RELIC-GNN:一种高效的状态寄存器识别算法

doi:10.19665/j.issn1001-2400.2023.03.014

Abstract

Abstract:

With the horizontalization of integrated circuit (IC) design and globalization of manufacturing,a large number of hardware ICs produced by third-party vendors are used in the chip design,which raises concerns about design backdoors/hardware Trojan horses being inserted into chips.Reverse engineering can recover the design netlist of IC chips,and designers can determine whether the design functions have been tampered with by extracting high-level descriptions and analyzing the key logic.However,the poor readability of the reverse netlist with its data paths and control logic mixed makes it difficult to abstract the high-level descriptions quickly and accurately.In this paper,the problem is equivalently defined as the classification problem of the netlist path structure,and an efficient state register identification algorithm based on the graph neural network is proposed.First,pre-processing of the netlist is conducted to eliminate the differences of the process library and to reduce the modeling complexity.Second,the netlist is modeled as the directed graph and the path structure of each register is extracted.Then the graph neural network model is used to map corresponding features of each register with the path structure inputted.Finally,the features are clustered so as to classify the registers into status registers and control registers.Experimental results prove that the algorithm can run correctly on a million-gate netlist with the average recognition accuracy reaching 88.37%,which is improved in recognition accuracy,operation speed and migratability compared with the existing algorithms.

Key words: reverse engineering, register classification, control logic extraction, graph neural networks

CLC Number:

TN406

DONG Meng,GAO Yiming,PAN Weitao,QIU Zhiliang,YANG Jianlei,DI Zhixiong,ZHENG Ling. RELIC-GNN:an efficient state register identification algorithm[J].Journal of Xidian University, 2023, 50(3): 142-150.

Figures/Tables 5

References 16

[1]	BHUNIA S, HSIAO M S, BANGA M, et al. Hardware Trojan Attacks:Threat Analysis and Countermeasures[J]. Proceedings of the IEEE, 2014, 102(8):1229-1247. doi: 10.1109/JPROC.2014.2334493
[2]	ALBARTUS N, HOFFMANN M, TEMME S, et al. DANA Universal Dataflow Analysis for Gate-Level Netlist Reverse Engineering[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020, 4:309-336.
[3]	MCELVAIN K S. Methods and Apparatuses for Automatic Extraction of Finite State Machines:US06182268B2[P].2001-1-30.
[4]	SHI Y, TING C W, GWEE B H, et al. A Highly Efficient Method for Extracting FSMs from Flattened Gate-Level Netlist[C]//Proceedings of 2010 IEEE international symposium on circuits and systems. Piscataway:IEEE, 2010:2610-2613.
[5]	MEADE T, ZHANG S, JIN Y. Netlist Reverse Engineering for High-Level Functionality Reconstruction[C]// 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC).Piscataway:IEEE, 2016:655-660.
[6]	MEADE T, JIN Y, TEHRANIPOOR M, et al. Gate-Level Netlist Reverse Engineering for Hardware Security:Control Logic Register Identification[C]//2016 IEEE International Symposium on Circuits and Systems (ISCAS). Piscataway:IEEE, 2016:1334-1337.
[7]	BRUNNER M, BAEHR J, SIGL G. Improving on State Register Identification in Sequential Hardware Reverse Engineering[C]//2019 IEEE International Symposium on Hardware Oriented Security and Trust(HOST). Piscataway:IEEE, 2019:151-160.
[8]	MEADE T, SHAMSI K, LE T, et al. The Old Frontier of Reverse Engineering:Netlist Partitioning[J]. Journal of Hardware and Systems Security, 2018, 2(3):201-213. doi: 10.1007/s41635-018-0043-4
[9]	CHOWDHURY S D, YANG K, NUZZO P. ReIGNN:State Register Identification Using Graph Neural Networks for Circuit Reverse Engineering[C]//2021 IEEE/ACM International Conference on Computer Aided Design(ICCAD). Piscataway:IEEE, 2021:1-9.
[10]	LI W, GASCON A, SUBRAMANYAN P, et al. WordRev:Finding Word-Level Structures in a Sea of Bit-Level Gates[C]//2013 IEEE international symposium on hardware-oriented security and trust (HOST). Piscataway:IEEE, 2013:67-74.
[11]	VELICKOVIC P, CUCURULL G, CASANOVA A, et al. Graph Attention Networks(2017)[J/OL].[2017-10-30]. https://arxiv.org/abs/1710.10903.
[12]	CORNO F, REORDA M S, SQUILLERO G. RT-Level ITC'99 Benchmarks and First ATPG Results[J]. IEEE Design & Test of computers, 2000, 17(3):44-53. doi: 10.1109/54.867894
[13]	OPENCORE. Opencore benchmarks (2022)[EB/OL].[2022-06-19]. https://opencores.org.
[14]	STRÖMBERGSON J. Secworks (2022))[EB/OL].[2022-06-19]. https://github.com/secworks?tab=repositories.
[15]	ONCHIPUIS. Onchipuis (2022))[EB/OL].[2022-06-19]. https://github.com/onchipuis.
[16]	DONG M. The netlist ofecdsa circuit (2022)[EB/OL].[2022-06-19]. https://github.com/Melvin-Dong/ecdsa.

