Constraint-Based Watermarking Techniques for Design IP Protection

1

Constraint-Based Watermarking Techniques

for Design IP Protection

Presented by : Yaniv Sabo

2

Introduction

• The advance of processing technology has led to a rapid increase in design complexity.

• Digital system designs are the product of valuable effort and know-how.

• Their embodiments represent carefully guarded intellectual property (IP).

3

Introduction

• Embracing reuse-based design methodologies.

• IP reuse requires new mechanisms to protect the rights of IP producers and owners.

4

Watermarking

IP design watermark

An invisible identification code that is:•Nearly invisible to human and machine inspection.•Difficult to remove. •permanently embedded as an integral part within a design.

5

watermarking

• A number of techniques have been proposed for data hiding in image, video, text, and audio data.

• The majority of these exploit imperfections of the human visual and auditory systems.

6

watermarking

• The artifact is changed, but the human senses cannot perceive the change.

• When discussing Design IP, the watermarked IP must remain functionally correct.

7

Watermarking Designs

•Maintenance of functional correctness.

•Transparency to existing design flows.

•Minimal overhead cost.

•Enforceability.

8

Watermarking principles

• Flexibility in providing a spectrum of protection levels.

• Persistence.

• Invisibility.

• Proportional component protection.

9

Strategy for Constraint-Based IPP

• mapping an author’s signature into a set of constraints.

• If disproportionately many of these constraints are satisfied, the presence of the signature is indicated.

• Choosing the type of constraints and the tactic can dramatically affect the strength of the watermark.

10

Selection of Constraints

• Watermarked solutions must not be inferior to average solutions.

Otherwise, such a watermark will be too costly to use.

11

A Motivating Example – 3SAT

• SAT - a classical NP-complete constraint-satisfaction problem.

• Instance: A finite set of variables U and a collection C = {C1,C2,…,Cm} of clauses over U.

• Question: Is there a truth assignment U that satisfies all the clauses in C ?

12


For example

U = {U1,U2} andC ={{U1,U2},{U1},{U1,U2}}

A satisfying truth assignment is:t(U1)=F and t(2)=T.

13


On the other hand,

if we have the collection C = {{U1,U2},{U1,U2},{U1}},

the answer is negative.

14


• Problems from many application domains have been modeled as SAT instances.

• In VLSI, SAT formulations have been used in testing, logic synthesis, and physical design .

15

Watermarking of SAT solution

• Assume the 3SAT restriction of the problem, where each clause has exactly three variables.

• Consider the following 3SAT instance:

16


1. Any satisfying assignment to the modified instance is a solution to the original instance.

2. both the modified instance and the solution contain a unique identification of the author.

Our goal is to alter the given 3SAT instance such that:

17


• The given 3SAT instance has 556 different satisfying assignments.

• The likelihood of someone else generating such a solution by chance is 2 to 556, or 0.00496.

18

Nonintrusive Watermarking

Methods that can be transparently integrated within existing design flows via preprocessing or postprocessing.

19

Nonintrusive Watermarking

1. An optimization problem with known difficult complexity.

2. A well-defined interpretation of the solutions of the optimization problem as IP.

The context for a nonintrusive watermarking procedure:

20

Nonintrusive Watermarking3. Existing algorithms and/or off-the-

shelf software that solve the optimization problem.

4. Protection requirements: a) removing or forging a watermark

must be as hard as recreating the design.

b) tampering with a watermark must be provable in court.

21

“Alice and Bob” scenarios

• Alice uses watermarking to protect some IP.

• Bob will attempt to subvert her

protection.

22

“Alice and Bob” scenario 1

• Alice wishes to protect some IP that involves many stages of processing.

• Alice watermarks each stage by selecting a set of “constraints”.

Generic Watermarking Procedure

23

Proof of Authorship

• A watermark’s proof of authorship is expressed as a single value – Pc.

• We wish this probability to be convincingly low.

• When we cannot compute Pc exactly, it is acceptable to overestimate it.

24

Proof of Authorship• ‘p’ - probability of satisfying a single

random constraint by coincidence.

• ‘c’ - number of imposed constraints. • ‘b’ - number of these constraints that

were not satisfied.

• ‘x’ - a random variable that represents how many of the ‘c’ constraints were not satisfied.

