Upload
susmita
View
213
Download
1
Embed Size (px)
Citation preview
Procedia Technology 10 ( 2013 ) 373 – 380
2212-0173 © 2013 The Authors. Published by Elsevier Ltd.Selection and peer-review under responsibility of the University of Kalyani, Department of Computer Science & Engineeringdoi: 10.1016/j.protcy.2013.12.373
ScienceDirect
International Conference on Computational Intelligence: Modeling, Techniques and Applications(CIMTA) 2013
Updation of Activation Sequence of a Chipafter its Deployment for Access Control
Debasri Sahaa and Susmita Sur-Kolayb
a A. K. Choudhury School of Information Technology, University of Calcutta, Kolkata-700009, Indiab Advanced Computing and Microelectronics Unit, Indian Statistical Institute, Kolkata-700108, India
Abstract
For protection of Intellectual Property (IP) in VLSI industry, a design level obfuscation is applied for simultaneous authentication
and locking of IPs. When a chip with multiple IPs or System-on-Chip (SoC) is deployed, application of the same input sequence
each time for its activation encourages interception/tapping of the sequence and subsequent breach of security. A legal user may
sell the hardware and share its secret information for activation. Therefore, periodic update of activation sequence of a chip/SoC
is a practical requirement. However, update of activation sequence is not supported in an IC. We propose a low overhead, low
complexity design modification to facilitate periodic as well as on-demand update of activation sequence of a chip/SoC after its
deployment. For the proposed technique, the probability of predicting an updated sequence from its correlation with the previous
ones is negligible for an attacker. The simulation results on ISCAS’89 benchmark circuits are encouraging. The overheads of
design modification on area, delay and power are very low.
Keywords: Intellectual property protection; finite state machine; obfuscation; key-based locking; interception; access control.
1. Introduction
The era of automation encourages wide use of chips. In order to satisfy user requirements for high quality chips
with gigascale integration, huge amount of design effort is mandated. The practice of reusing designs or even hardware
as Intellectual Properties (IPs) has been adopted. However, their reuse without proper protection is likely to invoke
piracy of IPs and ICs.
In the current IC or SoC design flow, the following two security aspects of hardware IPs have been enforced:
S1) non-activation of illegal chips created in malicious fabrication house from a layout mask or illegal copies of it;
S2) authentication of the genuine IP designer of a chip to its user.
A secure design methodology has been adopted to ensure the above security aspects. The underlying State Transi-
tion Diagram (STD) of an IP is obfuscated by incorporating a pre-initialization state space into the STD. A predefined
∗ Debasri Saha. Tel.: +91-033-2350-0289
E-mail address: [email protected]
Available online at www.sciencedirect.com
© 2013 The Authors. Published by Elsevier Ltd.Selection and peer-review under responsibility of the University of Kalyani, Department of Computer Science & Engineering
374 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380
initialization sequence is to be applied to transform the IP from its obfuscated mode to its normal mode of operation.
When the IP is embedded in a chip/SoC, which also has a circuit realizing a physically unclonable function (PUF), the
designer of the chip can alone compute an IC specific bit-sequence (activation sequence ASc) based on the IC specific
PUF response. This activation sequence when XORed with the PUF response Po, generates the initialization sequence
IS of the IP to activate it in its normal mode [Fig. 1]. Therefore, an illegal IC instance created in fabrication facility
by some malicious persons cannot be activated, thereby is rendered useless.
For the purpose of authentication, corresponding to each state in the pre-initialization state space, the IP designer
generates a particular pattern at a subset of primary outputs for a predefined input sequence.
The methodology stated above ensures protection only when the designer of an IP/IC, and the legal user of the chip
are involved. However, when a chip is in use after its deployment, misuse of the IC is possible by a third party using
any of the following attacks:
(A1) Interception/tapping of input sequence applied through the primary inputs of a chip for activation of the IPs:The challenge vector of a particular challenge-response pair [6] for the PUF circuit is applied through the primary
inputs and the response obtained is XORed with a set of IC specific activation sequences, stored in a one time pro-
grammable ROM, to generate the initialization sequences for the IPs. Therefore, for activation of the chip each time,
the same input sequence is to be applied from the primary inputs, and it makes the activation process vulnerable to
attack.
(A2) Illegal reselling of a chip along its secret input sequence by its legal user to an unauthorized person: A legal
user on completion of his specific project may sell his chip to someone else and share the input sequence with the
person without giving any royalty to the chip designer. To detect such illegal use, periodic blocking and subsequent
reactivation of a chip with a different input may be applied by the chip designer.
