J. Inst. Eng. India Ser.

B (August 2024) 105(4):1073–1087

[Link]

REVIEW PAPER

A Survey on Logic‑Locking Characteristics and Attacks

Karthik Subbiah1 · Sujatha Chinnathevar2

Received: 25 February 2023 / Accepted: 5 February 2024 / Published online: 7 March 2024
© The Institution of Engineers (India) 2024

Abstract Integrated circuits (ICs) are ubiquitous and a Keywords Logic-locking · Attacks · Anti-SAT ·
crucial component of electronic systems, from satellites and Resilience · IP · LUT
military hardware to consumer devices and cell phones. The
computing system’s foundation of trust is the IC. Most semi-
conductor businesses are shifting to fabless manufacturing Introduction
and outsourcing to foundries worldwide as integrated circuit
feature sizes continue to decrease. That puts the design busi- Electronics producers need a mechanism to hide designs
ness at risk for several things, such as unauthorized over- from unreliable foundries in the era of global supply chains.
production, resale on the black market, and illegal copy- Because it makes financial sense to use foreign foundries,
ing brought on by intellectual property theft. Logic locks many design firms have shifted to outsourcing integrated
offer one solution in which the chip’s actual functioning is circuit (IC) manufacture. Less privacy and security is the
“locked” with a key only known to the inventor. The design cost. Using these unreliable foundries has resulted in numer-
will only function as intended if specific keys are pressed. ous security problems, including unauthorized replication,
Unlocking overproduced chips should be impossible for sup- copying, and overproduction of integrated circuits. Attackers
ply chain attackers since designers open them after manufac- may be able to obtain private data from ICs due to security
turing them. Logical locks against the risk of overproduction holes in these systems. At this point, ICs are susceptible
are the main subject of this research. We examine current to logical attacks, physical modulation, and Trojan horses.
locking systems, define features based on crucial processing, Researchers have been forced to create security features for
and identify commonalities and discrepancies between the their circuits to counter these attacks.
employed attacker models. This research paper is intended Hardware obfuscation involves concealing an IC’s func-
to assist scientists, IP distributors, and SoC developers in tionality and structure to keep an attacker from accessing
rapidly investigating and comprehending the most recent it [1]. Several hardware obfuscation techniques have been
technologies that should be considered and analyzed for developed to hide IC functionality. Research on logic locks
additional research on logic-locking techniques. has become a race to create ever-more-specialized SAT-
based attacks and remedies in recent years. Despite SAT’s
durability, this narrow focus led to a seriously defective
design, making possible other, more straightforward attacks
* Karthik Subbiah [2].
sndecekarthik@[Link] The goal is to stop unauthorized users from using your
Sujatha Chinnathevar IC/IP to counter this threat. Since ICs that are not usable
csujatha1976@[Link] cannot be sold on the black market, foundries have nothing
1
Electronics and Communication Engineering, SSM Institute to gain from overproducing them. The same considerations
of Engineering and Technology, Dindigul, Tamilnadu, India apply to SoC designers who wish to use the IP beyond what
2
Computer Science and Engineering, SSM Institute the manufacturer will allow them to use for needed fees.
of Engineering and Technology, Dindigul, Tamilnadu, India

13
Vol.:(0123456789)
1074 J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087

Intellectual Property (IP) theft, reversing engineering, lockable circuit are controlled by the logical locking mys-
forgery, and firmware Trojans have all been linked to the tery, called the key, that is only understood by authorized
use of sensitive data in the current Integrated Circuit sup- or believed organizations, like IP shareholders or earliest
ply chain [1, 2]. There are therefore numerous defenses in parts suppliers. The designer can unleash the circuit by
use, such as IC measuring [3], divide manufacturing [4], packing the appropriate key. Lock and Key methodology
camouflage [5], and logical locking [6]. A product can be [14–16] became the first place where the idea of getting
protected from all members of chain that are not trustworthy locked a circuit to stop bad or unauthorized action was
by logical locking [6, 7]. brought up.
A number of factors have led to a radical shift in the A key-oriented approach has indeed been established for
advanced computer chip supply chain, including ever- this methodology to create programmable macros (unpre-
increasing overheads of Silicon chips, the massive routine dictability) to the DFT-subchains during an unauthorized
amount of ICs’ inspection and maintenance, combative visit of the user. Programmability is added to other design
period and expedited IC supply chain flow, interference portions, such as combinatorial components [17], consecu-
with various third party IP rights (IP) vendors, and becom- tive components (non-DFT) [18], and furthermore para-
ing a main predecessor in the technology sector. Growth metric aspects of the layout (non-Boolean) [19]. Mentor
has forced IC supply chain’s longitudinal model into an Graphics Trust Chain framework and the latest Defense
ever usage across time. To create a globally dispersed sup- Advanced Research Projects Agency (DARPA) project on
ply chain for integrated circuits, the design, manufacture, Automatic Implementation of Secure Silicon (AISS) [20,
inspection, packaging, and installation of ICs are handled 21] are examples of logical locking methods presently being
by distinct companies. studied across both learning environments and the micropro-
With chips demand, outstripping traditional fabrication cessor enterprises.
capacity due to shortages caused by the post-pandemic mar-
kets, it is becoming increasingly difficult to remain market-
able [8]. As an outcome, leading contractual chip manufac- Contributions
turers such as TSMC, SMIC, and UMC have seen their stock
prices rise. Users will encounter a much more hazardous IC The first part of the planned study looks into how logical
layout, deployment, production, and inspection by Original locks have changed over the last ten years regarding security
Equipment Manufacturers (OEMs) in order to grab the mar- and susceptibility. The outcomes of obfuscation and logic-
kets due to unprecedented need. Therefore, OEMs and IP locking techniques are within our control. After that, each
providers suffer a severe decline in the authority to regulate attack and defense is categorized and examined separately
and supervise the supply chain, as lesser steps are applied using all predetermined traits and indications.
by OEMs to satisfy customer needs.
Even though the globalization of IC supply chain has its
benefits, when there are numerous enterprises in the supply Motivation
chain that do not really trust each other and do not have
trustworthy surveillance, authentic makers and IP vendors Countermeasures like logic locks have been suggested to
will have much less power in the market. This will lead to guarantee subpar player design throughout the production
many circuits’ cyber threats, such as IP theft, oversupply of process. Adding a locking mechanism to the circuit to cause
ICs, and forgeries [9, 10]. an error output each time an invalid key is present is the
Throughout the studies, different design-for-trust proce- idea behind a logic lock. The only person with the key to
dures were looked into to deal with all risks that come with unlock the intellectual property (IP) should be the IP rights
longitudinal IC supply chain’s. Past to current design-for- holder. As a result, the malicious object lacks the private
trust strategies include: watermarking, IC monitoring, IC key required to open the integrated circuit fraudulently, but
disguising, and equipment obscuration [11–14]. Compared it does possess all the information needed to construct the
to all design-for-trust approaches, logical locking has risen course. Similarly, a locked design is the outcome of broad
in popularity as an assertive measure to safeguard intel- reverse engineering. That implies the original IP may be
lectual property (IP) in latest days. This has caused a huge obscured, depending on the strategy.
number of studies considerably over the past twenty years For this reason, logical locks are thought to provide uni-
on creating a wide range of strong remedies at various versal protection against unauthorized copying of logical
granularities. Logical locking made IP or IC designers, and physical attributes (IP theft and overproduction/coun-
make models that can only be changed in specific areas terfeiting). We discuss logic-locking techniques and assaults
after manufacturing. This hides the fundamental fea- in this work. Various evaluation indicators are used to make
tures underneath a sea of choices. The capabilities of the comparisons.