25

Proof of Authorship

Pc can be computed as a sum of binomials:

)( bXPPc

b

iiiC ppiiCC

0)1(*)(*)!)!*/(!(

26

“Alice and Bob” scenario 2

• Alice’s solution must satisfy a disproportionate number of her watermarking constraints.

• By calculating Pc - Alice can verify that her signature is present.

• A strong proof of authorship corresponds to a low value for Pc.

Generic Signature Verification Procedure

27

Typical Attacks

• Bob wishes to steal IP from Alice and claim it as his own.

• Bob will claim that the IP also contains his own watermark.

Attack - Finding Ghosts:

28

Typical Attacks

Bob has only two approaches:

1. Choose a set of constraints and than attempt to find a signature that corresponds to this set.

2. Try a brute-force approach to find a signature that corresponds to a set of constraints that yields a convincing proof of authorship - Pc.

Attack - Finding Ghosts:

29

Typical Attacks

• If Bob cannot find a convincing ghost signature, he may decide to tamper with Alice’s solution.

• Bob can do this by simply resolving the problem from scratch with his own watermark encoded.

Attack – Tampering:

30

Typical Attacks

• Nothing can be done to stop this directly.

• However, in realistic scenarios, Bob cannot afford to redo all the phases of the design process.

Attack – Tampering:

31

Typical Attacks

• Bob may attempt to subvert Alice’s watermark by inappropriately watermarking other solutions with Alice’s watermark.

• In other words, Bob wishes to forge

Alice’s signature.

Attack – Forging:

32

Typical Attacks

• Bob needs a signature that he can convince others belongs to Alice.

• However, such attacks can be easily prevented by using a public key encryption system.

Attack – Forging:

33

Cryptography

• Since 1976, cryptographic techniques has evolved, resulting in a variety of digital signature mechanisms.

• Several cryptographic techniques are directly relevant to our design watermarking approach.

34

Cryptography

• Cryptography tools are used for generating a set of physical design constraints.

• The use of cryptographic techniques ensures cryptographically strong hiding and decorrelation of the added signature constraints.

35

Cryptography

The tools which are used for these two tasks:

1. cryptographic hash function MD5.

2. public-key cryptosystem RSA.

3. stream cipher RC4 on which many of today’s state-of-the-art cryptographic commercial programs are based.

36

Evaluation of watermarking techniques

• Performed using placement and routing applications.

• For placement - A postprocessing flow that encodes a signature as specified parity of the cell row.

• For routing - A preprocessing flow that encodes a signature as upper bounds on the wrong-way wiring.

37


• Both placement and routing watermarking techniques are tamper-resistant.

• Addressing IP protection at a lower level of abstraction allows significantly stronger proofs of authorship and lower overhead.

38


1. It enables watermarking of already existing designs.

2. It enables direct calculation of the hardware overhead incurred by IPP.

3. it may be likelier to find acceptance among designers and managers.

The postprocessing approach is attractive for several reasons:

39

IPP in system-level and physical design

• System-level and physical design are traditionally viewed as “difficult” domains.

• Even a small percentage variation in solution quality can make or break a design.

40

IPP in system-level and physical design

• Many performance constraints cannot be considered satisfied until they are satisfied in the physical design.

(For example, constraining timing budgets).

• physical design is an appropriate juncture in the design cycle for watermarking.

41

Related Physical Design Techniques

• Constraint specification receive close attention through all phases of chip implementation, including physical design.

• Derived constraints will then arise throughout the register transfer level (RTL) floorplanning, block placement, and routing phases.

42

Related Physical Design Techniques

1. current tools do not easily support too many “extra” watermarking constraints.

2. introduction of too many watermarking constraints will likely degrade solution quality.

The implications for watermarking in physical design are that:

43

IP Watermarking Examples

• Allocating minimal cache structures and optimizing code for effective cache utilization.

• The problem of minimizing cache misses is equivalent to finding a solution to graph coloring.

Preprocessing-Based Watermarking Applied to System-Level Design Steps:

44


• Adding edges to the graph according to some encrypted signature of the author.

• The signature will be embedded in the activation path which transfers data between two levels of hierarchy.

Preprocessing-Based Watermarking Applied to System-Level Design Steps:

45


• Manipulating unused portions of the configuration bitstream.