In order to tackle security breaches stated above, we need to facilitate periodic update of the secret information
used for activation. In software, a password is updated periodically to maintain its secrecy. But, for hardware, the
control unit of an SoC currently used for its activation does not support update of any of the sequences involved in
activation due to the reason as follows. IPs are obfuscated statically and then fabricated, therefore their initialization
sequences cannot be updated. For a specific challenge-response pair of the PUF circuit, the same activation sequence
is to be applied to generate the specific initialization sequence for each IP. Alternatively, if multiple challenge-response
pairs for the PUF circuit are kept recorded and a different challenge vector is applied from the primary inputs, and the
activation sequences are stored in RAM instead of ROM, the user can not compute the new activation sequence for
an IP because, both the PUF response and the initialization sequence of the IP remain secret to a user. A provision to
collect PUF response encourages an attacker to predict the behavior of the PUF.
Alternatively, biometric authentication of the legal user has similar limitation. Storing of biometric images for
a group of users in a company and their subsequent comparison incur significant overhead on chip quality and its
activation process. If the group leaves the company, update of such stored information becomes essential.
In this paper, we propose a low overhead modification in design to update the activation sequence of an IC so
that the IC cannot be unlocked with the presently used activation sequence after a specified period and it requires adistinct activation sequence for being unlocked after that specific period.
If the key information needed to generate the next activation sequence from the current one is private to the legal
user of the chip, he can update the activation sequence periodically to tackle the attack discussed in (A1). If such
key information is kept secret from the legal user, and is private to the IC designer only, the IC designer can remotely
authenticate the user of the IC periodically, thereby detect unauthorized reselling of the IC as discussed in (A2).
Therefore, based on the application and the requirements, different privacy level of the key information used to update
the activation sequence is maintained.
For secrecy of the activation sequence of a chip deployed in use, its periodic update is not always sufficient. There
should remain provision for updating the sequence on-demand at any instant, when interception of the sequence is
suspected. A design enhancement to support on-demand update of the activation sequence is also proposed.
The rest of the paper is organized as follows. Section 2 focuses on prior approaches. The proposed design level
modification and its application are presented in Section 3. Analysis of the proposed method appears in Section 4.
Section 5 presents the simulation results and Section 6 presents the concluding remarks.
375 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380
2. Prior Works
ASc
ISPo
IP1
IP2
IP3
MUX
FSM ROM
PUF
MUX
MUX
Control Unit
From Primary Inputs
From Primary Inputs / Other blocks
Primary Inputs Primary Outputs
Fig. 1. SoC design with a control unit to generate initialization sequences for the IPs on it [7]
Hardware IP protection has two contexts. The first one consists of locking mechanisms of ICs for direct prevention
of their unauthorized access. The second one focuses on the watermarking based indirect protection techniques used
for authentication of an IP designer. Netlist level obfuscation [1] is proposed to ensure both the security aspects.
Authors in [2] suggest the design house to monitor the illegal ICs and thereby disable their functionality. Remote
activation technique of legal ICs is developed in [3]. The lock-based mechanism is further enhanced through the tech-
nique EPIC [4], which uses a key derived from automatically-generated chip IDs and a novel combinational locking
algorithm based on public-key cryptography. The work in [5] leverages nondestructive gate-level characterization
of ICs to reveal the hidden and unclonable uniqueness of each IC, and proposes IC-specific activation. Several other
works, such as, [6], focus on various PUF designs for IC specific activation. Finally, the obfuscation-based secure SoC
design methodology HARPOON [7] well integrates the authentication requirements, locking based access control and
PUF-strategy and this methodology is secure against reverse engineering and all typical attacks. Trust between the
designer of an IP/IC and the legal user of the chip has been ensured. However, after deployment of a chip or an SoC,
there may be third party intervention and consequent breach of security.
3. The Proposed Technique
3.1. Modeling for update of activation sequence
The initialization sequence IS of an obfuscated IP is private to the IP designer.
Therefore, initialization sequence IS is distinct to a distinct IP.Let Po be the output of a PUF circuit, incorporated in the control unit of an IC containing the IP for IC specific
activation of the IP. The initialization sequence IS is generated as IS=Po ⊕ ASc, where ASc is the activation sequence,
entirely stored in a one-time programmable ROM present on the control unit. The activation sequence ASc is obtained
as ASc= IS⊕Po.
