Gate-Level Netlist Reverse Engineering Tool Set for Functionality Recovery and Malicious Logic Detection

Reliance on third-party resources, including thirdparty IP cores and fabrication foundries, as well as wide usage of commercial-off-the-shelf (COTS) components has raised concerns that backdoors and/or hardware Trojans may be inserted into fabricated chips. Defending against hardware backdoors and/or Trojans has primarily focused on detection at various stages in the supply chain. Netlist reverse engineering tools have been investigated as an alternative to existing chip-level reverse engineering methods which can help recover functional netlists from fabricated chips, but fall short of detecting malicious logic or recovering high-level functionality. In this work, we develop a netlist reverse engineering tool-set which recovers high-level functionality from the netlist, thereby aiding malicious logic detection. The tool-set performs state register identification, control logic recovery and datapath tracking, which facilitates validation of encrypted/obfuscated hardware IP cores. Relying on 3-SAT algorithms and topology-based computational methods, we demonstrate that the developed tool-set can handle netlists of various complexities.