Procedia Technology 10 ( 2013 ) 373 – 380

2212-0173 © 2013 The Authors. Published by Elsevier Ltd.Selection and peer-review under responsibility of the University of Kalyani, Department of Computer Science & Engineeringdoi: 10.1016/j.protcy.2013.12.373

ScienceDirect

International Conference on Computational Intelligence: Modeling, Techniques and Applications(CIMTA) 2013

Updation of Activation Sequence of a Chipafter its Deployment for Access Control

Debasri Sahaa and Susmita Sur-Kolayb

a A. K. Choudhury School of Information Technology, University of Calcutta, Kolkata-700009, Indiab Advanced Computing and Microelectronics Unit, Indian Statistical Institute, Kolkata-700108, India

Abstract

For protection of Intellectual Property (IP) in VLSI industry, a design level obfuscation is applied for simultaneous authentication

and locking of IPs. When a chip with multiple IPs or System-on-Chip (SoC) is deployed, application of the same input sequence

each time for its activation encourages interception/tapping of the sequence and subsequent breach of security. A legal user may

sell the hardware and share its secret information for activation. Therefore, periodic update of activation sequence of a chip/SoC

is a practical requirement. However, update of activation sequence is not supported in an IC. We propose a low overhead, low

complexity design modification to facilitate periodic as well as on-demand update of activation sequence of a chip/SoC after its

deployment. For the proposed technique, the probability of predicting an updated sequence from its correlation with the previous

ones is negligible for an attacker. The simulation results on ISCAS’89 benchmark circuits are encouraging. The overheads of

design modification on area, delay and power are very low.

Keywords: Intellectual property protection; finite state machine; obfuscation; key-based locking; interception; access control.

1. Introduction

The era of automation encourages wide use of chips. In order to satisfy user requirements for high quality chips

with gigascale integration, huge amount of design effort is mandated. The practice of reusing designs or even hardware

as Intellectual Properties (IPs) has been adopted. However, their reuse without proper protection is likely to invoke

piracy of IPs and ICs.

In the current IC or SoC design flow, the following two security aspects of hardware IPs have been enforced:

S1) non-activation of illegal chips created in malicious fabrication house from a layout mask or illegal copies of it;

S2) authentication of the genuine IP designer of a chip to its user.

A secure design methodology has been adopted to ensure the above security aspects. The underlying State Transi-

tion Diagram (STD) of an IP is obfuscated by incorporating a pre-initialization state space into the STD. A predefined

∗ Debasri Saha. Tel.: +91-033-2350-0289

E-mail address: sahadebasri@gmail.com

Available online at www.sciencedirect.com

© 2013 The Authors. Published by Elsevier Ltd.Selection and peer-review under responsibility of the University of Kalyani, Department of Computer Science & Engineering

374 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380

initialization sequence is to be applied to transform the IP from its obfuscated mode to its normal mode of operation.

When the IP is embedded in a chip/SoC, which also has a circuit realizing a physically unclonable function (PUF), the

designer of the chip can alone compute an IC specific bit-sequence (activation sequence ASc) based on the IC specific

PUF response. This activation sequence when XORed with the PUF response Po, generates the initialization sequence

IS of the IP to activate it in its normal mode [Fig. 1]. Therefore, an illegal IC instance created in fabrication facility

by some malicious persons cannot be activated, thereby is rendered useless.

For the purpose of authentication, corresponding to each state in the pre-initialization state space, the IP designer

generates a particular pattern at a subset of primary outputs for a predefined input sequence.

The methodology stated above ensures protection only when the designer of an IP/IC, and the legal user of the chip

are involved. However, when a chip is in use after its deployment, misuse of the IC is possible by a third party using

any of the following attacks:

(A1) Interception/tapping of input sequence applied through the primary inputs of a chip for activation of the IPs:The challenge vector of a particular challenge-response pair [6] for the PUF circuit is applied through the primary

inputs and the response obtained is XORed with a set of IC specific activation sequences, stored in a one time pro-

grammable ROM, to generate the initialization sequences for the IPs. Therefore, for activation of the chip each time,

the same input sequence is to be applied from the primary inputs, and it makes the activation process vulnerable to

attack.

(A2) Illegal reselling of a chip along its secret input sequence by its legal user to an unauthorized person: A legal

user on completion of his specific project may sell his chip to someone else and share the input sequence with the

person without giving any royalty to the chip designer. To detect such illegal use, periodic blocking and subsequent

reactivation of a chip with a different input may be applied by the chip designer.

