Constraint-Based Watermarking Techniques for Design IP Protection

1
Constraint-Based Watermarking Techniques for
Design IP Protection

• Presented by Yaniv Sabo

2
Introduction

• The advance of processing technology has led to a
  rapid increase in design complexity.
• Digital system designs are the product of
  valuable effort and know-how.
• Their embodiments represent carefully guarded
  intellectual property (IP).

3
Introduction

• Embracing reuse-based design methodologies.
• IP reuse requires new mechanisms to protect the
  rights of IP producers and owners.

4
Watermarking

• IP design watermark
• An invisible identification code that is
• Nearly invisible to human and machine
  inspection.
• Difficult to remove.
• permanently embedded as an integral part within a
  design.

5
watermarking

• A number of techniques have been proposed for
  data hiding in image, video, text, and audio
  data.
• The majority of these exploit imperfections of
  the human visual and auditory systems.

6
watermarking

• The artifact is changed, but the human senses
  cannot perceive the change.
• When discussing Design IP, the watermarked IP
  must remain functionally correct.

7
Watermarking Designs

• Maintenance of functional correctness.
• Transparency to existing design flows.
• Minimal overhead cost.
• Enforceability.

8
Watermarking principles

• Flexibility in providing a spectrum of protection
  levels.
• Persistence.
• Invisibility.
• Proportional component protection.

9
Strategy for Constraint-Based IPP

• mapping an authors signature into a set of
  constraints.
• If disproportionately many of these constraints
  are satisfied, the presence of the signature is
  indicated.
• Choosing the type of constraints and the tactic
  can dramatically affect the strength of the
  watermark.

10
Selection of Constraints

• Watermarked solutions must not be inferior to
  average solutions.
• Otherwise, such a watermark will be too costly
  to use.

11
A Motivating Example 3SAT

• SAT - a classical NP-complete constraint-satisfact
  ion problem.
• Instance A finite set of variables U and a
  collection C C1,C2,,Cm of clauses over U.
• Question Is there a truth assignment U that
  satisfies all the clauses in C ?

12
A Motivating Example 3SAT

• For example
• U U1,U2 and
• C U1,U2,U1,U1,U2
• A satisfying truth assignment is
• t(U1)F and t(2)T.

13
A Motivating Example 3SAT

• On the other hand,
• if we have the collection
• C U1,U2,U1,U2,U1,
• the answer is negative.

14
A Motivating Example 3SAT

• Problems from many application domains have been
  modeled as SAT instances.
• In VLSI, SAT formulations have been used in
  testing, logic synthesis, and physical design .

15
Watermarking of SAT solution

• Assume the 3SAT restriction of the problem, where
  each clause has exactly three variables.
• Consider the following 3SAT instance

16
Watermarking of SAT solution
Our goal is to alter the given 3SAT instance such
that

1. Any satisfying assignment to the modified
   instance is a solution to the original instance.
2. both the modified instance and the solution
   contain a unique identification of the author.

17
Watermarking of SAT solution

• The given 3SAT instance has 556 different
  satisfying assignments.
• The likelihood of someone else generating such a
  solution by chance is 2 to 556, or 0.00496.

18
Nonintrusive Watermarking

• Methods that can be transparently integrated
  within existing design flows via preprocessing or
  postprocessing.

19
Nonintrusive Watermarking
The context for a nonintrusive watermarking
procedure

1. An optimization problem with known difficult
   complexity.
2. A well-defined interpretation of the solutions of
   the optimization problem as IP.

20
Nonintrusive Watermarking

• Existing algorithms and/or off-the-shelf software
  that solve the optimization problem.
• 4. Protection requirements

1. removing or forging a watermark must be
   as hard as recreating the design.
2. tampering with a watermark must
   be provable in court.

21
Alice and Bob scenarios

• Alice uses watermarking to protect some IP.
• Bob will attempt to subvert her protection.

22
Alice and Bob scenario 1
Generic Watermarking Procedure

• Alice wishes to protect some IP that involves
  many stages of processing.
• Alice watermarks each stage by selecting a set of
  constraints.

23
Proof of Authorship

• A watermarks proof of authorship is expressed as
  a single value Pc.
• We wish this probability to be convincingly low.
• When we cannot compute Pc exactly, it is
  acceptable to overestimate it.

24
Proof of Authorship

• p - probability of satisfying a single
  random constraint by
  coincidence.
• c - number of imposed constraints.
• b - number of these constraints that
  were not satisfied.
• x - a random variable that represents how many
  of the c constraints were not satisfied.

