Tony F. Wu,Karthik Ganesan,Yunqing Alexander Hu,H.-S. Philip Wong,Simon Wong,Subhasish Mitra

DOI: https://doi.org/10.1109/TCAD.2015.2474373

2015-08-25

Abstract:There are increasing concerns about possible malicious modifications of integrated circuits (ICs) used in critical applications. Such attacks are often referred to as hardware Trojans. While many techniques focus on hardware Trojan detection during IC testing, it is still possible for attacks to go undetected. Using a combination of new design techniques and new memory technologies, we present a new approach that detects a wide variety of hardware Trojans during IC testing and also during system operation in the field. Our approach can also prevent a wide variety of attacks during synthesis, place-and-route, and fabrication of ICs. It can be applied to any digital system, and can be tuned for both traditional and split-manufacturing methods. We demonstrate its applicability for both ASICs and FPGAs. Using fabricated test chips with Trojan emulation capabilities and also using simulations, we demonstrate: 1. The area and power costs of our approach can range between 7.4-165% and 0.07-60%, respectively, depending on the design and the attacks targeted; 2. The speed impact can be minimal (close to 0%); 3. Our approach can detect 99.998% of Trojans (emulated using test chips) that do not require detailed knowledge of the design being attacked; 4. Our approach can prevent 99.98% of specific attacks (simulated) that utilize detailed knowledge of the design being attacked (e.g., through reverse-engineering). 5. Our approach never produces any false positives, i.e., it does not report attacks when the IC operates correctly.

Hardware Architecture,Cryptography and Security

Samaneh Ghandali,Thorben Moos,Amir Moradi,Christof Paar

DOI: https://doi.org/10.48550/arXiv.1910.00737

2019-09-23

Abstract:Hardware Trojans have drawn the attention of academia, industry and government agencies. Effective detection mechanisms and countermeasures against such malicious designs can only be developed when there is a deep understanding of how hardware Trojans can be built in practice, in particular Trojans specifically designed to avoid detection. In this work, we present a mechanism to introduce an extremely stealthy hardware Trojan into cryptographic primitives equipped with provably-secure first-order side-channel countermeasures. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage, leading to successful key recovery attacks. Generally, such a Trojan requires neither addition nor removal of any logic which makes it extremely hard to detect. On ASICs, it can be inserted by subtle manipulations at the sub-transistor level and on FPGAs by changing the routing of particular signals, leading to \textbf{zero} logic overhead. The underlying concept is based on modifying a securely-masked hardware implementation in such a way that running the device at a particular clock frequency violates one of its essential properties, leading to exploitable leakage. We apply our technique to a Threshold Implementation of the PRESENT block cipher realized in two different CMOS technologies, and show that triggering the Trojan makes the ASIC prototypes vulnerable.

Cryptography and Security,Hardware Architecture

Yumin Hou,Hu He,Kaveh Shamsi,Yier Jin,Dong Wu,Huaqing Wu

DOI: https://doi.org/10.1109/hst.2018.8383914

2018-01-01

Abstract:With the globalization of semiconductor industry, hardware security issues have been gaining increasing attention. Among all hardware security threats, the insertion of hardware Trojans is one of the main concerns. Meanwhile, many current Trojan detection solutions follow the assumption that the hardware Trojan itself should be composed of digital logic. This assumption is invalidated by recently proposed analog Trojans which are extremely small and can detect rare events. This paper proposes a runtime hardware Trojan detection method which is geared towards detecting such advanced Trojans. The principle of this method is to guard a set of concerned signals, and initiate a hardware interrupt request when abnormal toggling events occur in these guarded signals. To prove the effectiveness of this method, we design a processor based on ARMv7-A&R ISA, and insert an analog Trojan into the processor. We fabricated the design in the SMIC 130 nm process and demonstrate the effectiveness of the proposed methodology.

