Sage Journals: Discover world-class research

Abstract

For the copyright protection in intellectual property reuse technology, we must ensure that when an intellectual property watermark verifier leaks the secret key of an intellectual property watermark system, a malicious attacker could not guess the key to facilitate successful attacks on the watermarks. Therefore, this work proposes a robust intellectual property watermarking algorithm based on elliptic-curve cryptography. The physical layout of intellectual property design is abstracted into a graph with tree structure by using the topology theory. A secure model based on the asymmetric encryption model is proposed to encrypt the watermark positions. The generated graph and a random searching algorithm are used for the distribution of the watermark positions. Finally, the watermarks are inserted by reordering the redundant attributes in the graph. The experiments show that the proposed algorithm will insert more watermark constraints under the same condition. Thus, the probability of coincidence is lower, achieving good reliability. In addition, when the watermarks are impaired due to attacks, the algorithm can restore the original watermarks from the topology graph. In comparison to other algorithms, the proposed algorithm has good performance in watermark capacity and overhead, as well as provides resilience to the typical attacks.

Keywords

Intellectual property reuse asymmetric encryption intellectual property watermark elliptic-curve cryptography intellectual property security

Introduction

Significant investment (e.g. research and development costs) is required in integrated chip design, and therefore, intellectual property (IP) reuse reduces development costs.¹ However, there is potential for abuse, such as illegal resale and forgery of the reused IP, which has financial implications for the IP designer and affects the IP designer’s competitive advantage. The Virtual Socket Interface Alliance (VSIA) was established to protect the IP of integrated circuit designers, and IP protection for integrated circuits is a topic of ongoing interest.² Digital IP watermarking technique is one commonly used approach. In such a technique, an invisible and hard-to-remove code is inserted into a design for IP protection.³

To ensure the robustness and the security of watermarking techniques, the verifier generates a secret key with the key generator and embeds a watermark into a target design. Gal and Bossuet⁴ proposed an automatic low-cost IP watermarking algorithm based on output mark insertions. It realizes protection depending on the mathematical relationship between input and input number at specific time. Shastry⁵ addressed the security threats (e.g. cloning, reverse engineering, tampering) by obfuscating the netlist of the design. The implementation is simple, and each design is obfuscated independently. The algorithm can achieve high security and efficiency. Zhang et al.⁶ proposed an field programmable gate array (FPGA) IP protection technique by binding physical unclonable function with finite state machine of the target design. The license-based locking and unlocking mechanism is utilized to realize the pay-per-use of the device. Meade et al.⁷ designed a reverse engineering finite state machine (REFSM) by reconfiguring the logic circuit of the high-level hardware description. It can restore the control logic of the circuit from the netlist with different complexity. Besides, the malicious logic circuit can be recognized from the obfuscated netlist. Sengupta et al.⁸ proposed a triple-phase watermarking algorithm for reusable IP core protection. The watermark configuration needs a complete coding of seven variables. So, it can resist the external attacks effectively and the probability of coincidence is much lower. Liu and Li⁹ proposed to lock the hard IP at physical level based on the key locking mechanism. The IP core cannot work normally without the key, which denotes the unique signatures of IP owner and buyer. In this case, the IP core can be effectively traced. Liang et al.¹⁰ proposed an IP protection algorithm based on two-dimensional chaotic mapping. The selection of the watermark positions is determined by the generated chaotic sequence. The watermark segments are randomly distributed into these positions. Long et al.¹¹ proposed a low-cost IP watermarking algorithm for the protection of FPGA IP design. The signature is distributed orderly and the actual content of the watermark is compressed to reduce the resource overhead. Cui et al.¹²,¹³ proposed an ultra-low overhead dynamic watermarking on scan design for hard IP protection. By analysis, an optimized scan design uses two complementary connections between two adjacent scan cells. Such scan design flexibility in the selection of local connection can be utilized to embed watermarking constraints. It can conveniently be implemented by local rewiring and/or introducing dummy scan cells. The test vectors will be changed accordingly to reflect the watermarked connection styles to guarantee the test coverage. The inserted watermark can be extracted from the test vectors and/or the corresponding scan output.