13
J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087 1075

Short Summary on Logical Locking to include latching circuits (X(N)OR and inverter gates, in
this example). Calculation errors may result from bits in the
IP owners are privy to an encryption key that is used to con- signal flipping due to incorrect vital bits.
nect the required functioning of chip design to the exact IP. Using defect simulation techniques to model the effect
By doing this, the original utility and the design’s architec- of faulty keys on overall functionality is a similar notion
ture are kept secret as they transit via the hands of outside [19]. The lock circuit’s position may determine whether
design firms and foundries. It has been quite a year since the flaw spreads to the output. Consequently, pinpointing
key-recovery techniques, such as the Boolean satisfiability your design’s “defect impact” regions can be helpful. This
(SAT) attack, were used to comprehensively analyze the method is frequently employed to maximize different lock-
security features of logical locking. As a result, pre-SAT ing schemes [20, 21]. The authors of [22] suggested Strong
and post-SAT logical methods have been established. For Logical Locking (SLL). Including a locking circuit lessens
example, randomized XOR/XNOR key-based gate inserts the complexity of indiscriminate allocation attacks by pre-
[17], countering the route attack [22], and maximizing out- venting the critical bits from being deduced from the IC
put distortion for wrong keystrokes [18] have all been pri- output.
orities in pre-SAT systems. SAT-based assaults have altered
the design requirements for SAT-resilience, leading to a new ML‑Based Attacks
wave of systems like SARLock [23], SFLL [19], AntiSAT
[19], CASLock [16], and others [24]. SAIL With resynthesis, this attack disseminates an ML algo-
Defensive measures for logical locking have been consid- rithm that predicts the correct critical values by looking
ered a leading defense over IP theft and oversupply of ICs. It for local logical structures in the target netlist. Only logi-
is important to note that white-hat scientists have been devel- cal locks based on XOR/XNOR are targeted by this attack.
oping assaults on logical gating termed as logical de-obfus- Consequently, the episode concentrates on two leakage
cation techniques. Identifying poor and powerful defenses sites in the lock flow: (i) deterministic structural alterations
enables scientists to identify current remedies’ limitations brought about by logic synthesis surrounding the netlist
as well as the necessity of additional studies on this subject. gates impacted by the key and (ii) locks that are based on
As a result, various studies have explored logical locking for XOR/XNOR (key bits 0 employing the XOR) functionality.
almost a decade from both a defense and an attacking stand- XNOR of bit 1 in the key.
point. As an outcome, both the assaults and responses evolve SnapShot After lock-in resynthesis, this attack uses neu-
in complexity. As days pass, new cutting-edge techniques, roevolution techniques to create an appropriate neural net-
such as failure evaluation machinery, advanced analytics, work automatically and predict precise fundamental values
and deeper adversary invasion into trustable amenities, all straight from the target netlist. This attack uses structural
demonstrate that the logical locking preventive actions are alterations by locking systems to identify correlations and
not quite as advanced as what they committed from a theo- key-driven structural patterns. SnapShot uses an end-to-end
retical viewpoint [25–27], Logical locking’s evolution in the machine learning method in contrast to SAIL. This approach
last years on the defensive and offensive sides is one and has the advantage of working with all locking cases and
foremost examined in this research study. A number of fac- doing away with the requirement to learn particular trans-
tors will be considered while determining the characteristics formation rules for the logic synthesis process.
and properties of logical locking and de-obfuscation threats. Figure 1 illustrates the stages implicated with in design
Next, we will organize all of our defenses and assaults into of modern ICs, wherein multiple agencies would be involved
categories and assess each one individually depending on all side to side in the procedure of IC production, and by export-
of our previously established traits and criteria. This study ing which can only be committed at varying phases, the
serves to define the evolution of logical locking and new OEMs get the least valuable type of authority to their pos-
paths by presenting a highly complete analysis of distinct sessions (the circuitry), which leads in presenting these con-
categories, on both defensive and offensive sides. tractual and primarily outsourcing agencies as the untrusted
one. Figure 2 shows that the operation of an IC could be
reverse-engineered by any depiction of the IC, along with
Background an integrated approach, a fully synthesized netlist, a design,
a packed IC, or an IC undergoing test, in the case of hos-
Locking Schemes with a Global Internal Key tile or untrustworthy actors. Often known to as physically
reverse-engineering, the most difficult but viable kind of cir-
Global internal keys are preferred by most locking tech- cuit rebuilding is carried out by hostile customers. Effective
niques. “EPIC” was the original logical locking technique reverse-engineering officially put hostile (untrusted) parties
[6, 10]. Here, the combinational logic is altered randomly to acquire IP/design illegally and manufacture or reuse it.

13
1076 J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087

Fig. 1  IC design workflow

Design-for-trust methods, as portrayed in Fig. 2, can be untrustworthy, fabricates the lower metal items, such as
classified into three broad subgroups: (1) IC camouflaging the transistors, while the higher metal items, such as the
[13, 28–31], (2) split fabrication [32–35], and (3) logic lock- rear end, are made at the trustworthy low-end casting of the
ing [16, 17, 22, 36, 37]. IC camouflage and split fabrica- design company. The untrusted factory’s security risks are
tion can be applied to a portion of these dangers because reduced as a result of this protective measure. The patented
of the likelihood of reverse engineering at distinct stacks. software cannot be protected against hostile end users and
Examples of IC camouflage include the use of highly struc- data theft using this manner. It is still ineffective. A preven-
turally identical gates with various functionalities. Reverse tative hardware-for-trust strategy known as logical locking
engineering operations by a foundry are unaffected because can guard against all of the originally stated dangers in the
a foundry has accessibility to all disguising tiers and there- IC distribution chain if done correctly.
fore is not hindered by physical uncertainty from logically It is shown in Table 1 that various abstractions of logical
extracting a configuration. Rather, it is only useful against locking have varied specifications. The development effort
post-manufacturing efforts (by the malevolent end-user). is generally reduced when switching from design to RTL
When using split fabrication, a higher-end factory that is or HLS tier. A logical-locking preventative measure was

