Trust in IoT Devices: A Logic Encryption Perspective

. Tremendous technological advancement has led to the development of an ecosystem of highly connected ubiquitous computing devices called the Internet of Things (IoT). Considering the sensitive nature of the data collected by the IoT devices, it is essential to ensure the security of these devices. Logic encryption is a popular design-for-trust technique used for protection against hardware IP piracy, design counterfeiting, and hardware Trojan insertion. The introduction of various attack methods that leverage vulnerabilities in known logic encryption techniques has prompted the development of new techniques able to thwart the proposed attacks. Major research eﬀort in the ﬁeld of logic encryption focuses on increasing resilience to known and potential attacks while often ignoring considerations of cost overhead, especially die area and power consumed. Since area and power optimization are key aspects in the design and development of most IoT devices, it is important to evaluate the cost incurred by logic encryption schemes, especially in the context of these two metrics. In this paper, we survey some of the most popular logic encryption and decryption techniques proposed in the past decade. An analysis of the area and power overhead of these logic encryption techniques using several standard benchmark circuits is presented to assess their suitability for resource constrained systems.


Introduction
The proliferation of ubiquitous computing devices has led to the creation of a densely connected global network -IoT.Many of these devices (like wearable technology) continuously measure and transmit sensitive and critical data.Therefore, it becomes essential to incorporate a security mechanism into the device to protect against prospective attack scenarios.Implementation of traditional cryptographic algorithms that are effective against cyber attacks is typically not light-weight, an important requirement for the resource-constrained IoT devices.Hardware-based security measures like logic encryption are suitable alternatives for protecting IoT devices against foundry based attacks like reverse engineering, counterfeiting, and piracy.
Logic encryption is a hardware protection technique that locks the design functionality using a set of newly introduced inputs called key inputs.An overview of logic encryption is shown in Figure 1.If the correct logic value (chosen by the designer) is applied on the key inputs, the design behaves as expected.An incorrect key value causes corruption of the input-output relationship of the circuit.Figure 2 shows a simple encryption scheme.Initial logic encryption schemes [14] Fig. 1.Overview of Logic Encryption proposed to insert these key-controlled gates (key gates) randomly into the circuit.This technique was shown to be susceptible to an attack method [12] that was able to sensitize wrong key values to primary outputs.Subsequently, encryption techniques [32,6,9] that focused on increasing the dependency between the key gates were proposed to thwart the sensitization attack.An oracle-guided Boolean Satisfiability (SAT) based attack [20], that uses a SAT-solver to iteratively eliminate multiple incorrect key values to obtain the correct key assignment, was able to defeat many previously proposed logic encryption methods.
The advent of the SAT-based attack led to the proposal of various SATresilient techniques [24,29,30,10,34,33].By inserting SAT-hard blocks, these techniques ensured that the attack was unable to eliminate more than a limited number of incorrect keys per iteration, leading to extremely long, unfeasible attack times.Other SAT-resilient techniques [17,13] focused on preventing the SAT attack from modelling the circuit by introducing key controlled feedback cycles into the design.Although the proposed SAT-resilient schemes were able to defeat the original SAT attack, they were found to be susceptible to other attack methods like approximate-SAT [16], cyclic-SAT [35], removal [31], and bypass [27].
The original SAT attack [20] could directly be applied to sequential circuits if the flip-flops were accessible using scan-chains.It has been asserted in recent works [18] that disabling the scan-chains after the testing procedure is relatively inexpensive.Without a scan-accessible oracle circuit, the traditional SAT attack cannot be applied directly to sequential circuits.Therefore, new unrolling-based SAT attack methods [4,7,18] to decrypt sequential circuits have been proposed.These techniques have been successful in defeating popular sequential logic encryption techniques [3,5,7].
Research in the field of logic encryption primarily focuses on finding new attack methods that are able to defeat known encryption schemes and new defense techniques to thwart proposed attacks.Evaluation of cost metrics such as penalties on IC performance (timing, area, and power) and impact on testing (test coverage and testability) are often overlooked and rarely mentioned in the literature.Application of popular encryption techniques to resource-starved IoT devices must be undertaken after an assessment of 1) the level of security offered by these techniques, and 2) the cost incurred by their implementation.This paper aims to assist in this assessment by performing an analysis of the impact of many popular logic encryption techniques on two important cost parametersarea and power.Selected, well-known combinational and sequential logic encryption techniques are implemented on benchmark circuits from the ISCAS '85 and ITC '99 suites respectively to obtain an estimate of the area and power overhead of these schemes.The rest of the paper is organized as follows.Section 2 discusses some of the salient features of many popular logic encryption techniques.Major attack methods are summarized in Section 3. Resiliency of encryption techniques described in Section 2 against these attacks is presented in Section 4. Section 5 discusses our analysis of the cost (area and power) incurred by the implementation of these proposed techniques using standard benchmark circuits.Section 6 presents the conclusions derived from this work.