Most of the watermarking algorithms belong to IP protection and verification techniques based on traditional encryption model.^14–16 The watermarking embedding procedure shares the same secret key with the extraction procedure.¹⁷,¹⁸ Thus, if the key is leaked by the malicious verifier, the watermarks will be easily tampered or removed. In this work, we consider the real application and propose a symmetric encryption model-based IP watermarking algorithm. The thought of symmetric encryption is used in this technique. For IP design based on FPGA, the unused lookup table (LUT) structures are reordered for indicating the generated watermarks. In this way, the malicious attacker cannot reversely deduce the existence of the watermarks. The proposed algorithm can restore the impaired watermark after suffering from attacks, which achieves the following goals.

High capacity: Due to the simultaneous embedding of watermark information, the amount of watermarked information is doubled. All the associated transmission information increases accordingly.

Security: Digital watermarking for protecting the circuit copyright realizes multiple security applications. The scalability of the digital watermark is good. It is more suitable for the complex large-scale circuit chip system.

Reliability: The prover can convince the verifier or the third party that the watermarked design has low probability of coincidence. Once the public key is leaked, the reliability of watermarking system can be ensured as well.

In this article, we propose a robust IP watermarking algorithm for protecting the copyright of FPGA design. The main contributions are listed as follows. We propose elliptic-curve cryptography (ECC)–based IP watermarking model. The proposed algorithm inserts the ownership information into the hardware circuit after encryption. The ECC model is used for encryption and decryption. The algorithm can restore the impaired watermark after suffering from attacks. The experiments show that the performance in terms of overhead and robustness are encouraging.

This work is organized as follows. The “Preliminaries” section introduces the preliminaries of this article. The algorithm is detailed in the “ECC-based IP watermarking algorithm” section. The “Experimental result” section evaluates the performance of the proposed algorithm, including embedding capacity, detection probability, and resistance against attacks. The “Conclusion” section summarizes this article.

Preliminaries

In this section, some mathematical theories of ECC¹⁹,²⁰ are introduced as the foundation of the proposed algorithm. At the elliptic curve, we select two points K and G. Based on the characteristic of ECC group, we have K = kG. k is a random integer less than n. n is the order of G. Notedly, if k and G are given, K will be easily computed. But it is difficult to compute k with the given K and G.

Elliptic curve is derived from elliptic integral, as expressed below

\int \frac{dx}{\sqrt{f (x)}}

(1)

Here, f(x) is a quadratic or quartic polynomial with respect to x. Elliptic curve is a Weierstrass equation

y^{2} + a_{1} xy + a_{3} y = x^{3} + a_{2} x^{2} + a_{4} x + a_{6}

(2)

The elliptic curve in equation (2) is continuous and not suitable for encryption. However, in finite field E, elliptic curve consists of many discrete points. Here, $a_{i} \in E$ , $i = 1, 2, \dots, 3$ . The point (x, y) satisfying equation (2) is named the point of $f (x)$ in field E. Thus, E includes a set of all points at $f (x)$ and point at infinity O∞ and the computation rule of this set.

In ECC group of the finite field $E (p)$ , p is usually set as an odd prime greater than 3. So, the elliptic curve in $E (p)$ can be defined as equation (3)

y^{2} = x^{3} + a_{4} x + a_{6}, a_{4}, a_{6} \in E (p)

(3)

Here, $x^{3} + a_{4} x + a_{6}$ should have no iteration factor or $4 {a_{4}}^{3} + 27 {a_{6}}^{3} \neq 0 (mod p)$ is established for all points at the elliptic curve in equation (3), which forms a group with an infinite point $φ$ and computation rule at the curve. In this case, the points at the curve can implement arbitrary “add” operation. Figure 1 shows the curve of ECC.

Figure 1.

Encryption principle of ECC.