13
J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087 1077

Fig. 2  Various threats during IC design workflow

Table 1  Various abstractions of logical locking (HD) in both the wrong or right output is generally used
Circuitry Overhead Effort on
to evaluate output distortion [63]. The most ideal distance
Implementa- measure is 50 percent of the normal distance. Corruption
tion will vary depending on the placement and architecture of
key-based XOR/MUX/LUTs used for locking reasons, as
Design Level Near to 0 Higher
well as the number of key-based XORs/MUXs/LUTs in use.
Transistor area Low Higher
Corruptibility has a direct impact on the resistance to cur-
Logic Gate area Variant Moderate
rent assaults on the remedies. A low level of corruptibility
RTL-based Medium-higher Lower
enables an opponent to target only those main outputs’ that
Higher level Medium-higher Lower
are impacted or those input sequences that result in corrupt
outputs. The corruptibility must be sufficient to prevent these
flaws in well-designed logical locking countermeasures.
simpler to develop at a lower degree of complexity. A por- As shown in Fig. 4, the key to unlocking logic locks
tion of internal vulnerabilities can also be protected by going should be supplied to the circuitry to function normally
to an abstract level (like RTL and HLS). There are currently again. When fabricating a TPM, it is necessary to perform
more than a 90 percent of extant lock mechanisms deployed the logical locking key activation at a reputable facility.
in the gate-level circuit, typically as a post-synthesis step on Since the key is launched by the key managerial facilities
the synthesized gate-level template; however, we will illus- surrounding logical locking, the key itself is not a factor in
trate that RTL/HLS logical locking is among the prominent this process. Temporary registers linked to a sealed circuit
and frequently contemporary trends in lock design. should be reviewed and packed with TPM material before it
The corruptibility of the outputs’ is a critical characteris- can be powered up (Fig. 3).
tic of logical locking approaches. While logical locking is in
effect, output corruptibility is a particularly effective means Problem Formulation
of concealing the architecture’s function. Corruptibility indi-
cates that the best output will be damaged if an erroneous An answer to the trust problems arising from international-
key is supplied to a sealed circuit (1) for how many output ized IC supply chains is Logic Lock. Designing and manu-
and input patterns the key is wrong. The hamming distance facturing integrated circuits involves multiple companies,

13
1078 J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087

Fig. 3  Logical Locking a

Original Circuitry, b XOR gate
Locking where correct key
k0 = 0, c MUX gate Locking
where correct key k0 = 0, d
LUT gate locking where correct
key (k0-3 = 0001)

Fig.4  Techniques in logical locking

which can result in intellectual property theft, overpro- our current trust problems. Unauthorized parties should
duction, counterfeiting, and unlawful copying. Problems not be able to access the IC that implements the logic lock
with trust such as this might eventually cost IC designers as long as the keys are safe and distribution is managed.
millions of dollars in lost revenue and necessitate numer- That is, if the key to a specific IC is unknown. The two
ous fixes. Logic locks, which effectively restrict a circuit’s main areas of logic lock research are creating novel attack
operation to the key’s owner, offer a possible remedy for

13
J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087 1079

techniques for logic lock circuits and new implementation irrespective of the logical locking method employed in the
mechanisms and strategies for critical gates. circuitry.
This paper seeks to further progress in hardware security Hackers can examine and bypass logical locking schemes
and logic locks by evaluating novel attacks against logic because of the existence of a design-for-testability (DFT)
locks, strength testing, and analysis of their advantages and framework, such as the scan chain layout, in ICs. Since the
disadvantages. scan chain is accessible, many assaults on logical locking
presume this. As a result of scan chain accessibility, an
attacker can break down the deobfuscation challenge into
Logical Locking Attacks Modeling a set of simple sub-problems. The scan chain, on the other
and Assumptions hand, is frequently restricted for safety reasons by various
deobfuscation techniques that have explored and proved the
On basis of the assault scenarios and hypotheses tested potential of getting the right functionality of the closed cir-
in de-obfuscation assaults on logical locking, the assaults cuitry via main IOs even when entry to the scan chain is not
might be classified into various categories. As from perspec- accessible.
tive of a malevolent end user, certain assaults need acces- Moreover, the attacker at the factory may be capable of
sibility to an extra active variant of the produced circuitry. loading and controlling GDSII to implant hardware Malware
This class of assaults may be called oracle-guided assaults. for various objectives, like key spillage via primary output
Alternatively, assaults that do not require reference to oracle after startup. The process of adding covert Malware in the
are known as oracle-less assaults. However over past gen- logical locking circuits will allow the attacker to (i) deacti-
eration, the majority of assaults have been oracle-guided. vate the testing ability or (ii) obtain the logical locking secret
Nevertheless, in numerous actual situations, the opponent key via primary output. As a result, the potential to insert
cannot acquire one more active chip, so it is difficult to meet hardware Malware while logical locking is really in place
this criterion. Therefore, the opponent is limited to oracle- while remaining undetectable by Trojan scanners might be
less assault types. one of the adversarial abilities that need careful attention
Deobfuscation assaults are obtrusive. They need chip’s by developers.
configuration. Getting the chip’s configuration at distinct
steps of the IC supply chain is shown in Fig. 2. Criminal
enduser as opponent can acquire produced IC from mar- Preventing Measures by Logical Locking
ket and recreates configuration by practical reverse-engi-
neering. Basic stages of practical reverse-engineering Since 2008, a slew of logical locking approaches was
include depackaging, downsizing, scanning, metal stages reported in various studies, each claiming to suggest a decent
image analysis, and reassemble netlist. As the secret key safeguard to current deobfuscation assaults. Figure 4 depicts
is kept in TPM, this would be cleaned out at depackaging, a top-down view of the most prominent logical locking strat-
locking the configuration. egies that have been discussed thus far. Irrespective of previ-
In other circumstances, the reverse-engineered configu- ous cyberattacks, we shall outline the key specifications of
ration is sealed with no (right) key. Another instance is, if every logical locking group in this part.
the opponent is at the factory and receives the GDSII with-
out the right key from the design firm (locked). However,
no delayering or actual invasion is necessary, GDSII must Primitive Logical Locking
be accessible and reviewed for netlist collection, making it
a weakly intrusive paradigm. Even though the enemy is a In Table 2, Primitive approaches, such as EPIC formerly the.
scoundrel employee, it is not necessary to share the key for randomized logical locking (RLL) [17], strong logical lock
integrating, synthesizing, floor planning, etc., proving that (SLL) [22], and fault-based logical-locking (FLL) [17], are
the produced layout is accessible without a key. the earliest category of defenses on combinatorial circuit. As
Non-destructive and semi-destructive deobfuscation instance, in RLL, XOR-related key gating would be placed
assaults are rarer than invasive assaults, although they are at a certain randomly chosen locations with in circuitry, like
nonetheless possible. Optics, like electro-optical probing the term suggests. Most primitive approaches are performed
(EOP) and electro-optical frequency control, are used by at the circuit area and yet are dependent on XOR. In SLL and
the opponent in these assaults (EOFM). In these assaults, FLL, a few characteristics of automated pattern generation
the gates and switches of the hidden circuitry are targeted (ATPG) devices and trialability spec, like effectiveness and
and probed. Therefore, this collection of assaults, which will flaws spreading, had also been utilized to pick the position
be detailed in the study, could pose a significant risk to the of XOR-based key circuits, because a sealed circuitry initi-
disclosure of security resources like logical locking keys, ated with an inaccurate key distorts the primary output by

