1 Constraint-Based Watermarking Techniques for Design IP Protection Presented by : Yaniv Sabo
Feb 25, 2016
1
Constraint-Based Watermarking Techniques
for Design IP Protection
Presented by : Yaniv Sabo
2
Introduction
• The advance of processing technology has led to a rapid increase in design complexity.
• Digital system designs are the product of valuable effort and know-how.
• Their embodiments represent carefully guarded intellectual property (IP).
3
Introduction
• Embracing reuse-based design methodologies.
• IP reuse requires new mechanisms to protect the rights of IP producers and owners.
4
Watermarking
IP design watermark
An invisible identification code that is:•Nearly invisible to human and machine inspection.•Difficult to remove. •permanently embedded as an integral part within a design.
5
watermarking
• A number of techniques have been proposed for data hiding in image, video, text, and audio data.
• The majority of these exploit imperfections of the human visual and auditory systems.
6
watermarking
• The artifact is changed, but the human senses cannot perceive the change.
• When discussing Design IP, the watermarked IP must remain functionally correct.
7
Watermarking Designs
•Maintenance of functional correctness.
•Transparency to existing design flows.
•Minimal overhead cost.
•Enforceability.
8
Watermarking principles
• Flexibility in providing a spectrum of protection levels.
• Persistence.
• Invisibility.
• Proportional component protection.
9
Strategy for Constraint-Based IPP
• mapping an author’s signature into a set of constraints.
• If disproportionately many of these constraints are satisfied, the presence of the signature is indicated.
• Choosing the type of constraints and the tactic can dramatically affect the strength of the watermark.
10
Selection of Constraints
• Watermarked solutions must not be inferior to average solutions.
Otherwise, such a watermark will be too costly to use.
11
A Motivating Example – 3SAT
• SAT - a classical NP-complete constraint-satisfaction problem.
• Instance: A finite set of variables U and a collection C = {C1,C2,…,Cm} of clauses over U.
• Question: Is there a truth assignment U that satisfies all the clauses in C ?
12
A Motivating Example – 3SAT
For example
U = {U1,U2} andC ={{U1,U2},{U1},{U1,U2}}
A satisfying truth assignment is:t(U1)=F and t(2)=T.
13
A Motivating Example – 3SAT
On the other hand,
if we have the collection C = {{U1,U2},{U1,U2},{U1}},
the answer is negative.
14
A Motivating Example – 3SAT
• Problems from many application domains have been modeled as SAT instances.
• In VLSI, SAT formulations have been used in testing, logic synthesis, and physical design .
15
Watermarking of SAT solution
• Assume the 3SAT restriction of the problem, where each clause has exactly three variables.
• Consider the following 3SAT instance:
16
Watermarking of SAT solution
1. Any satisfying assignment to the modified instance is a solution to the original instance.
2. both the modified instance and the solution contain a unique identification of the author.
Our goal is to alter the given 3SAT instance such that:
17
Watermarking of SAT solution
• The given 3SAT instance has 556 different satisfying assignments.
• The likelihood of someone else generating such a solution by chance is 2 to 556, or 0.00496.
18
Nonintrusive Watermarking
Methods that can be transparently integrated within existing design flows via preprocessing or postprocessing.
19
Nonintrusive Watermarking
1. An optimization problem with known difficult complexity.
2. A well-defined interpretation of the solutions of the optimization problem as IP.
The context for a nonintrusive watermarking procedure:
20
Nonintrusive Watermarking3. Existing algorithms and/or off-the-
shelf software that solve the optimization problem.
4. Protection requirements: a) removing or forging a watermark
must be as hard as recreating the design.
b) tampering with a watermark must be provable in court.
21
“Alice and Bob” scenarios
• Alice uses watermarking to protect some IP.
• Bob will attempt to subvert her
protection.
22
“Alice and Bob” scenario 1
• Alice wishes to protect some IP that involves many stages of processing.
• Alice watermarks each stage by selecting a set of “constraints”.
Generic Watermarking Procedure
23
Proof of Authorship
• A watermark’s proof of authorship is expressed as a single value – Pc.
• We wish this probability to be convincingly low.
• When we cannot compute Pc exactly, it is acceptable to overestimate it.
24
Proof of Authorship• ‘p’ - probability of satisfying a single
random constraint by coincidence.
• ‘c’ - number of imposed constraints. • ‘b’ - number of these constraints that
were not satisfied.
• ‘x’ - a random variable that represents how many of the ‘c’ constraints were not satisfied.
25
Proof of Authorship
Pc can be computed as a sum of binomials:
)( bXPPc
b
iiiC ppiiCC
0)1(*)(*)!)!*/(!(
26
“Alice and Bob” scenario 2
• Alice’s solution must satisfy a disproportionate number of her watermarking constraints.
• By calculating Pc - Alice can verify that her signature is present.
• A strong proof of authorship corresponds to a low value for Pc.
Generic Signature Verification Procedure
27
Typical Attacks
• Bob wishes to steal IP from Alice and claim it as his own.
• Bob will claim that the IP also contains his own watermark.
Attack - Finding Ghosts:
28
Typical Attacks
Bob has only two approaches:
1. Choose a set of constraints and than attempt to find a signature that corresponds to this set.
2. Try a brute-force approach to find a signature that corresponds to a set of constraints that yields a convincing proof of authorship - Pc.
Attack - Finding Ghosts:
29
Typical Attacks
• If Bob cannot find a convincing ghost signature, he may decide to tamper with Alice’s solution.
• Bob can do this by simply resolving the problem from scratch with his own watermark encoded.
Attack – Tampering:
30
Typical Attacks
• Nothing can be done to stop this directly.
• However, in realistic scenarios, Bob cannot afford to redo all the phases of the design process.
Attack – Tampering:
31
Typical Attacks
• Bob may attempt to subvert Alice’s watermark by inappropriately watermarking other solutions with Alice’s watermark.
• In other words, Bob wishes to forge
Alice’s signature.
Attack – Forging:
32
Typical Attacks
• Bob needs a signature that he can convince others belongs to Alice.
• However, such attacks can be easily prevented by using a public key encryption system.
Attack – Forging:
33
Cryptography
• Since 1976, cryptographic techniques has evolved, resulting in a variety of digital signature mechanisms.
• Several cryptographic techniques are directly relevant to our design watermarking approach.
34
Cryptography
• Cryptography tools are used for generating a set of physical design constraints.
• The use of cryptographic techniques ensures cryptographically strong hiding and decorrelation of the added signature constraints.
35
Cryptography
The tools which are used for these two tasks:
1. cryptographic hash function MD5.
2. public-key cryptosystem RSA.
3. stream cipher RC4 on which many of today’s state-of-the-art cryptographic commercial programs are based.
36
Evaluation of watermarking techniques
• Performed using placement and routing applications.
• For placement - A postprocessing flow that encodes a signature as specified parity of the cell row.
• For routing - A preprocessing flow that encodes a signature as upper bounds on the wrong-way wiring.
37
Evaluation of watermarking techniques
• Both placement and routing watermarking techniques are tamper-resistant.
• Addressing IP protection at a lower level of abstraction allows significantly stronger proofs of authorship and lower overhead.
38
Evaluation of watermarking techniques
1. It enables watermarking of already existing designs.
2. It enables direct calculation of the hardware overhead incurred by IPP.
3. it may be likelier to find acceptance among designers and managers.
The postprocessing approach is attractive for several reasons:
39
IPP in system-level and physical design
• System-level and physical design are traditionally viewed as “difficult” domains.
• Even a small percentage variation in solution quality can make or break a design.
40
IPP in system-level and physical design
• Many performance constraints cannot be considered satisfied until they are satisfied in the physical design.
(For example, constraining timing budgets).
• physical design is an appropriate juncture in the design cycle for watermarking.
41
Related Physical Design Techniques
• Constraint specification receive close attention through all phases of chip implementation, including physical design.
• Derived constraints will then arise throughout the register transfer level (RTL) floorplanning, block placement, and routing phases.
42
Related Physical Design Techniques
1. current tools do not easily support too many “extra” watermarking constraints.
2. introduction of too many watermarking constraints will likely degrade solution quality.
The implications for watermarking in physical design are that:
43
IP Watermarking Examples
• Allocating minimal cache structures and optimizing code for effective cache utilization.
• The problem of minimizing cache misses is equivalent to finding a solution to graph coloring.
Preprocessing-Based Watermarking Applied to System-Level Design Steps:
44
IP Watermarking Examples
• Adding edges to the graph according to some encrypted signature of the author.
• The signature will be embedded in the activation path which transfers data between two levels of hierarchy.
Preprocessing-Based Watermarking Applied to System-Level Design Steps:
45
IP Watermarking Examples
• Manipulating unused portions of the configuration bitstream.
• The watermark is inserted into the control bits for unused outputs from configurable logic blocks (CLBs).
Postprocessing in Physical-Level FPGA Design:
46
IP Watermarking Examples
• This approach can be implemented through preprocessing, iterative, or post processing techniques.
• The disadvantage of this approach is that the watermark is not embedded in the functional part of the design.
Postprocessing in Physical-Level FPGA Design:
47
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design:
The Xilinx 4000
family Of
FPGAs
48
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design:• The number of configuration bits
associated with a multiplexer is equal to the number of required control bits.
• one and two watermark bits can be inserted at each unused two-to-one and four-to-one multiplexer, respectively.
49
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design:
The numbers calculated here are for an even number of unused combinatorial and sequential outputs.
50
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design:
The process in this approach:• is an entirely postprocessing step.• requires very little added design effort. • can store large watermarks.• allows for easy mark extraction. • has no overhead.
51
Physical Design Flow with Watermarking
Placement
• An existing tool can be modified to offer watermarking capability.
• A concrete design flow can be used to evaluate the strength of watermarks and their resistance to tampering.
52
Physical Design Flow with Watermarking
53
Physical Design Flow with Watermarking
We make the following observations:
1)This approach is absolutely equivalent to what might be implemented in a modification of the actual commercial tool.
2) Begin with a high-quality solution and retrospectively impose constraints.
3) The “final list of core cells” is a well defined concept in all existing design flows
54
Physical Design Flow with Watermarking
Routing
55
Physical Design Flow with Watermarking
Evaluation of Signature Strength
• Each constraint involves some “random” choice, e.g., choosing a random cell or signal net.
• The choices may occur either with or without replacement.
If there is replacement, then constraints will be independent of each other.
56
Physical Design Flow with Watermarking
Evaluation of Signature Strength
•As long as the constraints are either independent or nearly so, the probability Pc can be computed by a simple binomial.
•When constraints are not independent, the exact value of may not be expressible.
57
Physical Design Flow with Watermarking
Resistance to Tampering Attacks
•Another way to evaluate the strength of a given watermark is to assess its resistance to attacks.
•In these scenarios, the attacker is trying to erase the watermark by small layout perturbations:
58
Physical Design Flow with Watermarking
Resistance to Tampering Attacks - Placement
a) Assumptions: i) The attacker has access only to an
incremental (“legalizing”) placement tool such as QPlace ECO mode .
ii) The watermarking scheme is unknown to the attacker.
iii) original design constraints are retained.
59
Physical Design Flow with Watermarking
Resistance to Tampering Attacks - Placement
b) Attack i) Select N random pairs of cells and swap
the locations of each cell pair.
ii) run the legalizing placer to legalize the design (continue with routing, etc.).
Results:The quality drops faster than the signature strength
60
Physical Design Flow with Watermarking
Resistance to Tampering Attacks - Routing
a)Assumptions: i) The attacker has access only to
incremental (single-net) auto-routing.
ii) The watermarking scheme is unknown to the attacker.
iii) original design constraints are retained
61
Physical Design Flow with Watermarking
Resistance to Tampering Attacks - Routing
b) Attack:
Select N random nets, then reroute these nets with only the original design constraints (if any).
Results:The cost is similar to the cost of redo from scratch
62
Experimental Results
The authors applied their proposed physical design watermarking protocols to seven industry test cases, five in placement and two in routing.
63
Experimental Results Watermark Strength - Pc
1.total wirelength
2.total number of vias
3.percentage of overcongested “global routing cells”
4.CPU time in (mm : ss) required by the router.
64
Experimental Results
65
Experimental ResultsThey have also performed an experiment with a timing-driven design flow to check the effect of their watermarking technique on timing.
66
Experimental Results
They have also performed routing experiments:
67
Experimental Results
Calculating Pc values can vary as varies from 0.2 to 0.4.
fine-tuning of Pc could potentially improve our results.
68
Experimental Results
watermarked layout of test case sc1 (56
watermark nets)
nonwatermarked layout of the same design.
69
Conclusion•Motivations for watermarking-based protection of hardware and software design IP .
•Stages of the design process .
•Watermarking protection requirements against attacks .
•Problem formulations from several domains
70
constraint-based watermarking appears to have significant role in
protecting IP and support design reuse.
The End
•Andrew B. Kahng, John Lach, Member, IEEE ,•William. H. Mangione-Smith, Member, IEEE,
•Stefanus Mantik, Student Member, IEEE,• Igor L. Markov, Miodrag Potkonjak, Member, IEEE,
• Paul Tucker, Huijuan Wang, and Gregory Wolfe