For all $M \in E (p)$ and $N \in E (p)$ , L is a ligature of M and N. A group can be created if the following features are satisfied.

1. $φ + M = M$ and $M + φ = M$ . Namely, $φ$ is a constant.

2. If $M = (X_{1}, Y_{1}) \neq φ$ and $- M = (x_{1}, y_{1})$ are true.

3. Two points M and N $(M \neq N)$ are selected and a ligature of T and N intersects the curve at M. Thus, the third point –M is generated. For $T = (x_{1}, - y_{1})$ , we have $N = (x_{2}, - y_{2})$ and $- M = (x_{3}, - y_{3})$

(x_{1} - y_{1}) + (x_{2} - y_{2}) = (x_{3} - y_{3})

(4)

\begin{matrix} x_{3} = λ^{2} - x_{1} - x_{2} mod p \\ y_{3} = λ (x_{1} - x_{3}) - y_{1} mod p \end{matrix}

(5)

Here, $λ = ((y_{2} - y_{1}) / (x_{2} - x_{1})) mod p$ . When $M \neq N$ , –M has the relationship with T and N, namely, $T + N = - M$ .

4. If T = N, the second point M is generated by drawing a tangent line across N. For any $N = (x_{1}, - y_{1})$ and $- M = (x_{3}, - y_{3})$ , equation (6) can be calculated

\begin{matrix} x_{3} = λ^{2} - 2 x_{1} mod p \\ y_{3} = λ (x_{1} - x_{3}) - y_{1} mod p \end{matrix}

(6)

Here

λ = \frac{3 x_{1}^{2} + a_{4}}{2 y_{1}} mod p

(7)

When M = N, the equation N + N = –M = 2N is established. The sum of k points P is calculated by equation (8)

P + P + P + P + \dots + P + P = kP

(8)

ECC-based IP watermarking algorithm

Digital IP watermarking technique derives from the copyright protection in media. But the carrier is different from that in media. So, the watermarking implementation is different.²¹ In Figure 2, Alice should first generate the watermark sequence with her own signature using the watermark generator. To ensure the security, two secret keys are generated, respectively, as the public key KEY1 and the private key KEY2. When IP disputes occur, the prover Alice will prove the existence of the inserted watermark to the verifier Bob by using an asymmetric encryption-based bidirectional authentication protocol. Alice uses the private key for watermark embedding. The sequence will be then inserted into the design without affecting the normal functionality of IP circuit. Thus, the watermarked design is generated and then propagated in market trading. The public key will be used in watermark detection. The private key is reserved, whereas the public key can be used by anyone who wants to detect the watermark. Finally, Alice provides an evidence of the watermark to Bob with the asymmetric bidirectional authentication protocol. The procedure will not leak the information about the private key.

Figure 2.

The structure of IP watermarking technique.

ECC-based interactive protocol

Since the parameters in the field of the elliptic curve are public, Alice and Bob can share the encryption. In this work, we use the prime field $E (p)$ . The parameters in this field include p, a, b, G, and h. Here, p determines the finite field. a and b are parameters of elliptic curve. G is the base point and n is the order of G. h is the result by dividing the order of elliptic-curve group and n.

Alice and Bob are, respectively, the prover and the verifier in this protocol. IP watermark is designed as a one-way hash function, which controls the random bit generator. If an attacker Eve wants to attack the watermark, he will provide enough outputs of the one-way hash function. Otherwise, he cannot know the signal bit generated by this function. Therefore, the one-way hash function plays a role of secure encryption tool in this protocol. The implementation of the protocol is shown in Figure 3.

Figure 3.

The interaction of ECC-based protocol.

Step 1: The structure of the secret key is $(2^{P}, f (x), a_{2}, a_{6}, G, n, h)$ . Here, $f (x), a_{2}, a_{6}, G, and n$ are public parameters.

Step 2: Bob gets the structure and prepares the following operations:

Bob selects an elliptic curve $f (x)$ and a point at this curve as the base point $G \in E (p)$ .