Therefore, for the same IP or IC, the currently used activation sequence ASc is distinct to a distinct combination ofthe IP and the IC.
The sequence IS of an IP cannot be updated as it is obfuscated in a static way. An IC user is not allowed to
record a different challenge-response pair of the PUF circuit. Therefore, both IS and Po are time independent. The
proposed activation sequence AS will be time dependent to facilitate periodic update. We propose to append a t-bit
376 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380
IntS
ASIS1
IS2P||TT
P
IP1
IP2
IP3
MUX
FSMROM
PUF
MUX
MUX
Control Unit
From Primary Inputs
From Primary Inputs / Other blocks
Primary Inputs Primary Outputs
Proposed circuit block
R I
RAM
f
IS
Fig. 2. SoC design with a modified control unit to facilitate update of activation sequence and generation of initialization sequences for the IPs
time dependent string T to a string P, obtained as a prefix of PUF response Po, so that the length of the string P||Tbecomes the same as that of IS. The activation sequence AS is represented as R||I. The initialization sequence IS is
expressed as IS1 appended by t-bit IS2, where IS1 = P ⊕ R and IS2= f (IS1, IntS), IntS = T ⊕ I. For the proposed
activation sequence AS, its subsequence R is obtained as IS1 ⊕ P and is stored in one-time programmable ROM. The
time-dependent subsequence I is obtained as IntS ⊕ T and is supplied from the primary input and stored in a RAM,
placed in the control unit. Thus the proposed activation sequence AS is obtained from the strings IS and P||T .
Therefore, for specific IP and IC, the proposed activation sequence AS is distinct to a distinct time interval.Following the update process, if the time dependent string T is updated to T ′, as a result of that, input sequence I
is updated to I′. Therefore, I=IntS ⊕ T and I′=IntS ⊕ T ′=I ⊕ (T ⊕ T ′)=I ⊕ D.
Here D is the difference vector obtained as (T ⊕ T ′). A circuit block is designed which updates the time dependent
string T and generates the difference vector D. The legal user only can obtain D and compute the new input sequenceI′ as I ⊕ D. The proposed circuit block is incorporated in the control unit of the existing SoC design and a modified
SoC design [Fig. 2] is obtained. Another circuit block to realize the function f is also incorporated in the control unit.
Instead of expressing IS2 as T ⊕ I, the purpose of using an intermediate string IntS will be discussed in Section 4.1.
3.2. The proposed design level modification
The design of the proposed circuit block, placed in the control unit, to facilitate update of the activation sequence
is shown in Fig. 3 and described below.
For periodic update of activation sequence of a chip by the authorized user: The activation sequence of a chip
is proposed to be updated after certain period of usage. Activation sequence, which may be intercepted only at the
time of activation, i.e., during power-up of a chip, is decided to be updated after k power-ups of the chip, therefore a
modulo-k counter is placed in the proposed circuit block. The counter is initialized with 0 state, and incremented by
1 each time the chip is powered on. A checker circuit, connected to the counter, signals 1 only when the counter is in
0 state and the RESET pin of the counter is 1. A t-bit Non-Linear Feedback Shift Register (NLFSR) is used, different
states of which form distinct time dependent strings T to be generated through the process of update. The NLFSR
is initialized to a state A0 from the primary inputs. Let Ac be the current state of the NLFSR and forms the current
time dependent string T . When the checker signals 1 after each k power-ups of the chip, a clock generator applies dcycles of a clock clk to the NLFSR and shifts Ac for d times using the feedback function. The value of d is chosen by
377 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380
(for authentication& enforcing 0 state)
Power clock
(generates d cycles)
clk
Modulo-k counter
Primary input
clock clkgenerator
Checker circuit
Difference bitgenerator (XOR)
Time dependent string T
Bitwisecomparator(XOR gate)
RESET
t-bit NLFSR
Primary output
Fig. 3. Design of the proposed circuit block for updating activation sequence
a pseudo-random number generator present in the clock generator module. As a result, a new state Ad of the NLFSR
is obtained which forms the updated value T ′ of the time depended string T .
Let the current state Ac of the t-bit NLFSR be < q−1,q−2, ...,q−t+1,q−t >. The state Ad is given by <qd−1,qd−2, ...,qd−t>, where each term ql , (d −1)≤ l ≤ (d − t), of the state Ad is computed as
p0 +t
∑i=1
pi ·ql−i +t
∑i=1
t
∑j=1
pi j ·ql−i ·ql− j + ...+ p12...t ·ql−1 ·ql−2 · ... ·ql−t (1)
where p=<p0, p1, ..., pt , p12, p13, ..., p123, ..., p123...t> is the characteristic polynomial of the NLFSR.
