Hardware Reverse Engineering

Contact:

Johanna Baehr

Michaela Brunner

Alexander Hepp

Over the past years, the trend in hardware development has gone towards third party IP Cores and commercial off-the-shelf ICs, with more and more high-level design being outsourced, and fabrication often taking place in external foundries. This gives way to a number of security threats, such as insertion of Hardware Trojans, IP Theft or IP Counterfeitung through illegal reverse engineering. Reverse engineering can provide a convenient tool to facilitate identification of malicious code entities, by creating a better understanding of the unknown circuit, on the other hand it can also be used to identfiy possible insertion points. Furthemore, the illegal reverse engineering of IP causes a significant financial cost to the hardware industry. Particularly in the field of cryptology, reverse engineering can severely impact the security of encryption and decryption algorithms, by helping in the identification of  new attack vectors on cryptographic implementations. To protect the integrity of the design, hardware obfuscation, both on a physical and netlist level, is becoming more and more prevalent. Understanding the process behind reverse engineering can provide insights into future possibilities for obfuscation or other countermeasures.

Research Topics:

  • Functional high-level netlist reconstruction
  • FSM Reconstruction
  • Netlist Partitioning
  • Hardware Obfuscation
  • Hardware Trojan Identification
  • Hardware Trojan Design
  • Machine Learning 
  • Graph Analysis
  • Benchmark Creation

Publications

2022

  • Aksoy, Levent and Hepp, Alexander and Baehr, Johanna and Pagliarini, Samuel: Hardware Obfuscation of Digital FIR Filters. 25th International Symposium on Design and Diagnostics of Electronic Circuits and Systems, IEEE, 2022Prague, Czech Republic, 68-73 mehr…
  • Baehr, Johanna and Hepp, Alexander and Brunner, Michaela and Malenko, Maja and Sigl, Georg: Open Source Hardware Design and Hardware Reverse Engineering: A Security Analysis. Euromicro Conference on Digital System Design DSD, 2022Maspalomas, Gran Canarias, Spain mehr…
  • Brunner, Michaela and Hepp, Alexander and Baehr, Johanna and Sigl, Georg: Toward a Human-Readable State Machine Extraction. ACM Trans. Des. Autom. Electron. Syst. 27 (6), 2022 mehr…
  • Brunner, Michaela; Ibrahimpasic, Tarik; Li, Bing; Zhang, Grace Li; Schlichtmann, Ulf; Sigl, Georg: Timing Camouflage Enabled State Machine Obfuscation. 2022 IEEE Physical Assurance and Inspection of Electronics (PAINE), 2022Huntsville, USA mehr…
  • Hepp, Alexander and Baehr, Johanna and Sigl, Georg: Golden Model-Free Hardware Trojan Detection by Classification of Netlist Module Graphs. Design, Automation and Test in Europe Conference, IEEE, 2022Antwerp, Belgium, 1317-1322 mehr…
  • Lippmann, Bernhard and Ludwig, Matthias and Mutter, Johannes and Bette, Ann-Christin and Hepp, Alexander and Baehr, Johanna and Rasche, Martin and Kellermann, Oliver and Gieser, Horst and Zweifel, Tobias and Kovac, Nicola: Physical and Functional Reverse Engineering Challenges for Advanced Semiconductor Solutions. 2022 Design, Automation & Test in Europe Conference & Exhibition DATE, IEEE, 2022Antwerp, Belgium mehr…
  • Weber, Selina and Baehr, Johanna and Hepp, Alexander and Sigl, Georg: Analysis of Graph-based Partitioning Algorithms and Partitioning Metrics for Hardware Reverse Engineering. 11th International Workshop on Security Proofs for Embedded Systems (PROOFS), 2022Leuven, Belgium mehr…