Logic Encryption Techniques
In this section, we describe several logic encryption methods proposed over the past decade.We begin by discussing traditional encryption schemes, that are vulnerable to the SAT attack, followed by the SAT-resilient techniques.Finally, we detail the sequential encryption methods and some of their important features.
1. EPIC [14] proposed to lock the design by inserting key controlled XOR/ XNOR gates coupled with inverters into the circuit.These gates are placed on randomly chosen nets in the circuit while avoiding critical paths.If the wrong key value is applied on any key gate, its output is inverted.Since the attacker does not know if the inverter is a part of the original design or a part of the added locking mechanism, using a direct reverse engineering attack to infer the key values may be unsuccessful.2. The Logic Cone Size based scheme [11] was proposed as a technique to design a well-obfuscated hardware Trojan.Inserting key gates on nets with large fan-in and fan-out cones is advocated to avoid graph isomorphismbased equivalency attacks.Using a weighted normalized metric [2] for all gates in the design, suitable locations for key gate insertion can be chosen.[32] focuses on intelligent insertion of key controlled gates by evaluating two important metrics -pairwise security and dominance.

Strong Logic Locking
Two key gates are considered to be pairwise secure if the key value on any one of these key gates cannot be sensitized to a primary output without knowing the correct key value on the other key gate.Meanwhile, a key gate lying on any path from another key gate to any primary output is said to dominate the other key gate.The key gates are inserted such that each key gate is pairwise secure with at least one other key gate.Additionally, a oneway random function like AES is used with a subset of the in-memory key acting as its input while its output is fed to some of the key gates.4. The Key Interdependency based technique [6] uses a three-step pruning process to obtain a set of gates that are considered ideal locations for key gate insertion.The first step involves finding a set of gates (G strong ) with the largest number of primary outputs (O overlap ) in the combined output cone of dependency of G strong , as shown in Figure 3(a).Following this, the fault impact metric F I(g) = N oP 0 • N oO 0 + N oP 1 • N oO 1 for each gate g (∈ G strong ) is calculated using 10000 random input patterns, where N oP i (i ∈ {0, 1}) is the number of input patterns that are able to sensitize a stuckat-i fault at g to a primary output and N oO i (i ∈ {0, 1}) is the total number of outputs that are affected by the sensitization of the stuck-a-i fault at g.A dependency graph, constructed with O overlap and the set of gates (G oc ) with highest F I values, is used to calculate the dependency metric for each gate in G oc .The gates with the highest dependency values are chosen and key gates are inserted at the inputs of these gates.The motivation behind this techniques is to increase the overlap in output cones of dependency of the added key gates while ensuring maximum interference between them. 5.A light-weight logic encryption method called Hardware Enlightening [15] was proposed to thwart the insertion of hardware Trojans [23] into the design.
To avoid detection during the testing procedure, nets with low controllability/observability values are chosen as trigger signals for the Trojan.The encryption algorithm begins by finding nets with low probability values.For each of these signals, a key controlled XOR/XNOR gate is added on the fanin signal with the lowest probability value and adequate slack time.After the addition of a key gate, the probability values of all nets in the circuit are re-calculated and the process is repeated for the next low probability signal.To avoid direct reverse engineering attacks, an inverter is inserted at the output of the key gate based on a hidden signature (generated by the designer).6.To reduce power consumption, the Energy-Efficient Logic Encryption using Multiplexer Insertion (E2LEMI) [1] proposed to insert multi-plexers on all primary outputs of the circuit with the output nets serving as the 'correct' inputs to the multiplexer while the inverted output nets are fed as the 'incorrect' inputs, as shown in Figure 3(b).The select input of each multiplexer is connected to the output of a linear feedback shift register (LFSR) designed to produce an output pattern with equal number of 0s and 1s.A hardware Trojan based circuit is inserted into the design to check if the correct key value is applied.On the application of an incorrect key, the payload activates the LFSR which feeds half the multiplexer select inputs with 0s and the rest with 1s.Therefore, half the