A circuit say, difference bit generator (XOR gate), is used to serially generate the bits of difference vector D = T⊕ T ′ = Ac ⊕ Ad . The authorized i.e., legal user can only collect D and compute the new input vector I′. The legal
user knows the initial state Ao of the NLFSR, therefore from the successive difference vectors D, he can compute the
active states i.e., Ac sequences of the NLFSR. The legal user having the knowledge of the current state Ac can only
start the process of update. When the counter state becomes 0 after an increment, the circuit waits for the legal user to
apply Ac from the primary inputs. When he applies Ac, a bitwise comparator compares the input with the current state
Ac of the NLFSR, and sets the RESET pin of the counter to 1. Then, the update process is started as both the RESET
pin is 1 and the counter state is 0.
For on-demand update of activation sequence by the authorized user: For instant on-demand update of the activa-
tion sequence by updating T , the state of the modulo-k counter is to be reset to 0. When the counter state is non 0,
the legal user can start on-demand update by applying Ac from the primary inputs. The comparator sets the RESET
pin to 1 and consequently, the counter is reset to 0 state and the update process is started. The comparator circuit
authenticates the legal user at the time of on-demand update as well as during periodic update.
For periodic update of activation sequence by the chip designer: If update of the activation sequence is performed
by the chip designer, the difference bit generator circuit is kept inactive by controlling its clock input. Along with Ac,
the chip designer has the additional knowledge of the characteristic polynomial p of the NLFSR and the seed value
of the pseudo-random number generator, therefore he can compute d, thereby the next state Ad of the NLFSR using
equation (1) and the difference vector D, and finally the next input sequence I′.
3.3. Steps for reactivating a chip with an updated activation sequence
Following are the four steps to reactivate an IC.
1. The challenge vector of the challenge-response pair of the PUF is applied from the primary inputs.
378 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380
2. The sequence Ac representing the current state of the NLFSR is applied from the primary inputs so that the
person reactivating the chip is authenticated as the legal user / chip designer.
3. If reactivation is done by the legal user, he collects the difference vector D generated by the control unit, other-
wise the chip designer computes the next state Ad of the NLFSR from Ac using the knowledge of the characteristics
polynomial p of the NLFSR and the number of shifts d, thereby computes the difference vector D as Ac ⊕ Ad .
4. The next input sequence I′ is computed from the current input sequence I as I ⊕ D. Subsequences I′ of the
activation sequences for different IPs are applied from the primary inputs to generate the initialization sequences of
the IPs.
4. Analysis of the Proposed Technique
The proposed technique for generating various activation sequences is analyzed in terms of the robustness of the
technique against several attacks and the overhead of the technique on the quality of the chip and on the timing
requirement of the activation process of the chip.
4.1. The robustness of the proposed technique
The lower the correlation between different values of the time dependent string T generated through update, the
higher is the robustness of the technique against typical attacks. In order to achieve it, a Non Linear Feedback Shift
Register (NLFSR) is used, where the correlation between its states is very low. Alternatively, stream cipher, if chosen,
provides the robustness similar to that of Non-linear FSR as the keystream in stream cipher is often generated by a
FSR. A suitable choice of the characteristic polynomial p of the NLFSR and randomization of the number of shifts drequired to transform the NLFSR to the next active state provide very low correlation among the active states of the
NLFSR generated during update and ensure robustness of the proposed technique against algebraic attack, differentialattack, etc.
a) The characteristic polynomial p of the NLFSR is suitably chosen such that, both the degree of non-linearity and
the number of non-linear terms in the feedback function are high.
b) The value of p is so chosen that the t-bit NLFSR is either maximal, i.e., it cycles through all the possible 2t
states, or the number of states ≤ 2t but very close to 2t . The large state space of the NLFSR ensures distinctness
of the active states of the NLFSR. For some t, if only few values of p satisfy the maximal property increasing the
predictability of p, p is chosen satisfying only sub-maximality of NLFSR.
c) The values of d (> t), used in different updates, are generated using a pseudo-random number generator.
