Sage Journals: Discover world-class research

Abstract

Except the network attacks, the industrial networked devices in Internet of things are also threatened by intellectual property infringement. Watermarking technique is a prevalent way to avoid this threat. Previous work on authenticating a watermark in industrial intellectual properties easily discloses sensitive information of real embedded watermarks. In this case, the evidence of identifying the ownership of industrial intellectual property may be attacked by the illegal verifiers. Although several watermark detection techniques can address the disclosure of sensitive information in detection procedure, the efficiency of detection is relatively low. Besides, it may yield large communication overhead of multiple authentication rounds. Motivated by the needs of robustness and efficiency, this work proposed a zero-knowledge approach to authenticate ownership of field-programmable gate array intellectual property design in industrial environment, named NIWAS. The prover can convince the verifier that he knows a secret in the suspected intellectual property design via only one interaction. Real locations of watermarks are concealed through location obfuscation. With the received authentication package from the prover, the verifier cannot obtain other useful information about the watermarks. The experiments show that NIWAS achieves high efficiency and robustness of watermark detection.

Keywords

Intellectual property Internet of things field-programmable gate array zero-knowledge robustness

Introduction

The advancement of Internet of Things (IoT) leads to an exponential growth of the number of connected hardware devices. Cisco and Intel predict the hardware devices will exceed 50 billion in 2020.¹ The threats and challenges in security of hardware and embedded systems attract widespread attentions. The white paper on IoT security involves three main areas, including industrial control, intelligent vehicle, and smart home. Here, the data of US Department of Homeland Security shows that the fundamental equipment and industry environment are prime targets of network attacks. The attacks on industrial environment increase by 20%. The applications of IoT in industry make the factories become more intelligent, greatly driving the revolution of the global manufacturing. The traditional embedded system combines with industrial cloud platform, realizing a networked, intelligent, and digital industrial factory. The efficiency and transparency are greatly promoted in this way. However, the industrial system and networked devices are vulnerable to attacks from outside network, causing serious consequences.

Besides, the accessible devices in industrial IoT are also threatened by intellectual property (IP) infringement or reverse engineering. So, the security should be considered at the design level to avoid network attacks and threats (e.g. IP theft, reverse engineering, tampering, or clone). A device in IoT without enough security easily causes IP theft of a design after suffering from attacks. In 2012, the share price of AMSC fell by 40% in 1 day and evaporated 84% within 5 months due to the lack of security mechanism in wind turbine algorithm.² The occurrence of the security events may cause great threats to national security or economical loss. So, it is inevitable to protect the security of accessible networked devices. IP-reuse technology is prevalent in designing an integrated chip.³ It brings lots of convenience in shortening design cycle, lowering design risk, and accelerating the time to market. But, it also allows the illegal users to realize attacks in a chip. The protection of IPs against infringement and illegal distribution becomes a challenging task in hardware security.⁴ Owning to its satisfactory performance of low cost, field-programmable gate array (FPGA) is increasingly popular in designing IP cores. The design is transformed into the bitfile and finally downloaded into an FPGA device. So, the security issues of this kind of designs (bitfile cores) are more critical.^5,6 Generally, there are encryption technique and watermarking technique to address the security issues. The former depends on the credibility of a certain encryption algorithm. If the algorithm is cracked, the bitfile core will lose the secure protection. The latter deters illegal infringement of bitfile core by embedding identification information into a design imperceptibly. The presence of this information will be used as an evidence to identify the original ownership of hardware IPs.

Most of traditional IP watermarking methods are symmetrical. Namely, the secret key in watermark detection is the same with that in watermark embedding.^7,8 In copyright authentication, the IP owner should use the secret key to extract watermarks in the design and prove the ownership. Once the watermark or the embedding key is leaked to a potential attacker, he can destroy or remove the watermark to defeat the intention of proving IP ownership. Thus, they can sell an illegal copy of design or add a fake watermark into the design. The authentication of watermark in this kind of techniques usually requires the participation of a neutral and trustable third party. So, the authentication process involves three parties: the prover, the verifier, and the third party. During the authentication, some sensitive information about the watermark (like watermarked locations) may be leaked to the verifier or the third party. The credibility of both the two parties cannot be ensured completely. Hence, it is a prime issue to achieve a trustable and secure authentication without the participation of the third party in watermarking techniques First, no useful information is leaked to the verifier because it directly determines the security of inserted watermarks in a design. Second, the detection procedure should have higher efficiency with lower overhead. It ensures a satisfiable authentication performance.

This work is organized as follows. Section “Related work” evaluates previous techniques. In section “The NIWAS protocol,” we give an overview of the proposed NIWAS. The procedure of IP watermark authentication is illustrated in detail. An overall analysis on NIWAS is introduced in section “Protocol analysis.” Section “Experimental results” evaluates the performance of the proposed NIWAS by conducting experiments on benchmarks. Finally, we summarize this work.

Related work

In IP watermarking techniques for industrial FPGA design, the ownership information of IP owner is usually inserted as configuration bitstring into lookup tables (LUTs) determined by a random location sequence.^9,10 The inserted watermarks are verified from the bitfile. A signature is embedded within the memory structures or the combinational logics of the system by technique.¹¹ A watermark detection module is inserted into the design, causing large hardware overhead. The logic is easily to be removed as well. The watermarking technique¹² embeds watermarks into the unused LUTs of the used slice. The watermarks can be detected at the power supply pins of the FPGA using an oscilloscope and quantized into the original ownership information. In Schmid et al.,¹³ the watermarked LUTs are then converted to LUT-based RAMs or shift registers to avoid deletion due to optimization. The watermarks are detected from bitfile of FPGA design when the infringement occurs, as shown in Figure 1. The signature will be transformed into appropriate watermark fragments after encryption. Suitable positions (as a key) are selected in the design for watermark embedding. The watermark fragments are then inserted into the design in specific forms. In detection, the selected positions (key) in watermark embedding will be used to find the watermark fragments in the watermarked design. The watermarks are combined orderly to reconfigure the original signature with the key. Watermark authentications in these techniques are not effective and robust since it may leak useful information about watermarks. Besides, most of the above techniques require the participation of a trustable third party, which poses more risks on the watermarks.

