Reverse and Anti-Reverse Engineering of Electronic Chips and Systems

Reverse engineering (RE) is the process by which an object is examined in order to gain a full understanding of its construction and/or functionality. RE is now widely used to disassemble systems and devices in a number of different contexts, such as industrial design, cloning, and reproduction. The motivation for RE could be “honest” or “dishonest.” Those with honest intentions  perform RE for verification, failure analysis, counterfeit detection, product obsolescence, education and research. Those with dishonest intentions perform RE in order to clone, pirate, or counterfeit a design, to develop an attack, or to insert a hardware Trojan. Reverse engineering of electronic systems and printed circuit boards (PCBs) can be achieved by extracting their underlying physical information using destructive or nondestructive methods followed by analysis. While the globalization of semiconductor production, untrusted entities involved in integrated circuit (IC) design and fabrication could use their access to intellectual property (IP) in order to copy or reverse engineer an IP.

Today, RE is of great concern to governments, military, and various industries for the following reasons: (i) the attacks and security breaches that could occur through the RE of classified military systems, financial systems, etc.; (ii) the safety issues and costs resulting from unintended use of counterfeit products in critical systems and infrastructures; (iii) the loss in profits and reputation for IP owners, which can result from the counterfeiting of products through the use of RE; (iv) the negative impact that RE has on new product innovations, incentives for research and development, and – by extension – the worldwide job market. As a result of these concerns, researchers, companies, and the defense departments of many nations are persistently seeking anti-RE techniques to prevent adversaries from accessing their protected products and systems. Anti-RE techniques should have the ability to monitor, detect, resist, and react to invasive and noninvasive attacks.

In our work, we have investigated the current state of reverse engineering from chip to system level and proposed several anti-reverse engineering countermeasures. Our work includes

  1. Hardware Obfuscation Benchmarking: Research in the field of hardware obfuscation has seen significant growth in the past two years. However, standard benchmarks to evaluate hardware obfuscation methods, attacks, and countermeasures are lacking. As part of Dr. Forte’s NSF CAREER Award, we have developed the first suite of IC benchmarks which are obfuscated using in-house and popular approaches from the literature, different key sizes, and different countermeasures. The suite has been uploaded to the NSF sponsored Trust-HUB.org. We have also developed a taxonomy, naming convention, and format for others to follow in order to submit their own benchmarks.
  2. IC/IP Obfuscation and Encryption: Theft, reverse engineering and piracy of silicon IP are the realities that manufacturers and vendors of integrated circuits must face today. In order to combat these threats, obfuscation has emerged as a viable candidate for semiconductor or hardware IP protection. Obfuscation techniques aim at concealing or locking the underlying intellectual property of a semiconductor product, such as IP cores, gate-level designs or layout, in order to prevent an untrusted party or adversary from reverse engineering and/or exploiting the design. In our work, we are investigating novel IP/IC obfuscation methods and attacks which include (i) chip edit compatible netlist and layout modification for protecting IP of low volume products; (ii) secure split test (SST) methods for obfuscation of test responses; (iii)methods to incorporate IEEE P1735 Standard for IP Encryption into ASIC design flows to protect IP confidentiality and integrity; and (iv) metrics and analysis of logic locking security against SAT, removal, key sensitization, and bypass attacks.
  3. Nondestructive PCB Reverse Engineering via X-ray Tomography: X-ray tomography is an advanced technique for non-destructive three dimensional (3D) imaging. In our research, we have optimized tomography parameters for PCB imaging with the state-of-the-art Zeiss Versa 510. Reverse engineering of a 4 layer custom PCB and a 6 layer, commercial Xilinx FPGA have been performed in semi-automated fashion within 9 hours and 18 hours respectively. This work demonstrates that reverse engineering of printed circuit boards (PCBs) can be accomplished very quickly by attackers in a “set-it-and-forget it” fashion. In future work, we plan on developing PCB anti-reverse engineering techniques that prevent X-ray tomography.
  4. PCB Obfuscation and Anti-Reverse Engineering: Existing chip-level obfuscation techniques are not applicable to board level due to the significant differences between chips and PCBs. In our work, we have proposed the first PCB obfuscation approach that relies on permutation blocks to hide the interconnects among the PCB’s circuit components. Results obtained from industrial reference designs show that it is nearly impossible to break the proposed approach by brute force, even under pessimistic assumptions. We have also developed physical forms of obfuscation that protect against nondestructive PCB reverse engineering. Specifically, high-Z materials are added inside the PCB to block X-rays, thereby creating noise and artifacts during tomography. Then, advanced PCB routing and material placement methods are used to select and hide the most sensitive connections within the PCB  beneath these materials so that they cannot be reconstructed after tomography.
  5. Obfuscated BISA (i.e., Split Manufacturing + BISA): Split manufacturing has emerged as a viable approach to protect integrated circuits (ICs) fabricated in untrusted foundries, but has high cost and/or high performance overhead. In our work, we have proposed to insert additional functional circuitry called obfuscated built-in self-authentication (OBISA) in the chip layout with split manufacturing process, in order to prevent reverse-engineering and prevent hardware Trojan insertion. Self-tests are performed to authenticate the trustworthiness of the OBISA circuitry. The OBISA circuit is connected to original design in order to increase the strength of obfuscation, thereby allowing a higher layer split and lower overall cost. Additional fan-outs are also created in OBISA circuitry to improve obfuscation without losing testability. Finally, our proposed gating mechanism and net selection methods can ensure negligible overhead in terms of area, timing, and dynamic power.

