Performance Evaluation for IP Protection Watermarking Techniques

The advance of processing technology has led to a rapid increase in IC design complexity. There are now more than thousand million transistors integrated on a chip, and the increasing trend is expected to continue until 2020 or later. This creates the design productivity gap between IC design (typically 20% per year) and IC manufacturing (over 40% per year), and this gap is becoming wider and wider. To close this gap, IP (intellectual property) reuse emerged as the most significant design technology innovation in the past decades. IP companies, third-party libraries, and industry organizations such as the VSIA (Virtual Socket Interface Alliance) have created high expectations for the value and reusability of design IP.


Introduction
The advance of processing technology has led to a rapid increase in IC design complexity.There are now more than thousand million transistors integrated on a chip, and the increasing trend is expected to continue until 2020 or later.This creates the design productivity gap between IC design (typically 20% per year) and IC manufacturing (over 40% per year), and this gap is becoming wider and wider.To close this gap, IP (intellectual property) reuse emerged as the most significant design technology innovation in the past decades.IP companies, third-party libraries, and industry organizations such as the VSIA (Virtual Socket Interface Alliance) have created high expectations for the value and reusability of design IP.
The IP reuse in the reuse-based design methodology is rather different from other reuses such as media, devices to produce artifacts.The reuse of components, designed for a class of applications, is a method to reduce the design-effort, which is well-known from software design for a long time already.In the field of IC design, the reuse of blocks has been practiced in design houses mainly in form of an evolution of existing products.Due to shorter product cycles and rapidly increasing product complexity, many design companies will more and more refer to module cores from outside.During the process of the transfer of design blocks from the original provider to the integrator, intellectual property issues have to be seriously considered.At the same time, some essential issues for IP reuse are outlined: design quality, documentation, security, support, and integration (Thomas et al., 2001).As suggested in the "Reuse Methodology Manual for System-On-A-Chip Designs" (Keating & Bricaud, 1998), an example process of integrating IPs and doing physical chip design can be broken into the following steps: Selecting IP blocks and preparing them for integration; Integrating all the IP blocks into the top-level RTL; Planning the physical design; Synthesis and initial timing analysis; Initial physical design and timing analysis, with iteration until timing closure; Final physical design, timing verification, and power analysis; Physical verification of the design.
There are many solved or unsolved issues need to be addressed for IP market: friendly interface between IP provider and IP user, design-for-manufacturing, design-for-test, design-for-reuse, IP standardization, rules for IP exchange, and so on.IP reuse is based on information sharing and integration.Therefore piracy will also have much easier access to the IPs.The IP piracy affects the IP vendors, chip design houses as well as system manufacturers adversely by depriving their revenue and market share.As a result, recent trends of IP piracy have raised serious concerns among the IC design community.
In response to these trends, IP protection becomes crucial to both IP vendors and IP users and becomes one of the key solutions for industrial reuse-based integration.Although sometimes the lack of mechanisms for IP protection becomes barriers to increase design productivity, there have been significant advances from both industry and academic.Especially the VSIA's white paper on IP protection (VSIA, 2000a) and physical tagging standard (VSIA, 2000b) has now been widely adopted by semiconductor and EDA industry.Numerous protection techniques are proposed by researchers both from industry and academia.There exist three forms of IP protection techniques: tagging, fingerprinting, and watermarking.The idea of tagging proposed by Marsh & Kean is to provide a "security tag" for the IP core which can easily be detected off chip using an external receiver called as "wand" (Marsh & Kean, 2007).The approach is vulnerable because the tag can be easily removed by someone if he/her knows some information about the tagging.Bolotnyy & Robins use PUFs (Physically Unclonable Functions) to create aboard RFID (Radio Frequency Identification) tags to protect ICs from cloning (Bolotnyy & Robins, 2007).The security is really improved.However the PUF design is so complicated that the manufacture is hardly reachable.Majzoobi et al. proposed a "Lightweight Secure PUFs" with the new structure in low area, power, and delay overheads.The