2021

  • Hepp, Alexander and Sigl, Georg: Tapeout of a RISC-V Crypto Chip with Hardware Trojans: A Case-Study on Trojan Design and Pre-Silicon Detectability. Proceedings of the 18th ACM International Conference on Computing Frontiers (CF '21), Association for Computing Machinery, 2021Virtual: Catania, Italy mehr…
  • Ludwig, Matthias and Hepp, Alexander and Brunner, Michaela and Baehr, Johanna: CRESS: Framework for Vulnerability Assessment of Attack Scenarios in Hardware Reverse Engineering. 2021 IEEE Physical Assurance and Inspection of Electronics (PAINE), 2021Washington DC, US mehr…

2020

  • Baehr, Johanna; Bernardini, Alessandro; Sigl, Georg; Schlichtmann, Ulf: Machine learning and structural characteristics for reverse engineering. Integration 72, 2020, 1 - 12 mehr…
  • Brunner, M. and Gruber, M. and Tempelmeier, M. and Sigl, G.: Logic Locking Induced Fault Attacks. 2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 2020Limassol, CYPRUS mehr…
  • Zhang, G. L. and Li, B. and Li, M. and Yu, B. and Pan, D. Z. and Brunner, M. and Sigl, G. and Schlichtmann, U.: TimingCamouflage+: Netlist Security Enhancement with Unconventional Timing. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systemsde IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems , 2020, 1-1 mehr…
  • Zhang, G. L. and Brunner, M. and Li, B. and Sigl, G.and Schlichtmann, U.: Timing Resilience for Efficient and Secure Circuits. 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC), 2020Beijing, China, 623-628 mehr…

2019

  • Baehr, Johanna; Bernardini, Alessandro; Sigl, Georg; Schlichtmann, Ulf: Machine Learning and Structural Characteristics for Reverse Engineering. 24th Asia and South Pacific Design Automation Conference Conference (ASPDAC’19), 2019Tokyo, Japan mehr…
  • Brunner, M. and Baehr, J. and Sigl, G.: Improving on State Register Identification in Sequential Hardware Reverse Engineering. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2019Washington, D.C., USA mehr…

2018

  • Werner, M.; Lippmann, B.; Baehr, J.; Gräb, H.: Reverse Engineering of Cryptographic Cores by Structural Interpretation Through Graph Analysis. 2018 IEEE 3rd International Verification and Security Workshop (IVSW), 2018Platja d’Aro, Costa Brava, Spain, 13-18 mehr…

Open Positions for Students

Bachelorarbeiten

Exploring netlist representations for netlist RE

Beschreibung

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Entwicklung von Werkzeugen für das Reverse Engineering

Beschreibung

Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.

Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.

In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Betreuer:

Alexander Hepp

Masterarbeiten

Metrics for Obfuscation of Sequential Circuits

Beschreibung

Obfuscation of sequential circuits targets the protection of finite state machines. There exist different approaches to achieve this, like modifying the state machine on RTL level or modifying the corresponding flip-flops on gate-level [1]. A metric can be used to evaluate the success of an obfuscation technique and make it comparable to other methods. Due to the wide variety of sequential obfuscation methods, there are no uniform and very few metrics at all.

This work should analyze existing metrics in terms of how well they can be generalized and thus applied to as many obfuscation techniques as possible. In addition, the work should develop an improved metric.

Please contact me to get more information about the topic and the aim of this work.

 

References:

  • [1] Kamali, Hadi Mardani, et al. "Advances in Logic Locking: Past, Present, and Prospects." Cryptology ePrint Archive (2022).
  • R. S. Chakraborty and S. Bhunia, "HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493-1502, Oct. 2009, doi: 10.1109/TCAD.2009.2028166.

Kontakt

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

 

Betreuer:

Michaela Brunner

Exploring netlist representations for netlist RE

Beschreibung

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Interdisziplinäre Projekte

Entwicklung von Werkzeugen für das Reverse Engineering

Beschreibung

Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.

Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.

