 So the next talk is entitled SMT attack next generation attack and of skated circuits with capabilities and performance beyond the set attacks this is a joint work by Kimia, Samarie, Azar, Adi, Mardani, Kamali, Uman, Umayun and Avesta Sasan and Kimia will be giving the talk Thank you for introducing me. Hello everybody. This presentation is about SMT attack Next generation attack and of skated circuits with capabilities and performance beyond the set attack At first I'm going to give you the introduction to hardware security Then the importance of logic locking technique in order to protect the IP Then I'm going to explain about the existing a state of this art attack, which is the set attack however, it has some limitations which motivates us to Propose a more powerful attack based on satisfiability module theory SMT short attack Then I'll go through the experimental results and conclude the paper The increasing cost of IC manufacturing has pushed several stages of the manufacturing Supply chain to the third party facilities, which are considered as an untrusted fund risk Manufacturing in these untrusted fund risk has raised many forms of security threats such as Trusionization over production intellectual property theft, etc In order to protect IP from being reverse engineered or stolen Researchers have studied various forms of logic locking technique in order to add ambiguity Into the design by adding the key programmable gates and by doing so the adversary cannot retrieve the correct functionality Of the circuit without having the correct value of the key Shortly after introduction of logic locking technique and new and powerful attack based on studied bully and Satisfiability set attack was formulated In the sat attack the adversary has access to the reverse engineered, but lock netlist and functional and unlock chip Sat attack use Follows the steps illustrated in this figure It is relatively finds the input such that for that input and two different keys The duplicated circuit produces two different outputs. This input is called discriminating input pattern deep In general sat attack by using these steps It's relatively eliminates the set of incorrect keys and find the correct key within a small time and Unlock brute force attack the execution time of the sat attack arose almost polynomial After introduction of stat attack in 2015 it was able to effectively break all previously proposed logic locking technique However, after that many logic locking have been proposed in order to defend against powerful sat attack But further research illustrate that they are vulnerable to other types of attacks such as removal attack signal probability Sq. Attack etc. In general sat attack has some limitations because it works perfectly fine when the Logic obfuscation is of Boolean nature that is because any Boolean logic logic can be easily converted to its Conjunctive normal form cna format and be translated to the satisfiability assignment problem so after 2017 it I could try to trap the sad solver by using behavioral logic of the circuit and controls aspect of the circuit That cannot be translated to the cna format One example of behavioral logic obfuscation could be delay and logic locking DLL In which the researchers try to add the tunable delay key gates TDK into the design Which contains a conventional key gate and the tunable delay buffer the capacity of load of the tunable delay Buffer is controlled by the transmission gate as you can see here in the DLL obfuscation mechanism The key not only controls the logical properties of the circuit But also the delay properties of that and whenever the key is not correct It causes set up time and whole time violation to the circuit Consider that timing is not Translatable to CNF so the sat attack remains oblivious to the key used for timing obfuscation But we do have a solution in this paper We have proposed a satisfiability modular theory attack SMT in short which its capability go far beyond that of sat attack SMT in general used to solve a decision problem It has two resolver apart from the sad solver and it uses first order theories such as equality reasoning arithmetic Etc. Also the SMT solver has this capability to combine different theory solvers together and Since it has theory solver apart from the sad solver it can support more powerful language as it's input than the sad solver In general there are two different approaches for solving an SMT problem eager approach and lazy approach In the eager approach as you can see in this figure invocation of the theory solver and the sad solver is Serialized and the theory solver works as a preprocessing a step for the sad solver to reduce the problem to the sad problem The merit of this approach is that the sad solver can be used as is but the demerit is that The SMT solver has to work a lot harder for solving a problem that is otherwise very obvious For this reason many SMT solver follows another approach Which is the lazy approach in which the invocation of the theory solver and the sad solver are in parallel and they are Simultaneously work together to solve a unified set of problem Here you can see the overall view of our proposed SMT attack as you can see here The SMT attack could be involved with any number and combinations of theory solver apart from the sad solver Each theory solver provides two capabilities Theory propagation among different theory solvers and Clouds learning that the result of which is shared by the sad solver Before calling the SMT attack for your preliminary steps should be taken in order to make the obfuscated netlist Translatable by the theory solver and the sad solver the first step is simply replacing the obfuscated gate with its Equivalent key programmable gate k-pages K-pages performs the same function as the obfuscated cells and it allows building a key control representation of the obfuscated netlist also before Invoking the theory solver the obfuscated netlist should be translated to what is understood by the theory solver the Translation step may be different for each theory solver used After model generation for each theory solvers and the sad solver the SMT attack is then formulated based on the Carried control flow of information exchange between the theory solver and the sad solver Invoking the SMT attack returns a satisfiable assignment lists of learned clauses and conflict clauses for sad solver and theory solver respectively In this paper we have implemented four different variants of the SMT