appeoach facilitates easy security versus implementation cost trade-offs (Majzoobi et al., 2008).There are also other variants in PUF researches, such as implementation of PUFs exploiting physical characteristics other than timing and delay information of silicon circuits.Ravikanth et al.Proposed an optical PUF, which uses the speckle patterns of optical medium for laser light (Ravikanth et al., 2001).Coating PUFs and acoustic PUFs measure the capacitance of a coating layer covering an IC and the acoustic reflections of a token, respectively (Skoric et al., 2005;Tuyls et al., 2005).Among these techniques, watermarking is the most extensive mechanism implemented at multi-levels of IC design procedure.Primitive watermarking, also known as data hiding, embeds data into digital media for the purpose of identification, annotation, and copyright.The rapid development of digitized media and the internet revolution are creating a pressing need for copyright enforcement schemes to protect copyright ownership.Numerous techniques for data hiding in digital images, videos, audios, texts and other multimedia data have been developed.All these techniques take advantage of the limitation of human visual and auditory systems, and simply embed the signature to the digital data by introducing minute errors.The transparency of the signature relies on human's insensitiveness to these subtle changes.For detail survey, refers to (Gang & Potkonjak, 2003).Especially, watermarking techniques in VLSI domain protects IP cores, CAD tools as well as algorithms from illegal reuse.
CAD tools and algorithms are protected as traditional software by mechanisms such as licensing agreements and encryption.Despite the lack of enforcement of licensing agreements and the security holes of encryption protocols, these protections do not provide the ability to detect IP piracy (Lin et al., 2006).The rare technique that detects possible CAD tool and algorithm piracy is the forensic engineering approach proposed by Kirovski et al. (Kirovski et al., 2000).It enables the identification of solutions generated by strategically different tools and algorithms.They simply check the given solution for the properties that the algorithm clustering has been performed and claim that the solution is obtained by the algorithm that has the best fit.The poor application to distinguish different algorithms as well as the requirement of candidate algorithms and computing resource is the lack of this technique.So the need for effective CAD tools and algorithms protection becomes vital and urgent.CAD tools and algorithms protection are not in the scope of this book, our work focuses on watermarking techniques for the protection of reuse IP core.We review the representative watermarking techniques and evaluate their performance for both ASIC (Application-Specific Integrated Circuit) and FPGA (Field Programmable Gate Array) designs.
Fingerprinting technology is a complementary to watermarking due to the demand of ensuring the rights of both IP provider and IP users.The main challenge of fingerprinting technique is how to create numerous IP cores with the same function for different IP users.The common approach is to acquire each IP user's signature and repeat embedding it into the entire design to create high-quality solutions from scratch within reasonable amortized design cost.
To the best of our knowledge, the first IP fingerprinting technique is published by Lach et al. (Lach et al., 1998).Their approach is based on the solution by partitioning an initial solution into a large number of parts to provide different fingerprinting realizations (a restricted FPGA mapping problem).Unfortunately, the technique cannot be applied if the design do not have natural geometric structure.Also it has relatively low resilience against collusion attacks due to the identical global structure and the time overhead for creating fingerprinted solutions is relatively high.Andrew et.al proposed a generic fingerprinting methodology that applies to arbitrary incremental optimization/synthesis problems on an watermarked initial "seed" solution to yield different but functionally identical fingerprinted IPs.The approach enhanced collusion resiliency with low runtimes but different solutions are not guaranteed (Andrew et.al, 1999).Gang and Miodrag proposed a fingerprinting technique which uses arbitrary optimization on the problem formulation superimposed additional constraints to produce numbers of distinct solutions with high quality.The run-time overhead for generating many solutions is almost zero (Gang & Miodrag, 2004).
The remainder of this section is organized as follows.We first review the related works of watermarking techniques.Analyze the representative watermarking techniques, introduce watermarking performance evaluation function, and show experimental results for watermarking techniques of ASIC.Followed give a simplified FPGA watermarking investigation and estimation.Finally we have a conclusion for overall work.

