Truly Stripping Functionality for Logic Locking: A Fault-based Perspective

Logic locking is a holistic solution to counter manufacturing threats such as intellectual property (IP) piracy and overbuilding at the hardware level. However, years of research has exposed various flaws in locking, including a Boolean satisfiability-based (SAT) attack. Consequently, several SAT-resilient locking techniques such as SARLock, Anti-SAT, and SFLL have been proposed, although certain instances of them have also been broken by a class of attacks, called removal attack. In this paper, we approach logic locking by leveraging well-known principles from VLSI testing and elicit logic locking properties that dictate the resilience of a locking technique against different attacks. We present a revised version of SFLL, namely SFLL-rem, that not only retains all security properties of SFLL, delivering resilience to all the state-of-the-art attacks SFLL can thwart, but also to the latest removal attacks that broke some SFLL instances. Further, we develop a security-aware CAD framework integrated with industry tools that incurs only -1.5%, 0%, and 4.13% overhead for power, performance, and area, respectively. We demonstrate a silicon implementation of SFLL-rem on ARM Cortex-M0 microprocessor in 65nm. Moreover, we provide a framework for an SoC designer to customize logic locking based on the SoC blocks and their threat models; this is illustrated by locking a multi-million-gate SoC provided by DARPA, and taking the SoC all the way to GDSII layout.