AFIA: ATPG-Guided Fault Injection Attack on Secure Logic Locking

Abstract

The outsourcing of the design and manufacturing of integrated circuits has raised severe concerns about the piracy of Intellectual Properties and illegal overproduction. Logic locking has emerged as an obfuscation technique to protect outsourced chip designs, where the circuit netlist is locked and can only be functional once a secure key is programmed. However, Boolean Satisfiability-based attacks have shown to break logic locking, simultaneously motivating researchers to develop more secure countermeasures. In this paper, we present a novel fault injection-based attack to break any locking technique that relies on a stored secret key, and denote this attack as AFIA, ATPG-guided Fault Injection Attack. The proposed attack is based on sensitizing a key bit to the primary output while injecting faults at a few other key lines that block the propagation of the targeted key bit. AFIA is very effective in determining a key bit as there exists a stuck-at fault pattern that detects a stuck-at 1 (or stuck-at 0) fault at any key line. The average complexity of the number of injected faults for AFIA is linear with the key size \(\mathcal {K}\) and requires only \(\mathcal {K}\) test patterns to determine a secret key K. AFIA requires fewer injected faults to sensitize a bit to the primary output, compared to \(2\mathcal {K}-1\) faults for the differential fault analysis attack illustrated in our previous work.