## **HarDMark**: CAD based DNA Fingerprint as Watermark Countermeasure for Hardware Cybersecurity of VLSI Applications

**Step-1:** Run the tool → Upon running the executable file (*main* file in *dist* folder), a display window (Welcome panel) appears as shown below. Welcome panel displays the tool name and contains two buttons (tabs): (a) Read Me and (b) Get Started. The Read Me button directs to a PDF file containing the necessary details regarding the tool operations.



Step-2: Click on 'Get Started' button  $\rightarrow$  Get Started button leads to the next step *i.e.*, opening of the main window of tool. The main window of the tool comprises of three panel: (a) input panel, (b) output panel, and (c) status panel. Initially, all buttons of output and status panel's buttons (tabs) are yellow and red, respectively. On successful operation, each tab becomes blue.

**Ref**: A. Sengupta, N. Bhui, A. Anshul, *et al.* Bio-mimicking DNA fingerprint profiling for HLS watermarking to counter hardware IP piracy. *Nature Sci Rep* 14, 22413 (2024). https://doi.org/10.1038/s41598-024-73119-y.

**Ref**: A. Sengupta, N. Bhui and A. Anshul, "High Level Synthesis Based Forensic Watermarking of Hardware IPs using IP Vendor's DNA Signature," *IEEE Embedded Systems Letters*, doi: 10.1109/LES.2025.3566674.

This tool has been developed under the supervision of Prof. Anirban Sengupta (PI and Supervisor) and Dr. Aditya Anshul, Post-Doc (TRF)



Step-3: Click on Tab 'Load Application File' → Initially, we have to provide the data intensive application (in form of control data flow graph) and the respective module library file as inputs. Post clicking on the Tab 'Load Application File', a pop-up window appears (as shown below) to select sample data intensive application, corresponding to which secure RTL file with DNA fingerprint watermark as piracy detective countermeasure is to be generated. Note: For example, DCT\_4pt\_bechmark has been selected here (as shown below).



Step-4: Load Module Library File→ Post loading the data intensive application, the user is asked to load the module library. By clicking the Tab 'Load Library File', a pop-up window appears for the user to select corresponding library. Library file comprises of the details of hardware functional unit (FU) resources such as adder, subtractor, multiplier, register, etc., in terms of area and latency of resources and available hardware resources for allocation. Note: For example, library corresponding to DCT\_4pt\_bechmark (i.e., DCT\_4pt\_lib) has been selected here (as shown below).



**Step-5**: Post loading the application file and library file (15 nm open cell library), the corresponding control data flow graph (CDFG) of input application is generated. Now, user is asked to enter the resources based on which the input design (*i.e.*, CDFG) is to be scheduled. Note: if user enters the resource configuration exceeding the limits of minimum and maximum available resources in the module library, them the tool throws an error message.

**Step-6**: Now, by entering the resources within the specified limit (range), user can generate the corresponding scheduled design. Post clicking on the Tab 'Generate Schedule Design' in input panel, the 'View Scheduled Design' button in Output panel turns blue. Subsequently, on clicking 'View Scheduled Design' button, the scheduling information can be obtained. Note: As user has provided 1 adder and 2 multipliers for scheduling, therefore, first 4 multiplication operations of input 4-point DCT application are scheduled in first two control steps (CS), i.e., 2 multiplication operations in each CS. Next, the remaining 3 addition operations are scheduled in 3 different CS (as only 1 adder is present for scheduling). As first addition is dependent of first two multiplications, therefore first addition operation is scheduled in second CS (only when first two multiplication operations are completed). Both the error message prompt and scheduled design prompt are shown below.





This tool has been developed under the supervision of Prof. Anirban Sengupta (PI and Supervisor) and Dr. Aditya Anshul, Post-Doc (TRF)

Step-7: Click on Tab 'Load DNA Sequence of IP Vendor → Post scheduling, the IP vendor's DNA sequence is provided as input to generate DNA fingerprint watermark signature by performing DNA fingerprint profiling process. Note: The input DNA sequence is used to perform DNA fingerprint profiling, which is composed of several key steps, such as DNA fragmentation using restriction enzymes (RE), DNA replication, and DNA fusion/ligase. At first, the DNA undergoes fragmentation through the use of restriction enzymes and is then replicated by mimicking the biological process and IP vendor's replication factors. The replicated fragments are fused to generate a final DNA signature sequence, which is then encoded to create a unique DNA signature representing the IP vendor. This signature is encrypted and used to generate watermarking constraints, which are embedded into the hardware during the register allocation phase of the high-level synthesis (HLS) process. By embedding the unique DNA-based watermark into the hardware design, the HarDMark CAD tool ensures the generation of highly robust and traceable IP design. The complete details corresponding to DNA fingerprint profiling process is available in the 'Supporting Publication' detail present in ReadMe file of the HarDMark tool. The input DNA sequence prompt is shown below.