In order to tackle security breaches stated above, we need to facilitate periodic update of the secret information

used for activation. In software, a password is updated periodically to maintain its secrecy. But, for hardware, the

control unit of an SoC currently used for its activation does not support update of any of the sequences involved in

activation due to the reason as follows. IPs are obfuscated statically and then fabricated, therefore their initialization

sequences cannot be updated. For a specific challenge-response pair of the PUF circuit, the same activation sequence

is to be applied to generate the specific initialization sequence for each IP. Alternatively, if multiple challenge-response

pairs for the PUF circuit are kept recorded and a different challenge vector is applied from the primary inputs, and the

activation sequences are stored in RAM instead of ROM, the user can not compute the new activation sequence for

an IP because, both the PUF response and the initialization sequence of the IP remain secret to a user. A provision to

collect PUF response encourages an attacker to predict the behavior of the PUF.

Alternatively, biometric authentication of the legal user has similar limitation. Storing of biometric images for

a group of users in a company and their subsequent comparison incur significant overhead on chip quality and its

activation process. If the group leaves the company, update of such stored information becomes essential.

In this paper, we propose a low overhead modification in design to update the activation sequence of an IC so

that the IC cannot be unlocked with the presently used activation sequence after a specified period and it requires adistinct activation sequence for being unlocked after that specific period.

If the key information needed to generate the next activation sequence from the current one is private to the legal

user of the chip, he can update the activation sequence periodically to tackle the attack discussed in (A1). If such

key information is kept secret from the legal user, and is private to the IC designer only, the IC designer can remotely

authenticate the user of the IC periodically, thereby detect unauthorized reselling of the IC as discussed in (A2).

Therefore, based on the application and the requirements, different privacy level of the key information used to update

the activation sequence is maintained.

For secrecy of the activation sequence of a chip deployed in use, its periodic update is not always sufficient. There

should remain provision for updating the sequence on-demand at any instant, when interception of the sequence is

suspected. A design enhancement to support on-demand update of the activation sequence is also proposed.

The rest of the paper is organized as follows. Section 2 focuses on prior approaches. The proposed design level

modification and its application are presented in Section 3. Analysis of the proposed method appears in Section 4.

Section 5 presents the simulation results and Section 6 presents the concluding remarks.

375 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380

2. Prior Works

ASc

ISPo

IP1

IP2

IP3

MUX

FSM ROM

PUF

MUX

MUX

Control Unit

From Primary Inputs

From Primary Inputs / Other blocks

Primary Inputs Primary Outputs

Fig. 1. SoC design with a control unit to generate initialization sequences for the IPs on it [7]

Hardware IP protection has two contexts. The first one consists of locking mechanisms of ICs for direct prevention

of their unauthorized access. The second one focuses on the watermarking based indirect protection techniques used

for authentication of an IP designer. Netlist level obfuscation [1] is proposed to ensure both the security aspects.

Authors in [2] suggest the design house to monitor the illegal ICs and thereby disable their functionality. Remote

activation technique of legal ICs is developed in [3]. The lock-based mechanism is further enhanced through the tech-

nique EPIC [4], which uses a key derived from automatically-generated chip IDs and a novel combinational locking

algorithm based on public-key cryptography. The work in [5] leverages nondestructive gate-level characterization

of ICs to reveal the hidden and unclonable uniqueness of each IC, and proposes IC-specific activation. Several other

works, such as, [6], focus on various PUF designs for IC specific activation. Finally, the obfuscation-based secure SoC

design methodology HARPOON [7] well integrates the authentication requirements, locking based access control and

PUF-strategy and this methodology is secure against reverse engineering and all typical attacks. Trust between the

designer of an IP/IC and the legal user of the chip has been ensured. However, after deployment of a chip or an SoC,

there may be third party intervention and consequent breach of security.

3. The Proposed Technique

3.1. Modeling for update of activation sequence

The initialization sequence IS of an obfuscated IP is private to the IP designer.

Therefore, initialization sequence IS is distinct to a distinct IP.Let Po be the output of a PUF circuit, incorporated in the control unit of an IC containing the IP for IC specific

activation of the IP. The initialization sequence IS is generated as IS=Po ⊕ ASc, where ASc is the activation sequence,

entirely stored in a one-time programmable ROM present on the control unit. The activation sequence ASc is obtained

as ASc= IS⊕Po.