13
1080 J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087

Table 2  Primitive logical techniques specifications

Logical Locking Operation Inference

Randomized Logical Locking [17] Key inserted at random positions at XOR gate Assuming that test patterns have been established
under key constraint for maximum fault coverage,
the goal of this study is to solve circuit equations
in a way that key bits result in the maximum fault
coverage
Fault-based Logical Locking [38] Key inserted at lower evaluation positions at XOR This method guards against erroneous keys corrupt-
gate ing the output. IC testing creates logic encryption
technology based on defect analysis and connects
logic encryption to fault propagation analysis
Strong Logical Locking [22] Key inserted at interference level This technique is intended to address vulnerabilities
and enable an attacker to enter keys exponentially
more frequently

promulgating mistakes at main outputs. Table 1 outlines the corrupted in at most 1 midterm. It is accomplished with the
characteristics of logical locking, demonstrating that they cubic stripper component. The switching and masked cir-
are all vulnerable to the Logical satisfiability (SAT) assault, cuits are created by the restoration section. Inside the strip-
which is detailed in this section. ping functional methods, there is a rather restricted no of
designs for every wrong key, + 1 supplement input design
(produced by strip code) which ruins the POs (termed as
Point‑Functional Logical Locking double-point corruption). In reality, techniques without any
strip complete the flips at a single point, while others with
The basic goal of point functional approaches is to reduce allowed strip complete the flips at several points.
the range of potential input sequences that indicate that a The major specifications of point functional approaches
certain key is not correct. That type was the initial effort to are summarized in Table 3. Thus demonstrated, two addi-
counter the Logical satisfiability (SAT) assault, which uses tional investigations, minimal primary inference and
a fast convergence technique to trim the key area by filter- Valkyrie (EDA-oriented), breakdown all variations in this
ing out wrong keys [38, 39]. The subset of logical locking class, revealing the major structural flaw underlying this type
methods is referred to as verifiably logical locking methods of logical locking.
in the research. When a logical locking mechanism is pro-
grammatically robust to any sort of I/O lookup assault, it is
proven to be safe. First ever logical locking approaches in Cyclic‑oriented logical locking
this area are SAR Lock and AntiSAT [40, 41].
Point functional approaches are used on function-modifia- Cyclic logical locking, like the title suggests, would add key
ble form of a circuitry, which is termed as sheared functional circuits which restrict the potential of adding extra combina-
logical locking [42]. Its initial section is changed in these torial cycles from the circuitry. Combinatorial cycles com-
approaches, as well as the (relevant) POs have Always been plicate the handling of these circuitry by CAD techniques

Table 3  Point-functional logical locking specifications

Logical Locking Operation Overhead issue Corruption

SARLock [41] Including flip circuitry to corrupt only one input sequence/incorrect secret key Lower Lower
AntiSAT[42] Combining two AND circuitry as the flips + mask circuitry Lower Lower
AndTree[43] Difficult programmed AND circuitry as flip + mask circuitry Lower Lower
TTLock[29] SARLock + uncovering original circuitry to 1 minterm Moderate Lower
SFFLLHD [44] SARLock + uncovering original circuitry to d = Chk midterms Moderate Variant
SFLL-Flex[44] Safeguarding user said input sequences using point functional techniques + LUT- Variant Variant
oriented circuitry
G-AntiSAT [45] Combining two AND circuitry as the flips + mask circuitry Moderate Variant
S-AntiSAT[46] Input sequence protection at the application level Variant Variant
CAS-Lock [47] AND-OR circuitry as corruptible one Moderate Variant

13
J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087 1081

(like synthesizing and temporal evaluation). Most CAD locks utilizing re-routing components at multiple levels of
systems need not enable design engineers to include com- analysis. The description of routing-oriented lock remedies
binatorial phases. Conversely, the architect could address is summarized in Table 5. Routing-oriented locking will
the combinatorial cyclical routes manually during hardware have a larger cost than other types. New studies, like coarse
layout, such as inserting limitations for incorrect routes. As grained eFPGA-oriented IP rectification, suggest that this
a result, combinatorial phases have lately become popular type of lock, which retains complete reconfigurability for
like a method of logical locking. gating applications, does have great promise as a way of
Table 4 summarizes the primary characteristics of this logical locking.
type of logical locking. While some of those strategies have
not yet been cracked, these really are not recognized com-
mon in logical locking because they lead in problematic Scan Chaining Logical Locking
market acceptance, particularly in execution and physi-
cal EDA products. The DFT-oriented scan chain design is commonly employed
for most current integrated circuits. Even with crypto cir-
cuitry with highly secret data, like secret key, accessibility to
LUT/Routing‑Oriented Logical Locking the scanchain is required for the evaluation stage to manage
and view the inner states of design-under-test (DUT). The
Certain logical locking strategies benefited from complete demand for full adaptability and testability in DFT-based
customizability of look-up databases (LUTs). Using the testing, on the other hand, may offer potential risks to ICs
notion that u-input LUT could construct any 2­ 2^u conceiva- having security resources, like sealed circuitry which retain
ble functionalities. Generally, while LUT-based logical lock- their unique secrets, i.e., the releasing key. As a result, DFT
ing could offer more dependable resistance to known vulner- accessibility enables the opponent to separate and partition
abilities, it faces from significant complexity, which makes the larger difficulty into a set of lesser difficulties by dividing
it unsuitable. Previous LUT-based methods are all deployed the entire circuitry into small and solely combinatorial logic
at the circuit or transistors area, as well as corruptibility of sections, which accessibility to its registers is restricted.
such methods is very high due to the positioning systems The major specifications of available scan-based
employed for LUT inclusion. Extensive studies used the lock algorithms are summarized in Table 6. So, at present,
idea of MUXes for the next type of logical locking, called a mixture of one scan-oriented logic locking or scanning
as routing-oriented locking, comparable to LUT-based logi- blocking with function logical locking methods exhibits
cal locking, that may be implemented using a MUX-based excellent robustness and has gotten a lot of publicity. Scan-
design. False paths might be introduced to routing-based oriented protection dramatically increases the scale and

Table 4  Cyclic-oriented logical locking specifications

Logical Locking Operation Overhead issue Corruption

Cyclic[30] Inserting false combinatorial circuitry Moderate Higher

SRCLock[31] Increasing false combinatorial circuitry exponentially with respect to feedbacks Moderate Higher
CycSATUnresolvable[32] Unresolvable combinatorial sequences Moderate Higher
SAT-hardcyclic[33] Increasing false combinatorial circuitry exponentially with respect to feed- Moderate Higher
backs + cycles + non-occurring sequences
LOOPLock[34] Creates cyclic pairs for improving the complexity Moderate Higher

Table 5  LUT/routing-oriented logical locking specifications

Logical locking Operation Overhead issue Corruption

CrossLock[29] Inserting key-oriented design-level cross-bar combinatorial sequences Moderate Higher

