Copy Detection for Intellectual Property Protection of VLSI Design

1
Copy Detection forIntellectual Property
Protectionof VLSI Design

• Andrew B. Kahng, Darko Kirovski, Stefanus Mantik,
• Miodrag Potkonjak and Jennifer L. Wong
• UCLA Computer Science Dept., Los Angeles, CA
• ICCAD 1999
• Supported in part by a grant from Cadence Design
  Systems, Inc.
• by the MARCO Gigascale Silicon Research Center,
• and by a grant from the NSF.

2
Motivation

• More functionality integrated on a single chip
• Shorter design cycle times
• ? design reuse methodology
• Intellectual Property Protection (IPP)
• prevention of unauthorized use
• detection of unauthorized use
• Copy detection techniques
• watermarking, fingerprinting, etc.
• applicable after an illegal copy is found
• ? how to find the illegal copy in the first
  place?

3
General Copy Detection Problem

• Given
• a library of n registered pieces of IP
• a new unregistered piece of IP
• Determine
• is any significant portion of any registered IP
  present in the unregistered IP?

4
Previous Work

• String matching BoyerM77, KnuthMP77, KarpR81
• Text copy detection BrinDG95, ShivakumarG96,
  and Manber94
• Copy detection in biotechnology Benson98 and
  image processing ForsythF97
• Speed-up database query with Iceberg Queries
  FangSGMU98
• LVS OhlrichEGS93, ChiangNL89, NiewczasMS98

5
Outline

• Motivations
• General Copy Detection Methodology
• Specific Copy Detection Techniques
• Scheduling in High-Level Synthesis
• Gate-Level Netlist
• Experimental Confirmations
• Conclusions

6
Generic Copy Detection Methodology

• Identify a common structural representation of
  solutions (IPs) and what constitutes an element
  of the solution structure
• program execution orders, instruction sets
• circuit netlist hypergraphs, vertices, hyperedges

7
Generic Copy Detection Methodology

• Identify a common structural representation of
  solutions (IPs) and what constitutes an element
  of the solution structure
• Understand the model of adversary
• what may the adversary do to the IP?
• must know what can be stolen, and possible forms
  of theft, before knowing what protection is needed

8
Generic Copy Detection Methodology

• Identify a common structural representation of
  solutions (IPs) and what constitutes an element
  of the solution structure
• Understand the model of adversary
• Identify a means of calculating locally context
  dependent signatures for such elements
• allows detection of partial IPs

9
Generic Copy Detection Methodology

• Identify a common structural representation of
  solutions (IPs) and what constitutes an element
  of the solution structure
• Understand the model of adversary
• Identify a means of calculating locally context
  dependent signatures for such elements
• Identify rare and/or distinguishing elements of a
  registered IP
• rare instructions, strange cells, etc.
  FangSGMU98

10
Generic Copy Detection Methodology

• Identify a common structural representation of
  solutions (IPs) and what constitutes an element
  of the solution structure
• Understand the model of adversary
• Identify a means of calculating locally context
  dependent signatures for such elements
• Identify rare and/or distinguishing elements of a
  registered IP
• Apply good comparison methods to identify
  suspicious unregistered IPs
• linear complexity, DIFF, etc.

11
Outline

• Motivations
• General Copy Detection Methodology
• Specific Copy Detection Techniques
• Scheduling in High-Level Synthesis
• Gate-Level Netlist
• Experimental Confirmations
• Conclusions

12
Scheduling in High-Level Synthesis

• IP high-level procedures linked arbitrarily
• Assumptions for the adversary
• extracts procedures from the IP, and embeds the
  extracted code into his/her design
• relinks the extracted procedures in an arbitrary
  fashion, without significant modification of the
  actual specification within each of the
  procedures
• may inline a procedure in the newly created
  specification or conduct local perturbations

13
Copy Detection for HLS Scheduling

• Given
• a set P of registered procedures
• a suspected instruction sequence S
• Find
• the subset P0 ? P consisting of all instruction
  sequences Pi ? P that occur in S

14
Copy Detection (Pre-Processing)

• Select a set B of rare instructions (0 lt pbj lt
  e), pbj occurrence probability for bj , bj ? B
• Identify locations of all bj in B in all Pi ? P
• use dynamic execution order

15
Copy Detection (Pre-Processing)

• Select a set B of rare instructions (0 lt pbj lt
  e), pbj occurrence probability for bj , bj ? B
• Identify locations of all bj in B in all Pi ? P
• Pseudo-randomly select K-tuples of instructions
  from B with max distance in the sequence order
  between any two instructions is smaller
  than q
• each K-tuple is a pattern
• use inexact distance (within a neighborhood
  of cardinality N )

... mov AX, BX addl AX, BF04 subl BX, ES jnz
AX xor ES, ES addl ES, BX ...
16
Copy Detection (Pre-Processing)

