Hardware Obfuscation Based Watermarking Technique for IPR Ownership Identification

. As the reuse of IP cores or the development of frequently used hardware modules is gaining more attention in the semiconductor industry, the misappropriation of the owner’s identity is a rising concern. Terefore, imprinting the owner’s identity in the form of a watermark or signature on the IP core is essential to avoid intellectual property right (IPR) infringement. In view of this, a watermarking technique is proposed in the present manuscript. A constraint-based dynamic watermarking method to generate the owner’s signature is proposed in conjunction with the logic encryption-based hardware obfuscation method. Te method formulated in this manuscript consciously makes use of a basic switching component for embedding a watermark with IP core and hardware obfuscation, to achieve a lower overhead budget. Trough the switching mechanism, the embedded watermark can be made detectable to legitimate end users of chip via test pin. Te logic encryption-based method is set for accessing the watermark. Furthermore, an encrypted functionality is set as the signature generator module for generating owner’s signature. Tis provides hardware obfuscation and two-stage authentication mechanism for the generation of owner’s signature, and as a result of this, double-layer protection is achieved. Furthermore, a novel method to confgure input key for signature generation module and to formulate owner’s signature is proposed. Te viability of the present watermark technique for real-life application is checked on the ground of transparency, security, reliability, performance overhead, and robustness. Since the watermark in the proposed method is embedded outside the IP core, it does not cause any latency for the IP core functionality. Tus, even with signifcantly lower area overhead ( ∼ < 1.4%), the proposed method is able to provide higher robustness in terms of lower probability of coincidence ( P C � 4.68 e − 97).


Introduction
Development of intellectual property (IP) cores and its reuse is very common in the very large-scale integration (VLSI) feld. Tese IP cores are often categorized as a soft IP core, hard IP core, and frmware IP core. Te soft IP cores are formulated using high-level description language and offered as synthesizable register transistor level (RTL) in hardware description language (HDL) such as system verilog or system C and VHDL, whereas hard IP cores are analog or digital which are realized on silicon real estate, and this is the bottommost level of abstraction in IP cores. Firmware IPs are in the netlist format [1,2].
Reuse of IP cores is a usual practice to accelerate the design of system-on-chip (SoC) products [3]. Tis is becoming a standard practice because it makes assembly of complex system easier by allowing integration of smaller components and thereby reducing system built-up complexity through enabling resource optimization [4,5]. Tus, it also reduces development time and cost. Terefore, design and development communities are looking for the best possible gathering of IP cores of basic and frequently used modules to form libraries.
However, this also brings in the potential risk related to various design security issues such as copying the design illegally, reverse engineering the design, and its overuses [6,7]. To overcome these threats, ownership labeling on these IP cores has emerged as a possible solution [8]. Terefore, to reduce IP core infringement while building VLSI and other application-specifc integrated circuits (ASIC), several IP protection mechanisms have been proposed. Despite of numerous challenges, IP protection techniques can potentially reduce the ownership misappropriation. In view of this, the electronic design automation industry has established several protecting methods including patents, copyrights, mask works, or trade secrets [9]. However, for intellectual property protection of reusable cores, those methods proved to be insufcient and/or inapplicable [3]. Recently, the watermarking methodology has been put forward to prove its efective candidature for claiming the IP core ownership [10,11]. Watermarking is the method in which the asset is marked with some known signature structure and due to which the protection against theft or overuse can be provided.
Several diferent approaches to create a watermark are introduced which are based on the implementation of some algorithmic constraints to incorporate the owner's signature at various stages of logic or physical synthesis, without tampering the original functionality of the IP designs. Highlevel synthesis (HLS) is one of the important stages of IP core designing. In the present paper, a novel method is presented to embed a watermark at the register allocation stage during the conversion of HLS to GDS II format. However, choosing the method for embedding the watermark is a complex and nontrivial task, and therefore, a number of competitive design solutions are ofered by many researchers in the design space [12]. Tis is due to the well-known fact that each watermark integration method exhibits specifc latency and area overhead, and therefore, selecting an appropriate method for embedding the watermark plays a crucial role. A variety of high-level synthesis-based techniques for IP protection is well described in the literature [13][14][15][16][17][18]. For reusable IP cores, the techniques based on single-phase, triple-phase watermarking, digital signature-based watermarking, binary encoding-based watermarking, and in-synthesis-based watermarking are described. A group of researchers used the encrypted-hashing method to embed digital signature for IP core protection and achieved stronger robustness [19]. Some researchers suggested the implementation of hardware security constraints with the help of multilevel encryption and steganographic constraints using a high-level synthesis framework [20]. A method to achieve a strong ability of obfuscation is introduced by researchers wherein multikey-based structural obfuscation is integrated with tamper-tolerant physical level watermarking [21]. A group of researchers proposed a keybased multiplexer design and incorporated structural and functional obfuscation in the DSP circuit to prevent reverse engineering [22]. A method of quadruple-phase watermarking is introduced to secure hardware IP cores. Te use of graph partitioning, encoding tree, and eightfold mapping is demonstrated to accomplish high tamper tolerance [23].
In the present paper, logic encryption-based hardware obfuscation technique is used for embedding watermark. Similarly, some basic switching component is used deliberately for hardware obfuscation and thereby embedding watermark with the IP core to achieve a lower overhead budget. Moreover, the main aim of embedding the owner's identity indelibly into the primitives of the design is to discourage IP theft. Terefore, one must be able to demonstrate the ownership in the court in case of theft. Te present work utilizes a dynamic watermarking technique. In this method, typically, the owner's signature is encrypted and embedded as some set of constraints that can be retrieved by running the protected IP with some specifc input sequences [24]. In the present paper, a novel method to confgure the input key for the signature generation module and to formulate the owner's signature is proposed.
However, at this stage, it is equally important to check its viability of being useful in actual applications, for which the developed identifcation module is tested on the ground of a few more essential characteristics such as transparency, security, reliability, and performance overhead. Integration of all these key points is considered while designing the present signature generation module (SGM), which is capable of providing fairly good protection to IP cores and simultaneously can fulfl all the characteristics requirements of the practically implementable watermark.