Figure 1.

Traditional IP watermark verification.

Zero-knowledge proof (ZKP) is a promising approach to overcome this security issue in watermark detection. An army of ZKP-based authentication techniques are reported in proving ownership of multi-media data.¹⁴ ZKP protocol proves the presence of watermark in a certain design without leaking any useful information about the watermark. There are two types of ZKP protocols, namely, interactive and non-interactive.^15,16 Interactive ZKP protocol consists of specific number of authentication rounds, as shown in Figure 2. A typical round involves a challenge depending on the random number or the outcomes of fair coin tosses by the verifier and a response by the prover. If the prover knows the secret, he can answer all challenges correctly. The authentication requires N rounds until the verifier accepts or rejects the proof of the prover. The condition depends on whether the prover gives successful response to all challenges of the verifier.

Figure 2.

Interaction of zero-knowledge proof protocol.

On this basis, Verify_ZKP technique¹⁷ proposed to authenticate a watermarked IP design publicly without the participation of the third party. The protocol reveals no sensitive information about watermark in detection. In Verify_ZKP, the prover proves he knows a secret in D with strong assumption that the verifier did not obtain a copy of D. Otherwise, authentication in Step 3(a) will not convince the verifier. (1) $M_{c}^{r}$ sent to the verifier is a mapped design of D with the configuration string encoded. If the authentication is activated in IP dispute scenario, the verifier has a high probability of obtaining a copy of a watermarked D. In this case, if the prover wants to make the verifier trust that the received design is a legal mapped design, the encoding function $Hs + s'$ should also be public. (2) A cheating verifier will insert a fake watermark into the design copy without affecting the normal functionality of the IP design, yielding a faked design $D'$ . $D_{M}^{r} = M_{C}^{r} (D')$ is not established owning to the malicious change by the verifier. What’s more, the verifier will declare a fake ownership by extracting his fake watermarks from the design, causing an ambiguity attack. In Zhang and Lin,¹⁸ ambiguity attack is addressed by inserting registered timestamp. IP owner applies to timestamp register center for timestamping his IP design D. The timestamp register center receives D and records the date and time information T. After that, $Timestamp (D, k, T)$ is implemented and returned to IP owner. k is a private key for inserting T into design D. So, the time for the verifier to add a fake design is inevitably later than T. The timestamp register center can verify the true ownership of D due to validity of T. In this view, the authentication protocol¹⁸ still requires participation of the third party. Besides, for the case (1), it is similar to Saha and Sur-Kolay.¹⁷ In summarization, prior ZKP-based watermark authentication techniques require N interactions between the prover and the verifier.¹⁹ A cheating prover can successfully pass each round of authentication with probability of 1/2. The protocol invariably runs N rounds. The probability that the prover convinces the verifier can be denoted by 1 − (1/2) ⁿ . In other words, the security depends on the number of running rounds in authentication.

In above cases, a massive exchange of messages to run a typical ZKP can be unfeasible due to possible connection failures during the protocol. To deal with this issue, the idea of non-interactive ZKP (NIZKP) has emerged in the related literature.²⁰ In a NIZKP, all the challenges of a typical ZKP are condensed into a single package sent in a few messages. This leads to the minimization of the time necessary for the exchange of messages. Non-interactive authentication is characterized by the requirement of fewer messages than interactive authentication. There is no need for two parties to communicate with each other in NIZKP, except sending one data set from the prover to the verifier.^21–23 It can also be adapted to a required security level so that the greater the number of different challenges, the higher the security level of the verifier.²⁴ The efficiency of non-interactive is encouraging owning to no interaction with the verifier. It is also widely used in many fields of cryptography. This protocol motivates us to develop a non-interactive zero-knowledge watermark authentication protocol as a generic approach to authenticate ownership of FPGA bitfile design with high efficiency.

The NIWAS protocol

In this section, we aim to implement a watermark authentication protocol to detect watermarks in a bitfile core without leaking any clue to remove the watermarks. To achieve better efficiency, this protocol uses NIZKP in authentication. Intuitively, for a complete authentication, the number of interactions between the prover and the verifier is reduced to be only one. First, we give a brief overview of a robust watermarking algorithm²⁵ for the IP owner to watermark his or her copyrighted IP design. Then, the copies of watermarked design will be regarded as illegal IP cores and traded in market. Finally, the authentication protocol is activated if there is a dispute on the watermarked design or other cases that the IP owner wants to prove his ownership.

Watermark generation and embedding

The watermarking scheme can be defined by a tuple $< KeyGen, MarkGen, E_{w}, A_{w} >$ . Here, $KeyGen (seed)$ is an algorithm to generate the watermark embedding key $K_{e}$ and $K_{d}$ , for watermark embedding and detection. $MarkGen (S)$ is an algorithm to generate a collection of watermark fragments W for a certain input of signature S representing the ownership of an IP design $D_{o}$ . Usually, it includes several sub-algorithms, like watermark encryption, grouping, and finally, transforms S into W. With the inputs of $D_{o}$ , W, and K, $D_{w} \leftarrow E_{w} (D_{o}, W, K)$ is utilized to embed watermarks into an IP design, yielding a watermarked design $D_{w}$ . As for FPGA IP core, LUT is usually used as cover data. The marks are integrated with the configuration strings of the normal IP function. Here, we introduce a robust watermarking technique as follows.