Bob selects a random integer k $(k < n)$ as the private key and then generates a public key $R = kG$ .

Step 3: The identities of Alice and Bob are authenticated before communication. Alice sends an identity authentication tag to Bob to verify whether Bob is legal.

Step 4: Bob returns a false name, the public key K, and the base point G to Alice.

Step 5: Alice verifies the false name. If Bob is an illegal user, the operation is canceled. Otherwise, go to step 6.

Step 6: Alice performs the following computation. Alice selects a random number and divides a watermark W into N small watermark fragments $w_{1,} w_{2,} w_{3}, \dots, w_{n}$ . $B_{n} = w_{n} + kR \times Rmod N$ and $C_{n} = kG \times kmod N$ are calculated. Alice sends $(B_{n}, C_{n}, N)$ to Bob. The following conditions should be satisfied:

Arbitrary N or more than N watermark fragments can restore W.

Arbitrary N – 1 or less than N – 1 watermark fragments cannot restore W.

If the third party or the detector deliberately leaks the key information ∂, the security can still be guaranteed. N participants with less information cannot obtain the key.

Step 7: Bob receives and checks $(Bn, Cn, N)$ , until he accepts the result of interactive authentication with Alice. In the same way, Bob also uses the same method to authenticate the host Alice for key interaction, so that the asymmetric security key distribution protocol is established between Alice and Bob.

IP watermark embedding

To enhance the robustness and the security of IP watermark, an asymmetric ECC encryption protocol is designed in watermark embedding. Assume the watermark sequence is $W = {w_{i}, w_{i} \in {0, 1}, 0 \leq i \leq N - 1}$ and the index collection is $I = {I_{i}, I_{1}, \dots, I_{N - 1}, 0 \leq i \leq N - 1}$ . $P = {P_{i}, P_{i} \in (0, 1], 0 \leq i \leq N - 1}$ is a random sequence determined by K. The original IP circuit is denoted by $X = {x_{i}, x_{i} \in {0, 1}, 0 \leq i \leq N - 1}$ . The chart of IP watermark embedding is shown in Figure 4.

Step 1: The asymmetric ECC protocol and the private key K₂ are used to get the private key $X' = E (K, X)$ of IP watermark distribution. After that it is transformed into binary code $B = B_{1}, B_{2}, B_{3}, \dots, B_{i}$ .

Step 2: The unused LUT resources will be searched and stored into an array $Upos [i]$ , $0 \leq i < n$ . Here, n is the number of unused LUTs. Meanwhile, the record table controlled by a pseudo-random sequence is used to read the public key $K_{1}$ of the embedder and the extractor.

Step 3: With the searched unused LUTs, we could establish a trie structure as Figure 5. The nodes in each tree will be reordered. We design a data structure to store the watermark positions. In order to reduce the storage, the structure for storing index number will be further compressed. Finally, the characteristic attribution of index number is stored into the trie structure.

By analyzing the characteristic attributes of numerous unused LUTs, we find that the impact on IP performance can be ignored when the characteristic values of the redundant attribute of a few unused LUTs are changed. This feature allows us to insert watermark into the characteristic values of the redundant attributes of unused LUTs. The concrete procedure to embed watermarks is illustrated as follows:

Step 4: After creating an index table I of the watermarks and the unused resources, a modification flag is added into this table. Four bits of $B = B_{1}, B_{2}, B_{3}, \dots, B_{i}$ are read and altered by the last four bits of the added modification flag.

Step 5: If the modification flags are added into each index in table I and if there are still some watermarks not embedded, a bit attribute value is added. The front four bits of this attribute value will be changed as zero. After that four bits of $B = B_{1}, B_{2}, B_{3}, \dots, B_{i}$ will be read and changed as the last four bits of the added value.

Step 6: A watermark position Wp[i] $(0 \leq i < L)$ is selected to insert a corresponding watermark fragment W[i] as a configuration string. This procedure repeats until L fragments are inserted. Besides, these watermarked LUTs are easily leaked. So, some unrelated connections should be also added to cover the real watermarked positions. To enhance the robustness of the algorithm, a parity check code will be added into each watermark fragment to verify whether the watermark is tampered.

