Li-wei Wang,Hong-wei Luo,Ruo-he Yao

DOI: https://doi.org/10.3969/j.issn.1000-565X.2012.06.002

2012-01-01

Abstract:During the fabrication of integrated circuit (IC) chips in untrusted foundries, malicious circuits may be inserted as hardware Trojans, which results in a significant risk of trustworthiness and reliability degradation of the chips. As such Trojan circuits are difficult to detect using conventional strategies, a nondestructive side-channel analysis-based detection approach is proposed, which employs the algorithm of singular value decomposition to analyze and statistically process the transient power of IC chips. Validation results of the approach on FPGA chips show that, even in the presence of big noise and process variation, the proposed approach is effective in detecting the hardware Trojans that are 2 orders of magnitude smaller than the original circuit.

Taifeng Hu,Liji Wu,Xiangmin Zhang,Yanzhao Yin,Yijun Yang

DOI: https://doi.org/10.1109/icasid.2019.8924992

2019-01-01

Abstract:With the application of integrated circuits (ICs) appears in all aspects of life, whether an IC is security and reliable has caused increasing worry which is of significant necessity. An attacker can achieve the malicious purpose by adding or removing some modules, so called hardware Trojans (HTs). In this paper, we use side-channel analysis (SCA) and support vector machine (SVM) classifier to determine whether there is a Trojan in the circuit. We use SAKURA-G circuit board with Xilinx SPARTAN-6 to complete our experiment. Results show that the Trojan detection rate is up to 93% and the classification accuracy is up to 91.8475%.

Xue Mingfu,Hu Aiqun,Li Guyue

DOI: https://doi.org/10.1049/cp.2014.0728

2014-01-01

Abstract:Hardware Trojan has emerged as an impending security threat to many critical systems. However, detecting hardware Trojan is extremely difficult due to Trojans are always triggered by rare events. Side-channel signal analysis is effective in detecting Trojan but facing the challenge with process variation and environment noise in nanotechnology. Moreover, side-channel approaches that analyze global signals cannot scale well to large circuits. This paper presents a heuristic partition and test pattern generation based localized signal analysis method for hardware Trojan detection. First, we partition the design into regions controlled by scan chains. Then a test vector ordering algorithm is used to generate optimized vectors which can magnify the activity in the target region where Trojan may be located. At last, power ports are placed in each region to measure the localized transient current anomalies for Trojan detection, while a signal calibration technique is used to eliminate the negative effect of process variation and noise. We evaluate our approach on ISCAS89 benchmark circuits and the results show that the proposed scheme can magnify the detection sensitivity in multiples from the state-of-the-art. Two further benefits of this method are that it can scale well to large circuits and determine Trojan's location.

Peng Liu,Liji Wu,Zhenhui Zhang,Dehang Xiao,Xiangmin Zhang,Lili Wang

DOI: https://doi.org/10.1109/asid56930.2022.9995991

2022-01-01

Abstract:In recent years, with the globalization of semiconductor processing and manufacturing, integrated circuits have gradually become vulnerable to malicious attackers. In order to detect Hardware Trojans (HTs) hidden in integrated circuits, it has become one of the hottest issues in the field of hardware security. In this paper, we propose to apply Principal Component Analysis (PCA) and Support Vector Machine (SVM) to hardware Trojan detection, using PCA algorithm to extract features from small differences in side channel information, and then obtain the principal components. The SVM detection model is optimized by means of cross-validation and logarithmic interval. Finally, it is determined whether the original circuit contains a hardware Trojan. In the experiment, we use the SAKURA-G FPGA board, Agilent oscilloscope, and ISE simulation software to complete the experimental work. The test results of five different HTs show that the average True Positive Rate (TPR) of the proposed method for HTs can reach 99.48%, along with an average True Negative Rate (TNR) of 99.2%, and an average detection time of 9.66s.

Chen Dong,Yi Xu,Ximeng Liu,Fan Zhang,Guorong He,Yuzhong Chen

DOI: https://doi.org/10.3390/s20185165

IF: 3.9

2020-01-01

Sensors

Abstract:Diverse and wide-range applications of integrated circuits (ICs) and the development of Cyber Physical System (CPS), more and more third-party manufacturers are involved in the manufacturing of ICs. Unfortunately, like software, hardware can also be subjected to malicious attacks. Untrusted outsourced manufacturing tools and intellectual property (IP) cores may bring enormous risks from highly integrated. Attributed to this manufacturing model, the malicious circuits (known as Hardware Trojans, HTs) can be implanted during the most designing and manufacturing stages of the ICs, causing a change of functionality, leakage of information, even a denial of services (DoS), and so on. In this paper, a survey of HTs is presented, which shows the threatens of chips, and the state-of-the-art preventing and detecting techniques. Starting from the introduction of HT structures, the recent researches in the academic community about HTs is compiled and comprehensive classification of HTs is proposed. The state-of-the-art HT protection techniques with their advantages and disadvantages are further analyzed. Finally, the development trends in hardware security are highlighted.