Md Omar Faruque,Peter Jamieson,Ahmad Patooghy,Abdel-Hameed A. Badawy

2024-12-11

Abstract:Existing Hardware Trojans (HT) detection methods face several critical limitations: logic testing struggles with scalability and coverage for large designs, side-channel analysis requires golden reference chips, and formal verification methods suffer from state-space explosion. The emergence of Large Language Models (LLMs) offers a promising new direction for HT detection by leveraging their natural language understanding and reasoning capabilities. For the first time, this paper explores the potential of general-purpose LLMs in detecting various HTs inserted in Register Transfer Level (RTL) designs, including SRAM, AES, and UART modules. We propose a novel tool for this goal that systematically assesses state-of-the-art LLMs (GPT-4o, Gemini 1.5 pro, and Llama 3.1) in detecting HTs without prior fine-tuning. To address potential training data bias, the tool implements perturbation techniques, i.e., variable name obfuscation, and design restructuring, that make the cases more sophisticated for the used LLMs. Our experimental evaluation demonstrates perfect detection rates by GPT-4o and Gemini 1.5 pro in baseline scenarios (100%/100% precision/recall), with both models achieving better trigger line coverage (TLC: 0.82-0.98) than payload line coverage (PLC: 0.32-0.46). Under code perturbation, while Gemini 1.5 pro maintains perfect detection performance (100%/100%), GPT-4o (100%/85.7%) and Llama 3.1 (66.7%/85.7%) show some degradation in detection rates, and all models experience decreased accuracy in localizing both triggers and payloads. This paper validates the potential of LLM approaches for hardware security applications, highlighting areas for future improvement.

Cryptography and Security,Artificial Intelligence

Chen Dong,Yi Xu,Ximeng Liu,Fan Zhang,Guorong He,Yuzhong Chen

DOI: https://doi.org/10.3390/s20185165

IF: 3.9

2020-01-01

Sensors

Abstract:Diverse and wide-range applications of integrated circuits (ICs) and the development of Cyber Physical System (CPS), more and more third-party manufacturers are involved in the manufacturing of ICs. Unfortunately, like software, hardware can also be subjected to malicious attacks. Untrusted outsourced manufacturing tools and intellectual property (IP) cores may bring enormous risks from highly integrated. Attributed to this manufacturing model, the malicious circuits (known as Hardware Trojans, HTs) can be implanted during the most designing and manufacturing stages of the ICs, causing a change of functionality, leakage of information, even a denial of services (DoS), and so on. In this paper, a survey of HTs is presented, which shows the threatens of chips, and the state-of-the-art preventing and detecting techniques. Starting from the introduction of HT structures, the recent researches in the academic community about HTs is compiled and comprehensive classification of HTs is proposed. The state-of-the-art HT protection techniques with their advantages and disadvantages are further analyzed. Finally, the development trends in hardware security are highlighted.

Sriram Sankaran,Vamshi Sunku Mohan,A Purushothaman.

DOI: https://doi.org/10.1109/ises52644.2021.00050

2021-12-01

Abstract:Hardware Trojans are modifications made by malicious insiders or third party providers during the design or fabrication phase of the IC (Integrated Circuits) design cycle in a covert manner. These cause catastrophic consequences ranging from manipulating the functionality of individual blocks to disabling the entire chip. Thus, a need for detecting trojans becomes necessary. In this work, we propose a deep learning based approach for detecting trojans in IC chips. In particular, we insert trojans at the circuit-level and generate data by measuring power during normal operation and under attack. Further, we develop deep learning models using Neural networks and Auto-encoders to analyze datasets for outlier detection by profiling the normal behavior and leveraging them to detect anomalies in power consumption. Our approach is generic and non-invasive in that it can be applied to any block without any modifications to the design. Evaluation of the proposed approach shows an accuracy ranging from 92.23% to 99.33% in detecting trojans.

