Valkyrie: Vulnerability Assessment Tool and Attack for Provably-Secure Logic Locking Techniques

Protection of the design intellectual property (IP) has become a pertinent need owing to the globalized integrated circuit (IC) supply chain. Logic locking has been perceived as a holistic solution ensuring protection against multiple supply chain entities. The research community has proposed many logic locking techniques, out of which provably-secure logic locking (PSLL) techniques have gathered traction due to their algorithmic and mathematical security guarantees. However, there has been a perpetual cat-and-mouse game between the attackers and the defenders. Although these logic locking techniques are provably secure, they are typically short-lived due to the weaknesses in their hardware/structural implementation that attacks exploit. We attribute this cat-and-mouse game to the lack of a diagnostic tool for PSLL techniques for security-enforcing designers and raise the question, Can a designer proactively diagnose the hardware implementation of a PSLL technique for structural vulnerabilities before taking the design to silicon? In this work, we first review the recent PSLL techniques to extract generic properties, based on which we develop a first-of-its-kind security diagnostic tool (Valkyrie) that a security-enforcing designer can use to assess the structural vulnerabilities before taking the design to silicon. We also propose a generic circuit-recovery attack, validating the tool results to assure the community that if the tool identifies a vulnerability, it can always be exploited. Thus, our attack acts as a cautionary tale to the designer. We make these claims after verifying the efficacy of our tool and attack on 15 (seven broken and eight unbroken) PSLL techniques for different synthesis tools, technology libraries, and abstraction levels across a dataset of more than 20,000 locked designs. We observe 100% success in all these cases. Our diagnostic tool (which we open-source) can thus serve as a vehicle to test the structural resilience of the hardware implementation of any newly developed PSLL technique. We envision Valkyrie bringing a much-needed control over the cat-and-mouse game that the PSLL research has been trapped in.

Automated summary

This research reviews recent provably-secure logic locking (PSLL) techniques and develops a new security diagnostic tool (Valkyrie) for assessing structural vulnerabilities before designing on silicon. A generic circuit-recovery attack is also proposed to validate the tool's effectiveness. The open-source diagnostic tool can test the structural resilience of the hardware implementation of any newly developed PSLL technique.