• Select a set B of rare instructions (0 lt pbj lt
  e), pbj occurrence probability for bj , bj ? B
• Identify locations of all bj in B in all Pi ? P
• Pseudo-randomly select K-tuples of instructions
  from B with max distance in the sequence between
  any two instructions is smaller than q
• Create Constrained PoolPatterns
• pati has probability ppati of occurrence in
  specific location in S
• find minimal set of patterns such that each Pi ?
  P contains at least one pattern

17
Copy Detection (Pre-Processing)

• Select a set B of rare instructions (0 lt pbj lt
  e), pbj occurrence probability for bj , bj ? B
• Identify locations of all bj in B in all Pi ? P
• Pseudo-randomly select K-tuples of instructions
  from B with max distance in the sequence between
  any two instructions is smaller than q
• Create Constrained PoolPatterns
• Identify a rare instruction set C such that each
  pattern in Constrained PoolPatterns contains at
  least one instruction in C, and the sum of
  occurrence probabilities of cj ? C is minimum

18
Copy Detection Steps

• For each instruction cj ? C found in S
• Match all patterns from constrained PoolPatterns
  that contain cj to S (use linear search)

Suspected IP
... mov AX, BX addl AX, BF04 xor AX, FFFF subl
BX, ES jnz AX xor ES, ES mov SI, DX addl ES,
BX ...
Registered IP
... mov AX, BX addl AX, BF04 subl BX, ES jnz
AX xor ES, ES addl ES, BX ...
31
3
19
Gate-Level Netlists

• IP design netlists
• Assumption for the adversary
• extracts sub-netlists from the IP, and embeds the
  extracted sub-netlists into larger netlist
• performs local perturbations (buffer insertions
  and/or deletions, gate decompositions, etc.)

20
Signature of a Gate

• Ni,1 cardinality of the set of distinct nets
  incident to gate ci
• Ci,1 cardinality of the set of distinct cells
  on the nets in Ni,1
• Ni,2 cardinality of the set of distinct nets
  incident to the cells in Ci,1
• etc.

21
Signature of a Gate

• Signature ? sequence of Ni,1, Ci,1, Ni,2,
  ...
• 6 values first k elements of sequence, k 6
• 3 variants restrict by pin direction ( in, out,
  in-out )
• 3 variants vary underlying netlist (deleting
  hyperedges with degree greater than some
  threshold d ( d 4, 7, 10 )
• 6 x 3 x 3 54 numbers

( x1, x2, x3, x4, x5, x6, x7, x8, x9, , x54 )
22
Gate Signature Example
d3
d6
k1
k2
k3
( 1, 1, 0, 2, 1, 0, , , , 3, 1, 1, 4, 2, 1,
, , , 3, 1, 4, 4, 2, 5, , , , )
23
Copy Detection Steps

• Pre-Processing
• Compute signatures of registered netlists
• Sort signatures of registered netlists
• Copy Detection Process
• Compute signatures of the suspected netlist
• Sort signatures of the suspected netlist
• Perform linear-time matching by walking through
  sorted lists
• Matching credit 2?(x -1) / 9? (x position
  of match)
• Calculate matching

24
Outline

• Motivations
• General Copy Detection Methodology
• Specific Copy Detection Techniques
• Scheduling in High-Level Synthesis
• Gate-Level Netlist
• Experimental Confirmations
• Conclusions

25
Experiments for HLS Scheduling

• Standard multimedia benchmark applications
• PFA ? probability of false alarm
• Average pre-processing 46 hours

26
Experiments for Gate-Level Netlists

• 6 design testcases (from 3k to 118k cells)
• Matching between full designs

• Possible copy has high percentage for matching

• Test cases E F from the same company

27
Experiments for Gate-Level Netlists

• Matching of partial designs against full designs
• A ? A, B ? B, C ? C, etc.
• CPU for 118k 13 hours (setup) 0.21 sec (detect)

28
Outline

• Motivations
• General Copy Detection Methodology
• Specific Copy Detection Techniques
• Scheduling in High-Level Synthesis
• Gate-Level Netlist
• Experimental Confirmations
• Conclusions

29
Conclusions

• Generic copy detection methodology for VLSI CAD
• Specific copy detection techniques
• Scheduling in High-Level Synthesis
• Gate-Level Netlist
• Sensitive detection for partial copy of IP
• Current research
• complementary interaction with watermarking
• stronger techniques immune to topological change
• automated techniques for tracing ancestors
• Thank You !

30
Thank You
31
Copy Detection (Pre-Processing)

• Select a set B of rare instructions (0 lt pbj lt
  e), pbj occurrence probability for bj , bj ? B
• Identify locations of all bj in B in all Pi ? P
• use dynamic execution order

Dynamic execution order
... mov AX, BX addl AX, BF04 subl BX, ES jnz
AX addl BX, CX ... xor ES, ES addl ES, BX ...
... mov AX, BX addl AX, BF04 subl BX, ES jnz
AX xor ES, ES addl ES, BX ...
Actual order