Yumin Hou,Hu He,Kaveh Shamsi,Yier Jin,Dong Wu,Huaqiang Wu

DOI: https://doi.org/10.1109/tcad.2018.2864246

IF: 2.9

2019-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:With the globalization of semiconductor industry, hardware security issues have been gaining increasing attention. Among all hardware security threats, the insertion of hardware Trojans is one of the main concerns. Meanwhile, many current Trojan detection solutions follow the assumption that the hardware Trojan itself should be composed of digital logic. This assumption is invalidated by recently proposed analog Trojans which are extremely small and can detect rare events. This paper proposes a runtime hardware Trojan detection method which is geared toward detecting such advanced Trojans. The principle of this method is to guard a set of concerned signals, and initiate a hardware interrupt request when abnormal toggling events occur in these guarded signals. To prove the effectiveness of this method, we design a processor based on ARMv7-A&R ISA, and insert an analog Trojan into the processor. We fabricated the design in an SMIC 130-nm process and demonstrate the effectiveness of the proposed methodology.

Yier Jin,Nathan Kupp,Yiorgos Makris

DOI: https://doi.org/10.1109/hst.2009.5224971

2009-01-01

Abstract:We report our experiences in designing and implementing several hardware Trojans within the framework of the Embedded System Challenge competition that was held as part of the Cyber Security Awareness Week (CSAW) at the Polytechnic Institute of New York University in October 2008. Due to the globalization of the Integrated Circuit (IC) manufacturing industry, hardware Trojans constitute an increasingly probable threat to both commercial and military applications. With traditional testing methods falling short in the quest of finding hardware Trojans, several specialized detection methods have surfaced. To facilitate research in this area, a better understanding of what Hardware Trojans would look like and what impact they would incur to an IC is required. To this end, we present eight distinct attack techniques employing Register Transfer Level (RTL) hardware Trojans to compromise the security of an Alpha encryption module implemented on a Digilent BASYS Spartan-3 FPGA board. Our work, which earned second place in the aforementioned competition, demonstrates that current RTL designs are, indeed, quite vulnerable to hardware Trojan attacks.

Zhe Chen,Shize Guo,Jian Wang,Yubai Li,Zhonghai Lu

DOI: https://doi.org/10.1109/jiot.2019.2914079

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Nowadays, field programmable gate array (FPGA) has been widely used in Internet of Things (IoT) since it can provide flexible and scalable solutions to various IoT requirements. Meanwhile, hardware Trojan (HT), which may lead to undesired chip function or leak sensitive information, has become a great challenge for FPGA security. Therefore, distinguishing the Trojan-infected FPGAs is quite crucial for reinforcing the security of IoT. To achieve this goal, we propose a clock-tree-concerned technique to detect the HTs on FPGA. First, we present an experimental framework which helps us to collect the electromagnetic (EM) radiation emitted by FPGA clock tree. Then, we propose a Trojan identifying approach which extracts the mathematical feature of obtained EM traces, i.e., 2-D principal component analysis (2DPCA) in this paper, and automatically isolates the Trojan-infected FPGAs from the Trojan-free ones by using a BP neural network. Finally, we perform extensive experiments to evaluate the effectiveness of our method. The results reveal that our approach is valid in detecting HTs on FPGA. Specifically, for the trust-hub benchmarks, we can find out the FPGA with always on Trojans (100% detection rate) while identifying the triggered Trojans with high probability (by up to 92%). In addition, we give a thorough discussion on how the experimental setup, such as probe step size, scanning area, and chip ambient temperature, affects the Trojan detection rate.