Current and Past Project Sponsors

We are thankful for the support provided by the following government agencies and companies:

Our Conference and Journal Papers

NOTE: This directory contains pdf/ps files of articles that may be covered by copyright. You may browse the articles at your convenience, in the same spirit as you may read a journal or a proceedings article in a public library. Retrieving, copying, or distributing these files may violate copyright protection laws.

Chip to System Reverse Engineering Surveys

  • R. Wilson, H. Lu, M. Zhu, D. Forte, DL Woodard, “REFICS: Assimilating Data-Driven Paradigms into Reverse Engineering and Hardware Assurance on Integrated Circuits”, IEEE Access, 2021. [pdf]
  • R. Wilson, H. Lu, M. Zhu, D. Forte, DL Woodard, “REFICS: A Step Towards Linking Vision with Hardware Assurance”, to appear Winter Conference on Applications of Computer Vision (WACV), January 2022. [pdf]
  • UJ Botero, R. Wilson, H. Lu, MT Rahman, MA Mallaiyan, F. Ganji, N. Asadizanjanizanjani, MM Tehranipoor, DL Woodard, D. Forte, “Hardware Trust and Assurance through Reverse Engineering: A Tutorial and Outlook from Image Analysis and Machine Learning Perspectives”, ACM Journal on Emerging Technologies in Computing Systems (JETC), Vol. 17, No. 4, June 2021. [preprint] [link]
  • S. E. Quadir, J. Chen, D. Forte, N. Asadizanjani, S. Shahbazmohamadi, L. Wang, J. Chandy, M. Tehranipoor, “A Survey on Chip to System Reverse Engineering,” ACM Journal on Emerging Technologies in Computing Systems (JETC), Vol. 13, No.1, April 2016. [link]

Non-destructive Firmware/Software Disassembly

  • J. Park, F. Rahman, A. Vassilev, D. Forte, M. Tehranipoor, “Leveraging Side-channel Information for Disassembly and Security”, ACM Journal on Emerging Technologies in Computing (JETC), Vol. 16, No. 1, December 2019. [link]
  • J. Park, X. Xu, Y. Jin, D. Forte, M. Tehranipoor, “Power-based Side-Channel Instruction-level Disassembler”, Design Automation Conference (DAC), June 2018. [link]