Watermarking performance evaluation
Referencing viewpoints by VSI Alliance (FallWorldwide Member Meeting, 1997), a state-ofart watermarking-based IPP technique should be: 1. Maintenance of functional correctness.2. High-credible; coincidence probability, the probability a non-watermarked design might coincide by accident with a watermarked one should be low enough.3. High-security; watermark should be in the integrity or can be extracted under attack.4. Low embedding cost. 5. Low overhead.6. Traceable.
According to the requirements of watermarking, a complete methodology for watermarking performance evaluation should be established.Unfortunately, limited to our knowledge, there is no comprehensive evaluation function for IP watermarking techniques so far.The only literature published for watermarking investigation is accomplished by Abdel-Hamid et al. (Abdel-Hamid et al., 2003).However, they only compared performance of the approaches from their embedding cost, overhead, probability of coincidence, and security.There was no more deeply analysis and evaluation for the watermarking techniques.
In the context, we introduce representative watermarking techniques and evaluate their performance for the two usual IC forms: ASIC and FPGA respectively.

Watermarking performance evaluation for ASIC
From watermarking construction style, there are almost two methods for watermarking ASIC IP cores.One focuses on introducing additional constraints on certain parts of the solution space of synthesis and optimization algorithms.Another is adding redundancies to the original design.
From VLSI design process, pre-processing watermarking methods and post-processing watermarking methods are discussed.Pre-processing techniques embed watermark before the synthesis tools are applied to solve the watermarked problem.Post-processing techniques firstly solve the original problem without any watermarks.The solved solution will be altered sequentially based on the watermarking constraints.According to design process, watermarking techniques at behavioural-level, structural-level, physical-level, and algorithm-level are proposed.
There may be some shortfalls or defects for a certain watermarking technique.It becomes an important work to evaluate the performance of a watermarking technique because the approaches may bring influences to the origin.So it is impending to build methodologies and functions for watermarking performance evaluation.

Watermarking technique review
In this section, we firstly review a few representative watermarking techniques constructed at different design levels.Then analyze them form a few essential aspects: embedding cost, coincidence probability, security, and tracing cost.

Physical-level watermarking
Kahng et al. firstly proposed the constraint-based watermarking methodologies based on the usage of available tools which solves NP-hard problems (Kahng et.al, 1998).The algorithm adds extra constraints to such solutions that would make it yield the new watermarked design.They validated the approaches in pre-processing and post-processing, respectively.The pre-processing flow provides a method that adds constraints by involving segment widths, spaces, and choice of topology.They applied the watermarking by encoding a signature as upper bounds on the wrong-way wiring used to route particular signal nets.The post-processing flow provides a method that encodes a signature as specified parity of the cell row within which particular standard cells must be placed.Narayan et.al provided a method for embedding a watermark by modifying the number of vias or bends of the nets in a design (Narayan, et.al, 2001).There were 12~13% expense in the number of vias and wire length which is unpractical in real life.The author also proposed a post layout watermarking method which smartly changes route directions by setting obstacle and rerouting (Nie, et.al, 2005).There was no extra wire length overhead and the incremental watermarking time is acceptable.Other techniques at physical design level are also proposed (Min & Zhiqiang, 2004;Irby et.al, 2000).
For physical design watermarking, we choose the most representative technique proposed by (Kahng et.al, 1998) for evaluation instance.According to the published results, the extra routing CPU run time for watermarking is about 9.00%; increased wire-length and via number (watermarking overhead) are 0.58% and 0.55% respectively, sum is 1.13%; the coincidence probability geometrically reduced to the constraint number, from 1.1e -8 (nearly 10 -3 for 20 constraints) to less than e -85 (nearly 10 -25 for 320 constraints).From their analysis, the approaches can prevent "ghost signatures" and forging attack due to enough-long constraints and message encoding.They also showed the result from tampering with placement and routing watermark which indicates solution quality degrades much faster than signature strength.It proves that tampering does not appear to be a viable form of an attack.