Behnam Omidi,Khaled N. Khasawneh,Ihsen Alouani

2024-01-05

Abstract:The globalization of the Integrated Circuit (IC) supply chain, driven by time-to-market and cost considerations, has made ICs vulnerable to hardware Trojans (HTs). Against this threat, a promising approach is to use Machine Learning (ML)-based side-channel analysis, which has the advantage of being a non-intrusive method, along with efficiently detecting HTs under golden chip-free settings. In this paper, we question the trustworthiness of ML-based HT detection via side-channel analysis. We introduce a HT obfuscation (HTO) approach to allow HTs to bypass this detection method. Rather than theoretically misleading the model by simulated adversarial traces, a key aspect of our approach is the design and implementation of adversarial noise as part of the circuitry, alongside the HT. We detail HTO methodologies for ASICs and FPGAs, and evaluate our approach using TrustHub benchmark. Interestingly, we found that HTO can be implemented with only a single transistor for ASIC designs to generate adversarial power traces that can fool the defense with 100% efficiency. We also efficiently implemented our approach on a Spartan 6 Xilinx FPGA using 2 different variants: (i) DSP slices-based, and (ii) ring-oscillator-based design. Additionally, we assess the efficiency of countermeasures like spectral domain analysis, and we show that an adaptive attacker can still design evasive HTOs by constraining the design with a spectral noise budget. In addition, while adversarial training (AT) offers higher protection against evasive HTs, AT models suffer from a considerable utility loss, potentially rendering them unsuitable for such security application. We believe this research represents a significant step in understanding and exploiting ML vulnerabilities in a hardware security context, and we make all resources and designs openly available online:

Cryptography and Security,Hardware Architecture,Machine Learning

xuwei ye,jianhua feng,haoran gong,chunhua he,weilei feng

DOI: https://doi.org/10.1109/edssc.2015.7285146

2015-01-01

Abstract:Hardware Trojan, realized by malicious modification of design characteristics, has emerged as a major security concern. The recently proposed Trojan detection methods arc mainly classified into two categories: side-channel signal analysis and logic testing. Due to the stealthy nature of Trojan circuits, it's difficult to activate Trojans to perform logic testing. In this paper, an activation probability-based approach is proposed. A probability obfuscation scan chain (POSC) is presented aiming at increasing the difficulty of Trojan insertion and increasing the activation probability of the Trojan circuits. It proves to be very effective in detecting the presence of a Trojan in a circuit. Experimental results on ISCAS benchmark circuits show that this approach can effectively increase Trojan activation probability and make the detection of the Trojan more easily.

Amr Alanwar,Mona A. Aboelnaga,Yousra Alkabani,M. Watheq El-Kharashi,Hassan Bedour

DOI: https://doi.org/10.48550/arXiv.1711.01010

2017-11-03

Cryptography and Security

Abstract:Hardware Trojan detection and protection is becoming more crucial as more untrusted third parties manufacture many parts of critical systems nowadays. The most common way to detect hardware Trojans is comparing the untrusted design with a golden (trusted) one. However, third-party intellectual properties (IPs) are black boxes with no golden IPs to trust. So, previous attempts to detect hardware Trojans will not work with third-party IPs. In this work, we present novel methods for Trojan protection and detection on field programmable gate arrays (FPGAs) without the need for golden chips. Presented methods work at runtime instead of test time. We provide a wide spectrum of Trojan detection and protection methods. While the simplest methods have low overhead and provide limited protection mechanisms, more sophisticated and costly techniques are introduced that can detect hardware Trojans and even clean up the system from infected IPs. Moreover, we study the cost of using the FPGA partial reconfiguration feature to get rid of infected IPs. In addition, we discuss the possibility to construct IP core certificate authority that maintains a centralized database of unsafe vendors and IPs. We show the practicality of the introduced schemes by implementing the different methodologies on FPGAs. Results show that simple methods present negligible overheads and as we try to increase security the delay and power overheads increase.

Fan Zhang,Chen Dong,Wucheng Hu,Jinghui Chen,Guorong He

DOI: https://doi.org/10.1109/IAEAC47372.2019.8997863

2019-01-01

Abstract:EDA tools almost completely automate the current chip design. However, EDA tools are all provided by third-party companies, therefore the credibility of EDA tools and the trust issues brought by their process libraries have attracted people's attention. Given these problems, this paper proposes a self-training hardware Trojan confrontation framework based on machine learning embedded in EDA tools. The framework focuses on the gate-level netlist files generated during the integrated chip comprehensive optimization phase, thereby detects, locates and deletes hardware Trojans that may appear. The experimental results show that the framework can achieve more than 85% detection effect for unknown hardware Trojans. Moreover, for known hardware Trojans, this framework can achieve almost 100% detection. Accordingly, hardware Trojans can be located and deleted.

