. In this article, we present SCOPE, a novel synthesis-based constant propagation attack for security evaluation of logic locking techniques. SCOPE is oracle-less and requires no knowledge about the locking algorithm or the locked design by an attacker. The introduced attack performs a synthesis-based analysis on each individual key-input port and looks for meaningful design features that may help derive the correct key value. SCOPE offers two attack modes with varying complexity and effectiveness, a linear regression test, and an unsupervised machine-learning analysis. We perform SCOPE to a number of existing locking techniques and demonstrate that the average attack accuracy is 84.13% with high scalability in terms of design size. Based on the vulnerabilities identified by SCOPE, we provide a low-overhead countermeasure that can help mitigate such constant propagation attacks.

中文翻译：

---

SCOPE：基于综合的逻辑锁定恒定传播攻击

硬件知识产权 (IP) 盗版和滥用给半导体行业带来了新的挑战，因为 IP 生命周期中不受信任的各方可能会克隆、逆向工程或从 IP 中提取重要的设计秘密。保护硬件 IP 免受此类攻击的一个有前途的解决方案是执行逻辑锁定，其中由密钥控制的附加逻辑插入 IP 的战略位置，以在正确的密钥不可用时锁定功能。由于在过去十年中出现了多种逻辑锁定技术，研究界也针对它们开发了强大的攻击方式，以暴露各种漏洞，这些漏洞可被不利者利用来破坏保护。虽然最先进的逻辑锁定解决方案已经证明了对已知攻击的稳健性，迫切需要探索新的攻击媒介并缓解它们以实现更高级别的保护。在本文中，我们介绍了 SCOPE，这是一种新型的基于综合的常量传播攻击，用于逻辑锁定技术的安全评估。SCOPE 是无预言的，不需要攻击者了解锁定算法或锁定设计。引入的攻击对每个单独的密钥输入端口执行基于综合的分析，并寻找可能有助于推导出正确密钥值的有意义的设计特征。SCOPE 提供两种具有不同复杂性和有效性的攻击模式、线性回归测试和无监督机器学习分析。我们对许多现有的锁定技术执行 SCOPE，并证明平均攻击准确率为 84.13%，在设计规模方面具有高可扩展性。