Open Source Hardware Design and Hardware Reverse Engineering: A Security Analysis

Major industry-led initiatives such as RISC-V and OpenTitan strive for verified, customizable and standardized products, based on a combination of Open Source Hardware (OSHW) and custom intellectual property (IP), to be used in safety and security-critical systems. The protection of these products against reverse-engineering-based threats such as IP Theft and IP Piracy, Hardware Trojan (HT) insertion, and physical attacks is of equal importance as for closed source designs. OSHW generates novel threats to the security of a design and the protection of IP. This paper discusses to what extent OSHW reduces the difficulty of attacking a product. An analysis of the reverse engineering process shows that OSHW lowers the effort to retrieve broad knowledge about a product and decreases the success of related countermeasures. In a case study on a RISC-V core and an AES design, the red team uses knowledge about OSHW to circumvent logic locking protection and successfully identify the functionality and the used locking key. The paper concludes with an outlook on the secure protection of OSHW.