Behavioral-level watermarking
Torunoglu et.al and Oliveira introduced a similar watermarking-based copyright protection technique of sequential functions at behavioral design level (Torunoglu & Charbon,2000;Oliveira, 2001).The algorithm is based on adding new input/output sequences to the finite state machines (FSM) representation of the design.It extracts the unused transitions in a state transition graph (STG) of the behavioral model.These unused transitions are inserted in the STG associated with a new defined input/output sequence, which will act as the watermark.The main advantage of this kind approach is the ability to detect the presence of the watermark at all lower design levels.Torunoglu and Charbon performed exhaustive search only in one case due to the extreme computational complexity of this method.The CPU time in this case was 1.0 second for an area of 2.33-k gates, but it increases exponentially according to their computation formula.The coincidence probability of watermarking is from 10 -7 to 10 -34 , averagely 10 -11 .The watermarking overhead (Extra area of modified FSM) is from 0.2% to 143%, average is 23.77%.It will be much larger if the expected watermark becomes longer.The number of I/O pins which is used to create sequence to insert watermark is not very long, so the approach's resistance to "ghost signatures" attack is not as strong as expected.They proved the "tampering" attack will not successful under various assumptions.Unfortunately, because there is no encryption for the watermarking, the approach is weak to "forging" attack.

Structural-level watermarking
There are few watermarking works at structural-level.Kirovski et.al developed a watermarking approach to protect EDA tools and designs at the combinational logic synthesis level.The user-specific watermarking instance is soluted by imposing constraints to the original logic network, where the constraints are uniquely dependent on author's signature (Kirovski et.al, 1998).Cui and Chip-Hong also proposed the similar approach by resynthesizing the "master design" to meet the application constraints.
We select the first appraoch as representative for structural-level watermarking performance evaluation.From their result, the runtime for the watermarking was controlled within ±5% of the program execution runtime.The average likelihood of watermarked solution coincidence is less than 10 -13 with the overhead of 4%.Because the adopted watermark constraint length is short (5-inputs), its resistance to "ghost signatures" attack is likely low.They proved that the attacker has to perturb great deal of the obtained solution to tamper the watermark while preserving solution quality, like to develop a new optimization algorithm.For "forging" attack, it is less efficient than trying to tamper the signature in a top-down approach and it is more impossible in a bottom-up approach due to the one-way function encoding.

Algorithm-level watermarking
There are rare approaches at the algorithmic level.Chapman & Durrani proposed a Digital Signal Processing (DSP) watermarking scheme (Chapman & Durrani, 2000).The algorithm is based on the ability of designers to make minor changes in the decibel (db) requirements of filters.In this approach, the designer of a high level digital filter encodes one character (7 bits) as his/her hidden watermark data.Then the high level filter design is divided into 7 partitions where each partition is used as a modulation signal of one of the bits.
The authors did not discuss the strength of their approach or the probability Pc that the design might coincide with a non-watermarked design.The approach as well depends on a very low data rate, just one character (7 bits), which makes it really unpractical to be used in an industrial environment.The approach is also missing a clear way to track and extract the watermark at lower levels.Therefore, we think the approach is incipient and do not evaluate its performance.

