Title: Constraint-Based Watermarking Techniques for Design IP Protection
1Constraint-Based Watermarking Techniques for
Design IP Protection
2Introduction
- The advance of processing technology has led to a
rapid increase in design complexity. - Digital system designs are the product of
valuable effort and know-how. - Their embodiments represent carefully guarded
intellectual property (IP).
3Introduction
- Embracing reuse-based design methodologies.
- IP reuse requires new mechanisms to protect the
rights of IP producers and owners.
4Watermarking
- IP design watermark
- An invisible identification code that is
- Nearly invisible to human and machine
inspection. - Difficult to remove.
-
- permanently embedded as an integral part within a
design.
5watermarking
- A number of techniques have been proposed for
data hiding in image, video, text, and audio
data. - The majority of these exploit imperfections of
the human visual and auditory systems.
6watermarking
- The artifact is changed, but the human senses
cannot perceive the change. - When discussing Design IP, the watermarked IP
must remain functionally correct.
7Watermarking Designs
- Maintenance of functional correctness.
- Transparency to existing design flows.
- Minimal overhead cost.
- Enforceability.
8Watermarking principles
- Flexibility in providing a spectrum of protection
levels. - Persistence.
- Invisibility.
- Proportional component protection.
9Strategy for Constraint-Based IPP
- mapping an authors signature into a set of
constraints. - If disproportionately many of these constraints
are satisfied, the presence of the signature is
indicated. - Choosing the type of constraints and the tactic
can dramatically affect the strength of the
watermark.
10Selection of Constraints
- Watermarked solutions must not be inferior to
average solutions. - Otherwise, such a watermark will be too costly
to use.
11A Motivating Example 3SAT
- SAT - a classical NP-complete constraint-satisfact
ion problem. - Instance A finite set of variables U and a
collection C C1,C2,,Cm of clauses over U. - Question Is there a truth assignment U that
satisfies all the clauses in C ?
12A Motivating Example 3SAT
- For example
- U U1,U2 and
- C U1,U2,U1,U1,U2
- A satisfying truth assignment is
- t(U1)F and t(2)T.
13A Motivating Example 3SAT
- On the other hand,
- if we have the collection
- C U1,U2,U1,U2,U1,
- the answer is negative.
14A Motivating Example 3SAT
- Problems from many application domains have been
modeled as SAT instances. - In VLSI, SAT formulations have been used in
testing, logic synthesis, and physical design .
15Watermarking of SAT solution
- Assume the 3SAT restriction of the problem, where
each clause has exactly three variables. - Consider the following 3SAT instance
16Watermarking of SAT solution
Our goal is to alter the given 3SAT instance such
that
- Any satisfying assignment to the modified
instance is a solution to the original instance. - both the modified instance and the solution
contain a unique identification of the author.
17Watermarking of SAT solution
- The given 3SAT instance has 556 different
satisfying assignments. - The likelihood of someone else generating such a
solution by chance is 2 to 556, or 0.00496.
18Nonintrusive Watermarking
- Methods that can be transparently integrated
within existing design flows via preprocessing or
postprocessing.
19Nonintrusive Watermarking
The context for a nonintrusive watermarking
procedure
- An optimization problem with known difficult
complexity. - A well-defined interpretation of the solutions of
the optimization problem as IP.
20Nonintrusive Watermarking
- Existing algorithms and/or off-the-shelf software
that solve the optimization problem. - 4. Protection requirements
-
- removing or forging a watermark must be
as hard as recreating the design. - tampering with a watermark must
be provable in court.
21Alice and Bob scenarios
- Alice uses watermarking to protect some IP.
-
- Bob will attempt to subvert her protection.
22Alice and Bob scenario 1
Generic Watermarking Procedure
- Alice wishes to protect some IP that involves
many stages of processing. - Alice watermarks each stage by selecting a set of
constraints.
23Proof of Authorship
- A watermarks proof of authorship is expressed as
a single value Pc. - We wish this probability to be convincingly low.
- When we cannot compute Pc exactly, it is
acceptable to overestimate it.
24Proof of Authorship
- p - probability of satisfying a single
random constraint by
coincidence. - c - number of imposed constraints.
-
- b - number of these constraints that
were not satisfied. - x - a random variable that represents how many
of the c constraints were not satisfied.