attack in the first mode in order To show that our SMT attack is the superset of sad attack We have reduced the SMT to the sad attack This is the algorithm of the SMT when it's reduced to the sad attack It should be noted that this algorithm is a one-to-one Translation of a pure sad attack and only line 13 apart from the learned clauses We have also conflict clauses, which is done implicitly for the SMD that is a state for solver In the result I will show you that any problem that is formulated for the sad attack could be similarly formulated For the SMT attack however the SMT could further benefit from the usage of SMT to extend its capability To attack the obfuscation mechanism that cannot be attacked by the pure sad attack for this reason We have implemented both eager and lazy approach of the SMT attack as a case study Which was delay and logic locking DLL technique as I mentioned previously in the DLL They can not only controls the logical properties of the circuit, but also the delay proper delay properties of that Before calling the SMT attack the obfuscated cells should be translated with its equivalent key programmable gate KpG Also for attacking the DLL we employ the graph to your solver So the translation step is replacing the obfuscated netlist with its graph representation It should be noted that each weight of each edge in the graph indicates the delay of that pass in the obfuscated netlist As you can see here key one and key three have no impact on the logical properties of the circuit and Only change the delay so the sad attack result in a random assignment to key one and key three However the shortcoming of sad attack is remedied in the SMT attack by means of graph theory solver This is the algorithm for eager SMT attack as I mentioned earlier in the eager approach This here is solver works as a preprocessor for the sad solver to reduce the problem to the sad problem In order to constrain the graph theory solver We have to compute the setup time and hold time of the circuit for doing so we have used these two inequalities Which uses the notation of this figure it should be noted that after purchasing the functional chip from the market We have clock period of that chip also the endpoint and a start point register of each timing pass are known So by doing a spice simulation we can calculate the setup time and hold time of the circuit after Constrainting a graph theory solver the theory solver calls the SMT solve function to Finds all combinations of key that don't violate the setup time and hold time of the circuit But consider that only one of these keys is logically correct So the theory solver translate everything to the CNF format and pass it to the sad solver In the next stage the sad solver attack the satisfiability problem Augmented with this additional CNF clauses and make a new round of calls to the SMT solve function However, there are some application mechanism in which the eager approach which relies on reduction of the problem to the sad Problem is not applicable So for this application mechanism the lazy approach is the only solution for what in which the invocation of the theory Solver and the sad solver are in parallel and they are simultaneously worked together to solve the unified set of problem This is the algorithm of the lazy SMT attack when attacking the DLL obfuscation technique The big difference between the eager approach and the lazy approach is that in the lazy approach after model generation For the graph theory solver the SMT solve function is not called It only produces the learn clauses and conflict clauses and share it by the sad solver Then the SMT solve function is called to find all come to find the assignment for the key values Such that it can satisfy both theory constraint and the sad constraint It should be noted that since in the lazy approach the sad model and the theory model Shade their literals and they are subjected to the unified set of problem the decision tree and the search space for SMT solver is significantly reduced Also by reformulating the lazy SMT attack which benefits from the bit vector theory solver We could implement the accelerated lazy SMT attack, which is a more efficient attack as I mentioned previously in the SAT attack The SAT attack by using discriminating input pattern. It's relatively Eliminates the set of incorrect keys and find a correct key within a small time each deep has different pruning capability Depending on the pruning capability of deeps the complete set of deep could be different The minimal complete set of deep is the smallest number of deeps that could be up for skate the circuit In our lazy approach We have proposed a mechanism to reduce the size of complete set of deeps and since in each iteration only one Deep is found the smaller number of deep results in a smaller number of iterations It should be noted that in the SAT attack only a single difference in the output Which is based on the applying the same input But two different keys results in generation of a deep However in the SMT attack, we could use a stronger requirement for generation of a deep This could be achieved by forcing the SMT solver to find deeps with the highest possible Hamming distance in their propagated value to the primary output And this is obvious that such a deep has a much higher pruning capability Using deeps based on the Hamming distance of the primary output is easily implementable in the SMT solver By using bit-vector to resolver which allows us to perform integer arithmetic oriented arithmetic operations Such as addition subtraction multiplication, etc The Hamming distance of two different outputs could be obtained from this equality The higher threshold of the Hamming distance is kept constant Which is equal to the number of output bits, but the lower threshold is defined as a variable Allows us to sweep the Hamming distance from the highest value to the lowest value, which is one Also by reformulating the accelerated SMT attack, we could enable the approximate attack as well Approximate attack is used to attack the compound obfuscation mechanism In which the SAT hard obfuscation technique is combined with the high corruption obfuscation technique SAT hard obfuscation techniques such as anti-sat and satellite have a very small output Corruption and each deep can eliminate only one incorrect key in each iteration So the number of iterations is exponential with respect to the number of key size And that's why the original SAT results in a timeout