The signature S is encoded and XORed with a pseudorandom sequence, yielding an initial binary watermark sequence $B = {B_{i} | B_{i} \in {0, 1}, 0 \leq i < λ}$ . Here, $λ$ is the number of binary bits of S. Let $α$ be a sharing matrix with the size of $n \times r$ . W is divided into blocks as a set of $Y = (y_{1}, y_{2}, \dots, y_{r})$ . With $α$ and Y, the blocks of B can be shared as $W = (w_{1}, w_{2}, \dots, w_{n})$ by calculating $W = (α Y^{T})^{T} = Y α^{T}$ . The goal of this operation is to make the watermark authentication be more efficient and robust since it reduces the required detection locations. The produced W can also be encoded by error correction code (ECC) to make each block reliable. The available LUT positions with the number of N for watermarking can be founded from the watermarked design. All available positions can be stored into an array $Loc [N]$ . A random sequence with the length of n is generated using N as a constraint. It will be regarded as watermark key for determining concrete watermark positions $Lo c_{w} [n]$ , known as private key $K_{e}$ . After that, the watermarks can be embedded as configuration string into the selected locations of LUTs in target FPGA device, yielding a watermarked design $D_{w}$ .

Non-interactive watermark authentication

Traditionally, ownership authentication is mainly implemented by extracting marks in locations in correspondence with the reserved private key P (namely, the embedding key $K_{e}$ ). Only a subset of inserted marks with the number no less than a threshold T, can restore a complete signature representing the ownership of IP core. Although not all watermarked locations are required to reconfigure the original copyright information, the detection still exposes some critical information about the watermarks. If the detection performs for multiple times, the watermarked locations will be revealed with high probability, posing great risk of removing or tamper attacks. In this section, we propose NIZKP-based watermark authentication to prove the ownership of FPGA bitfile core. It is worth noting that the proposed authentication technique can authenticate watermarks as configuration strings in LUTs regardless of how to implement. So, the watermark embedding method is not restricted to the mentioned watermark embedding method.

Protocol overview

The authentication protocol involves two parties without the participation of the third party. To be clear, the prover and the verifier are named as Alice and Bob, respectively. Alice aims to prove to Bob with trust that her watermarks W exist in the disputed bitfile core $D_{w}$ without disclosure of real watermarked locations P.

In interactive zero-knowledge-based IP watermarking techniques, the challenge usually depends on coin tosses. The prover will reply the different challenges depending on different results of coin tosses. In order for the protocol technique to be fair and practical, the public sequence of queries $Q = {q_{1}, q_{2}, \dots, q_{n}}$ is generated by a cryptographic one-way hash function with the stego IP design as the input, namely, $Q = H_{s} (D_{w})$ . The ith bit of hashed message Q, $q_{i} (1 \leq i \leq n)$ is equal to the result of coin toss in ith round of interactive ZKP. The flow of the NIZKP protocol is described as Figure 3:

Step 1 (initial stage): the bitfile core can be abstracted as a matrix $ℜ_{r \times c}$ with the elements equal to the number of LUTs by omitting the sequential logic. r and c, respectively, denote the number of rows and columns of LUTs in a certain FPGA.

Step 2: based on input value $q_{i} \in Q$ , $(0 < i \leq n)$ , Alice should prove to Bob for facts in (1) and (2).

Step 3(a): if $q_{i} = 0$ , Alice generates a valid mapped design $M_{D_{w}}^{κ}$ with the parameter $κ$ . The mapping function $M (\cdot, \cdot)$ can be regarded as a scrambling function with the inputs of $κ$ and $D_{w}$ . $κ$ should be updated in each time to perform Step 3(a). Alice claims to know a commitment $com (M_{D_{w}}^{κ})$ about $D_{w}$ . She packages the responses to $q_{i}$ as a set $A_{i} : < com (M_{D_{w}}^{κ}), κ >$ , which is revealed to Bob.

Step 3(b): if $q_{i} = 1$ , Alice computes a new mapped design $M_{D_{w}}^{κ}$ with an updated $κ$ . To make the content in $M_{D_{w}}^{κ}$ not be revealed, Alice encrypted it with encryption function $ϒ (\cdot, \cdot)$ . The key for encryption is denoted by $k_{2}$ . As the original content C is encoded by $ξ (\cdot, \cdot)$ with $k_{1}$ before published. Alice wants to prove a commitment $com (S)$ in the mapped design $M_{D_{w}}^{κ}$ , she should expose some information to make real content of watermarks be detected by Bob. But the exposed information cannot leave some clues for a malicious Bob to remove real watermarks in $D_{w}'$ . So, a revealed key $k = k_{1} \circ k_{2}$ is used as a parameter in authentication. Here, Alice will package the parameters into a set $A_{i} : < ϒ \circ M_{D_{w}}^{κ}, P, k, com (S) >$ .

Step 4: Alice repeats Step 2 and Step 3, until $i = n$ . Alice sends the response set $A$ to Bob.

Step 5: Bob verifies each response in $A$ on basis of the common inputs Q. The authentication finishes until he believes Alice is a legitimate IP owner or he does not convince the response for $q_{i}$ .

Figure 3.

The non-interactive zero-knowledge proof protocol.

To be clear, the protocol requires only one interaction with Bob. As the common inputs Q can be generated as a hashed message to the design or randomly selected. Since Step 3(a) and Step 3(b) are independent, the prover deceives Bob in Q is unnecessary. So, any random sequence can be used as common inputs. For each $q_{i}$ , Bob cannot get enough knowledge to remove watermarks.