DotConnection[44] Inserting key-oriented design-level cross-bar combinatorial sequences Moderate Higher
FullLock[45] Inserting circuit-level key-oriented programmatic routing sections with inversion baring Higher Higher
Modelingrouting[46] Inserting circuit-level key-oriented programmatic routing sections with embedding of logic Higher Higher
Interlock[47] Inserting circuit-level key-oriented programmatic routing sections with inversion bar- Moderate Higher
ing + embedding of logic + stripping

13
1082 J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087

Table 6  Scan chaining logical locking specifications

Logical locking Operation Overhead issue

DOS[46] LPSR-oriented shuffle and toggle with shadow scanning-based insertion Moderate
EncryptFF[47] XOR-oriented key circuitry insertion Lower
R-DFS[48] Secure DFF for storing key + SO blockage circuit for final activation Moderate
DynamicEEF[49] Inserting PRNG and its malfunction during incorrect secret key Moderate
Extended RDFS[50] Secure DFF for storing key + SO blockage circuit for final activation Moderate
Seql[51] XOR-oriented key circuitry insertion among function and scan chaining paths Lower
DisORC[52] SO blockage circuitry with complete shifting disabled + disabling shift Moderate
DOSC[53] LPSR-oriented shuffle and toggle with shadow scanning-based insertion Moderate

power of any assault strategy on logical locking. We also and creating asynchronous latch-oriented designs raises
examine how this kind of locking is indeed an essential com- strenuous obstacles in the IC construction process. This
ponent of stable and safe logical locking solutions across nearly makes it unsuitable to use a synchronicity in compli-
all threats. cated SoCs. O’clock is very recent research that addresses
the clock allowing circuits for the goal of obfuscation.
This research relies on approaches that are commonly used
Sequential Logical Locking in clock-gating, and it receives complete backing from EDA-
based tools. The ability to manage and change the moment
In a FSM-based logical locking methods, there is neither at which data are captured at storing components, also
committed port for key ideals. Instead, the traversal series known as FFs, is among the most important characteristics
of such extra additional states (series of input trends), which of approaches that are dependent on time. As a result, the
also includes traversal of lockable modes, serves as the lock- attacker is unable to keep following the precise and accurate
ing key. A successful traversal enables the user to attain and time of data capture, and the engineering team does not get
navigate the affirming part of FSM. Therefore, in contrast any extra benefits by restricting or blocking the scanchain.
to all of previous ways for logical locking, key inputs are They are capable of keeping scan chain accessible (essential
supplied indirectly, and perhaps we can think of this kind of to undertake in-field troubleshooting and evaluate but uti-
logical locking as a key-less type of logical locking. Addi- lized by SAT invasion [38]) to the non-trusted factory and
tionally, the output that is produced as a result of success- end-users while opposing a broader variety of I/O query-
fully traversing the verification states acts as a timestamp. based threats, such as SAT-based threats. This is in contrast
In contrast to these teams, there is another set of research to scan closure or stoppage, which prevents scan chains from
that evaluates FSM locking w/o inclusion of any additional being accessed at all. As has been shown, save from delay
data. Nevertheless, in comparison with previous strategies locking, which can be defeated by a theory-oriented I/O
[43], this strategy has a greater degree of both intricacy and query-oriented assault known as the SMT assault [46], none
overhead (area). The coupling of context traversing with of the various types of logical locking can be defeated, dem-
key-based logical locking has been the subject of evalua- onstrating the sturdiness of the type in question.
tion in current FSM-based logical locking research [29, 44],
and [45].
Higher‑Level Logical Locking

Interactive Timing‑Based Locking Despite the fact that a significant part of original logi-
cal locking methods are applied at the circuit level (or the
In contrast to those methods that came before them, which transistor level), they could be unable to target all semantics
concentrated on the practical elements of the project, cer- (represented and explained at a greater level, such as RTL
tain logical locking methods went 1 stage farther and locked or HLS) because logic formulation and process optimization
the behavioral characteristics of the circuitry, like the time. will transform a substantial chunk of it into template. In
The time-based and latch-based strategy has shown some order to (i) be ready to immediately identify any algorithmic
encouraging outcomes against a range of activities taken by and syntactic of the layout for locking objectives, and (ii) to
the opponent. Although, because there is not yet full EDA get advantage of synthesizing and transformation performed
(electronic design automation) tool endorse for asynchro- by the customizations for spinning logical locking portion
nous models, the task of substituting flip-flops with clamps into the initial part(s), a lot of studies [47–55] use methods

13
J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087 1083

for barricading at a greater level [50–54]. A further improve- assaults. Most of the current assaults on logical locking are
ment that can be made at logical locking approaches is that depicted in Fig. 5.
it have the ability to secure the architecture from a broader
spectrum of untrustworthy parties. (a) Oracle-Guided (OG) on Combinatory Circuit.
Recent oracle-guided (OG) assaults on combinatorial
circuitry [58] demonstrate that this class of deobfusca-
tion methods was proposed depending on the underlying
eFPGA‑Oriented IP Locking
presumptions:
It is indeed oracle-guided: the assailant needs knowledge
Newer works [56, 57, 60] and IsoLock are a provably
of one more unlocked variant of the microchip (oracle).
secure locking technique that defends against structural
It is for combinatorial circuits: Because practically all real
machine learning attacks, aiming to end the “cat and mouse”
applications ICs are serial, having accessibility to the DFT
loop in locking and attack studies [62]; state-of-the-art lock-
architecture, i.e., scan chain connections, means that every
ing systems [64] have studied a coarse-grained type of logi-
combinatorial portion (CL) of the circuitry can be accessed.
cal locking wherein embedded FPGA (eFPGA) redaction is
It is intrusive: Because the attacker needs accessibility to
performed at SoC layer. eFPGA-oriented IP redaction is the
the template of the closed circuitry.
specialized version of LUT/routing-oriented logical locking.
Due to the symmetrical design and consistent CLB/LUT
(b) Oracle-Guided (OG) on Consecutive Circuits.
allocation, it is impossible to execute fundamental assaults.
There are other sub-groups, including scan-based logi-
From a practical standpoint, the combination of complete
cal locking, scan stoppage, and sequential circuits locking,
customizability and increased bitstream length results in a
wherein the scan chain’s accessibility is aimed to be con-
considerable increase in resistance to I/O lookup assaults.
fined. In such cases, the enemy’s access will be restricted to
In a current study on eFPGA Settings for IP redaction, it is
the oracle’s primary input and output, provided the oracle is
demonstrated that, analogous to routing-oriented locking,
indeed operational. As a result, none of the functional-based
coarse-grained eFPGA IP redaction is an example of SAT-
I/O query-based deobfuscation methods previously men-
hardness that could not be cracked utilizing either of the
tioned will be able to assess and crack the sealed circuitry
known I/O query-based assaults. Nevertheless, relative to
with restricted scan chain accesses. Additional research on
LUT/routing-based logical locking, its complexity is wors-
logical locking, meanwhile, has revealed that limiting entry
ening [59] and state-of-the-art techniques proposed and
does not ensure resilience against current attacks. These
analysis on the bandpass filter (BPF), low-noise amplifier
principles underpin this type of assault:
(LNA), and low-dropout voltage regulator (LDO) for both
It follows the advice of the oracle: One more unlocked
correct and incorrect keys to the locked optimizer [61]
copy of the microchip is required by the adversary (oracle).
It is based on circuits that are arranged in a specific
order: It means that opponent entry to the DFT architecture,
Assaults on Logical Locking i.e., scan chain pins, is restricted/blocked/locked, and that
adversarial entry to the oracle’s primary input and output
Assault on logical locking is classified according to whether is constrained.
or not the targeted chip is active or freed (oracle). The It intrudes: The adversary wants knowledge of the closed
attacker will be able to develop additional computational circuit’s template.
assaults if an oracle is available. A methodical flow was To effectively defeat logical locking methods, oracle-
already provided for all of these oracle-guided assaults that guided assaults on circuit design focus on the three basic
reveals either logical locking secret key or the proper opera- designs: (i) a mechanical or BMC-based unrolling method
tion of the sealed circuit. Assault in this group is almost that nonetheless lets the attacker gain from satisfiability, (ii)
always (weakly) intrusive and necessitate entry to the cir- a systemic examination of the secured template, with a focus
cuit’s template in order to succeed. It could be grouped into on FSM-based logical locking, and (iii) the probability of
assaults on combinatorial logic (where scanning accessibil- leaking while manipulating the scan supply chain. The most
ity is allowed) or on consecutive circuitry (where scanning significant limitation of consecutive assaults, in compari-
accessibility is not allowed). Oracle less assaults, in the con- son with combinatorial threats, is the attack’s adaptability,
trary hand, tend to use either CAD techniques like synthesiz- especially on larger networks. When unspooling or BMC is
ing techniques or circuitry characteristics like side channel in effect, structural analysis has been completed, or leaking
data to carry out the assault process. Oracle-less assaults situations are being modeled, this is the step to take.
can be divided into 3 types depending on the framework or
process they target: architectural, tampering, and exploring (c) Oracle-Less (OL) Assaults.