Motivation
From the authorship verifcation viewpoint, watermarking methods are categorised as static watermarking and dynamic watermarking [25]. In the case of the static watermarking method, retrieval of the watermark requires reverse engineering up to the embedding point, which makes this method expensive and intrusive. On the other hand, the dynamic watermarking method provides the ace of watermark verifcation at the output level by running the protected design with a specifc code sequence. For the implementation of dynamic watermarking, numerous methods are demonstrated by researchers. Typically, dynamic watermarking is implemented in the state transition graph (STG) of fnite state machine (FSM) [26][27][28][29], in the architectural level of digital signal processors [30,31], or at the design-for-testability stage [32][33][34]. However, it is important to note here that later developments show the evolution of many watermarking techniques which can be implemented at various design levels such as system design, behaviour design, logic design, and physical design [27,31,32,[34][35][36][37][38][39][40][41][42][43]. Amongst them, few researchers also reported the use of two diferent approaches in conjunction with each other [14,17,18,[44][45][46][47][48][49][50][51][52][53].
Various methods are invented for hardware watermarking. Te hardware IP watermarking usually includes embedding and concealing of the owner's signature in the description of a circuit whereas cryptography-based hardware IP protection methods are often incorporated as a part of the design fow of feld programmable gate array (FPGA). However, in the case of hardware obfuscation techniques, modifcations in the description or the structure of electronic hardware are intentionally made in order to conceal its functionality, due to which comprehending the actual functionality of a design becomes a more complex task for the adversary.
Hardware obfuscation techniques are classifed mainly as the passive or active techniques. Te hardware obfuscation techniques are classifed as passive when the techniques are implemented by modifying the description of the circuit in the soft form. Tis makes understanding the circuit functionality difcult. It is implemented by string substitution or changing circuit description on HDL level.
In contrast to this, the hardware obfuscation techniques are classifed as active when logic-based circuitry is added for obfuscation of the design at the access point of IP core. Frequently, the normal functionality of the obfuscated IP core is enabled only upon the successful insertion of the single predetermined key at the input, which is often set as a combination of some sequence and acts as a secret key. Failure of correct key insertion leads to exhibit incorrect functionality or locking of the IP core. Tis particular approach is referred as FSM-based hardware obfuscation techniques [17].
One of the most noticed approaches involves the integration of FSM at gate-level design for authentication [49]. Tis FSM is designed to authenticate a series of input patterns, and for each input, a specifc transition state is assigned. Tis mechanism is set to unlock the IP core functionality, and failure of this authentication leads to faulty output generation. Tis faulty output then triggers the gate-level design to obfuscate the functionality of the locked chip.
However, implementation of these techniques brings in the high overhead in terms of area, power, and delay. Terefore, in such a scenario, performance trade-of is very common. Tis makes the choice of the watermarking method even more nontrivial since every watermarking technique impacts the latency and area in a diferent way, and therefore, selecting a low-cost solution for embedding watermark becomes a more challenging issue. After considering all these important aspects, herein, a watermark implementation method is designed and presented [54]. Instead of using any resources of IP core, it is isolated to keep IP core functionality unaltered, and outside resources are utilized. To achieve this, a dynamic watermarking method to generate the owner's signature is proposed in conjunction with the logic encryption-based hardware obfuscation method.
Considering the fact that multiplexer (MUX) and demultiplexer (DEMUX) exhibit minimal hardware overhead compare to other switching devices, it is used in the present method for hardware obfuscation-based integration of watermark with IP core. As a usual hardware obfuscation practice, extra gates used for logic encryption are controlled using predetermined keys, which, upon insertion of correct key input, enables the IP core and allows networks to produce correct output through it. On contrary to this, the present method utilizes the extra gates to enable a constraint-based watermarking circuit that produces the owner's signature. Herein, for accessing the watermarking circuit, the correct predetermined enable key is needed as an input at this logic encrypted gate while no such key is needed to activate the original functionality of the IP core, and it runs as a default state of the watermarked IP core. Tus, through a switching mechanism, the embedded watermark can be made functional and accessible to legitimate end users of chip via test pin. Furthermore, a novel method to confgure the input key for the signature generation module and to formulate the owner's signature is proposed, which includes the use of clock ticks in combination with data bit sequence. Te main distinguishable attempts made in the present manuscripts are as follows: (1) Instead of using any resources of IP core, it is isolated, and outside resources are utilized to keep IP core functionality unaltered (2) Logic encryption-based hardware obfuscation method is employed for selective running of either IP core or SGM (watermark) (3) A unique two-stage watermark verifcation system is designed as SGM to generate owner's signature (4) Te method selected for embedding the watermarked solution with IP exerts minimal hardware overhead in terms of switching devices (multiplexer) (5) Te present SGM is designed in such a way that it can be directly integrated with IP core and recognized as a mark or identity of owner (6) Bit sequence and clock tick delays are combined to formulate an owner's signature