Step 7: The steps 3, 4, and 5 repeat until all the watermarks are inserted.

Figure 4.

The chart of watermark embedding: (a) the structure of the topology graph, (b) the positions for watermark embedding, (c) the chart of nodes in the design, and (d) the connection of nodes before and after watermarking.

Figure 5.

The structure of watermark traversing process.

IP watermark extraction

In watermark extraction, the secret key used in watermark embedding is utilized to locate the marked positions. The watermarks are extracted by searching algorithm. It is a reverse process of the watermark embedding. The chart of watermark extraction is shown in Figure 6, and the concrete steps are described as follows:

Step 1: The characteristic matching information of unused LUTs is extracted. After that the address of index table is obtained with the steps 2 and 3 in watermark embedding.

Step 2: The address of index table and a threshold value will be matched, and the watermarks can be extracted as equation (9)

{\begin{matrix} I_{i}' = 0 & | q' | < Th \\ I_{i}' = & p - Th < | q' | < p + Th \end{matrix}

(9)

Here, p is the watermark strength and Th is the threshold. The optimal parameter of Th is determined by the experiments.

Step 3: When Bob receives the information $(B_{1}, C_{1})$ and $(B_{1}, C_{2})$ from Alice, the following calculations are performed:

Separate $B_{1}$ from $(B_{1}, C_{1})$ and use the private KEY2 to calculate $(x_{2}, y_{2})$ . We have $k_{2} • B_{1} = k_{2} • k_{1} • G = k_{1} • k_{2} • G = k_{1} • B_{2} = (x_{2}, y_{2})$ .

Calculate $E_{i} = C_{1} • x_{2}$ and decrypt to get $E_{i}$ .

The same method can be used to get $F_{i}$ .

Step 4: The information marks in topology–attribute relationship are the same. With the definition of node attribute, the similarity of attributes of two nodes is the weighted sum of the similarity of the center position, the region area, and $h_{i}$

F (Δ (θ_{i})) = λ_{p} δ_{p} (p_{i}) + λ_{h} δ_{h} (h_{i}) + λ_{s} δ_{s} (s_{i})

(10)

Here, $Δ (θ_{i})$ is the attribute relationship graph of target fragments. g is the node attribute. There are three attributes $p_{i}$ , $h_{i}$ , and $s_{i}$ to be matched. $Δ (θ_{i})$ is the attribute relationship of target fragment. g is the node attribute. The weight value satisfies $λ_{p} + λ_{h} + λ_{s} = 1$ , making $δ_{1}$ fall in the range of 0 to 1. The similarity of center position will be calculated as equation (11)

F (p_{i}) = 1 - \frac{| p_{i_{x}} | + | p_{i_{y}} |}{(p_{i_{x}}) + (p_{i_{y}})}

(11)

Here, $p_{i_{x}}$ and $p_{i_{y}}$ , respectively, represent x and y coordinates of the center point $p_{i}$ .

Step 5: Finally, the relationship of point and pair can be restored with the control of the public key K. With the position matching method, the watermarks can be extracted from the unused LUTs.

Figure 6.

The chart of watermark extraction.

Experimental result

In this section, we conduct a series of experiments to verify the performance of the proposed algorithm. All the experiments are conducted on a machine with Intel Pentium Dual-Core CPU 2.0 GHZ CPU and 2 GB memory. Very high speed integrated hardware description language (VHDL) and C++ language are used in the experiments. ISCAS’89 and some open-source cores are used as the benchmarks, which contain circuits of various types, from simple circuit module to complex very large-scale circuit. The performance of timing, resource, and resistance against attacks is verified.