Protocol implementation

In non-interactive zero-knowledge-based FPGA watermark authentication protocol, a critical issue is to ensure the security of watermark positions during the authentication procedure. The security involves: (1) the malicious verifier cannot deduce the real watermark positions from the authenticated design and (2) the malicious verifier cannot distinguish the watermark content from the content of the authenticated design. So, position obfuscation and content encoding are necessary in authentication. Position obfuscation requests that the secret keys in different authentication rounds have low correlation. Chaos phenomenon is a deterministic and random process in a nonlinear dynamic system, which is non-periodical and sensitive to the initial value. The secret key generated by chaos system has good randomness and low correlation, rightly satisfying the requirements of position obfuscation in watermark authentication.

In this section, two chaotic sequences are generated by chaos system and used to control the position obfuscation. To achieve better security, a random obfuscation algorithm is proposed by separating the rows and columns in obfuscation. Besides, the secret keys of position obfuscation and content encoding are mutually correlated, making it difficult for the malicious to crack any one secret key and deduce the real watermark positions. The implementation of NIWAS is described as follows.

Generation of chaotic secret key

Logistic is a widely used chaos system in cryptography due to it is simple and easy to implement, which can be represented as equation (1)^26,27

x_{n + 1} = μ (1 - x_{n})

(1)

Here, $μ$ is a variable parameter, $μ \in [0, 4]$ , $x_{n} \in (0, 1)$ . When $μ \in [3.5699, 4]$ , logistic map is chaotic and sensitive to the initial value. Therefore, it can be used to generate the secret key in NIWAS. The probability density function is defined in equation (2)

ρ (x) = {\begin{matrix} \frac{1}{π \sqrt{x (1 - x)}} & 0 \leq x \leq 1 \\ 0 & else \end{matrix}

(2)

$ρ (x)$ is not dependent on the initial value $x_{0}$ . Thus, the chaotic sequence generated by equation (1) has the ergodic property within the range of [0,1]. Generally, the sequence generated by chaos system is continuous, which will be transformed into a binary sequence in practical application. Assuming that the mean value of various chaotic trajectory points can be calculated by equation (3)

\bar{x} = lim \frac{1}{N} \sum_{i = 0}^{N - 1} x_{i} = \int_{0}^{1} x ρ (x) dx = 0.5

(3)

The mean value $\bar{x}$ of sequence ${x_{i}}$ is used as a threshold. So, the binary sequence can be denoted by ${y (i), i = 0, 1, 2, \dots}$ in equation (4)

y (i) = {\begin{matrix} \begin{matrix} 1 & x_{i} \in (0, 0.5] \end{matrix} \\ \begin{matrix} - 1 & x_{i} \in (0.5, 1] \end{matrix} \end{matrix}

(4)

By repeating multiple iterations with equation (1), the generated chaotic sequence is transformed into a binary sequence. The auto-correlation $T (τ)$ of a chaotic sequence is zero, as equation (5). Due to it is sensitive to the initial value, the cross-correlation between two chaotic sequence is close to zero, equation as (6). Given two initial values $x_{0}$ and $y_{0}$ , the correlation between the generated sequences can be denoted by $C (τ)$ ²⁸

\begin{matrix} T (τ) = lim_{N \to \infty} \frac{1}{N} \sum_{i = 0}^{N - 1} (x_{i} - \bar{x}) (x_{i + τ} - \bar{x}) \\ = \int_{0}^{1} x f^{τ} (x) ρ (x) dx = 0 \end{matrix}

(5)

C (τ) = lim_{N \to \infty} \frac{1}{N} \sum_{i = 0}^{N - 1} (x_{i} - \bar{x}) (y_{i + τ} - \bar{y}) = 0

(6)

Random obfuscation algorithm

The bitfile can be abstracted as a matrix $ℜ_{r \times c}$ . The data at each position $(i, j)$ represent the configuration string $e_{i, j}$ , $0 \leq i < r$ , $0 \leq j < c$ . To make the positions evenly exchange, we use a random obfuscation algorithm which first separates the elements at the same row or column and then exchange them using chaotic sequence. Here, two chaotic sequences are generated. A chaotic sequence is further transformed into a binary sequence for separating the elements at the same row or column. Random obfuscation algorithm can cover the feature of the chaotic sequence, making the attacker difficult to obtain the chaotic secret key in authentication. The principle of the obfuscation algorithm is shown in Figure 4. The implementation of the random obfuscation algorithm is concretely described as follows:

Step 1: a initial value $x (0)$ is chosen as the input of the logistic chaotic system. The iterations will repeat $N \times (r + c)$ times to generate the chaotic sequence. Here, N is the number of encryption rounds. r and c, respectively, denote the number of rows and columns in the matrix $ℜ_{r \times c}$ . The generated chaotic sequence will be quantified into a binary sequence $y_{1}$ . Another initial value is selected for logistic system and a new chaotic sequence $y_{2}$ is generated after $2 \times N \times (r + c)$ times of iterations.

Step 2: the rows of $ℜ_{r \times c}$ can be numbered as 1, 2, …, r, which multiplies with r elements in $y_{1}$ . The positive and negative results will be used to control the column separation. The separation indexes are stored into an array I. After that, $ℜ_{r \times c}$ is divided into two small matrixes with c rows, both of which will be exchanged by the control of two sections of chaotic sequence $y_{2}$ with the length of c.

Step 3: the same subsequences are used to encode the elements in both matrixes with $ς = mod (e + η, λ)$ . Here, e and $ς$ are, respectively, the original element and the encoded element. $η$ denotes a processed value of an element in the sub-sequence. $λ$ denotes the maximum value that a LUT can store. mod is the modulus operation.

Step 4: both the obfuscated matrixes will be restored using the stored indexes in I. The matrix with separated columns is denoted by $ℜ_{r \times c}^{(c)}$ . Another c elements in $y_{1}$ is selected to multiply by the number of 1, 2, …, c. The results will determine the separation of the rows. The separation indexes are stored in $I'$ . Therefore, two matrixes with r columns are generated, which will be further obfuscated using subsequences in $y_{2}$ . The elements in two matrixes will also be encoded using similar operation in Step 3.