Treat Model.
Te proposed watermarking method intends to secure the underlying IP core and also the signature generator module to preserve the ownership claim. It also targets the possibility of unauthorized signature implanting attack for false claiming and authorized signature removal. Similarly, the logic encryption-based hardware obfuscation method is used for embedding the watermarks, due to which reverse engineering and identifying correct functionality becomes difcult. Two-stage verifcation is set for generating correct signature of the owners, due to which guessing the correct key at both stages is difcult, and this enhances the layer of protection.

Proposed Methodology
In this section, the proposed methodology is explained. At frst, a brief overview of the proposed approach is described followed by which detailed information of each stage is explained. Figure 1 represents the overview of the proposed methodology. Te method is established as a two-stage mechanism to generate ownership signature or claim, which is capable of giving double layer protection. Te frst stage is hardware obfuscation which is designed using multiplexers and demultiplexer, and similarly, a secret-keybased activation mechanism is set at this stage. In order to access the second stage, it is necessary to follow the correct access process during the frst stage and fed the correct key. Te second stage is SGM, which is designed to validate given secret owner's key and generate owner's signature. It is mainly consisting of signature check block, time scale International Journal of Reconfgurable Computing verifcation block, and signature generation block, and the logic is set to identify correct owner's key and generate authenticate owner's signature through this stage. An important part of this proposed methodology is design of the key and owner's key, one of which is a combination of data streams and clock tick delays. After successful completion of two stages namely activation and validation, the owner's signature is generated which upholds ownership claim. Details of the proposed methodology are as follows.