multiplexer's select the correct output values while the rest select inverted output values, thus achieving 50% Hamming distance from the correct output.If the correct key is provided, the Trojan deactivates the LFSR and the correct select pattern is provided to the multiplexers such that the outputs of the design hold the correct value.7. A part of the first wave of SAT-resilient techniques, SARLock [29] focuses on thwarting the SAT attack by making the attack time exponentially large.A comparator block is inserted into the circuit to compare the applied key value with the value on the inputs of a chosen logic cone.The comparator output is connected to an XOR gate placed on the output of the chosen logic cone to ensure that the output of the logic cone is corrupted when the key value is the same as the value on the input of the logic cone.Since this is undesirable for the correct key, a masking block is used to invert the output of the comparator when the correct key is applied and the comparator output is high.Since the output of the comparator becomes high for only one input vector per key value, the error rate of the encrypted circuit is very low.This could lead to the attacker using the encrypted netlist with a wrong key assignment for 2 k −1 input patterns, where k is the number of key inputs.To avoid this scenario, the authors propose to use this technique in conjunction with traditional (potentially SAT vulnerable) encryption schemes.Such a compound scheme ensures high error rates due to the traditional scheme and boasts SAT-resilience due to the SARLock instance.An overview of SARLock is shown in Figure 4(a).8. Similar to SARLock, Anti-SAT [24] also uses a point function to make the SAT attack infeasible.The construction of the point function in Anti-SAT is achieved using two logic blocks operating on the same set of inputs (of the chosen logic cone) and locked with two different key inputs.The function implemented by each logic block is a complement of the function of the other logic block.When the output of both logic blocks is 1, the output of the Anti-SAT block turns high and flips the output of the chosen logic cone, thus enforcing corruption.The functions of the complementary logic blocks are chosen such that when the correct key value is applied, the output of the Anti-SAT block does not go high for any input value.If an incorrect key is applied, the output of the Anti-SAT block goes high for at most one input pattern.To increase the error rate of the encrypted circuit, Anti-SAT can be used in a compound scheme with a traditional encryption technique.In TTLock [34], a secret input value, called Protected Input Pattern (PIP), is removed from the chosen logic cone such that when the PIP is applied to the cone, the output is inverted.A restoration block is added to the circuit as shown in Figure 4(c).When the input pattern is equal to the applied key value, the output of the restoration block goes high.For all incorrect key values #» K i ( =P IP ), the output of the modified logic cone is incorrect for two input patterns -the PIP and #» X i , where ), the output of the modified logic cone is inverted when the PIP occurs, thus obtaining the correct output value.Although the error rate for TTLock is higher than that of SARLock/Anti-SAT, it is still very low.Therefore, it is still advisable to use TTLock as a part of a compound scheme.10.In Stripped-Functionality Logic Locking (SFLL-HD) [33], similar to TTLock, the logic cone is modified and a restore logic is used to restore the output of the modified cone when the correct key value is applied.However, unlike TTLock, SFLL-HD h inverts the output of the logic cone for multiple PIPs, where the Hamming distance between each PIP and the k-bit secret key is h.The restore block checks if the Hamming distance between the value on the input of the logic cone and the applied key is equal to h and inverts the output of the modified logic cone if this condition is satisfied.This technique can protect as many as k h input patterns.11.Unlike all SAT-resilient schemes discussed so far, Cyclic obfuscation [17] focuses on thwarting the SAT attack by impairing the ability of the SAT solver in finding a suitable assignment for the input vector.To achieve this, combinational feedback cycles are introduced into the design that are activated on the application of an incorrect key value.'Hard' irreducible loops with at least two removable edges are used to increase the effort of an attacker trying to remove the added cycles.As illustrated in Figure 4(d), a key controlled MUX is added on each edge (net) of these hard loops.Additionally, each reducible loop is made irreducible to make the identification and removal of the loop using depth first traversal (DFT) non-trivial.12. SRCLock [13]