Step 5: after obfuscation, both the matrixes will be integrated into a matrix $ℜ_{r \times c}^{(cr)}$ with separated rows according the separation indexes from $I'$ .

Step 6: the Steps 1–4 are repeated for N times, and the final obfuscated matrix is generated.

Figure 4.

The flow of position obfuscation algorithm.

Protocol analysis

The proposed watermark authentication protocol only needs one interaction round to convince the verifier. It realizes high authentication efficiency and enables the verifier to check the ownership of the bitfile core offline. In this section, the property analysis is discussed, including completeness, soundness, and zero-knowledge property. Besides, the robustness of NIWAS is also analyzed.

Property analysis

As for ZKP, there are three central properties captured in the notions of completeness, soundness, and zero-knowledge. In what follows, we give a discussion about these properties.

Completeness

The prover can convince the verifier if the prover knows a witness testifying to the secret in an IP design. Here, we consider that the verifier has a watermarked copy of IP design $D'_{w}$ , obtained in a legitimate or illegitimate way. In authentication of the secret, the prover should verify two facts on basis of the public sequence, $Q \in {0, 1} *$ : (1) he has a legal design $D_{w}$ and (2) a few watermarks (secret) indicating the ownership exist in the design. For the case (1), the prover generates a mapped design $M_{D_{w}}^{κ}$ from his declared design with $κ$ . The key $κ$ for generating $M_{D_{w}}^{κ}$ will be sent as a parameter of response packet, with which the verifier can generate a mapped design $M_{{D'}_{w}}^{κ}$ . The verifier verifies whether $M^{κ} (D'_{w}) = M_{D_{w}}^{κ}$ . Here, the content C of LUT is assumed to be encrypted as $ξ (C)$ with $k_{1}$ before published. Otherwise, real content of watermarked will be exposed to the verifier in $D'_{w}$ . In case (2), the watermarked locations in a mapped design will be exposed to the verifier. Although he cannot get the key for a mapped design $D_{i}$ , he may attempt to eliminate the content in $D'_{w}$ that is consistent with that in the exposed watermarked LUTs in $D_{i}$ . So, what we consider is that, the prover sends a mapped design $D_{i}$ with all encrypted configuration string $(ϒ (ξ (C)))$ using key $k_{2}$ . $k_{2}$ should be updated for each $q_{i} \in Q$ to avoid malicious verifier from deriving watermarked locations in $D'_{w}$ . Other parameters sent to the verifier in case (2) include a mapped design, watermarked locations in mapped design and $k = k_{1} \circ k_{2}$ . He can verify the ownership using k to decrypt the content of exposed locations, but cannot get the knowledge about encoded watermarks in $D'_{w}$ .

Soundness

A malicious prover Peggy cannot convince the verifier if the statement is false. In our technique, Peggy cannot pass both cases with high probability. For case (1), he may pretend to be legitimate IP owner by declaring a fake ownership with a copy of published IP design ${D ″}_{w}$ . He can successfully deceive the verifier with the probability of 1/2. But for case (2), he cannot get information about $k_{1}$ since he has no core before publication. So, with the parameters sent by Peggy, the verifier cannot verify the declared ownership information. So, Peggy cannot pass all the queries depending on $Q \in {0, 1} *$ .

Zero-knowledge

A malicious verifier learns nothing except that the statement is true. The queries depend on a public sequence $Q \in {0, 1} *$ , which is equal to coin tosses in interactive zero-knowledge watermark authentication protocol. There are two cases for different values of $q_{i} \in Q$ . The verifier cannot get the key of mapping a design and the watermarked locations in this design. Besides, the content of published core is encoded. Only the legitimate IP owner can get the key of $k_{2}$ , which can make the verifier successfully detect real watermarks. In the authentication, the verifier gets no clues for watermarked locations in $D'_{w}$ .

Robustness analysis

In this section, we analyze the robustness against several typical attacks, including tampering attack, removal attack, brute force attack, replay attack, and so on.

Tampering and removal attack

The zero-knowledge of the protocol will leak no sensitive information about real watermarks. In the mapped designs, the real watermark positions are obfuscated. So, an adversary has low probability to directly tamper target watermarked LUTs. But, it cannot avoid the watermarks being tampered by coincidence. If one or several watermarks are attacked, there are two mechanisms to restore the watermarks. (1) If the number of tampered bits does not exceed the correction ability of ECC, the watermark can be retrieved itself. Otherwise, the watermark will be dropped, and another reliable watermark will be chosen instead to ensure a successful authentication.

Brute force attack

The attackers tried to find the watermark positions using brute force. A real FPGA system includes many IP cores and the number of gates may be extremely large. The watermarks are embedded into the LUTs after series of processing. The number of watermarked positions can be ignored by comparing to the number of the complete design. The combinations to select several watermark positions from the design are almost countless. Moreover, the watermarks are implemented through configuration. The configuration data of watermarks is no different with that of the design. So, it is also hard to distinguish the watermarks.

Replay attack

It means that a vicious party can insert a forged signature into a watermarked IP design to declare a forged ownership. Since there are many unused LUTs in the watermarked design. If the attackers intentionally perform this type of attacks, one effective way is to register a timestamp of a watermarked design in a neutral authorized institution. So, the extracted watermarks which include this timestamp are legal. In this case, the forged watermarks cannot be used as legal evidence in authentication.

Experimental results

The proposed NIWAS is tested on benchmarks from IWLS2005 and ISCAS ‘89. First, the watermarks are prepared, and each benchmark is synthesized and implemented on smallest possible FPGA devices, yielding configuration bitstring. After that, the prepared watermarks are inserted into the design as in section “The NIWAS protocol.” Watermark authentication is implemented in java language on a machine with 2.59 GHz Intel^® core™ i7 CPU and 8 GB memories.