System
Architecture. In general, IP cores are connected to basic inputs and outputs (I/O's) such as input signal data bus, output signal data bus, and system clock of SOC/integrated circuits. Te proposed watermark utilizes these basic connected I/Os of IP core. Trough the logic encryption-based hardware obfuscation method, the watermark is featured as if it encapsulates the IP Core. Terefore, it does not interfere with IP Core's inner circuits. Figure 2 reveals the logic encryption-based hardware obfuscation method, wherein the watermarked IP core is comprised of SGM enable logic, MUX and DEMUX, and SGM, along with the two input buses and one output bus. In order to obfuscate the circuit, the SGM (watermark) is integrated in such a way that it encapsulated the IP core, for which the original IP core input and output bus is altered and regulated via select line of DEMUX and MUX, respectively. As can be seen in Figure 2, the watermarked IP core shows two inputs, one of which accepts key for enable logic and other accepts the input to be given selectively either to IP core or to SGM. For logic encryption, an enable logic block is integrated with select line of DEMUX and MUX to manipulate the input and output of the watermarked IP core. Tis allows selective communication of input either to IP core as system input signal or to SGM as owner's key via DEMUX and also output signal to be selectively chosen from IP Core or SGM via MUX. Tus, the access of input to IP core or SGM and fnal output is controlled by using logic encryption-based hardware obfuscation technique. Tus, the owner's identifcation signature generation is controlled by using logic encryption-based hardware obfuscation technique. Terefore, through switching mechanism, the embedded watermark can be made functional and accessible to legitimate end users of chip via test pin.

Mechanism of Hardware Obfuscation.
In case of IP core without watermark, it is connected to system input and output signal. However, as described earlier, after the watermark integration, original IP core input and output data fow is controlled as depicted in Figure 2. When this watermarked IP core is integrated with the SoC, in the default state, enable logic select line is set to communicate input signal to IP core via DEMUX, and the IP core output is communicated as system output via MUX whereas, to access SGM, a separate test pin is introduced as a part of watermarked IP core, and correct key is needed to be fed at the enable logic, only after which enable logic select line is set to communicate system input signal to SGM via DEMUX, and the SGM output is communicated via MUX. Tus, the IP core or SGM can be accessed now selectively only through   select line of the enable logic of the watermark. In other words, when the input signal enters the watermarked IP core, it is to be accessed by IP core or SGM is decided by select line of DEMUX which is controlled by enable logic.

Workfow of Owner's Signature Generation Process.
Herein, the two-stage mechanism for generation of the owner's signature using proposed method is described in detail.

First Stage: Activation.
Te Enable logic is set as an activation stage of the proposed SGM. In order to execute frst stage of activation, the owner must feed the correct "Key" as an input to enable logic (refer Figure 3). Te Key is an input data sequence that is designed, optimized, and stored as 8-bit sequence in Enable logic block. After receiving Key signal, the "Enable Logic" compares this input sequence with predefned Key stored in memory. If the input Key matches with the stored sequence, the select line switches from the default condition, due to which the next incoming input on Input bus will no longer be given to IP core, but it will be accessed by SGM. Tis switching of Input bus to SGM is referred to as the activation stage because it activates the SGM module and makes it ready to receive input and generate owner's signature.

Second Stage: Validation.
After activation of the SGM, it is now ready to accept input from the user. Te input from the user is validated by SGM after which owner's signature is generated. To generate this signature at output, a predefned input pattern signal needs to be fed to SGM. Tis input pattern signal "Owner's Key" is uniquely featured as a combination of alternate data streams and clock delay sequences, and the details of it are discussed later. Similarly, the SGM is designed to validate this Owner's Key. Insights of SGM are revealed in Figure 3. As can be seen in the fgure, SGM comprises of signature check block and time scale verifcation block, and further, the output from both of these sections is AND together, and its output is fed to signature generation block. When the input pattern, which is an alternate data stream and clock delay sequences, enters in the SGM, data stream is validated through a signature check block, and time scale verifcation block validates clock delay sequences. It is necessary that both these blocks validate the complete input signal correctly, and therefore, outputs from both the blocks are AND together, and its output is fed to the signature generation block. Furthermore, the signature generation block generates the owner's signature.