Imran Hafeez Abbassi,Faiq Khalid,Semeen Rehman,Awais Mehmood Kamboh,Axel Jantsch,Siddharth Garg,Muhammad Shafique

DOI: https://doi.org/10.48550/arXiv.1812.02770

2018-11-05

Abstract:Conventional Hardware Trojan (HT) detection techniques are based on the validation of integrated circuits to determine changes in their functionality, and on non-invasive side-channel analysis to identify the variations in their physical parameters. In particular, almost all the proposed side-channel power-based detection techniques presume that HTs are detectable because they only add gates to the original circuit with a noticeable increase in power consumption. This paper demonstrates how undetectable HTs can be realized with zero impact on the power and area footprint of the original circuit. Towards this, we propose a novel concept of TrojanZero and a systematic methodology for designing undetectable HTs in the circuits, which conceals their existence by gate-level modifications. The crux is to salvage the cost of the HT from the original circuit without being detected using standard testing techniques. Our methodology leverages the knowledge of transition probabilities of the circuit nodes to identify and safely remove expendable gates, and embeds malicious circuitry at the appropriate locations with zero power and area overheads when compared to the original circuit. We synthesize these designs and then embed in multiple ISCAS85 benchmarks using a 65nm technology library, and perform a comprehensive power and area characterization. Our experimental results demonstrate that the proposed TrojanZero designs are undetectable by the state-of-the-art power-based detection methods.

Cryptography and Security,Hardware Architecture

Taifeng Hu,Liji Wu,Xiangmin Zhang,Yanzhao Yin,Yijun Yang

DOI: https://doi.org/10.1109/icasid.2019.8924992

2019-01-01

Abstract:With the application of integrated circuits (ICs) appears in all aspects of life, whether an IC is security and reliable has caused increasing worry which is of significant necessity. An attacker can achieve the malicious purpose by adding or removing some modules, so called hardware Trojans (HTs). In this paper, we use side-channel analysis (SCA) and support vector machine (SVM) classifier to determine whether there is a Trojan in the circuit. We use SAKURA-G circuit board with Xilinx SPARTAN-6 to complete our experiment. Results show that the Trojan detection rate is up to 93% and the classification accuracy is up to 91.8475%.

Amin Sarihi,Ahmad Patooghy,Peter Jamieson,Abdel-Hameed A. Badawy

DOI: https://doi.org/10.1007/s11227-024-05963-8

IF: 3.3

2024-03-19

The Journal of Supercomputing

Abstract:Current hardware Trojan (HT) detection techniques are mostly developed based on a limited set of HT benchmarks. Existing HT benchmark circuits are generated with multiple shortcomings, i.e., (i) they are heavily biased by the designers' mindset when created, and (ii) they are created through a one-dimensional lens, mainly the signal activity of nets. We introduce the first automated reinforcement learning (RL) HT insertion and detection framework to address these shortcomings. In the HT insertion phase, an RL agent explores the circuits and finds locations best for keeping inserted HTs hidden. On the defense side, we introduce a multi-criteria RL-based HT detector that generates test vectors to discover the existence of HTs. Using the proposed framework, one can explore the HT insertion and detection design spaces to break the limitations of human mindset and benchmark issues, ultimately leading toward the next generation of innovative detectors. We demonstrate the efficacy of our framework on ISCAS-85 benchmarks, provide the attack and detection success rates, and define a methodology for comparing our techniques.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Maitreyi Ashok,Matthew J. Turner,Ronald L. Walsworth,Edlyn V. Levine,Anantha P. Chandrakasan