Embedding capacity and hardware overhead

There is a close relationship between watermark capacity and the hardware overhead. Assume the watermark capacity is M, the power overhead is P, and the timing overhead is T. We compare the performance to algorithms in Long et al.²² and Liang et al.,¹⁰ and the result is shown in Figure 7. The proposed algorithm could increase the size of watermark fragments to reduce the number of inserted watermarks; thus, the watermark embedding capacity is increased and the overhead is reduced.

Figure 7.

The performance of watermark embedding: (a) the relationship between power consumption and watermark capacity, and (b) the relationship between embedding time and watermark capacity.

In Figure 7, with the increase of watermark capacity, P and T are increasing for the three comparative algorithms. It illustrates that more watermarks inserted into the design will cause the increase of P and T. But as shown in the figures, the proposed algorithm causes less increase than the other algorithms. So, it has better performance in terms of embedding time and the power consumption.

Detection probability

In this section, the detection probability is used to evaluate the performance of watermark verification. When the watermarks and the signals satisfy Gaussian distribution, the linear correlation detector can be used to detect the watermarks. Here, we use the asymmetric ECC-based detector and the symmetric detector, respectively, for watermark detection. For three IP circuits DES, AES, and RSA, we insert different number of watermark fragments into the design and simulate the removal attacks on these watermarked designs. The watermarks after being attacked are then detected. The evaluation and comparison of detection probability are shown in Figure 8. The evaluation of detection probability is shown in Figure 8(a) and (b). In Figure 8(a), the watermarks are detected by the asymmetric detector, and Figure 8(b) is the result of watermark detection using the symmetric detector. By comparing to algorithms in Castillo et al.²⁴ and Nie & Toyonaga,²⁵ the detection probability in Figure 8(a) is larger than that of Figure 8(b) Therefore, the asymmetric detector shows better performance in terms of transparency and security.

Figure 8.

Watermark detection rate of three watermarking methods: (a) watermark detection using asymmetric detector and (b) watermark detection using symmetric detector.

Resistance against attacks

The resistance against attacks is the ability of IP watermarks against illegal attacks. In practical application, common attacks include removal attack, collusion attack, and so on. This section analyzes the resistance against attacks for the proposed algorithm.

Removal attack

This attack aims to remove the watermarks directly. This section evaluates the ability against the removal attacks with the metric of damage rate. The result is shown in Table 1. First, several removal attacks are performed on a watermarked design with different attack strength. The resistance against removal attacks is compared to other algorithms as well. With the increase of attack strength, the proposed algorithm achieves lower damage rate by comparing to other algorithms. It shows good robustness against removal attacks.

Table 1.

Performance comparison for IP watermark detection.

Comparative methods	Attack strength	Damage rate (%)
Comparative methods	Attack strength	RSA	MD5	DES	RS5	AES
Method in Liang¹⁰	10%	0.1541	0.0651	0.1541	0.1541	0.1541
	25%	0.2354	0.2657	0.2698	0.2634	0.2975
	50%	0.4654	0.5674	0.4234	0.5789	0.3345
	100%	0.7345	0.7785	0.7721	0.7437	0.7753
Method in Fan²³	10%	0.2453	0.1652	0.1522	0.1789	0.2456
	25%	0.3213	0.3563	0.3678	0.2634	0.3975
	50%	0.4562	0.6456	0.6784	0.6001	0.5698
	100%	0.7341	0.8642	0.8432	0.84123	0.8990
Method in Castillo et al.²⁴	10%	0.0555	0.0642	0.1002	0.1211	0.1109
	25%	0.136	0.1765	0.1548	0.2678	0.3467
	50%	0.4556	0.3453	0.3421	0.3458	0.3998
	100%	0.7342	0.7741	0.7896	0.7081	0.7223
This study	10%	0.0321	0.0243	0.0567	0.0689	0.0512
	25%	0.1323	0.1789	0.1005	0.1679	0.1349
	50%	0.3009	0.4567	0.4567	0.4512	0.4672
	100%	0.5567	0.6785	0.5724	0.6125	0.5683

IP: intellectual property.