The NIWAS is compared to the Verify_ZKP¹⁷ and Blind_ZKP,¹⁹ which are protocols of authenticate the copyright from the bitfile core. We embed 256-bit private watermark representing IP ownership into the benchmarks. In this section, the robustness and detection rate of NIWAS are evaluated.

Robustness evaluation

In this section, we aim to evaluate the robustness of generating a mapped design through location scrambling. Manhattan distance is used as a metric for evaluation. The distance between two points in a grid is based on a strictly horizontal and/or vertical path (i.e. along the grid lines), as opposed to the diagonal or “as the crow flies” distance. The Manhattan distance is the simple sum of the horizontal and vertical components, whereas the diagonal distance might be computed by applying the Pythagorean theorem.²⁹ Since the location scrambling is to exchange the positions of the elements in ℜ. If the Manhattan distance between the original location and the mapped location is larger, the performance of scrambling is better. However, another case cannot be ignored. As for an element in ℜ, if it has large Manhattan distance before and after location mapping and its neighboring elements also move to the same direction with large Manhattan distance. We cannot judge a good scrambling performance. So, Manhattan distance can be used as a good metric to evaluate the performance of location scrambling but should not be the only consideration. Here, the uniformity of location scrambling is also considered for a comprehensive evaluation.

In this experiment, we employ two metrics to evaluate the robustness of position obfuscation, the Manhattan distance and the uniformity.³⁰ Manhattan distance represents whether the elements are moving to the positions as far as possible. And, the uniformity denotes whether the elements are evenly distributed. Larger value of both metrics shows good robustness of position obfuscation.

Let $(x_{i}, y_{j})$ and $(x'_{i}, y'_{j})$ be the element position before and after obfuscation and $d_{M}$ be the Manhattan distance. We have $d_{M} = | x_{i} - {x'}_{i} | + | y_{i} - {y'}_{i} |$ . The mean and the standard deviation of Manhattan distance are, respectively, denoted by of $d_{M}$ is denoted by $ϑ_{N} (d_{M})$ and $σ_{N} (d_{M})$ , whose definitions are as follows

ϑ_{N} (d_{M}) = \frac{1}{N} \sum_{i = 1}^{N} d_{M}

(7)

σ_{N} (d_{M}) = {[\frac{1}{N} \sum_{i = 1}^{N} {(d_{M} - ϑ_{N} (d_{M}))}^{2}]}^{1 / 2}

(8)

We assume a matrix $ℜ_{r \times c}$ to be divided into blocks with size of $a \times b$ . A block B is randomly chosen from $ℜ_{r \times c}$ . If the blocks in obfuscated matrix include the elements in B, we denote $p_{k} = rc / ab$ ; otherwise, $p_{k} = 0$ . So, we have $\sum_{k = 1}^{ab} p_{k} = 1$ , but practically using $p_{k} = 1$ instead. Otherwise, $p_{k}$ is 0. The number of blocks containing elements in B is represented by $n_{k}$ . So, the uniformity degree $P_{B}$ is calculated by equation (9)

P_{B} = \frac{ab n_{k}}{rc}

(9)

The uniformity degree of block B, namely, $P_{B}$ reflects the degree to which a confusion complies with the uniform scrambling. In the original matrix, the average of uniformity degree for all blocks can be denoted as follows

Δ P = \frac{1}{ab} \sum_{i = 1}^{ab} P_{i}

(10)

Here, $Δ P$ ranges from 0 to 1. It is a deviation between a certain scrambling and the uniform scrambling. In this case, the evaluation of scrambling degree is judged by measuring all elements in a block of original matrix.

Besides the Manhattan distance, we also calculate the uniformity to evaluate the scrambling effect. The matrix is divided into a set of blocks. If the elements are moved to other blocks evenly, the performance will be better. The uniformity degree and its mean in NIWAS are calculated using equations (9) and (10). The results are listed in Table 1. The first three columns, respectively, list the benchmarks, the number of LUTs in a marked design and the size of array in bitfile core. $ϑ_{N} (d_{M})$ and $σ_{N} (d_{M})$ denote the mean Manhattan distance and the standard deviation in the obfuscated design. The column $Δ P$ lists the uniformity of the obfuscation. Besides, the Hamming distance is also used to evaluate the bitstring of a LUT, which is computed as the number of flipped bits in encoded design. The mean Hamming distance and the standard deviation are represented by $ϑ_{N} (d_{H})$ and $σ_{N} (d_{H})$ , respectively. The probability of bit flipping is listed in the last column.

Table 1.

Robustness evaluation of obfuscation.

Benchmarks	#LUTs in marked design	Size of array	$ϑ_{N} (d_{M})$	$σ_{N} (d_{M})$	$Δ P$	$ϑ_{N} (d_{H})$	$σ_{N} (d_{H})$	$Δ P_{F}$
aes_core	811	192 × 80	79.44	46.73	0.7825	8.64	4.69	0.5400
ethernet	3034	160 × 64	65.96	38.57	0.8274	8.57	4.43	0.5356
mem_ctrl	1651	160 × 64	65.25	38.24	0.7921	8.69	4.17	0.5431
pci_bridge32	1864	160 × 64	65.82	38.83	0.7849	8.54	4.92	0.5338
s38584	2998	160 × 64	65.48	38.92	0.7934	8.73	4.08	0.5456
s5378	424	128 × 48	52.24	30.95	0.8212	8.69	4.85	0.5431
ac97_ctrl	1839	96 × 32	38.79	23.24	0.8153	8.5	4.87	0.5313
spi	710	96 × 32	39.13	23.16	0.8037	8.62	4.16	0.5388
vga_lcd	262	96 × 32	38.53	23.08	0.8336	8.67	4.21	0.5419
s9234_1	337	64 × 16	25.64	15.31	0.7994	8.58	4.94	0.5363

LUT: lookup table.

