This study addresses the dual challenges of data scarcity and intellectual property (IP) privacy in hardware assurance by introducing federated learning to this domain for the first time. The authors propose a collaborative deep learning framework that leverages scanning electron microscopy (SEM) images for distributed training, aiming to enhance image segmentation performance in reverse engineering. Experimental results demonstrate that federated learning significantly outperforms centralized single-party training in multi-client settings. However, the study also reveals a critical vulnerability: gradient inversion attacks can effectively reconstruct original SEM images from shared model updates, exposing severe privacy risks to proprietary IP. This work thus not only validates the potential of federated learning for hardware assurance but also uncovers its previously unrecognized susceptibility to IP leakage.

As microelectronics flourish and outsourcing of the design and manufacturing stages of integrated circuits (ICs) and printed circuit boards (PCBs) becomes the norm, microelectronics stakeholders must also confront a new wave of security challenges, including the threats posed by hardware Trojans, counterfeit electronics, and reverse engineering attacks. Traditional detection and prevention methods like testing and side-channel analysis have limitations in reliability and scalability. Automated reverse engineering by deep learning (DL) models is a foolproof approach to hardware assurance, but faces challenges due to limited data. By pooling data from different stakeholders (competitors in industry, governments, etc.), DL models can be more effectively trained but privacy of intellectual property (IP) is a significant concern. Federated Learning (FL) has been proposed as a potential alternative allowing for the collaborative training of a DL model without sharing raw data. While FL has been widely used in healthcare, IoT, and finance, its application in hardware assurance remains underexplored. This study investigates, for the first time, FL-based DL for hardware assurance, demonstrating that FL outperforms single-client centralized learning in segmentation tasks for reverse engineering. Our results show that increasing the number of clients improves FL performance by collaboratively training the model with more data. However, and more importantly, a major pitfall of FL is also exposed -- it remains vulnerable to gradient inversion attacks. We show that SEM images used in FL can be recovered by attackers, which would therefore expose the sensitive and proprietary IPs that FL was supposed to protect. We highlight these privacy risks and also suggest future research directions to improve security and effectiveness in hardware assurance.