Collusion attack

The purpose of collusion users is to acquire more data with the holding secret key. By comparing to direct capture and eavesdrop attack, collusion attack needs less overhead and is not easy to be detected. Simply, we assume there is only one watermark fragment inserted into each LUT. The number of the collusion users is set as 80. The probability of watermark leakage is evaluated when the number of collusion users varies from 10 to 80. Figure 9 shows a comparison of three algorithms in terms of resistance against collusion attacks. When there are less collusion users, the ability of three algorithms against collusion attacks is different. With the increase of collusion users, the probability of watermark leakage in Nie and Toyonaga²⁵ and Schmid et al.²⁶ increases accordingly. The probability of leaking watermark is lower in the proposed algorithm. When the collusion users are more than 60, the probability in Nie and Toyonaga²⁵ increases rapidly than that in Schmid et al.²⁶ It is because the use of random number in the generation of secret key. In fact, it is pseudo-random number, which can be found with enumeration. The algorithm in Schmid et al.²⁶ eliminates the adverse factor and updates the main secret key periodically. If a malicious user is found, the operation will be canceled. In the proposed algorithm, the collusion users can only obtain their own data and cannot acquire data from other nodes. So, the impact on the security is much less.

Figure 9.

The evaluation of the ability against collusion attack for three methods.

Conclusion

This work proposed an asymmetric ECC-based IP watermarking algorithm for IP protection. The topology theory is used to process the IP layout, and an asymmetric ECC-based encryption model is proposed. An improved searching algorithm is used to promote the efficiency of watermark embedding. It provides a novel thought for IP watermarking techniques depending on the strength of secret key. The proposed algorithm has no impact on the normal functionality of IP circuit and lower hardware overhead. The robustness and security of the proposed algorithm is also encouraging. It can be applied for FPGA IP protection in various devices. But the ability of real-time processing should be further enhanced. Besides, the asymmetric IP watermarking algorithm should also address the watermark protection and authentication issues by using mutual watermark correlation when the private key is leaked. It will be considered in our future work.

Footnotes

Handling Editor: Fei Yu

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work is supported by the National Science Foundation of China (Grant 61572188), Xiamen Science and Technology Foundation (Grant 3502Z20173035), Scientific Research Program of New Century Excellent Talents in Fujian Province University, Fujian Provincial Natural Science Foundation of China (Grant 2018J01570), in part by the CERNET Innovation Project under Grant NGII20170411, the National Nature Science Foundation of Fujian Province (Grant 2018J01544), National Natural Science Foundation of China (Grant 61872138), the Scientific Research Program of Outstanding Young Talents in Universities of Fujian Province, the Key Project of Natural Foundation for Young in Colleges of Fujian Province (Grant JZ160466).

ORCID iD

Weihong Huang

References

Liu

Zou

et al . Hardware IP protection through gate-level obfuscation. In: International conference on computer-aided design and computer graphics, ICCADCG 2015, Xi’an, China, 26–28 August 2015, pp.186–193. New York: IEEE.

Long

Zhang

Liang

et al . NIWAS: a non-interactive watermark authentication scheme for industrial field-programmable gate array designs. Adv Mech Eng 2018; 10: 1–12.

Sengupta

Bhadauria

Exploring low cost optimal watermark for reusable IP cores during high level synthesis. IEEE Access 2017; 4: 2198–2215.

Gal

Bossuet

Automatic low-cost IP watermarking technique based on output mark insertions. Des Autom Embed Syst 2012; 16: 71–92.

Shastry

PVS

. Netlist level hardware IP protection by obfuscation technique using key-FSM. Int J Comput Appl T 2014; 5: 1614–1619.

Zhang

Lin

Lyu

et al . A PUF-FSM binding scheme for FPGA IP protection and pay-per-device licensing. IEEE T Inf Foren Sec 2017; 10: 1137–1150.

Meade

Zhang

Jin

IP protection through gate-level netlist security enhancement. Integration 2017; 58: 563–570.

Sengupta

Roy

Mohanty

SP.