DOI: https://doi.org/10.1145/3531010

2022-04-30

Abstract:This paper presents a method for hardware trojan detection in integrated circuits. Unsupervised deep learning is used to classify wide field-of-view (4x4 mm$^2$), high spatial resolution magnetic field images taken using a Quantum Diamond Microscope (QDM). QDM magnetic imaging is enhanced using quantum control techniques and improved diamond material to increase magnetic field sensitivity by a factor of 4 and measurement speed by a factor of 16 over previous demonstrations. These upgrades facilitate the first demonstration of QDM magnetic field measurement for hardware trojan detection. Unsupervised convolutional neural networks and clustering are used to infer trojan presence from unlabeled data sets of 600x600 pixel magnetic field images without human bias. This analysis is shown to be more accurate than principal component analysis for distinguishing between field programmable gate arrays configured with trojan free and trojan inserted logic. This framework is tested on a set of scalable trojans that we developed and measured with the QDM. Scalable and TrustHub trojans are detectable down to a minimum trojan trigger size of 0.5% of the total logic. The trojan detection framework can be used for golden-chip free detection, since knowledge of the chips' identities is only used to evaluate detection accuracy

Computer Vision and Pattern Recognition,Image and Video Processing,Instrumentation and Detectors

Syed Kamran Haider,Chenglu Jin,Marten van Dijk

DOI: https://doi.org/10.48550/arXiv.1605.08413

2017-04-13

Abstract:Electronic Design Automation (EDA) industry heavily reuses third party IP cores. These IP cores are vulnerable to insertion of Hardware Trojans (HTs) at design time by third party IP core providers or by malicious insiders in the design team. State of the art research has shown that existing HT detection techniques, which claim to detect all publicly available HT benchmarks, can still be defeated by carefully designing new sophisticated HTs. The reason being that these techniques consider the HT landscape to be limited only to the publicly known HT benchmarks, or other similar (simple) HTs. However the adversary is not limited to these HTs and may devise new HT design principles to bypass these countermeasures. In this paper, we discover certain crucial properties of HTs which lead to the definition of an exponentially large class of Deterministic Hardware Trojans $H_D$ that an adversary can (but is not limited to) design. The discovered properties serve as HT design principles, based on which we design a new HT called 'XOR-LFSR' and present it as a 'proof-of-concept' example from the class $H_D$. These design principles help us understand the tremendous ways an adversary has to design a HT, and show that the existing publicly known HT benchmarks are just the tip of the iceberg on this huge landscape. This work, therefore, stresses that instead of guaranteeing a certain (low) false negative rate for a small constant set of publicly known HTs, a rigorous HT detection tool should take into account these newly discovered HT design principles and hence guarantee the detection of an exponentially large class (exponential in number of wires in IP core) of HTs with negligible false negative rate.

Cryptography and Security

Kaige Qu,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/CIS.2015.80

2015-01-01

Abstract:Hardware trojan detection is paid more and more attention in recent years due to the great potential threat imposed by hardware trojan to the whole integrated circuit industry. In this paper, ring oscillator network based hardware trojan detection method is tactfully implemented in FPGA and a novel corresponding detection algorithm is proposed. Incremental compilation technique is applied to design ring oscillator network and to insert trojans in FPGA. The method is verified effective for both sequential and combinational trojans. The trojans can be found with up to 20 to 200 times of detecting measurement based on their active status. Particularly, besides dynamic power consumption, extra static power consumed by trojan circuits are also used to differentiate trojan-free and trojan-inserted circuits.

Elena Dubrova,Mats Näslund,Gunnar Carlsson,John Fornehed,Ben Smeets

DOI: https://doi.org/10.1007/s11265-016-1127-4

2016-03-11

Journal of Signal Processing Systems

Abstract:The threat of hardware Trojans has been widely recognized by academia, industry, and government agencies. A Trojan can compromise security of a system in spite of cryptographic protection. The damage caused by a Trojan may not be limited to a business or reputation, but could have a severe impact on public safety, national economy, or national security. An extremely stealthy way of implementing hardware Trojans has been presented by Becker et al. at CHES’2012. Their work have shown that it is possible to inject a Trojan in a random number generator compliant with FIPS 140-2 and NIST SP800-90 standards by exploiting non-zero aliasing probability of Logic Built-In-Self-Test (LBIST). In this paper, we present two methods for modifying LBIST to prevent such an attack. The first method makes test patterns dependent on a configurable key which is programed into a chip after the manufacturing stage. The second method uses a remote test management system which can execute LBIST using a different set of test patterns at each test cycle.

English Else