Integrated circuit (IC) camouflaging technique has been applied as a countermeasure against reverse engineering (RE). However, its effectiveness is threatened by a boolean satisfiability (SAT) based de-camouflaging attack, which is able to restore the camouflaged circuit within only minutes. As a defense to the SAT-based de-camouflaging attack, a brand new camouflaging strategy (called CamoPerturb) has been proposed recently, which perturbs one minterm by changing one gate's functionality and then restores the perturbed circuit with a separated camouflaged block, achieving good resistance against the SAT-based attack. In this paper, we analyze the security vulnerabilities of CamoPerturb by illustrating the mechanism of minterm perturbation induced by gate replacement, then propose an attack to restore the changed gate's functionality, and recover the camouflaged circuit. The attack algorithm is facilitated by sensitization and implication principles in automatic test pattern generation (ATPG) techniques. Experimental results demonstrate that our method is able to restore the camouflaged circuits with very little time consumption.

• 出版日期2018-9
• 单位清华大学; 武汉理工大学