Logic Decryption Strategies
Over the past decade, many innovative decryption techniques against logic encryption have been proposed.In this section, we discuss notable properties of some of the most widely cited attack methods.
1.One of the first oracle guided attacks, the goal of the Key Sensitization attack [12] is to decipher the correct key assignment by sensitizing wrong key bits to primary outputs for observation.This is similar to the ATPG technique of sensitizing a stuck-at-fault on a net to the primary output.
After finding a suitable input pattern to sensitize the required key bit, the output pattern from the encrypted circuit is compared with the output from an oracle circuit (acquired from the market) to eliminate an incorrect value on the key bit.Iteratively all incorrect values are identified to derive the correct key assignment.2. The SAT attack [20] uses a SAT solver to satisfy the Quantified Boolean Formula (QBF) of a model of a miter of two encrypted circuits (as shown in Figure 6(a)).Each copy of the circuit in the miter is assigned unique keys ( , where #» X is the input vector and #» Y 1 , #» Y 2 are the output vectors.This QBF is solved by the SAT solver with an additional condition that the two output vectors must be different ( ) to obtain an assignment on the input vector #» X d , called a distinguishing input pattern (DIP).The DIP is applied to the oracle IC to obtain the correct output vector #» Y d .Either one or both the keys can be eliminated by comparing Additionally, all keys that result in the incorrect output(s), #» Y 1 and/or #» Y 2 , on the application of #» X d are also eliminated using this DIP.This process is continued to iteratively eliminate all incorrect key values to obtain the correct key assignment.

Proposed as a countermeasure to point-function based SAT-resilient schemes,
AppSAT [16] aims to find a key assignment for which the output corruption is very low.It uses intermediate error estimation and random query reinforcement to optimize the run time of the SAT attack.After every d DIP queries, error ε is estimated using r random queries and the attack is stopped if ε stays below a chosen threshold.The disagreeing inputs from the error estimation process are added to the QBF as additional constraints.
Using this strategy, AppSAT assists in the convergence of the SAT solver when stuck in point-functions.

4.
CycSAT [35] overcomes the disability of the SAT solver in finding a satisfiable assignment for a QBF when the model of the circuit is not a directed acyclic graph (DAG), such as in the presence of key-controlled feedback cycles.A pre-processing step that identifies key conditions resulting in the creation of these feedback cycles is performed.These conditions, expressed in the Conjunctive Normal Form (CNF), are added to the QBF before the SAT solver is invoked.The added cycle avoidance clauses make the QBF satisfiable, thus enabling the solver in finding a suitable key assignment.

5.
Removal attacks [31] use structural and functional analysis of the netlist to strip away the SAT-resilience of the circuit.The Signal Probability Skew (SPS) attack calculates the probability skew (P (1) − 0.5) of each net in the circuit to identify the highly skewed outputs of point-function based SATresilient blocks.Once identified, these nets are broken and are set to their respective skew value, thus nullifying the protection offered by the SAT-hard blocks.The AppSAT Guided Removal (AGR) attack uses AppSAT to first identify the key bits belonging to the SAT-resilient locking block.Next, a structural analysis starting from these key bits reveals the output of the SAT-resilient block, which is then removed.
6. To attack encrypted sequential circuits, an unrolling based Sequential SAT attack [7] has been proposed.In this technique, the attacker unrolls the encrypted design S e and the unencrypted design S o for an iteratively increasing number of clock cycles (unr) to obtain equivalent combinational circuits C unr e and C unr o .These circuits are decrypted using the combinational SAT attack to obtain a key assignment #» K unr C .The correctness of the obtained key is checked by applying a sufficiently large number of input vectors to S e (mounted on an FPGA) and comparing the outputs with the outputs of S o .When a correct key assignment is obtained, the algorithm stops and returns #» K unr C as the correct key.Note that the combinational SAT attack [20] can be applied directly to sequential circuits if the flip-flops in the design are scan-accessible.However, recent works have shown that the scan-access pin can either be disabled (by burning a fuse) or obfuscated (using additional key gates).In such a scenario, the flip-flops in the oracle IC are no longer scan-accessible for the attacker to launch the combinational SAT attack.7. A more powerful attack on encrypted sequential circuits, KC2 [18] combines a traditional sequential SAT attack [4] with several dynamic optimization techniques to implement a faster deobfuscation method.This technique uses incremental SAT solving along with BDD/SAT-based key condition sweeping, conversion of key-conditions to BDDs, and negative key-condition crunching while avoiding unnecessary clause inflation to boast a speedup in decryption times of up to two orders of magnitude in comparison to previous methods [4].Experimental results have demonstrated the success of KC2 against random XOR/XNOR locking techniques.[18] Random [14] # # # # LCB [11] # # SLL [32] # KeyDep [6] # AntiHT [15] # E2LEMI [1] # SARLock* [29] # # AntiSAT* [24] # #/¦ TTLock* [34] ≈ SFLL* [33] Cyclic [17] # SRCLock [13] ≈ EFF [5] # ?CBE [7] ¦ # ?DSE [8] ≈ ?Denotes resilience ¦ Denotes potential resilience # Denotes susceptibility ≈ Denotes potential susceptibility ?Denotes unknown * Denotes compound scheme with SLL

