Exploiting Proximity Information in a Satisfiability Based Attack Against Split Manufactured Circuits

Split Manufacturing (SM) was introduced as an effective countermeasure to reverse engineering of integrated circuits and as a potential deterrent to Trojan insertion and overproduction. In SM, some wires, assigned to the back-end-of-line (BEOL) layers and fabricated at a secure facility, are hidden from the attacker. However, proximity information based attacks use physical design hints such as wire-length, combinational cycles and routing directions obtained from the FEOL (front-end-of-line) netlist to recover some or all of the BEOL signals. In addition, a recently proposed satisfiability (SAT) based attack models the BEOL signal recovery problem as a problem of configuring a key-controlled interconnect network and solves for the key values using a SAT solver. While this method can recover 100% of the BEOL signals, it takes impractically long time for large circuits. In this paper, we propose an effective method to exploit proximity information extracted from the FEOL circuit to reduce the size of the interconnection network which models the missing BEOL layers which in turn significantly reduces the size of the resulting SAT problem. This leads to efficient recovery of 100% of the ‘hidden’ BEOL signals even for large circuits. Experimental results using circuits from ISCAS85, ISCAS89 and ITC99 benchmark suites show that the proposed method is up to 80x faster than the SAT-only attack (without proximity information) while maintaining the 100% attack correctness for all combinational and sequential benchmarks.