25Proof of Authorship
- Pc can be computed as a sum of binomials
26Alice and Bob scenario 2
Generic Signature Verification Procedure
- Alices solution must satisfy a disproportionate
number of her watermarking constraints. - By calculating Pc - Alice can verify that her
signature is present. - A strong proof of authorship corresponds to a low
value for Pc.
27Typical Attacks
Attack - Finding Ghosts
- Bob wishes to steal IP from Alice and claim it as
his own. - Bob will claim that the IP also contains his own
watermark.
28Typical Attacks
Attack - Finding Ghosts
- Bob has only two approaches
- Choose a set of constraints and than attempt to
find a signature that corresponds to this set. - Try a brute-force approach to find a signature
that corresponds to a set of constraints that
yields a convincing proof of authorship - Pc.
29Typical Attacks
Attack Tampering
- If Bob cannot find a convincing ghost signature,
he may decide to tamper with Alices solution. - Bob can do this by simply resolving the problem
from scratch with his own watermark encoded.
30Typical Attacks
Attack Tampering
- Nothing can be done to stop this directly.
- However, in realistic scenarios, Bob cannot
afford to redo all the phases of the design
process.
31Typical Attacks
Attack Forging
- Bob may attempt to subvert Alices watermark by
inappropriately watermarking other solutions with
Alices watermark. -
- In other words, Bob wishes to forge Alices
signature.
32Typical Attacks
Attack Forging
- Bob needs a signature that he can convince others
belongs to Alice. - However, such attacks can be easily prevented by
using a public key encryption system.
33Cryptography
- Since 1976, cryptographic techniques has evolved,
resulting in a variety of digital signature
mechanisms. - Several cryptographic techniques are directly
relevant to our design watermarking approach.
34Cryptography
- Cryptography tools are used for generating a set
of physical design constraints. - The use of cryptographic techniques ensures
cryptographically strong hiding and decorrelation
of the added signature constraints.
35Cryptography
- The tools which are used for these two tasks
- cryptographic hash function MD5.
- public-key cryptosystem RSA.
- stream cipher RC4 on which many of todays
state-of-the-art cryptographic commercial
programs are based.
36Evaluation of watermarking techniques
- Performed using placement and routing
applications. - For placement - A postprocessing flow that
encodes a signature as specified parity of the
cell row. - For routing - A preprocessing flow that encodes a
signature as upper bounds on the wrong-way wiring.
37Evaluation of watermarking techniques
- Both placement and routing watermarking
techniques are tamper-resistant. - Addressing IP protection at a lower level of
abstraction allows significantly stronger proofs
of authorship and lower overhead.
38Evaluation of watermarking techniques
The postprocessing approach is attractive for
several reasons
- It enables watermarking of already existing
designs. - It enables direct calculation of the hardware
overhead incurred by IPP. - it may be likelier to find acceptance among
designers and managers.
39IPP in system-level and physical design
- System-level and physical design are
traditionally viewed as difficult domains. - Even a small percentage variation in solution
quality can make or break a design.
40IPP in system-level and physical design
- Many performance constraints cannot be considered
satisfied until they are satisfied in the
physical design. - (For example, constraining timing budgets).
- physical design is an appropriate juncture in the
design cycle for watermarking.
41Related Physical Design Techniques
- Constraint specification receive close attention
through all phases of chip implementation,
including physical design. - Derived constraints will then arise throughout
the register transfer level (RTL) floorplanning,
block placement, and routing phases.
42Related Physical Design Techniques
The implications for watermarking in physical
design are that
- current tools do not easily support too many
extra watermarking constraints. - introduction of too many watermarking constraints
will likely degrade solution quality.
43IP Watermarking Examples
Preprocessing-Based Watermarking Applied to
System-Level Design Steps
- Allocating minimal cache structures and
optimizing code for effective cache utilization. - The problem of minimizing cache misses is
equivalent to finding a solution to graph
coloring.
44IP Watermarking Examples
Preprocessing-Based Watermarking Applied to
System-Level Design Steps
- Adding edges to the graph according to some
encrypted signature of the author. - The signature will be embedded in the activation
path which transfers data between two levels of
hierarchy.
45IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design
- Manipulating unused portions of the configuration
bitstream. - The watermark is inserted into the control bits
for unused outputs from configurable logic blocks
(CLBs).
46IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design
- This approach can be implemented through
preprocessing, iterative, or post processing
techniques. - The disadvantage of this approach is that the
watermark is not embedded in the functional part
of the design.
47IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design
48IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design
- The number of configuration bits associated
with a multiplexer is equal to the number of
required control bits. - one and two watermark bits can be inserted at
each unused two-to-one and four-to-one
multiplexer, respectively.
49IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design
The numbers calculated here are for an even
number of unused combinatorial and sequential
outputs.
50IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design
- The process in this approach
- is an entirely postprocessing step.
- requires very little added design effort.
- can store large watermarks.
- allows for easy mark extraction.
- has no overhead.
51Physical Design Flow with Watermarking
- Placement
- An existing tool can be modified to offer
watermarking capability. - A concrete design flow can be used to evaluate
the strength of watermarks and their resistance
to tampering.
52Physical Design Flow with Watermarking
53Physical Design Flow with Watermarking
- We make the following observations
- This approach is absolutely equivalent to what
might be implemented in a modification of the
actual commercial tool. - 2) Begin with a high-quality solution and
retrospectively impose constraints. - 3) The final list of core cells is a well
defined concept in all existing design flows
54Physical Design Flow with Watermarking
Routing
55Physical Design Flow with Watermarking
- Evaluation of Signature Strength
- Each constraint involves some random choice,
e.g., choosing a random cell or signal net. - The choices may occur either with or without
replacement. - If there is replacement, then constraints
will be independent of each other.
56Physical Design Flow with Watermarking
- Evaluation of Signature Strength
- As long as the constraints are either independent
or nearly so, the probability Pc can be computed
by a simple binomial. - When constraints are not independent, the exact
value of may not be expressible.
57Physical Design Flow with Watermarking
- Resistance to Tampering Attacks
- Another way to evaluate the strength of a given
watermark is to assess its resistance to attacks. - In these scenarios, the attacker is trying to
erase the watermark by small layout perturbations
58Physical Design Flow with Watermarking
- Resistance to Tampering Attacks - Placement
- Assumptions
-
- The attacker has access only to an
incremental (legalizing) placement
tool such as QPlace ECO mode . - The watermarking scheme is unknown to the
attacker. - original design constraints are retained.
59Physical Design Flow with Watermarking
- Resistance to Tampering Attacks - Placement
- Attack
-
- Select N random pairs of cells and swap the
locations of each cell pair. - run the legalizing placer to legalize the design
(continue with routing, etc.).
Results The quality drops faster than the
signature strength
60Physical Design Flow with Watermarking
- Resistance to Tampering Attacks - Routing
- a)Assumptions
-
- The attacker has access only to incremental
(single-net) auto-routing. - The watermarking scheme is unknown to the
attacker. - original design constraints are retained
61Physical Design Flow with Watermarking
- Resistance to Tampering Attacks - Routing
- Attack
-
Select N random nets, then reroute these nets
with only the original design constraints (if
any).
Results The cost is similar to the cost of redo
from scratch
62Experimental Results
- The authors applied their proposed physical
design watermarking protocols to seven industry
test cases, five in placement and two in routing.
63Experimental Results
- Watermark Strength - Pc
- total wirelength
- total number of vias
- percentage of overcongested global routing
cells - CPU time in (mm ss) required by the router.
64Experimental Results
65Experimental Results
- They have also performed an experiment with a
timing-driven design flow to check the effect of
their watermarking technique on timing.
66Experimental Results
- They have also performed routing experiments
67Experimental Results
- Calculating Pc values can vary as varies from 0.2
to 0.4.
fine-tuning of Pc could potentially improve our
results.
68Experimental Results
- watermarked layout of test case sc1 (56 watermark
nets)
nonwatermarked layout of the same design.
69Conclusion
- Motivations for watermarking-based protection of
hardware and software design IP . - Stages of the design process .
- Watermarking protection requirements against
attacks . - Problem formulations from several domains
70constraint-based watermarking appears to have
significant role in protecting IP and support
design reuse.
The End
- Andrew B. Kahng, John Lach, Member, IEEE,
- William. H. Mangione-Smith, Member, IEEE,
- Stefanus Mantik, Student Member, IEEE,
- Igor L. Markov, Miodrag Potkonjak, Member, IEEE,
- Paul Tucker, Huijuan Wang, and Gregory Wolfe