Triple-phase watermarking for reusable IP core protection during architecture synthesis. IEEE T Comput Aid D 2018; 37: 742–755.

Liu

. A hierarchical IP protection approach for hard IP cores. In: IEEE international symposium on circuits and systems, Lisbon, 24–27 May 2015, pp.1566–1569. New York: IEEE.

10.

Liang

Xie

et al . TDCM: an IP watermarking algorithm based on two-dimensional chaotic mapping. Comput Sci Inf Syst 2015; 12: 823–841.

11.

Long

Zhang

Liang

et al . A leakage-resilient FPGA-based IP identity authentication protocol. In: 2018 IEEE SmartWorld, ubiquitous intelligence & computing, advanced & trusted computing, scalable computing & communications, cloud & big data computing, Internet of people and smart city innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), Guangzhou, China, 8–12 October 2018, pp.287–292. New York: IEEE.

12.

Cui

Zhang

Ultra-low overhead dynamic watermarking on scan design for hard IP protection. IEEE T Inf Foren Sec 2017; 10: 2298–2313.

13.

Huang

Cui

Chang

. A new watermarking scheme on scan chain ordering for hard IP protection. In: IEEE international symposium on circuits and systems, Baltimore, MD, 28–31 May 2017, pp.1–4. New York: IEEE.

14.

Singh

Dod

An efficient hardware design and implementation of Advanced Encryption Standard (AES) algorithm. Int J Rec Adv Eng Technol 2016; 4: 5–9.

15.

Rodríguez-Flores

Morales-Sandoval

Cumplido

Compact FPGA hardware architecture for public key encryption in embedded devices. PLoS ONE 2018; 13: e0190939.

16.

Hardware implementation of AES encryption algorithm based on FPGA. J Electron Inform Sci 2017; 2: 93–97.

17.

Liang

Sun

Xia

A chaotic IP watermarking in physical layout level based on FPGA. Radioengineering 2011; 20: 118–125.

18.

Liang

Long

Cui

A new robust dual intellectual property watermarking algorithm based on field programmable gate array. J Comput Theor Nanosci 2015; 12: 3959–3962.

19.

Chaudhry

Farash

Naqvi

et al . A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography. Electron Commer Res 2016; 16: 113–139.

20.

Liang

Huang

Chen

et al . Hausdorff distance model-based identity authentication for IP circuits in service-centric internet-of-things environment. Sensors 2019; 19: 1–18.

21.

Cui

Luo

Chang

CH.

Static and dynamic obfuscations of scan data against scan-based side-channel attacks. IEEE T Inf Foren Sec 2017; 12: 363–376.

22.

Long

Zhang

Zuo

et al . A robust low-overhead watermarking for field authentication of intellectual property cores. Comput Sci Inf Syst 2016; 13: 609–622.

23.

Fan

YC.

Testing-based watermarking techniques for intellectual-property identification in SOC design. IEEE T Instrumen Meas 2008; 57: 467–479.

24.

Castillo

Meyer-Baese

Garcia

et al . IPP@HDL: efficient intellectual property protection scheme for IP cores. IEEE T VLSI Syst 2007; 15: 578–591.

25.

Nie

Toyonaga

An efficient and reliable watermarking system for IP protection. IEICE T Fund Electr 2007; 90-A: 1932–1939.

26.

Schmid

Ziener

Teich

. Netlist-level IP protection by watermarking for LUT-based FPGAs. In: Proceedings of the International conference on ICECE technology, Taipei, Taiwan, 8–10 December 2008, pp.209–216. New York: IEEE.

Intellectual property protection for FPGA designs using the public key cryptography

Abstract

Keywords

Introduction

Preliminaries

ECC-based IP watermarking algorithm

ECC-based interactive protocol

IP watermark embedding

IP watermark extraction

Experimental result

Embedding capacity and hardware overhead

Detection probability

Resistance against attacks

Removal attack

Collusion attack

Conclusion

Footnotes

Declaration of conflicting interests

Funding

ORCID iD

References