Design Comparison to Identify Malicious Hardware in External Intellectual Property

Modern circuits incorporate many components that are designed by outside sources. Unfortunately, these external designs introduce a new vector of attacking a circuit through the introduction of malicious hardware. Identifying such an insertion in external intellectual property is difficult, as the labor cost and time required to investigate these designs manually is prohibitive. Additionally, due to state explosion, it is impossible to exhaustively test every possible input combination. This paper describes a method of automatically comparing two different circuits with similar functionality, in order to verify that these two designs do what they are supposed to do, and nothing more. The designs are compared by unrolling the state logic internally, so that the design outputs are represented in terms of prior inputs. This technique is advantageous as neither design needs to be a known safe design, making the task of finding similar circuits simple. Additionally, this converts the state explosion dilemma into a more easily computable Boolean satisfiability problem. The technique has been evaluated using several benchmark circuits, including circuits that contain malicious modifications.