This tool has been developed under the supervision of Prof. Anirban Sengupta (PI and Supervisor) and Dr. Aditya Anshul, Post-Doc (TRF)

**Step-8**: Post loading the DNA sequence, the restriction enzymes-1 and 2 are provided as input. By clicking on 'Load Enzyme-1 of IP Vendor' and 'Load Enzyme-2 of IP Vendor', both restriction enzymes (REs) are fed as input to the tool. The REs loading prompts are shown below:



This tool has been developed under the supervision of Prof. Anirban Sengupta (PI and Supervisor) and Dr. Aditya Anshul, Post-Doc (TRF)

**Step-9**: After loading the REs, now the user can view the fragmented DNA sequences corresponding to both input REs by clicking on 'View DNA Fragments using RE-1' and 'View DNA Fragments using RE-2' Tabs, respectively. Subsequently, the user can also view replicated DNA sequences and final DNA signature sequence by clicking on 'View DNA Fragment Replication' and 'View Final DNA Signature Sequence' Tabs. Note: The binarized DNA signature sequence is generated using fused replicated DNA sequence and encoding rule (specified in the prompt (popup) opened after clicking on 'View Final DNA Signature Sequence' Tab). The additional information is available in the 'Supporting Publication' detail present in ReadMe file of the HarDMark tool. All above mentioned prompts in this step are shown below:



This tool has been developed under the supervision of Prof. Anirban Sengupta (PI and Supervisor) and Dr. Aditya Anshul, Post-Doc (TRF)





This tool has been developed under the supervision of Prof. Anirban Sengupta (PI and Supervisor) and Dr. Aditya Anshul, Post-Doc (TRF)

**Step-10**: Now, the user (IP vendor/IP designer) has to provide AES key as the input by clicking on Tab 'Load AES Encryption Key of IP vendor' to generate the encrypted watermark signature. After loading the AES key, the 'View Generated Encrypted Signature' Tab in output panel turns blue. The user can see the final encrypted DNA signature by clicking on 'View Generated Encrypted Signature' Tab. Both prompts are shown below:



This tool has been developed under the supervision of Prof. Anirban Sengupta (PI and Supervisor) and Dr. Aditya Anshul, Post-Doc (TRF)

Step-11: Generation of hardware security/watermark constraints → Now, the security constraints are generated by selecting the security constraints encoding rules from the input panel. By clicking on Tab 'Select Encoding Rule & Generate Security Constraints', the user has to select the encoding rules for bits '0' and '1' of the generated DNA fingerprint signature. The generated constraints are embedded in the register allocation information of the obtained scheduled design. The generated security constraints can be seen by clicking on the Tab 'View Hardware Security Constraints' in output panel. Similarly, the initial (non-watermarked) Register Allocation Table (RAT) and watermarked RAT information can be generated by clicking on 'Pre-Watermark Register Allocation Table' and 'Post-Watermark Register Allocation Table' Tabs in output panel. Note: The difference in the allocation of storage variables across different registers pre and post-watermarking can be clearly visualized in both RATs (altered storage variables position marked in red boxes). Note: The additional information on constraints generation and embedding is available in the 'Supporting Publication' detail present in ReadMe file of the HarDMark tool. All above mentioned prompts in this step are shown below:



This tool has been developed under the supervision of Prof. Anirban Sengupta (PI and Supervisor) and Dr. Aditya Anshul, Post-Doc (TRF)





**Step-12**: Now, the Watermark design area, latency and cost corresponding to input application, i.e., 4-poiny DCT (for 15 nm open cell library) can be obtained by clicking on Tab 'Watermark Design Cost' in output panel. Note: The additional information on design cost estimation is available in the 'Supporting Publication' detail present in ReadMe file of the HarDMark tool. Finally, on successful completion all buttons/Tabs of output and status panels turn blue.





This tool has been developed under the supervision of Prof. Anirban Sengupta (PI and Supervisor) and Dr. Aditya Anshul, Post-Doc (TRF)

Finally, the obtained watermarked RAT (containing IP vendor's digital evidence, *i.e.*, DNA fingerprint watermark signature as detective countermeasure against IP piracy and false IP ownership claim) is synthesized into its corresponding register transfer level (RTL) datapath and controller design file. The sample secure (watermarked) RTL datapath corresponding to input 4-point DCT application is shown below. Further, on clicking Tab 'Reset' the tool again restarts.



Watermark/Security constraints embedded register transfer level (RTL) datapath of 4-point DCT