25
Proof of Authorship

• Pc can be computed as a sum of binomials

26
Alice and Bob scenario 2
Generic Signature Verification Procedure

• Alices solution must satisfy a disproportionate
  number of her watermarking constraints.
• By calculating Pc - Alice can verify that her
  signature is present.
• A strong proof of authorship corresponds to a low
  value for Pc.

27
Typical Attacks
Attack - Finding Ghosts

• Bob wishes to steal IP from Alice and claim it as
  his own.
• Bob will claim that the IP also contains his own
  watermark.

28
Typical Attacks
Attack - Finding Ghosts

• Bob has only two approaches
• Choose a set of constraints and than attempt to
  find a signature that corresponds to this set.
• Try a brute-force approach to find a signature
  that corresponds to a set of constraints that
  yields a convincing proof of authorship - Pc.

29
Typical Attacks
Attack Tampering

• If Bob cannot find a convincing ghost signature,
  he may decide to tamper with Alices solution.
• Bob can do this by simply resolving the problem
  from scratch with his own watermark encoded.

30
Typical Attacks
Attack Tampering

• Nothing can be done to stop this directly.
• However, in realistic scenarios, Bob cannot
  afford to redo all the phases of the design
  process.

31
Typical Attacks
Attack Forging

• Bob may attempt to subvert Alices watermark by
  inappropriately watermarking other solutions with
  Alices watermark.
• In other words, Bob wishes to forge Alices
  signature.

32
Typical Attacks
Attack Forging

• Bob needs a signature that he can convince others
  belongs to Alice.
• However, such attacks can be easily prevented by
  using a public key encryption system.

33
Cryptography

• Since 1976, cryptographic techniques has evolved,
  resulting in a variety of digital signature
  mechanisms.
• Several cryptographic techniques are directly
  relevant to our design watermarking approach.

34
Cryptography

• Cryptography tools are used for generating a set
  of physical design constraints.
• The use of cryptographic techniques ensures
  cryptographically strong hiding and decorrelation
  of the added signature constraints.

35
Cryptography

• The tools which are used for these two tasks
• cryptographic hash function MD5.
• public-key cryptosystem RSA.
• stream cipher RC4 on which many of todays
  state-of-the-art cryptographic commercial
  programs are based.

36
Evaluation of watermarking techniques

• Performed using placement and routing
  applications.
• For placement - A postprocessing flow that
  encodes a signature as specified parity of the
  cell row.
• For routing - A preprocessing flow that encodes a
  signature as upper bounds on the wrong-way wiring.

37
Evaluation of watermarking techniques

• Both placement and routing watermarking
  techniques are tamper-resistant.
• Addressing IP protection at a lower level of
  abstraction allows significantly stronger proofs
  of authorship and lower overhead.

38
Evaluation of watermarking techniques
The postprocessing approach is attractive for
several reasons

1. It enables watermarking of already existing
   designs.
2. It enables direct calculation of the hardware
   overhead incurred by IPP.
3. it may be likelier to find acceptance among
   designers and managers.

39
IPP in system-level and physical design

• System-level and physical design are
  traditionally viewed as difficult domains.
• Even a small percentage variation in solution
  quality can make or break a design.

40
IPP in system-level and physical design

• Many performance constraints cannot be considered
  satisfied until they are satisfied in the
  physical design.
• (For example, constraining timing budgets).
• physical design is an appropriate juncture in the
  design cycle for watermarking.

41
Related Physical Design Techniques

• Constraint specification receive close attention
  through all phases of chip implementation,
  including physical design.
• Derived constraints will then arise throughout
  the register transfer level (RTL) floorplanning,
  block placement, and routing phases.

42
Related Physical Design Techniques
The implications for watermarking in physical
design are that

1. current tools do not easily support too many
   extra watermarking constraints.
2. introduction of too many watermarking constraints
   will likely degrade solution quality.

43
IP Watermarking Examples
Preprocessing-Based Watermarking Applied to
System-Level Design Steps

• Allocating minimal cache structures and
  optimizing code for effective cache utilization.
• The problem of minimizing cache misses is
  equivalent to finding a solution to graph
  coloring.

44
IP Watermarking Examples
Preprocessing-Based Watermarking Applied to
System-Level Design Steps

• Adding edges to the graph according to some
  encrypted signature of the author.
• The signature will be embedded in the activation
  path which transfers data between two levels of
  hierarchy.

45
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design

• Manipulating unused portions of the configuration
  bitstream.
• The watermark is inserted into the control bits
  for unused outputs from configurable logic blocks
  (CLBs).