Therefore, for the same IP or IC, the currently used activation sequence ASc is distinct to a distinct combination ofthe IP and the IC.

The sequence IS of an IP cannot be updated as it is obfuscated in a static way. An IC user is not allowed to

record a different challenge-response pair of the PUF circuit. Therefore, both IS and Po are time independent. The

proposed activation sequence AS will be time dependent to facilitate periodic update. We propose to append a t-bit

376 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380

IntS

ASIS1

IS2P||TT

P

IP1

IP2

IP3

MUX

FSMROM

PUF

MUX

MUX

Control Unit

From Primary Inputs

From Primary Inputs / Other blocks

Primary Inputs Primary Outputs

Proposed circuit block

R I

RAM

f

IS

Fig. 2. SoC design with a modified control unit to facilitate update of activation sequence and generation of initialization sequences for the IPs

time dependent string T to a string P, obtained as a prefix of PUF response Po, so that the length of the string P||Tbecomes the same as that of IS. The activation sequence AS is represented as R||I. The initialization sequence IS is

expressed as IS1 appended by t-bit IS2, where IS1 = P ⊕ R and IS2= f (IS1, IntS), IntS = T ⊕ I. For the proposed

activation sequence AS, its subsequence R is obtained as IS1 ⊕ P and is stored in one-time programmable ROM. The

time-dependent subsequence I is obtained as IntS ⊕ T and is supplied from the primary input and stored in a RAM,

placed in the control unit. Thus the proposed activation sequence AS is obtained from the strings IS and P||T .

Therefore, for specific IP and IC, the proposed activation sequence AS is distinct to a distinct time interval.Following the update process, if the time dependent string T is updated to T ′, as a result of that, input sequence I

is updated to I′. Therefore, I=IntS ⊕ T and I′=IntS ⊕ T ′=I ⊕ (T ⊕ T ′)=I ⊕ D.

Here D is the difference vector obtained as (T ⊕ T ′). A circuit block is designed which updates the time dependent

string T and generates the difference vector D. The legal user only can obtain D and compute the new input sequenceI′ as I ⊕ D. The proposed circuit block is incorporated in the control unit of the existing SoC design and a modified

SoC design [Fig. 2] is obtained. Another circuit block to realize the function f is also incorporated in the control unit.

Instead of expressing IS2 as T ⊕ I, the purpose of using an intermediate string IntS will be discussed in Section 4.1.

3.2. The proposed design level modification

The design of the proposed circuit block, placed in the control unit, to facilitate update of the activation sequence

is shown in Fig. 3 and described below.

For periodic update of activation sequence of a chip by the authorized user: The activation sequence of a chip

is proposed to be updated after certain period of usage. Activation sequence, which may be intercepted only at the

time of activation, i.e., during power-up of a chip, is decided to be updated after k power-ups of the chip, therefore a

modulo-k counter is placed in the proposed circuit block. The counter is initialized with 0 state, and incremented by

1 each time the chip is powered on. A checker circuit, connected to the counter, signals 1 only when the counter is in

0 state and the RESET pin of the counter is 1. A t-bit Non-Linear Feedback Shift Register (NLFSR) is used, different

states of which form distinct time dependent strings T to be generated through the process of update. The NLFSR

is initialized to a state A0 from the primary inputs. Let Ac be the current state of the NLFSR and forms the current

time dependent string T . When the checker signals 1 after each k power-ups of the chip, a clock generator applies dcycles of a clock clk to the NLFSR and shifts Ac for d times using the feedback function. The value of d is chosen by

377 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380

(for authentication& enforcing 0 state)

Power clock

(generates d cycles)

clk

Modulo-k counter

Primary input

clock clkgenerator

Checker circuit

Difference bitgenerator (XOR)

Time dependent string T

Bitwisecomparator(XOR gate)

RESET

t-bit NLFSR

Primary output

Fig. 3. Design of the proposed circuit block for updating activation sequence

a pseudo-random number generator present in the clock generator module. As a result, a new state Ad of the NLFSR

is obtained which forms the updated value T ′ of the time depended string T .

Let the current state Ac of the t-bit NLFSR be < q−1,q−2, ...,q−t+1,q−t >. The state Ad is given by <qd−1,qd−2, ...,qd−t>, where each term ql , (d −1)≤ l ≤ (d − t), of the state Ad is computed as

p0 +t

∑i=1

pi ·ql−i +t

∑i=1

t

∑j=1

pi j ·ql−i ·ql− j + ...+ p12...t ·ql−1 ·ql−2 · ... ·ql−t (1)

where p=<p0, p1, ..., pt , p12, p13, ..., p123, ..., p123...t> is the characteristic polynomial of the NLFSR.