• The watermark is inserted into the control bits for unused outputs from configurable logic blocks (CLBs).

Postprocessing in Physical-Level FPGA Design:

46


• This approach can be implemented through preprocessing, iterative, or post processing techniques.

• The disadvantage of this approach is that the watermark is not embedded in the functional part of the design.


47



The Xilinx 4000

family Of

FPGAs

48


Postprocessing in Physical-Level FPGA Design:• The number of configuration bits

associated with a multiplexer is equal to the number of required control bits.

• one and two watermark bits can be inserted at each unused two-to-one and four-to-one multiplexer, respectively.

49



The numbers calculated here are for an even number of unused combinatorial and sequential outputs.

50



The process in this approach:• is an entirely postprocessing step.• requires very little added design effort. • can store large watermarks.• allows for easy mark extraction. • has no overhead.

51

Physical Design Flow with Watermarking

Placement

• An existing tool can be modified to offer watermarking capability.

• A concrete design flow can be used to evaluate the strength of watermarks and their resistance to tampering.

52


53


We make the following observations:

1)This approach is absolutely equivalent to what might be implemented in a modification of the actual commercial tool.

2) Begin with a high-quality solution and retrospectively impose constraints.

3) The “final list of core cells” is a well defined concept in all existing design flows

54


Routing

55


Evaluation of Signature Strength

• Each constraint involves some “random” choice, e.g., choosing a random cell or signal net.

• The choices may occur either with or without replacement.

If there is replacement, then constraints will be independent of each other.

56


Evaluation of Signature Strength

•As long as the constraints are either independent or nearly so, the probability Pc can be computed by a simple binomial.

•When constraints are not independent, the exact value of may not be expressible.

57


Resistance to Tampering Attacks

•Another way to evaluate the strength of a given watermark is to assess its resistance to attacks.

•In these scenarios, the attacker is trying to erase the watermark by small layout perturbations:

58


Resistance to Tampering Attacks - Placement

a) Assumptions: i) The attacker has access only to an

incremental (“legalizing”) placement tool such as QPlace ECO mode .

ii) The watermarking scheme is unknown to the attacker.

iii) original design constraints are retained.

59


Resistance to Tampering Attacks - Placement

b) Attack i) Select N random pairs of cells and swap

the locations of each cell pair.

ii) run the legalizing placer to legalize the design (continue with routing, etc.).

Results:The quality drops faster than the signature strength

60


Resistance to Tampering Attacks - Routing

a)Assumptions: i) The attacker has access only to

incremental (single-net) auto-routing.

ii) The watermarking scheme is unknown to the attacker.

iii) original design constraints are retained

61


Resistance to Tampering Attacks - Routing

b) Attack:

Select N random nets, then reroute these nets with only the original design constraints (if any).

Results:The cost is similar to the cost of redo from scratch

62

Experimental Results

The authors applied their proposed physical design watermarking protocols to seven industry test cases, five in placement and two in routing.

63

Experimental Results Watermark Strength - Pc

1.total wirelength

2.total number of vias

3.percentage of overcongested “global routing cells”

4.CPU time in (mm : ss) required by the router.

64


65

Experimental ResultsThey have also performed an experiment with a timing-driven design flow to check the effect of their watermarking technique on timing.

66


They have also performed routing experiments:

67


Calculating Pc values can vary as varies from 0.2 to 0.4.

fine-tuning of Pc could potentially improve our results.

68


watermarked layout of test case sc1 (56

watermark nets)

nonwatermarked layout of the same design.

69

Conclusion•Motivations for watermarking-based protection of hardware and software design IP .

•Stages of the design process .

•Watermarking protection requirements against attacks .

•Problem formulations from several domains

70

constraint-based watermarking appears to have significant role in

protecting IP and support design reuse.

The End

•Andrew B. Kahng, John Lach, Member, IEEE ,•William. H. Mangione-Smith, Member, IEEE,

•Stefanus Mantik, Student Member, IEEE,• Igor L. Markov, Miodrag Potkonjak, Member, IEEE,

• Paul Tucker, Huijuan Wang, and Gregory Wolfe

Constraint-Based Watermarking Techniques for Design IP Protection

Documents