Description of Key.
Te key signal is a predefned 8-bit binary signal, which is stored in the memory of Enable logic block. Tis key signal acts as a gateway for SGM. In order to activate SGM, this Key signal is to be fed to Enable logic. While integrating the watermark with IP core, the owner can design the specifc Owner's Key signal and store it in the memory of the watermark, which is utilized later for verifcation.

Description of Owner's Key.
After the activation stage is cleared, the Owner's Key input pattern signal is to be fed to SGM for validation. After validation of the input pattern signal, a unique signature is generated from SGM. As can be seen in Figure 4, the input pattern signal is the unique pattern made up of data streams and clock delays. In Figure 4, data streams are represented as colored blocks, and the clock delays are represented as white colored blocks, and they are arranged alternately.
In a similar way, the signature pattern of the owner is also designed as a unique pattern made up of data streams and clock delays. Both owner's key and owner's signature pattern are owner confgurable at the design stage of watermark insertion, and the length of data streams and clock delays is also user/owner confgurable. Te data streams can be confgured in multiple bits, and clock delay can be confgured in multiple system clock ticks. Figure 5, the mechanism of the Owner's Signature generation is explained using a fowchart. As discussed earlier, the proposed mechanism consists of two stages, activation stage and validation stage, which are highlighted in green and blue colors, respectively. Te stepby-step description of the fowchart is summarized in the form of the algorithm as follows.

Algorithm
(1) Input Key signal is accepted (2) Activation stage sets/enables the entire SGM via select lines of DEMUX and MUX upon successful verifcation of "Key" input signal (3) For validation stage, SGM accepts input pattern signal "Owner's Key" (alternate data streams and clock delay sequences) for verifcation, and this performs comparison in synchronization with system clock (4) Te data streams from input pattern signal are validated by signature check block (5) Simultaneously, the time-scale verifcation block validates the clock delays between two data streams of input pattern signal in synchronization with system clock International Journal of Reconfgurable Computing (6) Upon simultaneous and successful validation of input pattern, by signature check block and timescale verifcation block, both blocks will generate "1" (7) Tese two outputs are AND together which triggers the signature generation block to generate output (8) Signature generation block will generate a predefned owner's signature which is stored in the memory as a signature of owner and formulated as clock ticks delay in between output signal Te algorithm explains step-by-step concise execution of whole SGM. Te major secrecy is provided by the input pattern signal which is a combination of data streams and clock delays. To enhance the security, it is important to design Key pattern and input signal pattern trickily.

Case Study.
After implementing the proposed watermark generation method, various case studies are presented to describe how the frst layer of protection and the second layer of protection work. Along with this, the case is described wherein the successful generation of owner's signature is explained. In all the cases, it is presumed that the watermark is embedded with IP core, and three possible cases are discussed.

Case 1.
In the present case, let's consider that a random Key is fed to watermarked circuit. As shown in Figure 6(a), if the Key signal fed to Enable logic does not match with the Key signal stored in the memory of the watermark, then Enable logic will not enable or activate SGM. In this case, the next input pattern signal (owner's key) will not be fed to SGM for validation; hence, the obfuscated hardware will not generate the owner's signature. Moreover, the circuitry-producing owner's signature will remain inaccessible to the adversary. As mentioned earlier, in this situation, the obfuscated circuit will keep the system in the default state; i.e., next, input will be fed to IP Core. Tus, the purpose of the frst layer of protection will be served.

Case 2.
In this case, let's assume that the correct Key is fed, and after successful verifcation of the Key signal, Enable Logic enables/activates SGM as a consequence of which the select line of DEMUX is set to feed the system input to SGM and MUX is set to accept the output from SGM. Herein, the second stage of validation is started. After enabling the SGM, in order to generate owner's signature from SGM, it must be fed with a predetermined input signal which is a combination of alternate data stream and clock delay sequence (details are described in Case 3). As shown in Figure 6(b), now let's assume that the owner's key is not correct. Since the output of both the blocks viz. signature check block and time scale verifcation block from SGM are AND together, it is necessary that both these blocks validate the input signal. Unsuccessful validation from either of these blocks will not generate the owner's signature, and the ownership of the IP will not be proven. Tus, the purpose of a second layer of protection will be served. In essence, two-stage verifcation is necessary for the generation of the owner's signature from the SGM.

