Hardware Reverse Engineering

Contact:

Johanna Baehr

Michaela Brunner

Alexander Hepp

Over the past years, the trend in hardware development has gone towards third party IP Cores and commercial off-the-shelf ICs, with more and more high-level design being outsourced, and fabrication often taking place in external foundries. This gives way to a number of security threats, such as insertion of Hardware Trojans, IP Theft or IP Counterfeitung through illegal reverse engineering. Reverse engineering can provide a convenient tool to facilitate identification of malicious code entities, by creating a better understanding of the unknown circuit, on the other hand it can also be used to identfiy possible insertion points. Furthemore, the illegal reverse engineering of IP causes a significant financial cost to the hardware industry. Particularly in the field of cryptology, reverse engineering can severely impact the security of encryption and decryption algorithms, by helping in the identification of  new attack vectors on cryptographic implementations. To protect the integrity of the design, hardware obfuscation, both on a physical and netlist level, is becoming more and more prevalent. Understanding the process behind reverse engineering can provide insights into future possibilities for obfuscation or other countermeasures.

Research Topics:

  • Functional high-level netlist reconstruction
  • FSM Reconstruction
  • Netlist Partitioning
  • Hardware Obfuscation
  • Hardware Trojan Identification
  • Hardware Trojan Design
  • Machine Learning 
  • Graph Analysis
  • Benchmark Creation

Publications

2022

  • Aksoy, Levent and Hepp, Alexander and Baehr, Johanna and Pagliarini, Samuel: Hardware Obfuscation of Digital FIR Filters. 25th International Symposium on Design and Diagnostics of Electronic Circuits and Systems, IEEE, 2022Prague, Czech Republic mehr…
  • Hepp, Alexander and Baehr, Johanna and Sigl, Georg: Golden Model-Free Hardware Trojan Detection by Classification of Netlist Module Graphs. Design, Automation and Test in Europe Conference, IEEE, 2022Antwerp, Belgium mehr…
  • Lippmann, Bernhard and Ludwig, Matthias and Mutter, Johannes and Bette, Ann-Christin and Hepp, Alexander and Baehr, Johanna and Rasche, Martin and Kellermann, Oliver and Gieser, Horst and Zweifel, Tobias and Kovac, Nicola: Physical and Functional Reverse Engineering Challenges for Advanced Semiconductor Solutions. 2022 Design, Automation & Test in Europe Conference & Exhibition DATE, IEEE, 2022Antwerp, Belgium mehr…

2021

  • Hepp, Alexander and Sigl, Georg: Tapeout of a RISC-V Crypto Chip with Hardware Trojans: A Case-Study on Trojan Design and Pre-Silicon Detectability. Proceedings of the 18th ACM International Conference on Computing Frontiers (CF '21), Association for Computing Machinery, 2021Virtual: Catania, Italy mehr…
  • Ludwig, Matthias and Hepp, Alexander and Brunner, Michaela and Baehr, Johanna: CRESS: Framework for Vulnerability Assessment of Attack Scenarios in Hardware Reverse Engineering. 2021 IEEE Physical Assurance and Inspection of Electronics (PAINE), 2021Washington DC, US mehr…

2020

  • Baehr, Johanna; Bernardini, Alessandro; Sigl, Georg; Schlichtmann, Ulf: Machine learning and structural characteristics for reverse engineering. Integration 72, 2020, 1 - 12 mehr…
  • Brunner, M. and Gruber, M. and Tempelmeier, M. and Sigl, G.: Logic Locking Induced Fault Attacks. 2020 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 2020Limassol, CYPRUS mehr…
  • Zhang, G. L. and Li, B. and Li, M. and Yu, B. and Pan, D. Z. and Brunner, M. and Sigl, G. and Schlichtmann, U.: TimingCamouflage+: Netlist Security Enhancement with Unconventional Timing. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systemsde IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems , 2020, 1-1 mehr…
  • Zhang, G. L. and Brunner, M. and Li, B. and Sigl, G.and Schlichtmann, U.: Timing Resilience for Efficient and Secure Circuits. 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC), 2020Beijing, China, 623-628 mehr…

2019

  • Baehr, Johanna; Bernardini, Alessandro; Sigl, Georg; Schlichtmann, Ulf: Machine Learning and Structural Characteristics for Reverse Engineering. 24th Asia and South Pacific Design Automation Conference Conference (ASPDAC’19), 2019Tokyo, Japan mehr…
  • Brunner, M. and Baehr, J. and Sigl, G.: Improving on State Register Identification in Sequential Hardware Reverse Engineering. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2019Washington, D.C., USA mehr…

2018

  • Werner, M.; Lippmann, B.; Baehr, J.; Gräb, H.: Reverse Engineering of Cryptographic Cores by Structural Interpretation Through Graph Analysis. 2018 IEEE 3rd International Verification and Security Workshop (IVSW), 2018Platja d’Aro, Costa Brava, Spain, 13-18 mehr…

Open Positions for Students

Forschungspraxis (Research Internships)

IP Risk Through Satisfiability Checking Tools

Beschreibung

Due to long production and supply chains, circuit designs are prone to theft and manipulation. Logic locking inserts a locking key into the circuit netlist to secure them against these risks. However, so called SAT-based attacks, which check the satisfiability of netlists, were developed to extract the locking keys again.

This work should create a better understanding of sequential SAT-based attacks and extend them towards further applications.

Please contact me to get more information about the topic and the aim of this work.

 

References:

  • Subramanyan, P.; Ray, S. & Malik, S. Evaluating the security of logic encryption algorithms 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2015, 137-143
  • El Massad, M.; Garg, S. & Tripunitara, M. Reverse engineering camouflaged sequential circuits without scan access 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), 2017, 33-40

 

Kontakt

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

 

Betreuer:

Michaela Brunner

One Right Solution To Implement A State Machine?

Beschreibung

A finite state machine can be represented in several different ways. There is no one right solution. Designers make use of this fact to optimize power, area, or performance.

This work should first create a better understanding of what the limits of the representation of state machines are. Second, these findings should be interpreted in relation to various context.

Please contact me to get more information about the topic and the aim of this work.

 

 

References:

  • Hartmanis, J. Symbolic analysis of a decomposition of information processing machines Information and Control, Elsevier, 1960, 3, 154-178
  • Shelar, R. S.; Desai, M. P. & Narayanan, H. Decomposition of finite state machines for area, delay minimization Proceedings 1999 IEEE International Conference on Computer Design: VLSI in Computers and Processors (Cat. No. 99CB37040), 1999, 620-625

 

 

Kontakt

Michaela Brunner, M.Sc.

Technical University of Munich, Chair of Security in Information Technology

Room N1008, Email: michaela.brunner@tum.de

Betreuer:

Michaela Brunner