First Auto-Magnifier Platform for Hardware Assurance and Reverse Engineering Integrated Circuits

Abstract In the hardware assurance community, Reverse Engineering (RE) is considered a key tool and asset in ensuring the security and reliability of Integrated Circuits (IC). However, with the introduction of advanced node technologies, the application of RE to ICs is turning into a daunting task. This is amplified by the challenges introduced by the imaging modalities such as the Scanning Electron Microscope (SEM) used in acquiring images of ICs. One such challenge is the lack of understanding of the influence of noise in the imaging modality along with its detrimental effect on the quality of images and the overall time frame required for imaging the IC. In this paper, we characterize some aspects of the noise in the image along with its primary source. Furthermore, we use this understanding to propose a novel texture-based segmentation algorithm for SEM images called LASRE. The proposed approach is unsupervised, model-free, robust to the presence of noise and can be applied to all layers of the IC with consistent results. Finally, the results from a comparison study is reported, and the issues associated with the approach are discussed in detail. The approach consistently achieved over 86% accuracy in segmenting various layers in the IC.

Download Full-text

Reverse Engineering of Integrated Circuits using Cross-Sectional Transmission Electron Microscopy—A Morphological and Structural Study

IETE Technical Review ◽

10.1080/02564602.1998.11416726 ◽

1998 ◽

Vol 15 (1-2) ◽

pp. 37-44

Author(s):

L M Bharadwaj ◽

V Gantcheva ◽

S Simov ◽

G Balossier ◽

J Faure ◽

...

Keyword(s):

Electron Microscopy ◽

Transmission Electron Microscopy ◽

Integrated Circuits ◽

Reverse Engineering ◽

Structural Study ◽

Cross Sectional ◽

Transmission Electron

Download Full-text

Reliability assessment of integrated circuits through reverse engineering techniques

Microelectronics Journal ◽

10.1016/s0026-2692(86)80111-2 ◽

1986 ◽

Vol 17 (4) ◽

pp. 11-26

Author(s):

M. Bafleur ◽

J. Buxo

Keyword(s):

Integrated Circuits ◽

Reverse Engineering ◽

Reliability Assessment

Download Full-text

Tearing Down the Nearly Invisible

Mechanical Engineering ◽

10.1115/1.2006-aug-4 ◽

2006 ◽

Vol 128 (08) ◽

pp. 34-37

Author(s):

Alan S. Brown

Keyword(s):

Integrated Circuits ◽

Reverse Engineering ◽

Mobile Phones ◽

Microelectromechanical Systems ◽

Digital Cameras ◽

Semiconductor Technology ◽

Computer Chips ◽

Mechanical Devices ◽

Natural Way

This paper discusses use of reverse engineering by various mechanical engineering companies and its benefits. The paper points out that reverse engineering—tearing down mechanical devices—is a natural way to learn how things work. Reverse engineering lies at the very heart of the profession. The paper also presents the ADXL330 case study, which shows how semiconductor technology does more for less money. With its 3-axis sensing, the ADXL330 is the first step toward cheap, low-power gyroscopes. It can provide motion-sensitive flip-wrist scrolling in mobile phones or image stabilization in digital cameras. Like many microelectromechanical systems, Analog Devices' ADXL330 has much larger features than modern integrated circuits. Chipworks focused on changes that have transformed reverse engineering of computer chips. The paper suggests that the ability of Chipworks and other companies like it to probe the micro and nanoscale world of today's silicon technology does provide valuable insights.

Download Full-text

An Evolutionary Algorithm for Non-Destructive Reverse Engineering of Integrated Circuits

Computer Modeling in Engineering & Sciences ◽

10.32604/cmes.2021.015462 ◽

2021 ◽

Vol 127 (3) ◽

pp. 1151-1175

Author(s):

Huan Zhang ◽

Jiliu Zhou ◽

Xi Wu

Keyword(s):

Integrated Circuits ◽

Reverse Engineering ◽

Evolutionary Algorithm ◽

Non Destructive

Download Full-text

DANA Universal Dataflow Analysis for Gate-Level Netlist Reverse Engineering

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i4.309-336 ◽

2020 ◽

pp. 309-336

Author(s):

Nils Albartus ◽

Max Hoffmann ◽

Sebastian Temme ◽

Leonid Azriel ◽

Christof Paar

Keyword(s):

Integrated Circuits ◽

Reverse Engineering ◽

Dataflow Analysis ◽

Hardware Trojans ◽

On Chip ◽

Perfect Recovery ◽

High Level ◽

And Control ◽

Hardware Designs ◽

Ip Theft

Reverse engineering of integrated circuits, i.e., understanding the internals of Integrated Circuits (ICs), is required for many benign and malicious applications. Examples of the former are detection of patent infringements, hardware Trojans or Intellectual Property (IP)-theft, as well as interface recovery and defect analysis, while malicious applications include IP-theft and finding insertion points for hardware Trojans. However, regardless of the application, the reverse engineer initially starts with a large unstructured netlist, forming an incomprehensible sea of gates.This work presents DANA, a generic, technology-agnostic, and fully automated dataflow analysis methodology for flattened gate-level netlists. By analyzing the flow of data between individual Flip Flops (FFs), DANA recovers high-level registers. The key idea behind DANA is to combine independent metrics based on structural and control information with a powerful automated architecture. Notably, DANA works without any thresholds, scenario-dependent parameters, or other “magic” values that the user must choose. We evaluate DANA on nine modern hardware designs, ranging from cryptographic co-processors, over CPUs, to the OpenTitan, a stateof- the-art System-on-Chip (SoC), which is maintained by the lowRISC initiative with supporting industry partners like Google and Western Digital. Our results demonstrate almost perfect recovery of registers for all case studies, regardless whether they were synthesized as FPGA or ASIC netlists. Furthermore, we explore two applications for dataflow analysis: we show that the raw output of DANA often already allows to identify crucial components and high-level architecture features and also demonstrate its applicability for detecting simple hardware Trojans.Hence, DANA can be applied universally as the first step when investigating unknown netlists and provides major guidance for human analysts by structuring and condensing the otherwise incomprehensible sea of gates. Our implementation of DANA and all synthesized netlists are available as open source on GitHub.