In Table 1, the benchmarks occupy various resources of FPGA, ranging from 226 to 3034. The mean $ϑ_{N} (d_{M})$ varies from 25.64 to 79.44 for different sizes of array. But the value changes slightly for the benchmarks with the same size of array. It demonstrates that the Manhattan distance is directly related to the size of array. $σ_{N} (d_{M})$ shows the same trend with that of the mean $ϑ_{N} (d_{M})$ . The values of $Δ P$ fluctuate around 0.8, which demonstrates a relatively good uniformity of the obfuscation. The mean $ϑ_{N} (d_{H})$ and the standard deviation $σ_{N} (d_{H})$ are calculated for the bitstring in each LUT with the length of 16. The probability of bits flipping shows there are more than a half number of the flipped bits due to encoding on average. These metrics are further compared to the protocols of Verify_ZKP and Blind_ZKP, as shown in Figure 5.

Figure 5.

Robustness of position obfuscation: (a) The evaluation of the mean manhatan distance and (b) The evaluation of the uniformity degree.

The comparison of position obfuscation is shown in Figure 5. Figure 5(a) shows the overall shift distance and Figure 5(b) shows the uniformity of obfuscation. NIWAS has larger value of the mean Manhattan distance than other two protocols. The protocols of Verify_ZKP and Blind_ZKP are based on configurable logic block (CLB) obfuscation, while our protocol directly obfuscates the LUTs. Due to the small granularity of obfuscation, a specific position moves farther in comparison, but requires more time for obfuscation. Besides, the curves in Figure 5(b) show the uniformity of NIWAS is larger than the other two protocols. By comparing to the protocols of Verify_ZKP and Blind_ZKP, the proposed NIWAS improves the uniformity by 35.2% and 25.9% at most. It directly relates with the chaos-based random obfuscation algorithm. Besides, we also evaluate the robustness of encoding in obfuscated design, as shown in Figure 6. The three protocols show stable curves of the number of flipped bits in the encoded design. However, the proposed NIWAS has slightly larger value than the other protocols, 16.1% and 13.5% at most. It may be related to the use of chaotic sequence in encoding.

Figure 6.

Robustness comparison of bitstring encoding.

Watermark detection rate

The detection rate $γ$ indicates the probability of successfully detecting a watermark in a design. It can be defined as the ratio of the successfully detected watermark bits to the whole watermark bits, as equation (11)

γ = n_{d} / n

(11)

Here, $n_{d}$ is the number of successfully detected watermark bits. n is the number of original watermark bits. Although the authentication protocol will not leak any sensitive information about the watermarks, it is inevitable for attackers to destroy the watermarks by brute force or other illegal attacks. In this section, we evaluate NIWAS by the detection rate of the watermarked design suffering from different degree of attacks. Due to the watermark embedding algorithm, two metrics will be considered in this section, which are, respectively, the single detection rate $γ_{s}$ for a single watermark and the overall detection rate $γ_{o}$ for all watermarks in the design.

In this experiment, the benchmark ethernet is chosen for evaluation. The bitfile is generated after embedding 128-bit watermarks. The results shown in Figure 7 are determined by 50 times of repeated experiments. Figure 7(a) shows the proposed NIWAS has better detection rate in a watermarked LUT when there are less impaired watermark bits. The ECC in each watermark has limited correction ability for bit flipping. But with the increase in the impaired watermark bits, three protocols show a similar descending curve. In Figure 7(b), NIWAS has higher detection rate $γ_{o}$ with less impaired watermarks by comparing to the other protocols. But more impaired watermarks make the values of the detection rate $γ_{o}$ be closer. The results correspond with the theoretical analysis of NIWAS due to the fault tolerant mechanism. Overall, NIWAS has improved $γ_{o}$ by 19.46% and 20.11% at most when compared to the protocols of Verify_ZKP and Blind_ZKP, respectively.

Figure 7.

The comparison of detection rate: (a) $γ_{s}$ and (b) $γ_{o}$ .

Conclusion

In this work, we have analyzed current ZKP-based IP watermark detection techniques and proposed a non-interactive watermark authentication technique to prove IP ownership without revealing any information to remove the watermark. It is a real-time watermark authentication technique owning to only one interaction with the verifier. The real watermark locations will not be leaked to the verifier due to the use of location obfuscation. Integrated with the proposed watermark embedding technique, the efficiency and robustness of watermark authentication are relatively enhanced. The proposed NIWAS compensates for the deficiency of most schemes that fail to consider public blind detection of watermarks. The experiments show that the proposed watermark embedding and authentication techniques are robust and efficient in proving ownership of FPGA bitfile cores. In the future, we will conduct further study on passive blind detection for secure authentication of IP ownership in IoT.

Footnotes

Handling Editor: Fei Yu

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported by the National Science Foundation of China (Grant Nos 61472130 and 61572188), the Research Project supported by Xiamen University of Technology (Grant Nos YKJ15019R and YSK15003R), Xiamen Science and Technology Foundation (Grant No. 3502Z20173035), the Open Research Fund of Hunan Provincial Key Laboratory of Network Investigational Technology (Grant No. 2017WLZC007), and the Open Research Fund of Fujian Key Laboratory of Automotive Electronics and Electric Drive (Grant No. ZDKA17001).

ORCID iD

Jing Long

References

Industrial Internet of things volume G4: security framework. Boston, MA: Industrial Internet Consortium, 2016.

http://info.electric.hc360.com/2012/04/101052446655.shtml

Chang

Zhang

. A blind dynamic fingerprinting technique for sequential circuit intellectual property protection. IEEE T Comput Aid D 2014; 33: 76–89.

