Improving on State Register Identification in Sequential Hardware Reverse Engineering

In the past years, new hardware reverse engineering methods for sequential gate-level netlists have been developed to detect Hardware Trojans and counteract Design Piracy. A critical part of sequential gate-level netlist reverse engineering is the identification of state registers. A promising method to solve this problem, RELIC, proposed by T. Meade et al., is based on input structure similarities of registers to differentiate between state and non-state registers. We propose an improvement to this method, fastRELIC: it outperforms RELIC in terms of speed and computational complexity. A complexity analysis shows the upper bound of $\mathcalO(R^2)$ (R: # registers) for both methods, but a linear lower bound Ω(R) for fastRELIC. Empirical results with fastRELIC provide a speedup of up to 100x. This allowed us to analyze real-life designs with more than 4,000 registers and 50,000 gates.     «

In the past years, new hardware reverse engineering methods for sequential gate-level netlists have been developed to detect Hardware Trojans and counteract Design Piracy. A critical part of sequential gate-level netlist reverse engineering is the identification of state registers. A promising method to solve this problem, RELIC, proposed by T. Meade et al., is based on input structure similarities of registers to differentiate between state and non-state registers. We propose an improvement to...     »