Let us consider the n sequences generated as T through update and a sequence number s is associated with each
sequence. Hamming distance H of a sequence with respect to the first sequence is computed as the number of bits
different in the two sequences. We use Pearson’s product-moment correlation coefficient [8] ρ(H,s) to measure the
correlation between the values Hi of Hamming distance (H) of any updated sequence and the values si of its sequence
number s, 1 ≤ i ≤ n. The correlation coefficient ρ(H,s) is given by
ρ(H,s) =cov(H,s)σ(H)σ(s)
=nΣi(Hisi)− (ΣiHi)(Σisi)
[n(Σisi2)− (Σisi)2]1/2[n(ΣiHi2)− (ΣiHi)
2]1/2
Here, cov(H,s) represents covariance of H and s, σ(H), σ(s) represent the standard deviation of H, s respectively.
The robustness of the technique against several attacks by an unauthorized user is as follows:
1.1u) An unauthorized user, i.e., an attacker without having the input sequence I may apply random guesswork for
I. The probability of correctly guessing I is 2−t .
1.2u) An attacker without the input sequence I may try on-demand update of the activation sequence, which renders
the chip inaccessible to the legal user. But, the attacker does not have the knowledge of the current state Ac of the
NLSFR, therefore he cannot pass the authentication test of the legal user. The probability of correctly guessing Ac is
2−t .
379 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380
1.3u) If an attacker has intercepted the input sequence I, he can only use the chip till the next periodic update of the
activation sequence. During the next periodic update, he cannot provide the string Ac, therefore fails the authentication
of the legal user.
1.4u) If an attacker has intercepted two or few successive input sequences I, thus obtained the values of the dif-
ference vector D, as the corresponding values of d are different, randomly generated and remain unpredictable to the
attacker, he cannot construct the algebraic equations for the corresponding states of the NLFSR to obtain those state
informations. Therefore, the proposed scheme remains robust against algebraic attack.
1.5u) If an attacker has intercepted few successive input sequences I, Ip, etc, and obtained the successive values
for D as D = I ⊕ Ip, as D reflects the difference bits of the corresponding two active states i.e., the two values of Ac,
he may apply the differential attack to obtain the difference bits of the successive actives states of the NLFSR. But,
without the knowledge of any previous active state, he cannot compute the current active state Ac. The differentialattack thus remains ineffective.
1.6u) Let an attacker somehow has got the current state Ac, which has already been updated on-demand to a state
Ad by the legal user. The correlation represented by the correlation coefficient ρ between the states being very low
and the value of d being random, the probability that the attacker correctly guess Ad from Ac is negligible.
The robustness of the technique against several attacks by the legal user is as follows:
1.1l) If the authorized i.e., legal user resells the IC to an unauthorized person, and shares the active states Ac of
the NLFSR, the person may try to reactivate the IC on behalf of the chip designer during the next periodic update.
In that case, the difference bit generator remains inactive and he cannot compute the next state of the NLFSR as the
characteristic polynomial p of the NLFSR, and the value of d are unknown to him.
1.2l) The legal user knows the time dependent string T and the current state Ac of the NLFSR constituting the input
sequence I. Using these information, he may compute IntS as T ⊕ I, but cannot compute the t-bit suffix IS2 of any
initialization sequence IS because IS2= f (IS1, IntS) and IS1 and f are unknown to him.
1.3l) Let the legal user be the designer of only one IP embedded on the IC, containing several IPs. He may compute
IntS as before for his own IP, and using the knowledge of IS2 for his IP he may predict the boolean function f , but
cannot compute the values of IS2= f (IS1, IntS) for the other IPs as IS1 for the other IPs are unknown to him.
4.2. The overhead of the proposed technique
The design overhead mainly depends on the sizes of the modulo-k counter, the t-bit NLFSR and the circuit realizing
the function f . The size of the counter is O(log2k), size of each the NLFSR and the circuit is O(t). For very small
k, frequent updates incur unnecessary overhead on the activation of the chip. For very large k, large period of update
allows longer unauthorized use if I is intercepted. If t is very small, the probability of randomly guessing I or Ac does
not remain negligible. Therefore, t is chosen moderately high so that 2−t becomes negligibly small. The value of tchosen and the value of d generated should not be too high so that, the delay of generating the next state Ad of the
NLFSR and the time for computing the next value of T using equation (1) remain negligible.