Attack Resiliency of Encryption Schemes
In this section we evaluate the resiliency of the logic encryption schemes discussed in this paper against the attack methods from the previous section.Table 1 summarizes the resiliency analysis presented in this section.
1. EPIC (Random) -Due to the random key gate placement, EPIC is susceptible to the key sensitization attack and all SAT-based attacks.2. LCB -Although the insertion of key gates on nets with large fan-in and fanout cones is able to thwart graph equivalence based attacks, this scheme is susceptible to the sensitization attack since no requirement is placed on the interference between the key gates.Additionally the absence of SAT-hard instances makes it vulnerable to the SAT-based attacks.3. SLL -Since the key gate placement strategy in SLL ensures maximum interference between each pair of key gates, the sensitization attack is unable to propagate an incorrect key value to a primary output without knowing the correct assignment on all interfering key gates.Also it is claimed that due to the presence of the AES block, the SAT-based attacks would not be able to determine the in-memory key (AES input) by determining the value at the inputs of the key gates (AES output).However, it has been asserted that AES blocks are highly recognizable and hence prone to removal.

Key Interdependency -This technique ensures large overlap between in-
serted key gates, in terms of affected primary outputs, thus thwarting the logic cone based attack [9].Also, selecting nets with large fault impact values greatly increases the effort in sensitizing a wrong key value to the primary outputs.However, since this technique only dictates the placement strategy of the key gates, a metric that does not directly affect the complexity of the SAT attack, it is vulnerable to all SAT-based attacks. 5. Hardware Enlightening -By improving the probability values of low probability nets, this technique increases the effort in finding suitable locations in the netlist to insert a hardware Trojan.Also, the authors have shown that with sufficiently large key values, a 50% Hamming distance between the correct output value and the incorrect values can be achieved.Absence of SAT-hard instances makes this technique vulnerable to SAT-based attacks.6. E2LEMI -Since each incorrect key activates the LFSR and corrupts the primary outputs, potentially a single DIP can be used to eliminate the entire equivalence class of incorrect keys to obtain the correct key assignment using the SAT attack.Additionally, insertion of MUXes directly on the primary outputs makes this technique prone to a reverse engineering attack that is capable of removing the MUXes and rendering the circuit defenseless.7. SARLock -When used in conjunction with SLL, the resultant compound scheme is able to thwart the sensitization attack as well as the SAT attack.
The SAT attack is able to eliminate at most one key per DIP, thus requiring 2 k −1 DIPs to obtain the correct key value, where k is the number of key inputs.Newer attack methods like AppSAT and Removal are able to identify the key bits associated with the point function and can either ensure that the SAT solver does not get stuck solving the point function or can remove the SAT-resilient block.8. AntiSAT -Similar to SARLock, a compound scheme of Anti-SAT and SLL is able to defeat sensitization and SAT attacks while being susceptible to AppSAT and Removal attacks.Improvement to the Anti-SAT architecture [26] using wire entanglement and design withholding has been successful in thwarting the Removal attack.9. TTLock -In addition to being resilient to the SAT attack, the modification of the logic cone ensures that the Removal attack is unable to obtain the original logic cone after removing the point-function.Since the error rate of the SAT-hard instance is low, TTLock is still susceptible to attacks that derive approximate keys, like AppSAT.10.SFLL-HD -Similar to TTLock, removing input patterns from the logic cone increases the resiliency of SFLL-HD against the removal attack, since a corrupted logic cone is obtained after removal of the restore logic.However, increasing the number of PIPs decreases resiliency against the SAT attack which is now able to eliminate more than one key per DIP.Newer attack methods like FALL [19] and Gaussian elimination [28] have been able to defeat SFLL-HD without the use of an oracle.11.Cyclic -Since the resultant circuit cannot be represented as a directed acyclic graph (DAG), the SAT solver is unable to satisfy the given QBF to find a required DIP.However, the pre-processing step in CycSAT is able to identify the key condition that results in cycles and add this condition to the initial QBF.Experimental results have shown CycSAT to be successful against cyclic obfuscation.
12. SRCLock -Authors have shown that adding feedback edges between the cycles generated by cyclic obfuscation can lead to an exponential increase in the number of cycles that need to be handled by the CycSAT pre-processing step.Also, the use of an input-dependency based cycle generation technique causes one of the condition checking steps in CycSAT to return an unsatisfiable model.However, experimental results have shown that even after the cyclification of chosen Boolean functions, other condition checking steps in CycSAT are able to defeat SRCLock.13.Encrypt Flip-flop -By restricting controllability/observability of the scanchain, this technique can defeat the combinational SAT attack.However, the complexity of the unrolling-based Sequential SAT attack does not depend on scan-access to the flip-flops in the design.Therefore it is able to decipher the correct key values within a reasonable amount of time.