Case 3.
Tis case is presented to demonstrate the generation of the owner's signature using the proposed methodology ( Figure 6(c)). Let's consider that the following authentic Key is fed to Enable Logic.
Since the Key is authentic, Enable Logic after successful verifcation of the Key signal enables/activates SGM. Now, in the present case, suppose the authentic owner's key is designed using seven blocks wherein, D0, D1, D2, D3 are data stream blocks, and each block consists of 8 bits. Similarly, T0, T1, T2 are clock delay blocks, and each block consists of 8 ticks of clock delays. As shown below, all the data stream blocks and clock delay blocks are arranged in an alternate fashion, starting with data stream as a frst block. Tis uniquely formulated input pattern signal is stored in the memory of watermark at the time of its integration with IP core. When this correct input pattern signal is being fed to SGM, the data stream is validated through a signature check block, and the time scale block validates clock delay sequences. It is necessary that both these blocks validate the complete input signal correctly and therefore outputs from both the blocks are AND together, and its output is fed to the signature generation block wherein the signature generation block generates the valid owner's signature.
In the present case, the owner's signature is predesigned as follows. It is featured as a combination of seven blocks wherein D0, D1, D2, D3 are data stream blocks, and each block consists of 8 bits. Similarly, T0, T1, T2 are clock delay blocks, and each block consists of 10 ticks of clock delays. As shown as follows, all the data stream blocks and clock delays blocks are arranged in an alternate fashion, starting with data stream as a frst block. Tis uniquely featured owner's signature is stored in the memory of watermark at the time of its integration with IP core. ticks. Terefore, to analyze the viability of these changes and its efect on area overhead and probability of coincidence, the study is extended for a few more combinational changes of data stream lengths and presented in the table format. Detail discussion of all these aspects is as follows.

Evaluation on Benchmarks.
It is important to evaluate the proposed watermark technique on various benchmark circuits. Terefore, the evaluation of the proposed watermark techniques is carried out on EPFL [55] and IWLS [56] benchmark suites, from which the parameters such as the probability of coincidence (Pc) [57], area overhead, and  Figure 6: Pictorial representation of the cases: (a) case 1 with incorrect key signal to Enable logic, (b) case 2 with correct key signal to Enable logic but incorrect owner's key, and (c) case 3 with both key signal and owner's key are correct. 8 International Journal of Reconfgurable Computing latency are estimated by designing for data and delay mentioned in Case 3. Tese parameters are analysed and summarized in the table format for each circuit before and after the watermark is being integrated with it.