Watermarking performance evaluation function
As described in the context, we consider performance evaluation of watermarking techniques from five aspects: embedding cost, coincidence probability, overhead, security, and trace cost.The components of watermarking performance are illustrated in Fig. 1.We formulate watermarking technique performace P using the following function: Obviously, lower watermarking cost leads to high-performance watermarking technique.Therefore watermarking performance is reverse to embedding cost.Similarly, watermarking performance is reverse to coincidence probability, overhead, and tracing cost.Instead watermarking performance is proportional to its security which must be concerned.We give a function f i and a weight to each component, equation ( 1) can be formulated as: In practice, watermarking tracing cost is almost equal to watermarking embedding cost, so formula (2) can be simplified as: Each part of formulation (3) is related to both watermark constraints size and watermarking method.Consider process of watermarking-based IP protection, we evaluate the performance of watermarking techniques in such rules: The watermarking IP protection process is implemented by either intrusive software or an incremental implementation of EDA tool.So the additional CPU run time of the implementation is considered as the embedding cost.Generally, watermarking identification needs some extra circuits.We take the increased wire-length and (or) via number as watermarking overhead.It is considered that the security of watermarking techniques is related with its resistance to attacks.There is a brief introduction of prototypical attacks referred in (Kahng et.al, 1998).The attacks include "ghost signatures" finding, tampering, and forging.To find "ghost signatures", hacker may try a brute-force approach to find a signature that corresponds to a set of constraints that yields a convincing proof of authorship Pc.However, this brute-force attack becomes computationally infeasible if the threshold for proof of authorship is set sufficiently low.e.g., Pc≤2 -x (x is the length of constraints).So it is easy to prevent this type attack just by enlarging the length of signature (watermark).As an alternative, attackers may select re-solving every subsequent stage of the watermarking process to forge author's signature.Generally, Specific changes that attacker makes to the final solution will likely correspond to (1) local perturbations of the solution to the watermarked phase, or to (2) global-scale transformations such as those which exploit asymmetry of the design representation.It is critical that common watermarking technique has the resistance to such transformations.Tampering attacks might not be able to ruin the proof of authorship before they significantly degrade the quality of the final solution.
Finally, attacker may select to forge author's signature.To finish this work, he needs a signature that he can convince others belong to author.If a signature corresponds simply to a text message, he simply chooses a text message resembling one that author would use.However, such attacks can be easily prevented by using a private key encryption system for watermark generation.We analyze the security of watermarking techniques from the above three aspects, and give a quantitative performance evaluation.

Watermarking analysis summary
Through the investigation and analysis, performance of various watermarking techniques is summarized in Table 1.There are total six columns each display the item of watermarking performance.The first column displays watermarking type.The second and the fifth column are the watermarking embedding cost and tracing cost which represent the increased CPU runtime corresponding to normal IC design process.The forth column of "Overhead" represents the increased percentage of wire length and via number.In the fifth column of "security", there are 3 sub-columns: G, T, and F which represent the resistance to "ghost signatures", "tampering", and "forging" separately.The value of "+" means the method has resistance to such attack, while the value of "-" means no resistance or resistance is really weak.

Evaluation results
We evaluate the representative watermarking algorithms from five items: embedding cost, coincidence probability, overhead, security, and tracing cost.According to the investigated results, we calculate each sub-value in the scope (0, 1).Finally we accumulate all the value as the performance evaluation by using formula (3).
Performance of watermarking technique is related with the run time of watermarking process.The more time consumed, the more watermarking technique is ineffective.We define sub-function f 1 as: Where Design_cost displays the original design cost.If Em_cost (embedding cost) is too expensive to exceed Design_cost, the value of function f1 will be equal to 0.
If the coincidence probability of a watermarking techniques is sufficiently low (for example, less than 10 -3 ), f 2 function can be set as: The overhead of watermarking (increased wire length, extra via, etc.) degrades the performance of the design.The function f 3 can be written as: Where Total is the total cost for the original design.
There are three factors impact the watermarking security: the resistance to "ghost signature", "tampering", and "forging".We think that no matter which factor is satisfied, the watermarking security gets 1/3 value augment.The f 4 can be written as: Where N is the number of satisfied factors.
Substituting the formulations (4), ( 5), ( 6) and ( 7) into formulation (3) and the of set Design_cost and Total to 1, we have: We prepare three schemes to evaluate performance of watermarking techniques: (a) Balance evaluation where each item weights are the same, namely α=β=γ=λ=0.The first column show the evaluation schemes mentioned above: Balance evaluation, Cost emphasis evaluation, and Security emphasis evaluation.The second, the third and the forth column show evaluated performace value of different watermarking techniques in various test schemes.From the result, we understand performace of physical watermarking representative is high, then structural watermarking representative, and behavioral watermarking representative is relatively low, no matter the scheme.From the curves in Fig. 2, we can understand the comparison more intuitively.