Cui

Zhang

. Ultra-low overhead dynamic watermarking on scan design for hard IP protection. IEEE T Inf Foren Sec 2017; 10: 2298–2313.

Zhang

Lin

et al . Watermarking FPGA bitfile for intellectual property protection. Radioengineering 2012; 21: 764–771.

Karam

Hoque

Ray

et al . Robust bitstream protection in FPGA based systems through low-overhead obfuscation. In: Proceedings of the international conference on reconfigurable computing & FPGAs, Cancun, Mexico, 30 November–2 December 2017, pp.1–8. New York: IEEE.

. Publicly detectable watermarking for intellectual property authentication in VLSI design. IEEE T Comput Aid D 2002; 21: 1363–1368.

Roy

Senguta

. Low overhead symmetrical protection of reusable IP core using robust fingerprinting and watermarking during high level synthesis. Future Gener Comput Syst 2017; 71: 89–101.

Lach

Mangione-Smith

Potkonjak

. Signature hiding techniques for FPGA intellectual property protection. In: Proceedings of the IEEE/ACM international conference on computer-aided design, San Jose, CA, 8–12 November 1998, pp.186–189. New York: ACM Press.

10.

Lach

Mangione-Smith

Potkonjak

. Fingerprinting techniques for field-programmable gate array intellectual property protection. IEEE T Comput Aid D 2001; 20: 1253–1261.

11.

Castillo

Meyer-Baese

Garcia

et al . IPP @HDL: efficient intellectual property protection scheme for IP cores. IEEE T VLSI Syst 2007; 15: 578–591.

12.

Ziener

Teich

. Power signature watermarking of IP cores for FPGAs. J Signal Process Sys 2008; 51: 123–136.

13.

Schmid

Ziener

Teich

. Netlist-level IP protection by watermarking for LUT-based FPGAs. In: Proceedings of the 2008 international conference on field-programmable technology, Taipei, Taiwan, 8–10 December 2008, pp.209–216. New York: IEEE.

14.

Adelsbach

Sadeghi

. Zero-knowledge watermark detection and proof of ownership. In: Proceedings of the international workshop on information hiding, Pittsburgh, PA, 25–27 April 2001, pp.273–288. New York: ACM.

15.

Craver

. Zero knowledge watermark detection. In: Proceedings of the international workshop on information hiding, Dresden, 29 September–1 October 2000, pp.101–116. Berlin: Springer.

16.

Zhao

Dai

Feng

. A generalized method for constructing and proving zero-knowledge watermark proof systems. Lect Notes Comput 2005; 3304: 204–217.

17.

Saha

Sur-Kolay

. Secure public verification of IP marks in FPGA design through a zero-knowledge protocol. IEEE T VLSI Syst 2012; 20: 1749–1757.

18.

Zhang

Lin

. Publicly verifiable FPGA IP watermark detection based on chaos. Sci China Inform Sci 2013; 43: 1096–1110.

19.

Liang

Long

Chen

et al . A new publicly verifiable blind detection scheme for intellectual property protection. Int J Syst Assur Eng Manag 2017; 8: 1–13.

20.

Groth

. Short non-interactive zero-knowledge proofs. In: Proceedings of the advances in cryptology—Asiacrypt, 2010, pp.341–358, https://www.iacr.org/archive/asiacrypt2010/6477343/6477343.pdf

21.

Santis

Micali

Persiano

. Non-interactive zero-knowledge proof system: a conference on the theory and applications of cryptographic techniques. Adv Cryptol 1987; 293: 52–72.

22.

. Robust non-interactive zero knowledge watermarking scheme against cheating prover. In: Proceedings of the workshop on multimedia & security, New York, 1–2 August 2005, pp.103–110. New York: ACM.

23.

Martín-Fernández

Caballero-Gil

. Authentication based on non-interactive zero-knowledge proofs for the Internet of things. Sensors 2016; 16: E75.

24.

Martín-Fernández

Caballero-Gil

. Non-interactive authentication and confidential information exchange for mobile environments. In: Herrero

Baruque

Sedano

et al . (eds) International joint conference, vol. 369. Berlin: Springer, 2015, pp.261–271.

25.

Long

Zhang

Liang

et al . Signature restoration for enhancing robustness of FPGA IP designs. Int J Inf Secur Priv 2015; 9: 41–56.

26.

Wang

Fan

. Chaotic image scrambling algorithm based on location and gray transformation. J Chin Comput Syst 2012; 6: 1284–1287.

27.

Dăscălescu

Boriga

. A novel fast chaos-based algorithm for generating random permutations with high shift factor suitable for image scrambling. Nonlinear Dynam 2013; 74: 307–318.

28.

Wang

et al . Self-adaptive image encryption algorithm based on logistic map and hyper-chaos. Microelectron Comput 2012; 29: 42–46.

29.

Manhattan distance, https://en.wiktionary.org/wiki/Manhattan_distance (accessed 21 March 2017).

30.

Zou

Ward

. A new digital image scrambling method based on Fibonacci numbers. Proc IEEE Int Sympo Circ Syst 2004; 3: 965–968.

NIWAS: A non-interactive watermark authentication scheme for industrial field-programmable gate array designs

Abstract

Keywords

Introduction

Related work

The NIWAS protocol

Watermark generation and embedding

Non-interactive watermark authentication

Protocol overview

Protocol implementation

Generation of chaotic secret key

Random obfuscation algorithm

Protocol analysis

Property analysis

Completeness

Soundness

Zero-knowledge

Robustness analysis

Tampering and removal attack

Brute force attack

Replay attack

Experimental results

Robustness evaluation

Watermark detection rate

Conclusion

Footnotes

Declaration of conflicting interests

Funding

ORCID iD

References