Overhead and Comparison.
Initially, the area for the circuits from EPFL and IWLS benchmark suites is calculated without integrating the watermark and summarized in the baseline column of Table 1. In these tables, IWLS benchmarks are diferentiated from the EPFL benchmarks by highlighting them in grey colour. To estimate the area, the RTL fle of each circuit is converted to GDSII design using OPENROAD tool with Free PDK45 (45 nm library), wherein the total area of each benchmark circuit is available.
To evaluate the proposed watermark method, diferent combinations of Key and Owner's Key are designed. Tese combinations are integrated with each benchmark circuit, and area overhead is calculated using the same tool and summarized. We compare our watermarking technique with few other techniques which are proposed as constraintbased IP watermarking, at diferent abstraction levels. We compared with polymorphic gates based watermarking method described in [16], the behavioural synthesis watermarking as proposed in [57], and the high-level synthesis based watermarking schemes described in [58,59]. Tose resulting values for [16,59] are gathered from the study represented in [59]. In order to match with the confguration, some of the results are interpolated or extrapolated and summarized in Table 1. In order to evaluate the proposed watermarking system, various combinations of Key (bits length variation) and owner's key (data stream lengths and number of clock ticks variations in each block) are considered for watermark. Corresponding area overhead and probability of coincidence are calculated.
A nomenclature method is used to denote combinations, such as if Watermark 1 is denoted as K8:4D8:3C8, then this suggests that in a Watermark 1, K8 gives a description of Key and implies that Key is of 8 bits. Similarly, 4D8:3C8 gives a description of owner's key and implies that in an owner's key, 4D8 means 4 data stream blocks are used, of which each data stream block consists of 8 bits and 3C8 means 3 clock delays blocks are used, of which each clock delays block consists of 8 clock ticks delays. Area overhead and probability of coincidence are evaluated for all sixteen combinations and analysed.
In general, the components use to formulate watermark such as register, hardware functional units, and switching components contributes to the area overhead. In the present case, the use of basic components such as DEMUX and MUX exhibited lower overhead compared to other switching and compositional components used in other methods. For the method in the present study, sixteen diferent watermark combinations are proposed, and the respective area overhead due to all these combinations is calculated for each benchmark circuit. Table 1 shows the comparative analysis of Watermark 1 and Watermark 16 with the previous works [58,59]. Area overhead and probability of coincidence for the rest of all 14 Watermarks are summarised in the table and given as supplementary information. It can be observed from Table 1 that for most of the benchmark circuits, the method proposed in the present study exhibits less area overhead compared to previous works [58,59]. Watermark 1 is K8:4D8:3C8, which is the smallest proposed watermark in terms of the number of bits in the Key, and similarly, data string length per block and clock tick delays per block of owner's key exhibit area overhead below 0.6% for all benchmark circuit except ft8 (since baseline area for ft8 is very small). However, Watermark 16, which is the largest considered watermark in terms of the number of bits in the Key, and similarly, data string length per block and clock tick delays per block of owner's key, exhibits area overhead below 1.4% for all benchmark circuits (except ft8). Tis marginal increase in area overhead suggests that the proposed method allows a lot of variations within the watermark combination realm with no signifcant impact on area overhead whereas Watermark methods proposed in references [58,59] exhibited an area overhead maximum up to 9.5% and 4.5%, respectively, which is signifcantly larger compared to the area overhead proposed in the present study.
Similarly, Table 2 summarises the latency exhibited by the proposed method and its comparison with other methods. Since the watermark in the present method is embedded outside the IP core and it does not utilize any of the resources from IP core, it does not cause any latency in the IP core functionality. On the other hand, as can be seen from the table, other methods wherein watermarking is designed using resources of the IP components exhibit latency to the circuit.

Probability of Coincidence.
It is the probability of guessing the correct input signal pattern to generate owner's signature. In the case of the watermark, its protection strength can be indicated by this probability of coincidence. It is worth to mention here that the word "probability" does not signify its exact mathematical meaning strictly; rather, the term indicates here the approximation of the actual probability [16]. Terefore, in the present case, design robustness in terms of guessing the correct key signal for Enable logic can be calculated as 2 8 � 256 diferent possible combinations which implies that guessing the correct key for Enable logic will be time-consuming. However, only enabling the SGM module will not produce the owner's signature and will not be helpful in presenting the false claim. Moreover, for two-stage verifcation and generation of owner's signature, the correct input owner's key pattern is needed to feed SGM. Terefore, design robustness in terms of guessing the correct input pattern of key and owner's key can be calculated as permutation for all possible values. Tis can be expressed in terms of probability of coincidence (P C ) and calculated as P C � 1/(permutations of key bits x permutations of bits in each data stream block + clock tick delays). Tis refects the possibility of guessing the authentic Key and owner's key. In accordance with this, P C is calculated for all sixteen studied watermark combinations and summarized in Table 3.
However, to present a consolidated view on analysis and comparison with the previous works, the probability of coincidence for Watermark 1, 16, and previous works [58,59] is listed in Table 1 at the bottom. Watermark 1 is the smallest watermark (in terms of the number of bits in the Key) and, similarly, data string length per block and clock tick delays per block of owner's key, i.e., K8:4D8:3C8 and exhibits area overhead below 0.6% for all benchmark circuit. For Watermark 1, P C is 9.09 e − 13, which implies that almost infnite combinations are to be explored by attackers to guess the correct input pattern to generate owner's signature. Similarly, Watermark 16 is the largest considered watermark (K64:4D64:3C64), exhibits area overhead below 1.4% for all benchmark circuits, and shows P C as 4.68 e − 97 whereas, for the methods proposed in the previous works, [58,59] shows Pc as 9.56 e − 18 and 3.72 e − 53 (value considered for 64-bit Watermark for comparison), respectively. In the present study, the analysis revealed that for the proposed method, P C can drop down drastically if the watermark combination contains a large number of bits in the Key, and similarly, data string length per block and clock tick delays per block of owner's key are increased. Moreover, the marginal increase in area overhead due to various watermark combinations demonstrates the robustness of the proposed method.