Fig. 2. Performace illustration of watermarking techniques
We introduce functions to evaluate watermarking techniques and hope this work can provide a standard candidate for researchers to evaluate their watermarking techniques.
Although performace of various watermarking techniques is different, even the weak technique has its advantages.In future, researchers may develop stronger watermarking techniques by combining the advantages of different level watermarking techniques to prevent any IP piracy attempt from happening.

Watermarking performance evaluation for FPGA
Before the FPGA being watermarked, a signature should be prepared.The signature may be a short ASCII-text, which identifies the owner of the core.The string is then hashed and encrypted to generate a seed of watermark.Then the watermark is produced from the seed with a pseudo random generator like RC4.
Fig. 3 gives an example of FPGA watermarking design flow.As shown in the figure, there are three types of FPGA cores: Source-cores, netlist-cores and bitfile-cores, corresponding to the design levels.Source-cores are delivered in HDL or C language.There are very flexible to synthesize for many target technologies.Netlist-cores have a medium flexibility because they have been fixed on a target technology.Bitfile-cores are very inflexible since they can be used only for a specific device.
Daniel & Jurgen had an accurate evaluation of watermarking methods for FPGA-based IP cores from functional correctness, hardware overhead, transparency, verifiability, difficulty to remove, and proof strength of authorship (Daniel & Jurgen, 2006).They divided watermarking techniques into two categories from their construction: additive methods and constraint based methods.In this chapter, we introduce recent FPGA watermarking techniques and estimate their performance under certain criteria.

Additive methods
Additive methods in FPGA design are watermarking procedures where a signature is added to the functional core.The watermark is not embedded into the functional core yet be masked as a part of the core.
There exist no publications about additive watermarking for source cores protection although it is possible to write an additive source component into the core.However it isn't an applicable watermark strategy because one can also remove this component easily.
Most additive watermarking methods for netlists just watermark the design by introducing redundant logic to the circuit.Moritz et.al presented a novel approach to watermark FPGA designs by converting functional LUTs (Lookup Tables) to LUT-based RAMs or shift registers prevents deletion due to optimization (Moritz et.al, 2009).The resource overhead for watermarking is tiny, generally less than 5%.The method is transparent to EDA tools because the watermarking is performed after the usual netlist generation.The suspected design can be verified only when the extracted bitfile is not encrypted.The authorship can be detected without requesting additional information from the producer.However the watermark can be easily removed by reverse-engineering and the authorship will dispear.
An approach for watermarking bitfile-core is implemeted by embedding the signature into unused look-up tables (John et.al, 1998).The signature will be hashed and coded with an error correction code (ECC) to be able to reconstruct even if some lookup tables are tampered.After the initial placement and routing, the number of unused lookup tables are determined.The ECC code is split into the size of the lookup tables and additional LUTs are added to the design.The watermarked design is obtained after being re-placed and re-routed.
The approach was improved (John et.al, 1999) by using many small watermarks whose size is the exact size of a lookup table.The small watermarks are easier to search relatively.However, the published watermark positions in verification process make the watermarking technique easily attacked.Futhermore, Lach et.al improved the approach to a fingerprinting technology by encoding the fingerprint into the position of the mark in the tile (Lach et.al, 1998).
The watermark consumes low hardware overhead because the unused lookup tables in the original design would remain empty.The approaches provide a strong proof of authorship and are transparency to EDA tools.The methods are verifiable because it is possible to determine the position of the watermark in a tile.On the contrary, the watermark is alos easy to be remoed or overwrited.

