Library-Attack: Reverse Engineering Approach for Evaluating Hardware IP Protection

Existing countermeasures for hardware IP protection, such as obfuscation, camouflaging, and redaction, aim to defend against confidentiality and integrity attacks. However, within the current threat model, these techniques overlook the potential risks posed by a highly skilled adversary with privileged access to the IC supply chain, who may be familiar with critical IP blocks and the countermeasures implemented in the design. To address this scenario, we introduce Library-Attack, a novel reverse engineering technique that leverages privileged design information and prior knowledge of security countermeasures to recover sensitive hardware IP. During Library-Attack, a privileged attacker uses known design features to curate a design library of candidate IPs and employs structural comparison metrics from commercial EDA tools to identify the closest match. We evaluate Library-Attack on transformed ISCAS89 benchmarks to demonstrate potential vulnerabilities in existing IP-level countermeasures and propose an updated threat model to incorporate them.