A circuit say, difference bit generator (XOR gate), is used to serially generate the bits of difference vector D = T⊕ T ′ = Ac ⊕ Ad . The authorized i.e., legal user can only collect D and compute the new input vector I′. The legal

user knows the initial state Ao of the NLFSR, therefore from the successive difference vectors D, he can compute the

active states i.e., Ac sequences of the NLFSR. The legal user having the knowledge of the current state Ac can only

start the process of update. When the counter state becomes 0 after an increment, the circuit waits for the legal user to

apply Ac from the primary inputs. When he applies Ac, a bitwise comparator compares the input with the current state

Ac of the NLFSR, and sets the RESET pin of the counter to 1. Then, the update process is started as both the RESET

pin is 1 and the counter state is 0.

For on-demand update of activation sequence by the authorized user: For instant on-demand update of the activa-

tion sequence by updating T , the state of the modulo-k counter is to be reset to 0. When the counter state is non 0,

the legal user can start on-demand update by applying Ac from the primary inputs. The comparator sets the RESET

pin to 1 and consequently, the counter is reset to 0 state and the update process is started. The comparator circuit

authenticates the legal user at the time of on-demand update as well as during periodic update.

For periodic update of activation sequence by the chip designer: If update of the activation sequence is performed

by the chip designer, the difference bit generator circuit is kept inactive by controlling its clock input. Along with Ac,

the chip designer has the additional knowledge of the characteristic polynomial p of the NLFSR and the seed value

of the pseudo-random number generator, therefore he can compute d, thereby the next state Ad of the NLFSR using

equation (1) and the difference vector D, and finally the next input sequence I′.

3.3. Steps for reactivating a chip with an updated activation sequence

Following are the four steps to reactivate an IC.

1. The challenge vector of the challenge-response pair of the PUF is applied from the primary inputs.

378 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380

2. The sequence Ac representing the current state of the NLFSR is applied from the primary inputs so that the

person reactivating the chip is authenticated as the legal user / chip designer.

3. If reactivation is done by the legal user, he collects the difference vector D generated by the control unit, other-

wise the chip designer computes the next state Ad of the NLFSR from Ac using the knowledge of the characteristics

polynomial p of the NLFSR and the number of shifts d, thereby computes the difference vector D as Ac ⊕ Ad .

4. The next input sequence I′ is computed from the current input sequence I as I ⊕ D. Subsequences I′ of the

activation sequences for different IPs are applied from the primary inputs to generate the initialization sequences of

the IPs.

4. Analysis of the Proposed Technique

The proposed technique for generating various activation sequences is analyzed in terms of the robustness of the

technique against several attacks and the overhead of the technique on the quality of the chip and on the timing

requirement of the activation process of the chip.

4.1. The robustness of the proposed technique

The lower the correlation between different values of the time dependent string T generated through update, the

higher is the robustness of the technique against typical attacks. In order to achieve it, a Non Linear Feedback Shift

Register (NLFSR) is used, where the correlation between its states is very low. Alternatively, stream cipher, if chosen,

provides the robustness similar to that of Non-linear FSR as the keystream in stream cipher is often generated by a

FSR. A suitable choice of the characteristic polynomial p of the NLFSR and randomization of the number of shifts drequired to transform the NLFSR to the next active state provide very low correlation among the active states of the

NLFSR generated during update and ensure robustness of the proposed technique against algebraic attack, differentialattack, etc.

a) The characteristic polynomial p of the NLFSR is suitably chosen such that, both the degree of non-linearity and

the number of non-linear terms in the feedback function are high.

b) The value of p is so chosen that the t-bit NLFSR is either maximal, i.e., it cycles through all the possible 2t

states, or the number of states ≤ 2t but very close to 2t . The large state space of the NLFSR ensures distinctness

of the active states of the NLFSR. For some t, if only few values of p satisfy the maximal property increasing the

predictability of p, p is chosen satisfying only sub-maximality of NLFSR.

c) The values of d (> t), used in different updates, are generated using a pseudo-random number generator.

