{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T12:00:26Z","timestamp":1759147226076,"version":"3.41.0"},"reference-count":33,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2020,1,28]],"date-time":"2020-01-28T00:00:00Z","timestamp":1580169600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"US Army Research Of?ce","award":["W911NF-16-1-0321"],"award-info":[{"award-number":["W911NF-16-1-0321"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["J. Emerg. Technol. Comput. Syst."],"published-print":{"date-parts":[[2020,4,30]]},"abstract":"<jats:p>Permutation-based obfuscation has been proposed to protect hardware against cloning, overproduction, reverse engineering, and unauthorized operation. To prevent key extraction from memory, the key used by the obfuscation is usually stored in volatile memory. Since the key is erased after the system loses power, this scheme is often considered the best way to prevent a key from being stolen, since many attacks would require power. However, in this article, we propose a new attack where the key is determined by exploring path aging within the permutation network used for obfuscation. Both the theoretical analysis and experimental results are provided. A practical procedure to achieve the proposed attack is also discussed in the context of an attacker\u2019s capabilities and knowledge. The proposed attack is executed in both simulation and hardware. The experimental results show the accuracy of identifying the key is over 80% and more than enough to reduce the number of brute-force combinations required by an attacker. This attack accuracy reaches 100% when the permutation network has experienced sufficient degradations. Besides the attack, we also propose a low-cost countermeasure that sweeps the permutation network configurations. Incorporating this countermeasure, the proposed attack becomes no better than brute-force guessing.<\/jats:p>","DOI":"10.1145\/3371407","type":"journal-article","created":{"date-parts":[[2020,3,2]],"date-time":"2020-03-02T22:50:06Z","timestamp":1583189406000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Permutation Network De-obfuscation"],"prefix":"10.1145","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3630-743X","authenticated-orcid":false,"given":"Zimu","family":"Guo","sequence":"first","affiliation":[{"name":"University of Florida, Gainesville, FL"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8009-1314","authenticated-orcid":false,"given":"Sreeja","family":"Chowdhury","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mark M.","family":"Tehranipoor","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2794-7320","authenticated-orcid":false,"given":"Domenic","family":"Forte","sequence":"additional","affiliation":[{"name":"University of Florida, Gainesville, FL"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2020,1,28]]},"reference":[{"volume-title":"Proceedings of the Annual USENIX Security Symposium. 291--306","year":"2007","author":"Alkabani Yousra","key":"e_1_2_1_1_1"},{"volume-title":"Proceedings of the 2018 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD\u201918)","author":"Chakraborty A.","key":"e_1_2_1_2_1"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2009.2028166"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0129626497000292"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDMR.2014.2360779"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1137\/0401018"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/26.380148"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3035482"},{"volume-title":"Proceedings of the 52nd ACM\/EDAC\/IEEE Design Automation Conference (DAC\u201915)","author":"Guo Z.","key":"e_1_2_1_9_1"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/AsianHOST.2016.7835552"},{"volume-title":"Proceedings of the 5th International Conference on Cyber Conflict (CyCon\u201913)","year":"2013","author":"Hartmann Kim","key":"e_1_2_1_11_1"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/WIFS.2012.6412622"},{"volume-title":"SAT-based reverse engineering of gate-level schematics using fault injection and probing. CoRR abs\/1802.08916","year":"2018","author":"Keshavarz Shahrzad","key":"e_1_2_1_13_1"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASPDAC.2015.7059112"},{"volume-title":"Proceedings of the European Solid State Circuits Conference (ESSCIRC\u201912)","author":"Maes Roel","key":"e_1_2_1_15_1"},{"volume-title":"Proceedings of the 2016 IEEE\/ACM International Conference on Computer-Aided Design (ICCAD\u201916)","author":"Magana J.","key":"e_1_2_1_16_1"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/ESSCIRC.2011.6044952"},{"volume-title":"Tripunitara","year":"2017","author":"Massad Mohamed El","key":"e_1_2_1_18_1"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/31846.42226"},{"key":"e_1_2_1_20_1","first-page":"667","article-title":"FPGA lookup table with transmission gate structure for reliable low-voltage operation","volume":"6","author":"Pi Tao","year":"2003","journal-title":"US Patent"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/0022-0000(78)90001-6"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2755563"},{"volume-title":"Defense-in-depth: A recipe for logic locking to prevail. CoRR","year":"2019","author":"Rahman M. Tanjidur","key":"e_1_2_1_23_1"},{"volume-title":"Proceedings of the 2013 Design, Automation Test in Europe Conference Exhibition (DATE\u201913)","author":"Rajendran J.","key":"e_1_2_1_24_1"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2013.193"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSM.2007.913186"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/HST.2015.7140252"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/MDT.2010.7"},{"volume-title":"Counterfeit Integrated Circuits: Detection and Avoidance","author":"Tehranipoor Mark Mohammad","key":"e_1_2_1_30_1"},{"volume-title":"Proceedings of the International Conference on High Performance Switching and Routing (HPSR\u201910)","author":"Thamarakuzhi Ajithkumar","key":"e_1_2_1_31_1"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.microrel.2011.12.008"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/321439.321449"},{"volume-title":"Proceedings of the 2015 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS\u201915)","author":"Yasin M.","key":"e_1_2_1_34_1"}],"container-title":["ACM Journal on Emerging Technologies in Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3371407","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3371407","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:32:53Z","timestamp":1750199573000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3371407"}},"subtitle":["A Delay-based Attack and Countermeasure Investigation"],"short-title":[],"issued":{"date-parts":[[2020,1,28]]},"references-count":33,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,4,30]]}},"alternative-id":["10.1145\/3371407"],"URL":"https:\/\/doi.org\/10.1145\/3371407","relation":{},"ISSN":["1550-4832","1550-4840"],"issn-type":[{"type":"print","value":"1550-4832"},{"type":"electronic","value":"1550-4840"}],"subject":[],"published":{"date-parts":[[2020,1,28]]},"assertion":[{"value":"2018-04-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-01-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}