Constraint based methods
The constraint based watermarking methods apply to solutions of hard optimization and constraint-satisfaction design problems.It is centered around the use of constraints to "sign" the output of a given design synthesis or optimization.The solutions of a given optimization instance that satisfy these constraints have a watermark embedded in them and provide a probabilistic proof of authorship.The less likely that randomly chosen solutions are to satisfy these constraints, the stronger the proof of authorship is.The coincidence probability Pc is given by the following formula: where n is the number of solutions which satisfy only the original constraints and n w is the number of solutions which satisfy both the original and the watermarking constraints.If Pc is very small, the solution provide a strong proof of the watermarking existence.A watermark's resistance to attacks is inversely proportional to an adversary's ability to manipulate it without resolving a given optimization problem from scratch.
Darko & Miodrag proposed an approach for a HDL core protection using a watermarked scan chain (Darko & Miodrag, 1998).At first all registers will be sorted to be assigned a sequential number.A pseudo random sequence is generated from author's signature to select registers according to a certain algorithm.The first K selected registers are chosen for the first register in a chain, where K is the number of used scan chains.The variation of the scan chains for different signature can be used to detect the watermark.Unfortunately, an injudicious chosen of test chain could result in more routing resources overhead.The approach is transparent to the synthesis tools because the signature is added to the HDL core.The watermark can be verified easily only when the scan chains can be accessed from outside of the chip.Some deletion of watermark results in corruption of the scan chain.In additional, a strong proof of authorship can be achieved by using a large number of registers in scan chains.
An approach to protect netlist cores is implementing by preserving certain nets in the synthesis and mapping step (Kirovski et.al, 1998).Some nets are chosen from the sorted nets of design according to a signature.These nets are prevented from elimination by the design tools by connecting to a temporary output of the core.Additional logic is inserted to connect the new outputs together to reduce the amount of the additional outputs.The design with new outputs can be seen as the result of constraint based watermarking.The additional logics for watermarking require some resource overheads.This approach is transparent to EDA tools because the choice of preserved nets for watermarking can be done before the synthesis process.The watermark can be verified by comparing the given netlist with the original one.However, it is impossible to verify the watermark from a bitfile.The security of this approach is insufficient because the additional logic is easy to remove by resynthesizing the design.Furthermore, although the probability of coincidence is really low, forging watermarked design is possible which results in weak authorship proof.
An incremental placement and routing or timing constraint is applied to watermark FPGA bitfile-cores.
As an alternative, a watermark can be embedded by placing configurable logic blocks (CLBs) in even or odd rows depending on the constraints (Kahng et.al, 1998).The resource overhead for watermarking is very low and even tends to zero because the placement is altered marginally.The approach is transparent because the watermarking stage is performed before placement implementation.The CLBs can be corresponded to the signature uniquely by enumerating them form the top left corner.Then the watermarked design can be verified with only the given bitfile.It is nearly impossible to remove watermark from the given bitfile because the CLBs are tightly connected with each other.This approach has a strong proof of authorship due to the large amount of CLB position candidates for watermark embedding.
Another proposed method is to add constraints to the router.The constraints make the router route a net with some unusual routing resources like "wrong way" segments, in which the net goes to a wrong direction and then back in the right direction to form a backstrap.The net can be verified as a watermark net due to its special geometry.The routing resource for watermarking is too minor to be neglected.The approach is also transparent to EDA tools because constraints are added before invoking routing.The watermarked design can be verified with the known strategy and the unique nets.It is easy to remove the mark by wrapping up the constraint nets and rerouting it again if someone knows the routing information and the watermarking algorithm.The proof of authorship is not very strong because the watermark is ambiguous and easy to remove or tamper.
A watermarking approach by setting additional timing constraints between registers is proposed in (Kahng et.al, 2001).The timing constraints for the selected paths may split into two separate constraints, each have a new constraint.
Another approach selects the uncritical paths and adds new timing constraints on them (Adarsh et.al, 2003).The last digit of the time delay is reset depending on the watermark.For example, a path has a delay of 10.64ns.If the corresponding watermark bit is '1', the new time delay of this path is set to10.61ns, if the corresponding watermark bit is '0', the delay is set to 10.60ns.
These approaches for watermarking need no resource overhead.They are transparent because additional constraints are added before invoking the routing tool.These approaches are difficult to verify so that it no use to talk about their authorship proof and attack resistance.However designers can create different bitfiles from the same design which are useful for fingerprinting.