13
1084 J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087

Fig.5  Attacks on logical locking

The assessment of engineering standards after pur- Conclusion

posely changing the logical locking element is the main
target of Oracle-less assaults against logical locking. Vari- An extensive overview of the state of logical lock research
ous options can be used to manipulate the logical lock- currently serves as the foundation for this study. We high-
ing portion, such as restricting the primary key, insert- light fundamental parallels between current systems and
ing suspicious attacks, inserting errors. Furthermore, the weaknesses in attack focus, notations, and attacker models.
design is primarily concerned with architectural definition, Upon examining the range of adversaries against which
maintainability configuration, or machine learning-based Logic Lock was intended to guard, we discovered that the
extraction of features. As a result, the attacker uses exploi- attack model from the preceding mission needed to be
tation, acquires knowledge about the intended specs, and revised to capture the enemy’s true physical capabilities.
decides the primary key in this type of assault. Probing The most recent advancements in machine learning logic
assaults, whether electric or visual, can be performed on a locking are summed up in this work. The suggested machine
circuit, while the keys are stored, and no change or modi- learning-based attack exposes structural and functional
fication is necessary to observe the logical locking key, flaws in contemporary locking systems that conventional
making this style of assault a real danger to all current security justifications overlook. This study assesses the
logical locking systems. In recent times, with the emer- numerous benefits and drawbacks of logic locks for scien-
gence of ML-based and probing-oriented threats, existing tists, IP distributors, and SoC developers. It also considers
logical locking orientations have seen various adjustments any resources that can facilitate your rapid exploration and
to be more sensitive to these narrower and harsher attack comprehension of novel technologies—logical locking tech-
scenarios. niques currently in use.
We present a novel model of the attacker that incorpo-
rates the physical prowess of malevolent actors inside the