5. Simulation Results
We have taken the verilog descriptions for the ISCAS’89 benchmark circuits and modified each description to
include a control unit containing a PUF circuit and a ROM as shown in Fig. 1. The corresponding structural verilog
descriptions are implemented for 65nm technology node using Mentor Graphics IC Station [9] to generate the corre-
sponding layouts. The verilog descriptions are updated separately by including the modified control unit containing
the proposed design modification as in Fig. 2 and the corresponding layouts are generated in the similar way. The
proposed circuit block of the control unit contains a 7-bit, i.e., 128 state counter and a 20-bit NLFSR along with the
necessary circuitry. The degree of non-linearity of the characteristic polynomial p of the NLFSR is chosen as 20. We
compared the two layouts for each benchmark circuit and reported the overhead of the proposed design modification
on each of the area, delay and power in Table 1. The results show that, the overhead on delay is negligible, that on
power is low and that on area is in acceptable range for all the circuits and each overhead decreases as the size of the
circuit increases.
380 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380
Seven different NLFSR designs NLFSR-I through NLFSR-VII have been constructed by choosing different com-
binations of the degree of non-linearity and the number of non-linear terms in the feedback function of the NLFSR
and the seed value of the pseudo-random number generator producing the values of d. The values for the correlation
coefficient ρ(H,s) between Hamming Distance H of an updated sequence and sequence no s for these NLFSR designs
are shown in Table 2.
Table 1. Area, delay and power overheads due to proposed modification in design for ISCAS’89 benchmarks
Benchmark Overhead (in percentage)
circuits Area Delay Power
s5378 3.97 0.02 1.49
s9234 2.05 0.02 0.68
s13207 1.29 0.01 0.41
s15850 1.13 0.02 0.36
s35932 0.51 0.01 0.19
s38417 0.50 0.01 0.15
Table 2. Correlation coefficient ρ(H,s) between the Hamming Distance H of any updated sequence and its sequence no s
n, # updates NLFSR-I NLFSR-II NLFSR-III NLFSR-IV NLFSR-V NLFSR-VI NLFSR-VII
10 0.12 0.13 0.11 0.10 0.12 0.10 0.09
20 0.12 0.12 0.10 0.09 0.11 0.08 0.09
6. Conclusion
Embedding obfuscated IPs and PUF-based control unit on an SoC ensure security between the designer of an IP/IC
and the legal user of the chip. However, after deployment of a chip or an SoC, there may be third party interception
and consequent breach of security. We propose certain modification in design which facilitates update of activation
sequence of a chip to counter such attack. Periodic as well as on-demand update are supported through our scheme.
The overhead of modification in design on delay is negligible, the overhead on area is less than 4.0% and on power
remains below 1.5%. The Pearson’s product-moment correlation coefficient for the sequences generated through the
proposed technique of update is less than 0.14, which ensures that the updated sequences remain unpredictable to an
attacker.
References
[1] R. S. Chakraborty and S. Bhunia, Hardware protection and authentication through netlist level obfuscation, In Proc. International Conference
on Computer-Aided Design (ICCAD), 2008, pp. 674-677.
[2] Y. Alkabani and F. Koushanfar, Active hardware metering for intellectual property protection and security, In Proc. USENIX Security Sym-
phosium (USS), 2007, pp. 291-306.
[3] Y. Alkabani and F. Koushanfar and M. Potkonjak, Remote activation of ICs for privacy prevention and digital right management, In Proc.
International Conference on Computer-Aided Design (ICCAD), 2007, pp. 674-677.
[4] J. A. Roy, Farinaz Koushanfar, I. L. Markov, EPIC: Ending Piracy of Integrated Circuits, IEEE Transactions on Computers 2010; 43(10):
30-38.
[5] Y. Alkabani and F. Koushanfar and N. Kiyavash and M. Potkonjak, Trusted integrated circuits a nondestructive hidden characteristics extraction
approach, In Proc. Information Hiding, 2008, pp. 112-117.
[6] M. Majzoobi, F. Koushanfar and M. Potkonjak. Techniques for design and Implementation of secure reconfigurable PUFs. ACM Transactions
on Reconfigurable Technology and Systems 2009; 2(1).
[7] R. S. Chakraborty and S. Bhunia, HARPOON: An obfuscation -based SOC Design Methodology for Hardware Protection, IEEE Transactions
on Computer-Aided Design of Integrated Circuit and Systems 2009; 28(10):1493-1502.
[8] D. D. Mari and S. Kotz, Correlation and Depedance, World Scientific Publishing Company, 2001.
[9] Mentor, “http://www.mentor.com/products/ic nanometer design/custom-ic-design /icassemble/”.