Let us consider the n sequences generated as T through update and a sequence number s is associated with each

sequence. Hamming distance H of a sequence with respect to the first sequence is computed as the number of bits

different in the two sequences. We use Pearson’s product-moment correlation coefficient [8] ρ(H,s) to measure the

correlation between the values Hi of Hamming distance (H) of any updated sequence and the values si of its sequence

number s, 1 ≤ i ≤ n. The correlation coefficient ρ(H,s) is given by

ρ(H,s) =cov(H,s)σ(H)σ(s)

=nΣi(Hisi)− (ΣiHi)(Σisi)

[n(Σisi2)− (Σisi)2]1/2[n(ΣiHi2)− (ΣiHi)

2]1/2

Here, cov(H,s) represents covariance of H and s, σ(H), σ(s) represent the standard deviation of H, s respectively.

The robustness of the technique against several attacks by an unauthorized user is as follows:

1.1u) An unauthorized user, i.e., an attacker without having the input sequence I may apply random guesswork for

I. The probability of correctly guessing I is 2−t .

1.2u) An attacker without the input sequence I may try on-demand update of the activation sequence, which renders

the chip inaccessible to the legal user. But, the attacker does not have the knowledge of the current state Ac of the

NLSFR, therefore he cannot pass the authentication test of the legal user. The probability of correctly guessing Ac is

2−t .

379 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380

1.3u) If an attacker has intercepted the input sequence I, he can only use the chip till the next periodic update of the

activation sequence. During the next periodic update, he cannot provide the string Ac, therefore fails the authentication

of the legal user.

1.4u) If an attacker has intercepted two or few successive input sequences I, thus obtained the values of the dif-

ference vector D, as the corresponding values of d are different, randomly generated and remain unpredictable to the

attacker, he cannot construct the algebraic equations for the corresponding states of the NLFSR to obtain those state

informations. Therefore, the proposed scheme remains robust against algebraic attack.

1.5u) If an attacker has intercepted few successive input sequences I, Ip, etc, and obtained the successive values

for D as D = I ⊕ Ip, as D reflects the difference bits of the corresponding two active states i.e., the two values of Ac,

he may apply the differential attack to obtain the difference bits of the successive actives states of the NLFSR. But,

without the knowledge of any previous active state, he cannot compute the current active state Ac. The differentialattack thus remains ineffective.

1.6u) Let an attacker somehow has got the current state Ac, which has already been updated on-demand to a state

Ad by the legal user. The correlation represented by the correlation coefficient ρ between the states being very low

and the value of d being random, the probability that the attacker correctly guess Ad from Ac is negligible.

The robustness of the technique against several attacks by the legal user is as follows:

1.1l) If the authorized i.e., legal user resells the IC to an unauthorized person, and shares the active states Ac of

the NLFSR, the person may try to reactivate the IC on behalf of the chip designer during the next periodic update.

In that case, the difference bit generator remains inactive and he cannot compute the next state of the NLFSR as the

characteristic polynomial p of the NLFSR, and the value of d are unknown to him.

1.2l) The legal user knows the time dependent string T and the current state Ac of the NLFSR constituting the input

sequence I. Using these information, he may compute IntS as T ⊕ I, but cannot compute the t-bit suffix IS2 of any

initialization sequence IS because IS2= f (IS1, IntS) and IS1 and f are unknown to him.

1.3l) Let the legal user be the designer of only one IP embedded on the IC, containing several IPs. He may compute

IntS as before for his own IP, and using the knowledge of IS2 for his IP he may predict the boolean function f , but

cannot compute the values of IS2= f (IS1, IntS) for the other IPs as IS1 for the other IPs are unknown to him.

4.2. The overhead of the proposed technique

The design overhead mainly depends on the sizes of the modulo-k counter, the t-bit NLFSR and the circuit realizing

the function f . The size of the counter is O(log2k), size of each the NLFSR and the circuit is O(t). For very small

k, frequent updates incur unnecessary overhead on the activation of the chip. For very large k, large period of update

allows longer unauthorized use if I is intercepted. If t is very small, the probability of randomly guessing I or Ac does

not remain negligible. Therefore, t is chosen moderately high so that 2−t becomes negligibly small. The value of tchosen and the value of d generated should not be too high so that, the delay of generating the next state Ad of the

NLFSR and the time for computing the next value of T using equation (1) remain negligible.