Download Full-text

Transformable Electronics Implantation in ROM for Anti-Reverse Engineering

International Journal of High Speed Electronics and Systems ◽

10.1142/s0129156419400214 ◽

2019 ◽

Vol 28 (03n04) ◽

pp. 1940021

Author(s):

Shuai Chen ◽

Lei Wang

Keyword(s):

Integrated Circuits ◽

Reverse Engineering ◽

Lower Cost ◽

Design Method ◽

Data Extraction ◽

Semiconductor Industry ◽

Physical Structure ◽

Security And Privacy ◽

Systematic Design ◽

Non Volatile Memory

The protection of intellectual property (IP) is increasingly critical for IP vendors in the semiconductor industry. Read Only Memories (ROMs) serve as important non-volatile memory in various hardware systems to store predefined data and programs, which is critical to IP protection. Its pre-determined layout pattern makes unauthorized data extraction through chip-level reverse engineering easy to carry out. Advanced reverse engineering techniques can physically disassemble the chip and derive the IPs precisely at a much lower cost than the value of IP design that chips carry. This invasive hardware attack obtaining information from IC chips always violates the IP rights of vendors. This paper proposes a new security mechanism implanted ROM design to address the vulnerability to reverse energy attacks. Irreversible via in ROM layout transform triggered by reverse engineering completely changes the electrical properties and the physical structure of ROMs that determine the stored data. Newly-created patten will significantly increase the difficulty of reverse engineering, even lead the attackers to another working function mode. Furthermore, to improve the effectiveness of the proposed technique, a systematic design method is developed targeting integrated circuits with multiple design constraints. Two widely used ROM scheme cases have been studied to test the design method and its effectiveness. Simulations have been conducted to demonstrate the capability of the proposed technique, which generates extremely large complexity for reverse engineering with manageable overhead. CCS Concepts: Security and privacy → Hardware reverse engineering; Hardware → Hard and soft IP

Download Full-text

ViTaL: Verifying Trojan-Free Physical Layouts through Hardware Reverse Engineering

10.36227/techrxiv.16967275 ◽

2021 ◽

Author(s):

Matthias Ludwig ◽

Ann-Christin Bette ◽

Bernhard Lippmann

Keyword(s):

Integrated Circuits ◽

Reverse Engineering ◽

Semiconductor Industry ◽

Statistical Validation ◽

User Input ◽

Detection Techniques ◽

Fine Pitch ◽

Layout Verification ◽

First Time ◽

Physical Layout

The semiconductor industry is heavily relying on outsourcing of design, fabrication, and testing to third parties. The threat of possibly malicious actors in this ramified supply-chain poses a risk for the integrity of integrated circuits (ICs) and hardware Trojans (HTs) are a heavily discussed topic in academia and the industry. A variety of pre- and post-silicon HT prevention and detection techniques has been suggested in prior works. Hardware reverse engineering has the potential to detect potential modification in physical layouts. Yet, there is no model to qualitatively and quantitatively rate the complex and expensive reverse engineering (RE) process addressing its inherent process aberrations and consequently provide a tool for layout verification. The ViTaL framework introduces a statistical validation technique, based on physical layout verification through RE and considers all potential sources of errors. The golden-model based framework is technology-agnostic, scaleable, and user input is optional. For the first time, results of fine pitch metallization layers of a CMOS 40nm process node IC are presented quantitatively and the limitations and possibilities are discussed.<br>

Download Full-text

Reliability assessment of integrated circuits through reverse engineering techniques

Microelectronics Reliability ◽

10.1016/0026-2714(87)90490-2 ◽

1987 ◽

Vol 27 (3) ◽

pp. 582

Keyword(s):

Integrated Circuits ◽

Reverse Engineering ◽

Reliability Assessment

Download Full-text

Fast and Robust Topology-Based Logic Gate Identification for Automated IC Reverse Engineering

ISTFA 2017: Conference Proceedings from the 43rd International Symposium for Testing and Failure Analysis ◽

10.31399/asm.cp.istfa2017p0299 ◽

2017 ◽

Author(s):

Roger Durà ◽

Jofre Pallarès ◽

Raúl Quijada ◽

Xavier Formatjé ◽

Salvador Hidalgo ◽

...

Keyword(s):

Integrated Circuits ◽

Reverse Engineering ◽

Logic Gate ◽

Logic Gates ◽

Design Tools ◽

Automated Identification ◽

Ic Design ◽

Technology Scaling ◽

Layout Extraction ◽

Identification Tool

Abstract This paper proposes a compact and robust topology descriptor for the automated identification of logic gates during the reverse engineering of full integrated circuits (ICs). This gate signature proves to be very insensitive to technology scaling, device sizing or layout extraction accuracy. Based on this new descriptor, an automated gate identification tool named Gate-X is implemented on top of commercial IC design tools. The speed tests for a practical 100k-gate digital IC example show that the complete sea of gates can be identified in a few hours.

Download Full-text