网表	召回率			精确率			准确率
网表	Fast- RELIC	ReI- GNN	RELIC- GNN	Fast- RELIC	ReI- GNN	RELIC- GNN	Fast- RELIC	ReI- GNN	RELIC- GNN
FSM?	100	100	100	80.00	100	100	64.29	71.43	71.43
b10★	75.00	100	100	25.00	44.44	50.00	36.84	60.87	61.90
b08★	100	100	100	13.33	25.00	22.22	34.78	65.22	60.87
b09★	100	100	100	40.00	28.57	40.00	83.33	76.67	83.33
gpio?	100	75.00	100	26.67	33.33	66.67	68.75	80.43	87.50
b04★	100	100	100	11.76	18.18	22.22	75.00	83.82	86.76
MEM?	100	100	100	30.77	30.77	44.44	82.89	82.89	88.16
b14★	100	100	100	8.33	4.35	3.85	94.44	89.35	87.96
spi_axi?	100	100	100	22.22	7.27	33.33	96.75	90.07	97.83
uart?	100	100	100	21.21	2.85	53.81	94.6	89.74	97.87
siphash◇	100	100	100	6.12	3.37	15.79	93.81	88.76	97.60
mem_control?	74.24	96.97	100	27.07	29.09	25.29	84.33	81.43	78.10
alto32?	100	66.67	100	4.23	2.99	4.92	88.66	89.26	90.26
sha1◇	100	100	100	2.70	1.20	13.33	95.59	89.06	99.02
gcm_aes?	100	100	100	4.17	5.75	29.41	85.99	89.72	98.02
lightweight?	100	100	100	1.74	1.14	3.33	91.31	90.05	95.46
aes◇	100	100	100	6.06	2.81	22.86	95.59	90.48	98.83
cr_div?	100	100	100	3.71	0.77	27.27	98.06	90.61	99.74
escda§			100			0.58			98.47
平均	97.18	95.20	100	18.62	18.99	30.49	81.37	83.30	88.37

网表	Fast- RELIC	RELIC- GNN	加速比例
FSM?	1.76	1.84	0.96
b10★	2.64	3.38	0.93
b08★	2.27	3.43	0.85
b09★	3.35	3.40	1.06
gpio?	1.83	3.57	0.82
b04★	5.83	3.67	1.63
MEM?	10.59	8.34	1.27
b14★	28.36	4.21	6.90
spi_axi?	43.96	5.70	9.16
uart?	76.38	10.56	7.23
siphash◇	252.92	6.51	41.73
mem_control?	355.25	7.75	50.61
alto32?	232.65	20.48	11.36
sha1◇	118.17	9.39	13.87
gcm_aes?	458.52	11.02	48.42
lightweight?	436.63	18.23	23.96
aes◇	281.51	15.87	19.87
cr_div?	529.03	22.19	26.63

网表	准确率
网表	130 nm library	28 nm library
FSM?	63.47	71.43
b10★	47.06	61.90
b08★	66.67	60.87
b09★	89.69	83.33
gpio?	95.45	87.50
b04★	83.69	86.76
MEM?	80.45	88.16
b14★	93.46	87.96
spi_axi?	97.45	97.83
uart?	95.33	97.87
siphash◇	96.07	97.60
mem_control?	75.39	78.10
alto32?	86.76	90.26
sha1◇	94.16	99.02
gcm_aes?	93.49	98.02
lightweight?	83.33	95.46
aes◇	95.25	98.83
cr_div?	99.66	99.74
escda§	94.78	98.47
平均	85.57	88.37

RELIC-GNN:an efficient state register identification algorithm

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 16

Related Articles 5

Metrics

Comments

Recommended 10

[1]	ZHANG Zehuan, LIU Qiang, GUO Difei. High efficient framework for large-scale zero-shot image recognition [J]. Journal of Xidian University, 2022, 49(6): 103-110.
[2]	LV Wenkai,YANG Pengfei,DING Yunqing,ZHANG Heyu,ZHENG Tianyang. JEDERL:A task scheduling optimization algorithm for heterogeneous computing platforms [J]. Journal of Xidian University, 2021, 48(6): 67-74.
[3]	WU Qiufeng,ZHANG Yuejun,WANG Pengjun,ZHANG Huihong. Hardware obfuscation design of the RM logical camouflage gate [J]. Journal of Xidian University, 2020, 47(2): 135-141.
[4]	LIU De-ping1;2;CHEN Jian-jun1. Point data reduction technique in reverse engineering [J]. J4, 2008, 35(2): 334-339.
[5]	CHU Hua;CHEN Ping. An approach of automatically generating hierarchical statecharts [J]. J4, 2005, 32(5): 702-705.