IC/IP Reverse Engineering and Anti-Reverse Engineering

  • T. Farheen, U. Botero, N. Varshney, HT Shen, DL Woodard, M. Tehranipoor, D. Forte, “Proof of Reverse Engineering Barrier: SEM Image Analysis on Covert Gates”, International Symposium for Testing and Failure Analysis (ISTFA), November 2021. [pdf]
  • MS Rahman, A. Nahiyan, F. Rahman, S. Fazzari, K. Plaks, F. Farahmandi, D. Forte, M. Tehranipoor, “”Security Assessment of Dynamically Obfuscated Scan Chain Against Oracle-guided Attacks”‘, ACM Transactions on Design Automation of Electronic Systems (TODAES), Vol. 26, No. 4,, March 2021. [link]
  • R. Wilson, D. Forte, N. Asadi, D. Woodard, “LASRE: A Novel Approach to Large area Accelerated Segmentation for Reverse Engineering on SEM images”, International Symposium for Testing and Failure Analysis (ISTFA), December 2020. [preprint]
  • R. Acharya, S. Chowdhury, F Ganji, D. Forte, “Attack of the Genes: Finding Keys and Parameters of Locked Analog ICs Using Genetic Algorithm” IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), December 2020. [preprint]
  • MM Rahman, MS Rahman, H. Wang, S. Tajik, W. Khalil, F. Farahmandi, D. Forte, N. Asadizanjani, M. Tehranipoor, “Defense-in-Depth: A Recipe for Logic Locking to Prevail”, Integration, the VLSI Journal, 2020. [link]
  • Z. Guo, S. Chowdury, M. Tehranipoor, D. Forte, “Permutation Network De-obfuscation: A Delay-based Attack and Countermeasure Investigation”, ACM Journal on Emerging Technologies in Computing Systems (JETC), Vol. 16, No. 2, January 2020. [link]
  • B. Shakya, X. Xu, M. Tehranipoor, D. Forte, “CAS-Lock: A Security-Corruptibility Trade-off Resilient Logic Locking Scheme”, IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), No. 1, 2020. [link]
  • A. Alaql, D. Forte, S.Bhunia, “Sweep to the Secret: A Constant Propagation Attack on Logic Locking”, IEEE Asian Hardware-Oriented Security and Trust (AsianHOST), December 2019. [pdf]
  • R. Wilson, RY Acharya, D. Forte, N. Asadi, D. Woodard, “A Novel Approach to Unsupervised Automated Extraction of Standard Cell Library for Reverse Engineering and Hardware Assurance”, International Symposium for Testing and Failure Analysis (ISTFA), November 2019. [pdf]
  • Q. Shi, M. Tehranipoor, D. Forte, “Obfuscated Built-In Self-Authentication with Secure and Efficient Wire-Lifting”, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), Vol. 38, No. 11, November 2019. [link]
  • R. Wilson, N. Asadi, D. Forte, D. Woodard, “First Auto-Magnifier Platform for Hardware Assurance and Reverse Engineering Integrated Circuits”, Microscopy & Microanalysis (M&M), August 2019. [link]
  • B. Shakya, H. Shen, M. Tehranipoor, D. Forte, “Covert Gates: Protecting Integrated Circuits with Undetectable Camouflaging”, IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), August 2019. [link]
  • F. Ganji, D. Forte, N. Asadizanjani, M. Tehranipoor, D. Woodard, “The Power of IC Reverse Engineering for Hardware Trust and Assurance”, Electronic Device Failure Analysis (EDFA), May 2019. [link]
  • H. Shen, N. Asadizanjani, M. Tehranipoor, D. Forte, “Nanopyramid: An Optical Scrambler Against Backside Probing Attacks”, International Symposium for Testing and Failure Analysis (ISTFA), October 2018. [pdf]
  • S. Amir, B. Shakya, X. Xu, Y. Jin, S. Bhunia, M. Tehranipoor, D. Forte, “Development and Evaluation of Hardware Obfuscation Benchmarks”, Journal of Hardware and Systems Security (HaSS), Vol. 2, No. 2, June 2018. [link]
  • E.L. Principe, N. Asadi, D. Forte, M. Tehranipoor, M. DiBattista, R. Chivas, S. Silverman, N. Piche, M. Marsh, J. Mastovich, “Steps Toward Computational Guided Deprocessing of Integrated Circuits” in GOMACTech, March 2018.
  • E.L. Principe, N. Asadi, D. Forte, M. Tehranipoor, R. Chivas, M. DiBattista, S. Silverman, “Plasma FIB Deprocessing of Integrated Circuits from the Backside”, Electronic Device Failure Analysis (EDFA), Vol. 19, No. 4, Nov. 2017. [link]
  • E.L. Principe, N.Asadizanjani, D. Forte, M. Tehranipoor, R. Chivas, M. DiBattista, S.Silverman, M. Marsh, N. Piche, J. Mastovich, “Steps Toward Automated Deprocessing of Integrated Circuits,”  International Symposium for Testing and Failure Analysis (ISTFA), Nov. 2017. [pdf] [ISTFA 2017 Outstanding Paper Award]
  • A. Chhotaray, A. Nahiyan, T. Shrimpton, D. Forte, M. Tehranipoor, “Standardizing Bad Cryptographic Practice – A Teardown of the IEEE Standard for Protecting Electronic-Design Intellectual Property,” ACM Conference on Computer and Communications Security (CCS), Nov. 2017. [link]
  • X. Xu, B. Shakya, M. Tehranipoor, D. Forte, “Novel Bypass Attack and BDD-based Tradeoff Analysis Against all Known Logic Locking Attacks,.” International Conference on Cryptographic Hardware and Embedded Systems (CHES), Sept. 2017. [link] 
  • Q. Shi, K. Xiao, D. Forte, M. Tehranipoor, “Securing Split Manufactured ICs with Wire Lifting Obfuscated Built-In Self-Authentication”, GLSVLSI, May 2017. [link]
  • S. Amir, B. Shakya, D. Forte, M. Tehranipoor, S. Bhunia, “Comparative Analysis of Hardware Obfuscation for IP Protection”, GLSVLSI, May 2017. [link]
  • Q. Shi, N. Asadizanjani, D. Forte, M.Tehranipoor, “A Layout-driven Framework to Assess Vulnerability of ICs to Microprobing Attacks”, Hardware-Oriented Security and Trust (HOST) 2016, May 2016.[pdf] [HOST 2016 Best Paper Award] 
  • S. Chen, J. Chen, D. Forte, J. Di, M. Tehranipoor, L. Wang, “Chip-level Anti-reverse Engineering using Transformable Interconnects,” IEEE Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), Oct. 2015. [pdf]
  • K. Xiao, D. Forte, M. Tehranipoor, “Efficient and Secure Split Manufacturing via Obfuscated Built-In Self-Authentication,” Hardware-Oriented Security and Trust (HOST) 2015, May 2015. [pdf] [HOST 2015 Best Paper Award]