5. Simulation Results

We have taken the verilog descriptions for the ISCAS’89 benchmark circuits and modified each description to

include a control unit containing a PUF circuit and a ROM as shown in Fig. 1. The corresponding structural verilog

descriptions are implemented for 65nm technology node using Mentor Graphics IC Station [9] to generate the corre-

sponding layouts. The verilog descriptions are updated separately by including the modified control unit containing

the proposed design modification as in Fig. 2 and the corresponding layouts are generated in the similar way. The

proposed circuit block of the control unit contains a 7-bit, i.e., 128 state counter and a 20-bit NLFSR along with the

necessary circuitry. The degree of non-linearity of the characteristic polynomial p of the NLFSR is chosen as 20. We

compared the two layouts for each benchmark circuit and reported the overhead of the proposed design modification

on each of the area, delay and power in Table 1. The results show that, the overhead on delay is negligible, that on

power is low and that on area is in acceptable range for all the circuits and each overhead decreases as the size of the

circuit increases.

380 Debasri Saha and Susmita Sur-Kolay / Procedia Technology 10 ( 2013 ) 373 – 380

Seven different NLFSR designs NLFSR-I through NLFSR-VII have been constructed by choosing different com-

binations of the degree of non-linearity and the number of non-linear terms in the feedback function of the NLFSR

and the seed value of the pseudo-random number generator producing the values of d. The values for the correlation

coefficient ρ(H,s) between Hamming Distance H of an updated sequence and sequence no s for these NLFSR designs

are shown in Table 2.

Table 1. Area, delay and power overheads due to proposed modification in design for ISCAS’89 benchmarks

Benchmark Overhead (in percentage)

circuits Area Delay Power

s5378 3.97 0.02 1.49

s9234 2.05 0.02 0.68

s13207 1.29 0.01 0.41

s15850 1.13 0.02 0.36

s35932 0.51 0.01 0.19

s38417 0.50 0.01 0.15

Table 2. Correlation coefficient ρ(H,s) between the Hamming Distance H of any updated sequence and its sequence no s

n, # updates NLFSR-I NLFSR-II NLFSR-III NLFSR-IV NLFSR-V NLFSR-VI NLFSR-VII

10 0.12 0.13 0.11 0.10 0.12 0.10 0.09

20 0.12 0.12 0.10 0.09 0.11 0.08 0.09

6. Conclusion

Embedding obfuscated IPs and PUF-based control unit on an SoC ensure security between the designer of an IP/IC

and the legal user of the chip. However, after deployment of a chip or an SoC, there may be third party interception

and consequent breach of security. We propose certain modification in design which facilitates update of activation

sequence of a chip to counter such attack. Periodic as well as on-demand update are supported through our scheme.

The overhead of modification in design on delay is negligible, the overhead on area is less than 4.0% and on power

remains below 1.5%. The Pearson’s product-moment correlation coefficient for the sequences generated through the

proposed technique of update is less than 0.14, which ensures that the updated sequences remain unpredictable to an

attacker.

References

[1] R. S. Chakraborty and S. Bhunia, Hardware protection and authentication through netlist level obfuscation, In Proc. International Conference

on Computer-Aided Design (ICCAD), 2008, pp. 674-677.

[2] Y. Alkabani and F. Koushanfar, Active hardware metering for intellectual property protection and security, In Proc. USENIX Security Sym-

phosium (USS), 2007, pp. 291-306.

[3] Y. Alkabani and F. Koushanfar and M. Potkonjak, Remote activation of ICs for privacy prevention and digital right management, In Proc.

International Conference on Computer-Aided Design (ICCAD), 2007, pp. 674-677.

[4] J. A. Roy, Farinaz Koushanfar, I. L. Markov, EPIC: Ending Piracy of Integrated Circuits, IEEE Transactions on Computers 2010; 43(10):

30-38.

[5] Y. Alkabani and F. Koushanfar and N. Kiyavash and M. Potkonjak, Trusted integrated circuits a nondestructive hidden characteristics extraction

approach, In Proc. Information Hiding, 2008, pp. 112-117.

[6] M. Majzoobi, F. Koushanfar and M. Potkonjak. Techniques for design and Implementation of secure reconfigurable PUFs. ACM Transactions

on Reconfigurable Technology and Systems 2009; 2(1).

[7] R. S. Chakraborty and S. Bhunia, HARPOON: An obfuscation -based SOC Design Methodology for Hardware Protection, IEEE Transactions

on Computer-Aided Design of Integrated Circuit and Systems 2009; 28(10):1493-1502.

[8] D. D. Mari and S. Kotz, Correlation and Depedance, World Scientific Publishing Company, 2001.

[9] Mentor, “http://www.mentor.com/products/ic nanometer design/custom-ic-design /icassemble/”.