13
J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087 1085

production process. Including definitions of various suc- ACM International Conference on Computer-Aided Design
cessful assault types in our model enables a more accurate (ICCAD), (2016), pp. 1–8
10. M. Li, K. Shamsi, T. Meade, Z. Zhao, B. Yu, Y. Jin, D.Z. Pan,
evaluation and relative quantification of targeting scenarios. Provably secure camouflaging strategy for IC protection. IEEE
We investigate two intrusion attack routes, detection, and Trans. CAD Integrat. Circ. Syst. 38(8), 1399–1412 (2017)
minimal mask alteration, exemplarily, based on the novel 11. B. Shakya, H. Shen, M. Tehranipoor, D. Forte, Covert gates:
model. Both methods can be used based on scholarly study protecting integrated circuits with undetectable camouflaging, in
IACR Transactions on Cryptographic Hardware and Embedded
in particular domains. Logical locks have raised the bar for Systems (CHES), (2019) pp. 86–118
most attackers but are not as high as frequently reported. 12. J. Rajendran, O. Sinanoglu, R. Karri, Is split manufacturing
Rogue foundries are outfitted with all the tools required to secure? in Design, Automation & Test in Europe Conference &
enable illicit IC copying, even though they raise the bar for Exhibition (DATE), (2013), pp. 1259–1264
13. M. Yasin, J. Rajendran, O. Sinanoglu, R. Karri, On improving the
successful attacks. security of logic locking. IEEE Trans. CAD Integrat. Circ. Syst.
35(9), 1411–1424 (2015)
14. J. Rajendran, H. Zhang, C. Zhang, G.S. Rose, Y. Pino, O. Sinano-
Author Contribution KS wrote the main manuscript text and pre- glu, R. Karri, Fault analysis-based logic encryption. IEEE Trans.
pared figures and table, and CS helped in guidance on the manuscript Comput. 64(2), 410–424 (2015)
development and preparation of the documentation. 15. P. Subramanyan, S. Ray, S. Malik, Evaluating the security of logic
encryption algorithms, in Int’l Symp. on Hardware Oriented Secu-
rity and Trust (HOST), (2015), pp. 137–143
16. M. El Massad, S. Garg, M. Tripunitara, Integrated circuit (IC)
decamouflaging: reverse engineering camouflaged ICs within
Funding No funding. minutes, in NDSS, (2015), pp. 1–14
17. M. Yasin, B. Mazumdar, J. Rajendran, O. Sinanoglu, SARLock:
Data Availability We do not have any conflict in this paper from SAT attack resistant logic locking, in Hardware Oriented Security
all the authors. and Trust (HOST) Symposium, (2016), pp. 236–241
18. Y. Xie, A. Srivastava, Mitigating SAT attack on logic locking,
Declarations in IACR Conference on Cryptographic Hardware and Embedded
Systems (CHES), (2016), pp. 127–146
Conflict of interest The authors have not disclosed any competing 19. M. Yasin, A. Sengupta, M. T. Nabeel, M. Ashraf, J. Rajendran, O.
interests. Sinanoglu, Provably-secure logic locking: from theory to practice,
in ACM SIGSAC Conference on Computer and Communications
Security (CCS), (2017), pp. 1601–1618
20. T. Meade, Z. Zhao, S. Zhang, D. Z. Pan, Y. Jin, Revisit sequential
logic obfuscation: attacks and defenses, in IEEE Int’l Symp. on
References Circuits and Systems (ISCAS), (2017), pp. 1–4
21. S. Roshanisefat, H. M. Kamali, K. Z. Azar, S. M. P. Dinakar-
rao, N. Karimi, H. Homayoun, A. Sasan, DFSSD: deep faults and
1. A. Chakraborty et al., Keynote: a disquisition on logic locking. shallow state duality, a provably strong obfuscation solution for
IEEE TCAD 39(10), 1952–1972 (2020) circuits with restricted access to scan chain, in VLSI Test Sympo-
2. M. Lapedus, Week in review: manufacturing, test, and foundry sium (VTS), (2020), pp. 1–6
challenges, (2021) [Link] 22. L. Li, A. Orailoglu, JANUS: Boosting logic obfuscation scope
manuf​actur​ing-​test-​163/ through reconfigurable FSM synthesis, in IEEE International
3. Y. Xie, A. Srivastava, Delay locking: security enhancement of Symposium on Hardware Oriented Security and Trust (HOST),
logic locking against IC counterfeiting, in Design Automation (2021), pp. 1–11
Conference (DAC), (2017), pp. 1–9 23. L. Li and A. Orailoglu, “JANUS-HD: Exploiting FSM Sequential-
4. J.P. Skudlarek, T. Katsioulas, M. Chen, A platform solution for ity and Synthesis Flexibility in Logic Obfuscation to Thwart SAT
secure supply-chain and chip life-cycle management. Computer Attack While Offering Strong Corruption,” in Design, Automation
49(8), 28–34 (2016) & Test in Europe Conf. (DATE), 2022, pp. 1–6.
5. D. P. Affairs, DARPA Selects Teams to Increase Security of Sem- 24. K. Z. Azar, H. M. Kamali, H. Homayoun, A. Sasan, SMT attack:
iconductor Supply Chain, (2020). [Link] next generation attack on obfuscated circuits with capabilities
vents/​2020-​05-​27 and performance beyond the SAT attacks, in IACR Transactions
6. H. Wang, D. Forte, M. Tehranipoor, Q. Shi, Probing attacks on on Cryptographic Hardware and Embedded Systems (TCHES),
integrated circuits: challenges and research opportunities. IEEE (2019) pp. 97–122
Design & Test 34(5), 63–71 (2017) 25. C. Karfa, T. Khader, Y. Nigam, R. Chouksey, R. Karri, HOST:
7. K. Z. Azar, F. Farahmand, H. M. Kamali, S. Roshanisefat, H. HLS obfuscations against SMT ATtack, in Design, Automation
Homayoun, W. Diehl, K. Gaj, A. Sasan, COMA: communication & Test in Europe Conference & Exhibition (DATE), (2021), pp.
and obfuscation management architecture, in Int’l Symposium on 32–37
Research in Attacks, Intrusions and Defenses (RAID), (2019), pp. 26. L. Collini, C. Pilato, A composable design space exploration
181–195 framework to optimize behavioral locking, in Design, Automa-
8. J. Rajendran, O. Sinanoglu, R. Karri, VLSI testing based security tion & Test in Europe Conference & Exhibition (DATE), (2022),
metric for IC camouflaging, in IEEE International Test Confer- pp. 1–6
ence (ITC), (2013), pp. 1–4 27. G. Takhar, R. Karri, C. Pilato, S. Roy, HOLL: Program Synthesis
9. M. Yasin, B. Mazumdar, O. Sinanoglu, J. Rajendran, CamoPer- for Higher Order Logic Locking, in Tools and Algorithms for the
turb: secure IC camouflaging for minterm protection, in IEEE/ Construction and Analysis of Systems (TACAS), (2022)