PCB Reverse Engineering and Anti-Reverse Engineering

  • U. Botero, F. Ganji, D. Woodard, D Forte., “Automated Trace and Copper Plane Extraction ofX-ray Tomography Imaged PCBs”, to appear IEEE International Conference on Physical Assurance and Inspection of Electronics (PAINE), December 2021. [pdf]
  • DS Koblah, UJ Botero, F. Ganji, D. Woodard, D. Forte, “Via Modeling on X-Ray Images of Printed Circuit Boards Through Deep Learning”, in GOMACTech, March 2021. []
  • UJ Botero, D. Koblah, DE Capecci, F. Ganji, N. Asadi, DL Woodard, D. Forte, “Automated Via Detection for PCB Reverse Engineering”, International Symposium for Testing and Failure Analysis (ISTFA), December 2020. [pdf] [EDFAS Virtual Workshop (ISTFA 2020) Outstanding Paper Award]
  • UJ Botero, N. Asadizanjani, D. Woodard, D. Forte, “A Framework for Automated Alignment and Layer Identification of X-Ray Tomography Imaged PCBs”, in GOMACTech, March 2020. [pdf]
  • Z. Guo, J. Di, M. Tehranipoor, D. Forte, “Obfuscation-based Protection Framework Against Printed Circuit Boards Unauthorized Operation and Reverse Engineering”, ACM Transactions on Design Automation of Electronic Systems (TODAES), Vol. 22, No. 3, April 2017. [link]
  • N. Asadi, M. Tehranipoor, D. Forte, “PCB Reverse Engineering Using Non-destructive X-ray Tomography and Advanced Image Processing”, IEEE IEEE Transactions on Components, Packaging and Manufacturing (CPMT),Vol. 7, No. 2, February 2017. [link]
  • Z. Guo, M. Tehranipoor, D. Forte, “Aging Attacks for Key Extraction on Permutation-Based Obfuscation,” IEEE Asian Hardware-Oriented Security and Trust (AsianHOST), Dec. 2016. [pdf]
  • Z. Guo, B. Shakya, H. Shen, S. Bhunia, N. Asadizanjani, D. Forte, M. Tehranipoor, “A New Methodology to Protect PCBs from Non-destructive Reverse Engineering,” International Symposium for Testing and Failure Analysis (ISTFA), Nov. 2016. [pdf]
  • N. Asadizanjani, S. Shahbazmohamadi, M. Tehranipoor, D. Forte, “Non-destructive PCB Reverse Engineering Using X-ray Micro Computed Tomography”, International Symposium for Testing and Failure Analysis (ISTFA), Nov. 2015. [pdf]
  • Z. Guo, J. Di, M. Tehranipoor, D. Forte, “Investigation of Obfuscation-based Anti-Reverse Engineering for Printed Circuit Boards,” Design Automation Conference (DAC) 2015, June 2015. [link]
  • N. Asadizanjani, S. E. Quadir, S. Shahbazmohamadi, M. Tehranipoor, D. Forte, “Rapid Non-destructive Reverse Engineering of Printed Circuit Boards by High Resolution X-ray Tomography” GOMACTech, March 2015.