VIGILANT: Vulnerability Detection Tool Against Fault-Injection Attacks for Locking Techniques

Abstract

Logic locking is a well-known solution that thwarts design intellectual property (IP) piracy and prevents illegal overproduction of integrated circuits (ICs) against adversaries in the globalized supply chain. The widespread prevalence of reverse-engineering tools, probing, and fault-injection equipment has given rise to physical attacks that can undermine the security of a locked design. Fault-injection attacks, in particular, can extract the secret key from an oracle, circumventing the defense offered by logic locking. When design IP is compromised through physical attacks, fixing corresponding vulnerabilities generally require a silicon re-spin, which is impractical under constrained time and resources. Thus, there is a requirement for a detection tool that can perform a pre-silicon evaluation of locked designs to notify the designer of any vulnerabilities that can be exploited using faults. In this work, we propose VIGILANT, a first-of-its-kind vulnerability detection tool against fault-injection attacks targeting the hardware implementation of locking techniques. More specifically, VIGILANT aids designers in identifying critical nets susceptible to fault-injection attacks. VIGILANT analyzes the underlying locked design and computes a list of candidate nets along with their fault values required for key leakage and consequently validates each candidate net as vulnerable or not, using a functional simulation model of the design (acting as an oracle). We showcase the efficacy of VIGILANT on different locked designs for four different locking techniques under various parameters such as technology nodes, layout-generation commands, and key-sizes. The accuracy of VIGILANT in identifying and validating all the candidate nets that are vulnerable to fault-injection attacks is 100%