Attack Analysis.
In the case of watermark methods, mainly, three types of attack analysis are to be taken into consideration, viz. removal, masking, and forging.

Strength of Hardware Obfuscation.
Hardware obfuscation ofers a preventive measure by obscuring the system design and architecture. Te hardware obfuscation resulted from the deliberate changes or restructuring in the interconnectivity of the various functional units. Tis method is used for obscuring the data path architecture and controlling logic without afecting the functionality of the IP core. Due to this, understanding the logic architecture becomes unobvious for an adversary, which makes reverse engineering or identifcation of the correct functional fow of the design harder. Also, since the architecture of the design remains concealed from the adversary, the possibility of malicious logic insertion is reduced. In addition to this, a Key based Enable Logic circuitry enhances the strength of hardware obfuscation. It is demonstrated that the second stage of validation can be accessed through this obfuscated circuit only when the correct Key is fed to Enable Logic. Tis signifcantly enhances the strength of the frst layer of protection.

Removal and Masking of Watermarks.
Te watermark presented in this study comprises MUX and DEMUX, which are also one of the basic components used to design IP cores, because of which identifying these components as a part of watermark is very difcult. Furthermore, while integrating the watermark with IP core, the input and output of the IP core are restricted to be accessed through DEMUX and MUX only. Additionally, enable logic select line is set to give system input to IP core via DEMUX, and the system output is passed via MUX. Tus, this watermarked IP core can be accessed now only through the select line of the Enable logic of the watermark. In other words, when the system input signal enters the watermarked IP core, it is to be accessed by IP core or SGM is decided by the select line of DEMUX which is controlled by enable logic. Certainly, in case of removal of the watermark, the IP core will not receive the system input, and this will leave the IP core redundant, making it no longer useable. A similar type of IP core malfunctioning will occur in case of masking of watermark since in this case also input will no longer be accessible to IP core.

Forging of Watermarks.
Te possibility of forging attacks can be considered, wherein the adversary may add his own watermark to the original IP. In this case, the owner can rightfully prove the IP ownership by presenting an IP with his own watermark demonstration while the adversary can be easily fgured out due to the presence of two watermarks. Moreover, as a future scope of the proposed method, a few modifcations can be considered. In the design of SGM (consider Figure 2), additional circuitry can be added next to AND gate, which will accept the input from the AND gate. Herein, based on the data streams inserted as a part of owner's key, encryption-based submodule can be designed for owner's signature generation. However, this will cause the area overhead to the circuitry. Tis also highlights the ever-existing challenge of achieving a better trade-of between the security ofered by the watermark and area overhead, latency it causes. At this point, the choice of a costefective solution is a true challenge.

Conclusions
Tis paper presented a new robust dynamic watermarking method. Instead of using any resources of IP core, it is isolated to keep IP core functionality unaltered, and outside resources are utilized for watermarking. A novel way of embedding the authorship information using logic encryption-based hardware obfuscation method is employed. Tis method is confgured to allow input-based selective running of either IP core or SGM (watermark). Furthermore, the two-stage mechanism is set to generate owner's signature. As a frst stage, the proposed method obscures the data path architecture and controls logic without afecting the functionality of the IP core. Tis ofers counter-measures against reverse engineering or makes identifcation of the correct functional fow of the design harder. Additionally, the frst stage acts as a pathway for second stage (access to SGM). Terefore, second stage of validation can be accessed through this obfuscated circuit only when the correct Key is fed to Enable Logic. Second stage is SGM which is a validation circuit designed to identify authentic owner's key and generate owner's signature. Tereafter, data streams and clock tick delays are used in combination to formulate an owner's key pattern and an owner's signature. Tis innovative design of keys makes it harder to guess the correct pattern and the probability of coincidence drops down dramatically (P C as 4.68 e − 97). Besides this, since the watermark in the proposed method is embedded outside the IP core, it does not cause any latency to the IP core functionality. Moreover, the basic components used to formulate the watermark architecture, and the embedding method exhibits lower area overhead (up to 1.4%), yet the proposed method is capable of providing the competitive way of IP core watermarking.

Data Availability
Te data used to support the fndings of this study are available in the manuscript.