FPGA Design Deobfuscation by Iterative LUT Modification at Bitstream Level

Abstract

AbstractHardware obfuscation is a well-known countermeasure against reverse engineering. For FPGA designs, obfuscation can be implemented with a small overhead by using underutilised logic cells; however, its effectiveness depends on the stealthiness of the added redundancy. In this paper, we show that it is possible to deobfuscate an SRAM FPGA design by ensuring the full controllability of each instantiated look-up table input via iterative bitstream modification. The presented algorithm works directly on bitstream and does not require the possession of a flattened netlist. The feasibility of our approach is verified on the example of an obfuscated SNOW 3G design implemented on a Xilinx 7-series FPGA.