Cost Analysis -Area and Power
Typical IoT devices operate under the restriction of limited resources.Harsh area and power constraints are placed on these devices during the design process to which the added logic encryption blocks must also adhere.Therefore large logic encryption blocks are undesirable.In this section, we evaluate the area and power overhead of the discussed logic encryption techniques.

Experimental Setup
The combinational logic encryption techniques were implemented on benchmark circuits chosen from the ISCAS '85 suite while the sequential techniques were implemented on ITC '99 benchmarks.The benchmark details are listed in Table 2.These circuits were chosen due to their wide usage in other works on logic encryption.The chosen benchmark circuits were encrypted using the discussed techniques with key sizes of 32, 64, and 128.For larger benchmarks (more than 300 gates), key size 256 was also used.Some of the salient features of the encryption process are listed below.
• Random, SLL, LCB -The combinational benchmark circuits for these techniques were obtained from Trust-Hub [2].Sequential circuits encrypted using the random technique were generated in-house.• Key Interdependency -Algorithm 1 from [6] was used as the key gate placement strategy.If the number of gate locations found was less than the number of key bits, the remaining locations were chosen randomly.• Hardware enlightening -Key gates were inserted using the technique described in Algorithm 1 of [15].The threshold values for P ROBAM IN and SLACKM IN were chosen to be 0. • E2LEMI -Key controlled MUXes were inserted on all primary inputs while the (sequential) LFSR was omitted, since combinational benchmarks were used for E2LEMI.Instead, a static 'incorrect' selection pattern with equal number of 0s and 1s was stored in the design and applied to the MUXes if the correct key value was not provided.A small hardware Trojan was inserted to detect the application of the correct key.• Cyclic -The light-weight implementation algorithm from [17] was used to insert the key gates into the netlist.A loop length of 8 was chosen and k/8 key gates were added for each loop, where k is the number of key bits.• SRCLock -Each micro-cycle generated by the cyclic obfuscation technique was connected with another micro-cycle using a key controlled gate to form the required super-cycle.• SARLock, AntiSAT, TTLock -A compound scheme was used for these techniques.SLL with k=32 was chosen as the traditional scheme while internal signals were used as inputs to the SAT resilient block.The number of internal signals (proportional to the number of SAT resilient keys) was chosen such that the total key sizes were equal to 64, 128, and 256.• SFLL -In addition to the strategy followed for TTLock, all input patterns with a hamming distance of (h=)2 from the applied key input were chosen as the PIPs.The restore logic was designed to detect these k 2 PIPs and restore the modified output when the correct key was applied.
• Encrypt Flip-flop -The flip-flop selection technique described in Algorithm 2 of [5] was used to obtain suitable key gate locations.For circuits with number of flip-flops less than the chosen key size, the remaining key gates were placed on randomly chosen combinational gate inputs.• Chain Based Encryption -Using the chain-based selection technique described in [7], key gates were inserted at the inputs of the flip-flops with maximum distance from the nearest primary output.Again, if the number of flip-flops in the design was less than the key size, randomly chosen combinational gates were encrypted.• Deep State Encryption -The DESIDE-SIM algorithm from [8] was used to determine the deep state.The counter width was set to 5 while the payload was randomly selected from the internal signals in the circuit.
An ATPG tool, Synopsys TetraMax [22], was used to determine test patterns for 100% stuck-at-fault coverage for each unencrypted circuit.In addition to these test patterns, unique random patterns were generated to obtain a total of 10000 input patterns.These patterns were used to simulate each design using the Icarus Verilog simulation tool to derive the switching activity information for each net in the circuit.This switching activity data was fed to a synthesis tool, Synopsys Design Compiler [21], to determine the area and power requirements of each circuit using the SAED90nm typ library.Note that these area and power values are post logic synthesis but pre phsycial synthesis values.For the purpose of this analysis, the area and power estimates from logic synthesis are used.