46
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design

• This approach can be implemented through
  preprocessing, iterative, or post processing
  techniques.
• The disadvantage of this approach is that the
  watermark is not embedded in the functional part
  of the design.

47
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design
48
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design

• The number of configuration bits associated
  with a multiplexer is equal to the number of
  required control bits.
• one and two watermark bits can be inserted at
  each unused two-to-one and four-to-one
  multiplexer, respectively.

49
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design
The numbers calculated here are for an even
number of unused combinatorial and sequential
outputs.
50
IP Watermarking Examples
Postprocessing in Physical-Level FPGA Design

• The process in this approach
• is an entirely postprocessing step.
• requires very little added design effort.
• can store large watermarks.
• allows for easy mark extraction.
• has no overhead.

51
Physical Design Flow with Watermarking

• Placement
• An existing tool can be modified to offer
  watermarking capability.
• A concrete design flow can be used to evaluate
  the strength of watermarks and their resistance
  to tampering.

52
Physical Design Flow with Watermarking
53
Physical Design Flow with Watermarking

• We make the following observations
• This approach is absolutely equivalent to what
  might be implemented in a modification of the
  actual commercial tool.
• 2) Begin with a high-quality solution and
  retrospectively impose constraints.
• 3) The final list of core cells is a well
  defined concept in all existing design flows

54
Physical Design Flow with Watermarking
Routing
55
Physical Design Flow with Watermarking

• Evaluation of Signature Strength
• Each constraint involves some random choice,
  e.g., choosing a random cell or signal net.
• The choices may occur either with or without
  replacement.
• If there is replacement, then constraints
  will be independent of each other.

56
Physical Design Flow with Watermarking

• Evaluation of Signature Strength
• As long as the constraints are either independent
  or nearly so, the probability Pc can be computed
  by a simple binomial.
• When constraints are not independent, the exact
  value of may not be expressible.

57
Physical Design Flow with Watermarking

• Resistance to Tampering Attacks
• Another way to evaluate the strength of a given
  watermark is to assess its resistance to attacks.
• In these scenarios, the attacker is trying to
  erase the watermark by small layout perturbations

58
Physical Design Flow with Watermarking

• Resistance to Tampering Attacks - Placement
• Assumptions

1. The attacker has access only to an
   incremental (legalizing) placement
   tool such as QPlace ECO mode .
2. The watermarking scheme is unknown to the
   attacker.
3. original design constraints are retained.

59
Physical Design Flow with Watermarking

• Resistance to Tampering Attacks - Placement
• Attack

1. Select N random pairs of cells and swap the
   locations of each cell pair.
2. run the legalizing placer to legalize the design
   (continue with routing, etc.).

Results The quality drops faster than the
signature strength
60
Physical Design Flow with Watermarking

• Resistance to Tampering Attacks - Routing
• a)Assumptions

1. The attacker has access only to incremental
   (single-net) auto-routing.
2. The watermarking scheme is unknown to the
   attacker.
3. original design constraints are retained

61
Physical Design Flow with Watermarking

• Resistance to Tampering Attacks - Routing
• Attack

Select N random nets, then reroute these nets
with only the original design constraints (if
any).
Results The cost is similar to the cost of redo
from scratch
62
Experimental Results

• The authors applied their proposed physical
  design watermarking protocols to seven industry
  test cases, five in placement and two in routing.

63
Experimental Results

• Watermark Strength - Pc
• total wirelength
• total number of vias
• percentage of overcongested global routing
  cells
• CPU time in (mm ss) required by the router.

64
Experimental Results
65
Experimental Results

• They have also performed an experiment with a
  timing-driven design flow to check the effect of
  their watermarking technique on timing.

66
Experimental Results

• They have also performed routing experiments

67
Experimental Results

• Calculating Pc values can vary as varies from 0.2
  to 0.4.

fine-tuning of Pc could potentially improve our
results.
68
Experimental Results

• watermarked layout of test case sc1 (56 watermark
  nets)

nonwatermarked layout of the same design.
69
Conclusion

• Motivations for watermarking-based protection of
  hardware and software design IP .
• Stages of the design process .
• Watermarking protection requirements against
  attacks .
• Problem formulations from several domains

70
constraint-based watermarking appears to have
significant role in protecting IP and support
design reuse.
The End

• Andrew B. Kahng, John Lach, Member, IEEE,
• William. H. Mangione-Smith, Member, IEEE,
• Stefanus Mantik, Student Member, IEEE,
• Igor L. Markov, Miodrag Potkonjak, Member, IEEE,
• Paul Tucker, Huijuan Wang, and Gregory Wolfe