However, the objective of the approximate attack is to find the correct key value for the high corruption obfuscation technique Without being trapped by the SAT hard obfuscation technique In our accelerated lazy SMT attack since we found deep that has highest possible Hamming distance In the propagated value to the primary output It biases the SMT to find key that are related to the high corruption obfuscation technique in the early iteration Then as a terminational strategy if the remaining keys are only for the SAT hard obfuscation solution SMT keeps finding weak deep with Hamming distance of one So at this stage we use a constraint on the number of allowed repetition When the Hamming distance is very small and we can detect the trap and exit and report the approximate key Here is the algorithm of our accelerated lazy SMT attack as I mentioned previously It benefits from the bit vector to resolver which is constrained by the Hamming distance threshold The lower threshold of the Hamming distance is defined as a variable allows us to sweep the Hamming distance From the highest value to the lowest value which is one In the experimental results at first in order to show that our SMT attack is the super set of SAT attack We have obfuscated ISCAS 85 benchmark using RLL obfuscation technique and IOLTS obfuscation technique This table shows the Comparison between the number of iteration and execution time of the SMT attack when it's reduced to the SAT attack And that of the pure SAT attack when RLL obfuscation is deployed with different obfuscation overhead This figure shows the same comparison when the IOLTS obfuscation is deployed As you can see here in general The SMT when it's reduced to the SAT problem in terms of performance behaves similar to that of the pure SAT attack However, in order to show that our SMT attacks capability go far beyond that of SAT attack We try to break the DLL obfuscation technique which is not broken by the pure SAT attack This is a result of the eager SMT attack as I mentioned previously in the eager approach the theory solver Works as a preprocessor for the SAT solver in order to reflect our experimental results We also separate the execution time of the theory solver and that of the SAT solver The execution time of the theory solver is the time that is needed to find all combinations of key That don't violate the timing properties of the circuit However, only one of these keys is logically correct, which is found by the SAT solver Also, this is the result of a lazy approach when attacking the DLL Unlock eager approach We cannot separate the execution time of the theory solver and the SAT solver since they are simultaneously work together In the lazy approach we saw that the number of iterations decrease significantly in comparison with the eager approach However, the execution time of the each iteration in the lazy approach Increase significantly and that is because each deep in the lazy approach has to satisfy both theory constraint and the SAT constraint Also, as I mentioned previously in the accelerated lazy SMT attack We found deeps which have a higher pruning capability In order to verify our claim, we profile the number of correct keys after each iteration As you can see here the key reduction rate in the accelerated lazy SMT attack is much higher than that of the pure SAT attack And as a result the number of iteration is reduced significantly in comparison with the pure SAT attack In order to verify the approximate attack we have upfascate the benchmark using salad plus iolts Calling SAT attack results in a time mode However, our approximate attack Can quickly find the correct keys for high corruption upfascation technique Detects the trap and exit and reports the approximate key In our conclusion at first We introduce the SMT attack which can benefit from different theory solvers at first We show that the SMT attack is a superset of SAT attack And then by employing the eager approach and lazy approach We could de-upfascate the dll upfascation technique which cannot be broken by a pure SAT attack Also, we have presented the accelerated SMT attack which can provide a significant speed up compared to the pure SAT attack Also, by reformulating the accelerated lazy SMT attack We could enable the approximate attack to find an approximate key for a compound upfascation scheme Thank you Any question for our Kimia? No questions Hi, I'm Tanjidul from University of Florida So, can you explain your SAT attack results for circuits which are inherently more SAT resistant like C6288? Actually, I cannot hear you. Can you please? Can you hear me now? Yes, okay So do you have any result for benchmarks like C6288 which are more resistant to SAT attacks? Have you tried on those benchmarks? For example benchmarks that are upfascated with the SAT lock upfascation solution and anti-SAT upfascation solution Which we call them SAT hard upfascation solution are resistant against SAT attack And but also with including our approximate SMT attack We could break this upfascation technique And also you can see more a comparison between the SMT attack and the SAT attack in our paper Yes, yeah Hi, Kimia. This is Seethal. I'm a postdoc from NC State. Thanks for your talk I have a question on your attack on delay locking So what I understand is that a tunable delay buffer has a two-bit key. Is that right? Correct So you assume that the tunable delay buffer has A different delay for each key combination, right? Correct But if you look at The activated chip That you can get from the market each chip has its own delay For the key combination, but in your formulation you assume that the delay for each key combination is available Already, but you do not know upfront, right? You mean the process variation after production of a chip? Yeah Actually The process variation changed the delay after the production in the attack mode We can safely ignore the process variation and try to attack the alpha skated circuits However, if the design has not considered enough margin for the process variation The key that the SMT attack fund maybe could not be alpha skated circuit Yeah, so So this attack is not useful in practice, right? Because you never get Chip that is exact Having the exact delay values as from the standards of library. Yeah, actually by By nature, we consider that the designer suppose Suppose enough margin for the process variation and then we consider that margin, yeah Okay, that was my question. Thank you. Okay. Let's thank Kim Yorgen