Results
The overhead data from our experimentation was used to determine the cost efficiency of the surveyed techniques.Using the area overhead A k ib and power overhead P k ib values, a rank value R(E i ) = ∀b ∀k A k ib • P k ib /|B||K| for each encryption scheme E i applied to benchmark b (∈ B) for key size k (∈ K) was calculated, where B is the set of all benchmarks and K is the set of all key sizes.Using these rank values and the resiliency matrix from Section 4, the encryption techniques were graded, in terms of cost and security efficiency, as shown in Table 3 (lower letter grade is better).For each unique cost efficiency grade (A-D), the scheme that offers the best security is chosen and the cost overhead values for these schemes are plotted in Figure 7 1 .Our observations regarding the obtained cost metrics are listed below.
• The area and power overheads for traditional (SAT-vulnerable) techniques are negligible.This follows from the fact that the number of key gates added by these techniques is linear to the number of key bits.This value stays relatively low compared to the size of the circuit.It can be postulated that an important conclusion that, unlike attack times, area and power overhead values may not follow a direct correlation with key size.• Cyclic locking techniques exhibit low cost overhead values because the number of key gates added by these techniques increases linearly with key size, similar to traditional schemes.• The combinational point-function based SAT-resilient techniques introduce a large number of gates into the design, thus contributing significantly to the cost overheads.An average 200% cost overhead is observed for smaller benchmarks; this decreases to 50% for larger benchmarks.

• SARLock and AntiSAT have relatively lower overhead values in comparison
to TTLock and SFLL.The reason for this is the modification of the original logic cone in the latter two techniques, which in many cases adds additional gates to the circuit.Also, on average the overhead for SFLL is larger than that of TTLock due to SFLL's complex restoration block.• Similar to corresponding combinational techniques, sequential techniques that are SAT-vulnerable also exhibit low area and power overheads due to the addition of low number of key gates to the design.• The cost of using the sequential SAT-resilient technique is high due to the introduction of two detection blocks in addition to the corruption and restoration gates.
In summary, SAT-vulnerable techniques exhibit low overhead (high efficiency in cost) whereas SAT-resilient schemes incur higher cost due to the insertion of SAT-hard blocks.Cyclic locking techniques exhibit low cost overhead while offering high level of security.Techniques like delay locking [25] and parametric locking [34] that alter other properties of the design, instead of corrupting signals, have shown success in thwarting SAT-based attacks.However, these methods need to be evaluated for area and power requirements.

Conclusion
In this work, we have surveyed several logic encryption and decryption techniques.Benchmark circuits encrypted using these schemes are utilized to derive an estimate of the cost incurred (area occupied and power consumed) by these techniques.Traditional logic encryption methods are light-weight with negligible overhead, but are susceptible to SAT-based attacks.Successful SAT-resilient schemes introduce large overheads and are therefore undesirable for applications where resources are constrained.Although sequential logic encryption techniques exhibit relatively lower cost overheads, they are still attackable by newly proposed decryption methods.Therefore, a new light weight robust logic encryption scheme for application in IoT device security is desired.

Figure 4 (
b) shows a high-level representation of Anti-SAT.