13
1086 J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087

28. M. Yasin, C. Zhao, J. Rajendran, SFLL-HLS: StrippedFunction- 45. S. Roshanisefat, H. M. Kamali, A. Sasan, SRCLock: SAT-resist-
ality logic locking meets high-level synthesis, in International ant cyclic logic locking for protecting the hardware, in Proceed-
Conference on Computer-Aided Design (ICCAD), (2019), pp. 1–4 ings of the on Great Lakes Symposium on VLSI (GLSVLSI),
29. A. Manikandan, P. Nirmal Kumar, Network-on-chip by using (2018), pp. 153–158.
power reduction technique. Int. J. Control Theory Appl. 10(12), 46. A. Rezaei, Y. Li, Y. Shen, S. Kong, H. Zhou, CycSATunresolv-
265–269 (2017) able Cyclic Logic Encryption using Unreachable States, in Asia
30. C. Pilato, A. Chowdhury, D. Sciuto, S. Garg, R. Karri, ASSURE: and South Pacific Design Automation Conference (ASP-DAC),
RTL locking against an Untrusted Foundry, IEEE Trans. Very (2019), pp. 358–363
Large Scale Integrat. (VLSI) Syst. 29(7), 1306–1318, (2021) 47. SAT-Hard Cyclic Logic Obfuscation for Protecting the IP in the
31. M. Zuzak, Y. Liu, A. Srivastava, A resource binding approach Manufacturing Supply Chain, IEEE Trans. Very Large Scale
to logic obfuscation, in Design Automation Conference (DAC), Integrat. (VLSI) Systems, 28(4): 954–967, (2020).
(2021), pp. 235–240 48. X. Yang, P. Chen, H. Chiang, C. Lin, Y. Chen, C. Wang, LOOP-
32. R. Muttaki, R. Mohammadivojdan, M. Tehranipoor, F. Farah- Lock 2.0: an enhanced cyclic logic locking approach. IEEE
mandi, HLock: locking IPs at the high-level language, in Design Trans. CAD Integrat. Circ. Syst. 41(1), 29–34 (2021)
automation conference (DAC), (2021), pp. 79–84 49. K. Shamsi, M. Li, D. Z. Pan, Y. Jin, Cross-lock: dense layout-
33. N. Limaye, A. Chowdhury, C. Pilato, M. Nabeel, O. Sinanoglu, level interconnect locking using cross-bar architectures, in Pro-
S. Garg, R. Karri, Fortifying RTL locking against oracleless ceedings of the on Great Lakes Symposium on VLSI (GLSVLSI),
(untrusted foundry) and oracle-guided attacks, in Design Auto- (2018), pp. 147–152
mation Conference (DAC), (2021), pp. 91–96 50. S. Patnaik, M. Ashraf, O. Sinanoglu, J. Knechtel, Obfuscating
34. B. Hu, J. Tian, M. Shihab, G. Reddy, W. Swartz, Y. Makris, B. C. the interconnects: low-cost and resilient full-chip layout camou-
Schaefer, C. Sechen, Functional obfuscation of hardware accelera- flaging. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst.
tors through selective partial design extraction onto an embedded 39(12), 4466–4481 (2020)
FPGA, in Great Lakes Symposium on VLSI (GLSVLSI), (2019), 51. H. M. Kamali, K. Z. Azar, K. Gaj, H. Homayoun, A. Sasan,
pp. 171–176 LUT-lock: a novel LUT-based logic obfuscation for FPGA-
35. A. Manikandan, G.C. Madhu, G.D. Flora et al., Hybrid Advisory bitstream and ASIC-hardware Protection, in IEEE Computer
Weight based dynamic scheduling framework to ensure effective Society Annual Symposium on VLSI (ISVLSI), (2018), 405–410
communication using acknowledgement during Encounter strat- 52. R. Karmakar, S. Chatopadhyay, R. Kapur, Encrypt flip-flop: a
egy in Ad-hoc network. Int. j. inf. tecnol. (2023). [Link] novel logic encryption technique for sequential circuits, arXiv
10.​1007/​s41870-​023-​01421-5 preprint arXiv:​1801.​04961, (2018)
36. J. Bhandari, A. Moosa, B. Tan, C. Pilato, G. Gore, X. Tang, S. 53. U. Guin, Z. Zhou, A. Singh, Robust design-for-security archi-
Temple, P. Gaillardon, R. Karri, Exploring eFPGA-based redac- tecture for enabling trust in IC manufacturing and test, IEEE
tion for IP protection, in International Conference On Computer Trans. Very Large Scale Integrat. (VLSI) Syst. 26(5): 818–830,
Aided Design (ICCAD), (2021), pp. 1–9 (2018)
37. J. Bhandari, A. Moosa, B. Tan, C. Pilato, G. Gore, X. Tang, S. 54. R. Karmakar, H. Kumar, S. Chattopadhyay, Efficient keygate
Temple, P. Gaillardo, R. Karri, Not all fabrics are created equal: placement and dynamic scan obfuscation towards robust logic
exploring eFPGA parameters For IP redaction, arXiv preprint encryption, IEEE Trans. Emerg. Topics Comput. (2019)
arXiv:​2111.​04222, (2021) 55. N. Limaye, A. Sengupta, M. Nabeel, and O. Sinanoglu, Is robust
38. P. Nagarajan, M. Renuga, A. Manikandan, S. Dhanasekaran, design-for-security robust enough? Attack on locked circuits with
Design and simulate a novel 16T SRAM cell for low power mem- restricted scan chain access, in IEEE/ACM International Confer-
ory architecture. J. Circ. Syst. Comput. (2023). [Link] ence on Computer-Aided Design (ICCAD), (2019), pp. 1–8.
1142/​S0218​12662​45000​38 56. S. Potluri, A. Aysu, A. Kumar, Seql: secure scan-locking for IP
39. K. Shamsi, T. Meade, M. Li, D.Z. Pan, Y. Jin, On the approxima- protection, in International Symposium on Quality Electronic
tion resiliency of logic locking and IC camouflaging schemes. Design (ISQED), pp. 7–13, (2020).
IEEE Trans. Inf. Forensics Secur. 14(2), 347–359 (2018) 57. N. Limaye, E. Kalligeros, N. Karousos, I.G. Karybali, O. Sina-
40. V. Ar, S. David, E. Govinda, K. Ganapriya, R. Dhanapal, A. noglu, Thwarting all logic locking attacks: dishonest oracle with
Manikandan, An automatic brain tumors detection and classifi- truly random logic locking. IEEE Trans. CAD Integrat. Circ. Syst.
cation using deep convolutional neural network with VGG-19, 40(9), 1740–1753 (2020)
in 2023 2nd International Conference on Advancements in Elec- 58. M.S. Rahman, A. Nahiyan, F. Rahman, S. Fazzari, K. Plaks, F.
trical, Electronics, Communication, Computing and Automation Farahmandi, D. Forte, M. Tehranipoor, Security assessment of
(ICAECA), Coimbatore, India, (2023), pp. 1–5. [Link] oi.o​ rg/1​ 0.​ dynamically obfuscated scan chain against oracle-guided attacks.
1109/​sICAE​CA565​62.​2023.​10200​949 ACM Trans. Des. Automat. of Electron. Syst. (TODAES) 26(4),
41. M. Yasin, A. Sengupta, M. T. Nabeel, M. Ashraf, J. Rajendran, 1–27 (2021)
and O. Sinanoglu, Provably-secure logic locking: from theory to 59. J. Gandhi, D. Shekhawat, M. Santosh, J. Pandey, Logic locking for
practice, in ACM SIGSAC Conference on Computer and Com- IP security: a comprehensive analysis on challenges, techniques,
munications Security (CCS), (2017), pp. 1601–1618 and trends. Comput. Secur. 129, 103196 (2023). [Link]
42. A. Manikandan, V. Jamuna, Fault tolerant parallel filters based 10.​1016/j.​cose.​2023.​103196
on error correction codes. J. Adv. Res. Dyn. Control Syst. 9(2), 60. A. Alaql, S. Bhunia, SARO: scalable attack-resistant logic locking.
1399–1404 (2017) IEEE Trans. Inf. Forensics Secur. 16, 3724–3739 (2021). [Link]
43. Y. Liu, M. Zuzak, Y. Xie, A. Chakraborty, A. Srivastava, Strong doi.​org/​10.​1109/​TIFS.​2021.​30921​35
Anti-SAT: secure and effective logic locking, in International 61. S. Elsharief, L. Alrahis, J. Knechtel, O. Sinanoglu, Isolock:
Symposium on Quality Electronic Design (ISQED), (2020), pp. Thwarting link prediction attacks on routing obfuscation by
199–205 graph isomorphism. Cryptology ePrint Archive, (2022) Paper
44. K. Shamsi, M. Li, T. Meade, Z. Zhao, D. Z. Pan, Y. Jin, Cyclic 2022/1752. Arxiv: 2022/1752
obfuscation for creating SAT-unresolvable circuits, in Proceedings 62. N.G. Jayasankaran, A.S. Bórbon, E. Sánchez-Sinencio, J. Hu,
of the on Great Lakes Symposium on VLSI (GLSVLSI), (2017), pp. J. Rajendran, Towards provably-secure analog and mixed-sig-
173–178 nal locking against overproduction. IEEE Trans. Emerg. Top.

13
J. Inst. Eng. India Ser. B (August 2024) 105(4):1073–1087 1087

Comput. 10(1), 386–403 (2022). [Link] Publisher’s Note Springer Nature remains neutral with regard to
2020.​30255​61 jurisdictional claims in published maps and institutional affiliations.
63. L., Orailoglu, A., JANUS-HD: exploiting FSM sequentiality and
synthesis flexibility in logic obfuscation to thwart sat attack while Springer Nature or its licensor (e.g. a society or other partner) holds
offering strong corruption, in 2022 Design, Automation & Test in exclusive rights to this article under a publishing agreement with the
Europe Conference & Exhibition (DATE) 1323–1328 (2022) author(s) or other rightsholder(s); author self-archiving of the accepted
64. D. Sisejkovic, L. M. Reimann, E. Moussavi, F. Merchant and R. manuscript version of this article is solely governed by the terms of
Leupers, Logic Opportunities, in 2021 IFIP/IEEE 29th Interna- such publishing agreement and applicable law.
tional Conference on Very Large Scale Integration (VLSI-SoC),
Singapore, Singapore, 2021, pp. 1–6. [Link]
VLSI-​SoC53​125.​2021.​96069​79

13