Toward a Formal and Quantitative Evaluation Framework for Circuit Obfuscation Methods

Abstract

Since the first circuit obfuscation technique was proposed to thwart reverse engineering (RE) attacks to integrated circuits (ICs), there have been active research in de-obfuscation attacks and new obfuscation countermeasures. Although it is crucial for an obfuscation method to be secure against known de-obfuscation attacks, it is equally important to keep the cost of circuit obfuscation low. Most importantly, obfuscation methods need to be formally analyzed for their effectiveness and efficiency. In this paper, we propose a set of quantitatively evaluable metrics for this purpose, particularly facilitated by a recently proposed circuit partition attack (CPA) and the powerful SAT-based attack (SATA). Moreover, we find that CPA can be applied prior to any de-obfuscation attacks to reduce RE efforts exponentially. We then propose a new equivalent class guided obfuscation scheme (ECG-Obfus) to defeat CPA which leverages specially designed camouflaged cells to replace judiciously selected logic gates. Specifically, we select candidate gates for obfuscation from one certain equivalent class, in which the underlying equivalent relation is defined based on IC topological structure information. We evaluate ECG-Obfus using the proposed metrics and conduct experiments on ISCAS 85/89 standard benchmark suites and OpenSparc T1 microprocessor. The results show that ECG-Obfus gains good resilience against known de-obfuscation attacks (including CPA and SATA), with low design complexity and performance overhead.