As the technology node size for integrated circuit (IC) designs decreases, the cost of building and maintaining an IC foundry rapidly increases. Companies unable to afford local manufacturing have become reliant on outsourcing the physical manufacturing process. This introduces confidentiality, integrity, and authenticity security vulnerabilities into the IC design lifecycle. Even companies that manufacture in-house and use field-programmable gate array (FPGA) chips may require third-party system integrators to assemble the final product. When said product is sent to a third-party foundry or system integrator, the embodied IC/FPGA circuitry is susceptible to IP theft, Trojan insertion, and reverse engineering (RE) attacks. To address this, we realize a novel approach to sequential logic locking, FSMLock, that conceals a finite state machine's (FSM) output and next-state logic through classical encryption. The FSM is abstracted as the configuration data for a lookup table (LUT), encrypted with a chip-specific (individual) internal key, and stored in the newly mandated non-volatile memory (NVM). The configuration data is then decrypted in blocks and loaded into the in-scope random access memory (RAM) when required. Doing so locks the sequential FSM logic and conceals its functionality from third-party foundries and system integrators, system design engineers with access to the post-locked hardware description language (HDL) files, and end-users with production units. FSMLock has applications in reconfigurable hardware, such as FPGAs, even when no third-party access is initially required. In older and low-cost FPGA devices with externally stored bitstream configurations, the absence of trusted bitstream encryption/authentication means that if the bitstream is recovered from the external memory device, an adversary can reconstruct and modify the original design functionality. FSMLock can improve the security of such FPGA chips by storing targeted FSM logic in encrypted NVM. Therefore, a breach of the bitstream contents and the NVM's individual internal key would be required to compromise the security of the targeted sequential circuitry. Further, if a key preprocessor utilizing a physically unclonable function (PUF) is included to discriminate the boundary level (chip) key from the internal key, the confidentiality of the locked circuit is assured, even considering the disclosure of a chip key with its paired encrypted NVM configuration. For the scope of this thesis, we sought to develop an automated software toolset capable of translating pre-partitioned FSMs into encrypted memory configurations. When the configuration is combined with the provided HDL entity responsible for run-time decryption and scope control, a locked HDL model of the FSM, i.e., the FSMLock primitive, is formed.
Library of Congress Subject Headings
Integrated circuits industry--Security measures; Sequential machine theory; Data encryption (Computer science)
Computer Engineering (MS)
Department, Program, or Center
Computer Engineering (KGCOE)
Krebs, Matthew, "FSMLock: Sequential Logic Locking through Encryption" (2023). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus