Title: Copy Detection for Intellectual Property Protection of VLSI Design
1Copy Detection forIntellectual Property
Protectionof VLSI Design
- Andrew B. Kahng, Darko Kirovski, Stefanus Mantik,
- Miodrag Potkonjak and Jennifer L. Wong
- UCLA Computer Science Dept., Los Angeles, CA
- ICCAD 1999
- Supported in part by a grant from Cadence Design
Systems, Inc. - by the MARCO Gigascale Silicon Research Center,
- and by a grant from the NSF.
2Motivation
- More functionality integrated on a single chip
- Shorter design cycle times
- ? design reuse methodology
- Intellectual Property Protection (IPP)
- prevention of unauthorized use
- detection of unauthorized use
- Copy detection techniques
- watermarking, fingerprinting, etc.
- applicable after an illegal copy is found
- ? how to find the illegal copy in the first
place?
3General Copy Detection Problem
- Given
- a library of n registered pieces of IP
- a new unregistered piece of IP
- Determine
- is any significant portion of any registered IP
present in the unregistered IP?
4Previous Work
- String matching BoyerM77, KnuthMP77, KarpR81
- Text copy detection BrinDG95, ShivakumarG96,
and Manber94 - Copy detection in biotechnology Benson98 and
image processing ForsythF97 - Speed-up database query with Iceberg Queries
FangSGMU98 - LVS OhlrichEGS93, ChiangNL89, NiewczasMS98
5Outline
- Motivations
- General Copy Detection Methodology
- Specific Copy Detection Techniques
- Scheduling in High-Level Synthesis
- Gate-Level Netlist
- Experimental Confirmations
- Conclusions
6Generic Copy Detection Methodology
- Identify a common structural representation of
solutions (IPs) and what constitutes an element
of the solution structure - program execution orders, instruction sets
- circuit netlist hypergraphs, vertices, hyperedges
7Generic Copy Detection Methodology
- Identify a common structural representation of
solutions (IPs) and what constitutes an element
of the solution structure - Understand the model of adversary
- what may the adversary do to the IP?
- must know what can be stolen, and possible forms
of theft, before knowing what protection is needed
8Generic Copy Detection Methodology
- Identify a common structural representation of
solutions (IPs) and what constitutes an element
of the solution structure - Understand the model of adversary
- Identify a means of calculating locally context
dependent signatures for such elements - allows detection of partial IPs
9Generic Copy Detection Methodology
- Identify a common structural representation of
solutions (IPs) and what constitutes an element
of the solution structure - Understand the model of adversary
- Identify a means of calculating locally context
dependent signatures for such elements - Identify rare and/or distinguishing elements of a
registered IP - rare instructions, strange cells, etc.
FangSGMU98
10Generic Copy Detection Methodology
- Identify a common structural representation of
solutions (IPs) and what constitutes an element
of the solution structure - Understand the model of adversary
- Identify a means of calculating locally context
dependent signatures for such elements - Identify rare and/or distinguishing elements of a
registered IP - Apply good comparison methods to identify
suspicious unregistered IPs - linear complexity, DIFF, etc.
11Outline
- Motivations
- General Copy Detection Methodology
- Specific Copy Detection Techniques
- Scheduling in High-Level Synthesis
- Gate-Level Netlist
- Experimental Confirmations
- Conclusions
12Scheduling in High-Level Synthesis
- IP high-level procedures linked arbitrarily
- Assumptions for the adversary
- extracts procedures from the IP, and embeds the
extracted code into his/her design - relinks the extracted procedures in an arbitrary
fashion, without significant modification of the
actual specification within each of the
procedures - may inline a procedure in the newly created
specification or conduct local perturbations
13Copy Detection for HLS Scheduling
- Given
- a set P of registered procedures
- a suspected instruction sequence S
- Find
- the subset P0 ? P consisting of all instruction
sequences Pi ? P that occur in S
14Copy Detection (Pre-Processing)
- Select a set B of rare instructions (0 lt pbj lt
e), pbj occurrence probability for bj , bj ? B - Identify locations of all bj in B in all Pi ? P
- use dynamic execution order
15Copy Detection (Pre-Processing)
- Select a set B of rare instructions (0 lt pbj lt
e), pbj occurrence probability for bj , bj ? B - Identify locations of all bj in B in all Pi ? P
- Pseudo-randomly select K-tuples of instructions
from B with max distance in the sequence order
between any two instructions is smaller
than q - each K-tuple is a pattern
- use inexact distance (within a neighborhood
of cardinality N )
... mov AX, BX addl AX, BF04 subl BX, ES jnz
AX xor ES, ES addl ES, BX ...
16Copy Detection (Pre-Processing)
- Select a set B of rare instructions (0 lt pbj lt
e), pbj occurrence probability for bj , bj ? B - Identify locations of all bj in B in all Pi ? P
- Pseudo-randomly select K-tuples of instructions
from B with max distance in the sequence between
any two instructions is smaller than q - Create Constrained PoolPatterns
- pati has probability ppati of occurrence in
specific location in S - find minimal set of patterns such that each Pi ?
P contains at least one pattern
17Copy Detection (Pre-Processing)
- Select a set B of rare instructions (0 lt pbj lt
e), pbj occurrence probability for bj , bj ? B - Identify locations of all bj in B in all Pi ? P
- Pseudo-randomly select K-tuples of instructions
from B with max distance in the sequence between
any two instructions is smaller than q - Create Constrained PoolPatterns
- Identify a rare instruction set C such that each
pattern in Constrained PoolPatterns contains at
least one instruction in C, and the sum of
occurrence probabilities of cj ? C is minimum
18Copy Detection Steps
- For each instruction cj ? C found in S
- Match all patterns from constrained PoolPatterns
that contain cj to S (use linear search)
Suspected IP
... mov AX, BX addl AX, BF04 xor AX, FFFF subl
BX, ES jnz AX xor ES, ES mov SI, DX addl ES,
BX ...
Registered IP
... mov AX, BX addl AX, BF04 subl BX, ES jnz
AX xor ES, ES addl ES, BX ...
31
3
19Gate-Level Netlists
- IP design netlists
- Assumption for the adversary
- extracts sub-netlists from the IP, and embeds the
extracted sub-netlists into larger netlist - performs local perturbations (buffer insertions
and/or deletions, gate decompositions, etc.)
20Signature of a Gate
- Ni,1 cardinality of the set of distinct nets
incident to gate ci - Ci,1 cardinality of the set of distinct cells
on the nets in Ni,1 - Ni,2 cardinality of the set of distinct nets
incident to the cells in Ci,1 - etc.
21Signature of a Gate
- Signature ? sequence of Ni,1, Ci,1, Ni,2,
... - 6 values first k elements of sequence, k 6
- 3 variants restrict by pin direction ( in, out,
in-out ) - 3 variants vary underlying netlist (deleting
hyperedges with degree greater than some
threshold d ( d 4, 7, 10 ) - 6 x 3 x 3 54 numbers
( x1, x2, x3, x4, x5, x6, x7, x8, x9, , x54 )
22Gate Signature Example
d3
d6
k1
k2
k3
( 1, 1, 0, 2, 1, 0, , , , 3, 1, 1, 4, 2, 1,
, , , 3, 1, 4, 4, 2, 5, , , , )
23Copy Detection Steps
- Pre-Processing
- Compute signatures of registered netlists
- Sort signatures of registered netlists
- Copy Detection Process
- Compute signatures of the suspected netlist
- Sort signatures of the suspected netlist
- Perform linear-time matching by walking through
sorted lists - Matching credit 2?(x -1) / 9? (x position
of match) - Calculate matching
24Outline
- Motivations
- General Copy Detection Methodology
- Specific Copy Detection Techniques
- Scheduling in High-Level Synthesis
- Gate-Level Netlist
- Experimental Confirmations
- Conclusions
25Experiments for HLS Scheduling
- Standard multimedia benchmark applications
- PFA ? probability of false alarm
- Average pre-processing 46 hours
26Experiments for Gate-Level Netlists
- 6 design testcases (from 3k to 118k cells)
- Matching between full designs
- Possible copy has high percentage for matching
- Test cases E F from the same company
27Experiments for Gate-Level Netlists
- Matching of partial designs against full designs
- A ? A, B ? B, C ? C, etc.
- CPU for 118k 13 hours (setup) 0.21 sec (detect)
28Outline
- Motivations
- General Copy Detection Methodology
- Specific Copy Detection Techniques
- Scheduling in High-Level Synthesis
- Gate-Level Netlist
- Experimental Confirmations
- Conclusions
29Conclusions
- Generic copy detection methodology for VLSI CAD
- Specific copy detection techniques
- Scheduling in High-Level Synthesis
- Gate-Level Netlist
- Sensitive detection for partial copy of IP
- Current research
- complementary interaction with watermarking
- stronger techniques immune to topological change
- automated techniques for tracing ancestors
- Thank You !
30Thank You
31Copy Detection (Pre-Processing)
- Select a set B of rare instructions (0 lt pbj lt
e), pbj occurrence probability for bj , bj ? B - Identify locations of all bj in B in all Pi ? P
- use dynamic execution order
Dynamic execution order
... mov AX, BX addl AX, BF04 subl BX, ES jnz
AX addl BX, CX ... xor ES, ES addl ES, BX ...
... mov AX, BX addl AX, BF04 subl BX, ES jnz
AX xor ES, ES addl ES, BX ...
Actual order