In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Betreuer:

Alexander Hepp

Forschungspraxis (Research Internships)

Metrics for Obfuscation of Sequential Circuits

Beschreibung

Obfuscation of sequential circuits targets the protection of finite state machines. There exist different approaches to achieve this, like modifying the state machine on RTL level or modifying the corresponding flip-flops on gate-level [1]. A metric can be used to evaluate the success of an obfuscation technique and make it comparable to other methods. Due to the wide variety of sequential obfuscation methods, there are no uniform and very few metrics at all.

This work should analyze existing metrics in terms of how well they can be generalized and thus applied to as many obfuscation techniques as possible. In addition, the work should develop an improved metric.

Please contact me to get more information about the topic and the aim of this work.

 

References:

  • [1] Kamali, Hadi Mardani, et al. "Advances in Logic Locking: Past, Present, and Prospects." Cryptology ePrint Archive (2022).
  • R. S. Chakraborty and S. Bhunia, "HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 28, no. 10, pp. 1493-1502, Oct. 2009, doi: 10.1109/TCAD.2009.2028166.

Kontakt

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

 

Betreuer:

Michaela Brunner

Exploring netlist representations for netlist RE

Beschreibung

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

IP Risk Through Satisfiability Checking Tools

Beschreibung

Due to long production and supply chains, circuit designs are prone to theft and manipulation. Logic locking inserts a locking key into the circuit netlist to secure them against these risks. However, so called SAT-based attacks, which check the satisfiability of netlists, were developed to extract the locking keys again.

This work should create a better understanding of sequential SAT-based attacks and extend them towards further applications.

Please contact me to get more information about the topic and the aim of this work.

 

References:

  • Subramanyan, P.; Ray, S. & Malik, S. Evaluating the security of logic encryption algorithms 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2015, 137-143
  • El Massad, M.; Garg, S. & Tripunitara, M. Reverse engineering camouflaged sequential circuits without scan access 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 2017, 33-40

 

Kontakt

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

 

Betreuer:

Michaela Brunner

Studentische Hilfskräfte

Exploring netlist representations for netlist RE

Beschreibung

Reverse engineering of silicon hardware designs is an interesting task for various applications in science and industry, such as patent infringement detection, security analysis or hardware trojan detection.

One of the most challenging tasks is to go from the flat netlist, that is a graph of logic gates and wires between them, to a high level description of the design.

In this work, you will analyze and compare different methods for representing a netlist and the benefits and problems when analyzing the netlist using the different representations

 

Voraussetzungen

The following list of prerequisites is neither complete nor binding, but shall give you an idea, what the topic is about.

  • Sufficient knowledge in a python to use our existing framework
  • Basic knowledge of a hardware description language such as vhdl or verilog to understand what you are analyzing
  • Basic knowledge in graph theory, algorithms etc. to cope with problems on the way.

 

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

 

Betreuer:

Alexander Hepp

Entwicklung von Werkzeugen für das Reverse Engineering

Beschreibung

Während dem Reverse Engineering von digitalen Schaltungen trifft man oft auf Probleme, deren Komplexität durch Automatisierung besser beherrscht werden kann. Viele Tools müssen dabei an die spezifische Forschung angepasst werden und helfen dann dabei, mit Standard-IC-Design-Werkzeugen weiterzuarbeiten.

Beispielsweise erhält man eine Netzliste, die mit einer unbekannten Zellbibliothek synthetisiert wurden. Nun ist es notwendig, die verwendete Zellbibliothek zu reverse-engineeren, z.B. mithilfe der Pin und Zell-Namen und daraus eine einfache Bibliothek herzustellen, mit der die Netzliste dann mit den Standard-Tools verarbeitet werden kann.

In dieser Ingenieurspraxis arbeiten Sie eng mit einem Wissenschaftler im Reverse Engineering-Bereich zusammen und erstellen ein oder mehrere hochwertige Werkzeuge für das Reverse Engineering von Netzlisten.

Kontakt

If you are interested in this topic, don't hesitate to ask for an appointment via

alex.hepp@tum.de

Please include a grade report and a CV, so I can evaluate different focus areas to fit your experience.

Betreuer:

Alexander Hepp