FPGA watermarking validation
As mentioned in (Daniel & Jurgen, 2010), when considering a finished FPGA products, there are five potential information sources can be used for extracting a watermark: configuration bitfile, ports, power consumption, electromagnetic (EM) radiation, and temperature.
The bitfile can be extracted by wire tapping the communication between the PROM and the FPGA.Some FPGA manufactures provide an option to encrypt the bitstream which makes communication monitoring useless.However, it is possible to read out some information stored in RAMs or lookup tables to finish verification.Another approach is to employ unused ports which is limited only at top-level designs and impractical for IP cores.
The method called "Power Watermarking" can force patterns on the power consumption of an FPGA as a covert channel to transmit data to the outside.Related works shown in (Ziener & Teich, 2008) and (Ziener et.al, 2010) indicate the clock frequency and toggling logic can be used to control such a power spectrum covert channel.The resulting change in power consumption can be extracted as the signature from the FPGA's power spectrum.
With almost the same strategy it is also possible to extract signatures by raster scanning electromagnetic (EM) radiation of an FPGA with an EM sensor (Thomas & Christof, 2003).
Unfortunately, it becomes unpractical since modern FPGAs are delivered in a packaged shape which decreases the EM radiation.
Finally, a watermark might be read out by monitoring the temperature radiation which is similar to power and EM-field watermarking approaches.There is only one commercial watermarking approach which reads a watermark from an FPGA taking up to 10 minutes (Kean et.al, 2008).

Conclusion
In this section, we first reviewed several classical IP protection methods such as tagging, fingerprinting, and watermarking.Then we investigated representative watermarking techniques of ASIC at different design levels.We proposed functions to evaluate watermarking techniques from the under aspects: embedding cost, overhead, coincidence probability, security and tracing cost.The evaluated results show that the performance of physical watermarking technique is high, structural watermarking technique is medium, and behavioral watermarking technique is low.We also summarized watermarking techniques of FPGA core protection and validation methods from three forms of FPGA: source code, netlist, and bitfile.
From this work, we hope it provides a standard candidate for researchers to evaluate their watermarking techniques.In future, researchers may develop stronger watermarking techniques by combining the advantages of different level watermarking techniques to prevent any IP piracy attempt from happening.

Acknowledgment
We are grateful to our work team for the contribution to this research.The Project is sponsored by SRF for ROCS, SEM. and Supported by Shandong Province Natural Science Foundation (ZR2009GL007) and A Project of Shandong Province Higher Educational Science and Technology Program (J09LG10).The author also thanks for the support of the family.
2; (b) Cost emphasis evaluation where the weights of cost and overhead are set double to others, namely α=γ=0.25 and β=λ=0.125.(c) Security emphasis evaluation where security weight is set double to others, namely λ=2/6 and α=β=γ=1/6.(All the weights obey: 2α+β+γ+λ = 1) Based on formulation (8), we calculated the concrete performance value for the several watermarking techniques.The results are shown in Fig. 3. FPGA watermarking design flow and IP core Where P is a function with six variables: Em_Cost, Coin_Pro, Overhead, Security and Trace_cost.Em_Cost represents watermarking embedding cost which usually means the additional wire length or vias for watermarking represetation.Overhead represents how long EDA tools runt for watermarking process.Coin_Pro represents the probability that the watermarked design coincided with a non-watermarked one.Security represents strength of watermarking technique resists to various attacks.Trace_Cost displays the cost retrieving watermark from a protected IP design that can be considered almost the same to the embedding cost.Maintenance of functional correctness is not considered as a factor of the function because each watermarking technique in the market should at least satisfy this requirement.

Table 1 .
Performance summary of watermarking techniques