skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Non-Destructive State Machine Reverse Engineering

Abstract

Most of the integrated circuits (ICs) that are in electronic systems today are based on state machines. We are taking advantage of this to develop a hardware reverse engineering method that discovers the IC’s underlying state machine, rather than its transistors and gates. While there are other methods for destructively reverse engineering ICs or for non-destructively characterizing ICs, our method offers a fast and accurate analysis while remaining non-destructive. To do this, we present an intelligent brute-force method of exploring the logic of the IC using only the input and outputs designed into the IC - the I/O pins. From this exploration, we can apply a folding algorithm to discover the designed state machine.

Authors:
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1345466
Report Number(s):
PNNL-SA-96070
830403000
DOE Contract Number:
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: 6th International Symposium on Resilient Control Systems (ISRCS 2013), August 13-15, 2013, 120-124
Country of Publication:
United States
Language:
English
Subject:
hardware reverse engineering; state machine; hardware trojan; counterfeit

Citation Formats

Smith, Jessica L. Non-Destructive State Machine Reverse Engineering. United States: N. p., 2013. Web. doi:10.1109/ISRCS.2013.6623762.
Smith, Jessica L. Non-Destructive State Machine Reverse Engineering. United States. doi:10.1109/ISRCS.2013.6623762.
Smith, Jessica L. 2013. "Non-Destructive State Machine Reverse Engineering". United States. doi:10.1109/ISRCS.2013.6623762.
@article{osti_1345466,
title = {Non-Destructive State Machine Reverse Engineering},
author = {Smith, Jessica L.},
abstractNote = {Most of the integrated circuits (ICs) that are in electronic systems today are based on state machines. We are taking advantage of this to develop a hardware reverse engineering method that discovers the IC’s underlying state machine, rather than its transistors and gates. While there are other methods for destructively reverse engineering ICs or for non-destructively characterizing ICs, our method offers a fast and accurate analysis while remaining non-destructive. To do this, we present an intelligent brute-force method of exploring the logic of the IC using only the input and outputs designed into the IC - the I/O pins. From this exploration, we can apply a folding algorithm to discover the designed state machine.},
doi = {10.1109/ISRCS.2013.6623762},
journal = {},
number = ,
volume = ,
place = {United States},
year = 2013,
month =
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • In this paper, we present a methodology for reverse engineering integrated circuits, including a mathematical verification of a scalable algorithm used to generate minimal finite state machine representations of integrated circuits.
  • Recent advances in reverse engineering have focused on recovering a boundary representation (b-rep) of an object, often for integration with rapid prototyping. This boundary representation may be a 3-D point cloud, a triangulation of points, or piecewise algebraic or parametric surfaces. This paper presents work in progress to develop an algorithm to extend the current state of the art in reverse engineering of mechanical parts. This algorithm will take algebraic surface representations as input and will produce a constructive solid geometry (CSG) description that uses solid primitives such as rectangular block, pyramid, sphere, cylinder, and cone. The proposed algorithm willmore » automatically generate a CSG solid model of a part given its algebraic b-rep, thus allowing direct input into a CAD system and subsequent CSG model generation.« less
  • Many data mining tools cannot be used directly to analyze the complex sets of relations which are found in large database systems. In our experience, data miners rely on a well-defined data model, or the knowledge of a data expert, to isolate and extract candidate data sets prior to mining the data. For many databases, typically large legacy systems, a reliable data model is often unavailable and access to the data expert can be limited. In this paper we use reverse engineering techniques to infer a model of the database. Reverse engineering a database can be seen as knowledge discoverymore » in its own right and the resulting data model may be made available to data mining tools as background knowledge. In addition, minable data sets can be produced from the inferred data model and analyzed using conventional data mining tools. Our approach reduces the data miner`s reliance on a well-defined data model and the data expert.« less
  • Migration of code from an imperative paradigm to the parallel/distributed paradigm, is often done in an ad hoc manner. In this paper we describe a reverse engineering toolkit designed to systematically approach the code migration. The main components of the toolkit include (1) an information extractor to extract the design of the original system, (2) a dependence analyzer to analyze the data and control dependences in the design, and (3) an intelligent design assistant to map the sequential design to parallel environments. Information provided by the toolkit has potential for increasing the understanding of the system. The primary objective ismore » to facilitate the reengineering of sequential code to parallel architectures in a systematic, partially automated manner.« less
  • Forced outages and critical path situations often leave electric utilities with very few options other than the OEM. What does the utility do when faced with the situation of long lead time or obsolete items necessary to bring units back on-line, or off load restrictions. At Southern California Edison Company (SCE), a proactive approach to the reverse engineering and inspection process was undertaken to reduce the effects of similar situations. Advances in dimensional measurement technology have afforded the authors` company a cost effective method for obtaining the necessary inspection data to remanufacture certain items. This paper identifies equipment utilized bymore » SCE for the reverse engineering and inspection of turbine and turbine related components and their typical applications in the power generation industry.« less