Fig. 4 .
Fig. 4. SAT-Resilient Logic Encryption Techniques 9.In TTLock[34], a secret input value, called Protected Input Pattern (PIP), is removed from the chosen logic cone such that when the PIP is applied to the cone, the output is inverted.A restoration block is added to the circuit as shown in Figure4(c).When the input pattern is equal to the applied key value, the output of the restoration block goes high.For all incorrect key values #» K i ( =P IP ), the output of the modified logic cone is incorrect for two input patterns -the PIP and #» X i , where#» X i = #» K i .For the correct key value #» K C (=P IP ), the output of the modified logic cone is inverted when the PIP occurs, thus obtaining the correct output value.Although the error rate for TTLock is higher than that of SARLock/Anti-SAT, it is still very low.Therefore, it is still advisable to use TTLock as a part of a compound scheme.10.In Stripped-Functionality Logic Locking (SFLL-HD)[33], similar to TTLock, the logic cone is modified and a restore logic is used to restore the output of the modified cone when the correct key value is applied.However, unlike TTLock, SFLL-HD h inverts the output of the logic cone for multiple PIPs, where the Hamming distance between each PIP and the k-bit secret key is h.The restore block checks if the Hamming distance between the value on the input of the logic cone and the applied key is equal to h and inverts the output of the modified logic cone if this condition is satisfied.This technique can protect as many as k h input patterns.11.Unlike all SAT-resilient schemes discussed so far, Cyclic obfuscation[17] focuses on thwarting the SAT attack by impairing the ability of the SAT solver in finding a suitable assignment for the input vector.To achieve this, combinational feedback cycles are introduced into the design that are activated on the application of an incorrect key value.'Hard' irreducible loops with at least two removable edges are used to increase the effort of an attacker trying to remove the added cycles.As illustrated in Figure4(d), a key controlled MUX is added on each edge (net) of these hard loops.Additionally, each reducible loop is made irreducible to make the identification and removal of the loop using depth first traversal (DFT) non-trivial.12. SRCLock[13] aims at increasing the attack time by densely connecting all feedback cycles introduced by Cyclic obfuscation.Several techniques are proposed to significantly increase the number of cycles in the netlist.One of

Fig. 5 .Fig. 6 .
Fig. 5. Sequential Logic Encryption Techniques these techniques focuses on creating super cycles out of smaller micro cycles, such as the ones generated in cyclic obfuscation.The algorithm focuses on generating super cycles by strongly connecting all micro cycles with two-way signals between micro cycle nets.Additionally, signals in micro cycles that are not used to connect a super cycle are used in two-way connections with other unused micro cycle signals or random signals in their fan-in cone.This method results in a set of strongly connected micro cycles and an exponential increase in the number of overall cycles with a linear increase in the number of inserted feedback edges.13.A gate-level sequential logic encryption technique, Encrypt Flip-Flop[5] proposes to add key-controlled MUXes on the outputs of scan-chain accessible flip-flops, as shown in Figure5(a).The non-select inputs of each MUX are connected to the Q and Q outputs of the preceding flip-flop.If an incorrect key value is applied to the MUX, the incorrect output of the flip-flop is passed on to the next level on the following clock-edge.A placement strategy similar to the one used in the Key Interdependency technique is followed to increase the overlap in the output cone of dependency of the key gates.14.Similar to Encrypt Flip-Flop, the Chain Based Encryption[7], dictates the placement strategy of key gates, based on the relative position of the flipflops in the design.Following an analysis of the unrolling-based Sequential SAT attack, the authors argue that encrypting long flip-flop chains ensures that the attacker needs to unroll the design for more number of clock cycles, thus increasing the complexity of the attack process.The depreciation in protection offered by the scheme when encrypting chains with large fan-out (sneak paths) leading outside the chain is discussed.The ensuing algorithm recommends the placement of key gates at the inputs of flip-flops with maximum distance from the nearest primary output.15.Deep State Encryption[8] is a SAT-resilient gate-level scheme that incorporates a technique conceptually similar to a hardware Trojan to induce locking on the design.Two unique Monte Carlo methods are proposed to estimate a deep state in the design, where depth is the minimum distance (in clock cycles) from the reset state.On a chosen fixed number of occurrences of the deep state, the payload is corrupted by inverting the logic value on these signals.The corrupted signals are inverted back using a restoration block if the correct key value is applied.If an incorrect key value is applied, the payload stays corrupted and the key checking mechanism is disabled, thus

Table 1 .
Logic Encryption Resiliency Matrix 14. Chain Based Encryption -Due to the limited ability of finding large flip-flop chains with low number of sneak paths, it has been shown[7] that the Chain Based technique is susceptible to the Sequential SAT attack and offers very little additional protection over a random insertion technique.15.Deep State Encryption -The attack time of the Sequential SAT attack increases exponentially with increase in unroll count.By choosing a state with a sufficiently large depth value, this technique can force the attack to unroll for a large number of clock cycles, thereby greatly increasing the time required to find the correct key.However, the proposed structure of the State Detection and Key Detection blocks may make this technique susceptible to the SPS Removal attack.The effectiveness of the KC2 attack on this technique is unknown and needs further investigation.

Table 2 .
Benchmark circuits used for evaluation

Table 3 .
Encryption Scheme Rankings -Cost and Security