Der-Chen Huang,Chun-Fang Hsiao,Tin-Wei Chang,Ying-Yi Chu

DOI: https://doi.org/10.1186/s13638-022-02165-9

2022-09-07

EURASIP Journal on Wireless Communications and Networking

Abstract:Recently, the issue of malicious circuit alteration and attack draws more attention than ever before due to the globalization of IC design and manufacturing. Malicious circuits, also known as hardware Trojans, are found able to degrade the circuit performance or even leak confidential information, and accordingly it is definitely an issue of immediate concern to develop detection techniques against hardware Trojans. This paper presents a ring oscillator-based detection technique to improve the hardware Trojan detection performance. A circuit under test is divided into a great number of blocks, path assignment is optimized using a path tracking algorithm, and a high coverage is reached accordingly.

telecommunications,engineering, electrical & electronic

Jie Zhang,Guantong Su,Yannan Liu,Lingxiao Wei,Feng Yuan,Guoqiang Bai,Qiang Xu

DOI: https://doi.org/10.1109/iccad.2014.7001363

2014-01-01

Abstract:Trojan side channels (TSCs) are serious threats to the security of cryptographic systems because they facilitate to leak secret keys to attackers via covert side channels that are unknown to designers. To tackle this problem, we present a new hardware Trojan detection technique for TSCs. To be specific, we first investigate general power-based TSC designs and discuss the tradeoff between their hardware cost and the complexity of the key cracking process. Next, we present our TSC identification technique based on the correlation between the key and the covert physical side channels used by attackers. Experimental results demonstrate the effectiveness of the proposed solution.

Sefatun-Noor Puspa,Abyad Enan,Reek Majumdar,M Sabbir Salek,Gurcan Comert,Mashrur Chowdhury

2024-11-20

Abstract:Cyber-physical systems rely on sensors, communication, and computing, all powered by integrated circuits (ICs). ICs are largely susceptible to various hardware attacks with malicious intents. One of the stealthiest threats is the insertion of a hardware trojan into the IC, causing the circuit to malfunction or leak sensitive information. Due to supply chain vulnerabilities, ICs face risks of trojan insertion during various design and fabrication stages. These trojans typically remain inactive until triggered. Once triggered, trojans can severely compromise system safety and security. This paper presents a non-invasive method for hardware trojan detection based on side-channel power analysis. We utilize the dynamic power measurements for twelve hardware trojans from IEEE DataPort. Our approach applies to signal processing techniques to extract crucial time-domain and frequency-domain features from the power traces, which are then used for trojan detection leveraging Artificial Intelligence (AI) models. Comparison with a baseline detection approach indicates that our approach achieves higher detection accuracy than the baseline models used on the same side-channel power dataset.

Cryptography and Security

Taifeng Hu,Liji Wu,Xiangmin Zhang,Zhaopo Liao

DOI: https://doi.org/10.1109/bigdatase50710.2020.00021

2020-01-01

Abstract:Hardware security has recently become a research hotspot due to the separating trend of integrated circuit design and manufacturing in the global industry chain. Among all security threats, the hardware trojan (HT) inserted into the integrated circuit is one of the most concerns. As a flexible and non-destructive approach, the side-channel analysis techniques are widely used for HT detection. However, noise sensitivity and golden chip dependence make side-channel based approaches face greatly challenge in practice. In this paper, we propose a novel HT detection approach based on Isolation Forest, which provides high precision detection capability, while reducing the dependence of the golden chip. First, we perform special preprocessing, named Main Difference Accumulation (MDA), on the side-channel information to magnify the impacts of HT. Then, we train the isolation forest model using the processed information. During the test phase, the obtained model can score the test data. Finally, we complete the detection of HT based on the score and threshold. Moreover, we use the K-means clustering algorithm to achieve the automatic selection of the threshold in the isolation forest. To verify the feasibility of the proposed approach, we select the power signal as the side-channel information and insert four different kinds of HTs into the AES-128 crypto core. Results obtained using a Xilinx Spartan-6 FPGA board show that the accuracy of HT detection can reach 100%, with a 1.13% relative area ratio of the original circuit.

Samaneh Ghandali,Thorben Moos,Amir Moradi,Christof Paar

DOI: https://doi.org/10.48550/arXiv.1910.00737

2019-09-23

Abstract:Hardware Trojans have drawn the attention of academia, industry and government agencies. Effective detection mechanisms and countermeasures against such malicious designs can only be developed when there is a deep understanding of how hardware Trojans can be built in practice, in particular Trojans specifically designed to avoid detection. In this work, we present a mechanism to introduce an extremely stealthy hardware Trojan into cryptographic primitives equipped with provably-secure first-order side-channel countermeasures. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage, leading to successful key recovery attacks. Generally, such a Trojan requires neither addition nor removal of any logic which makes it extremely hard to detect. On ASICs, it can be inserted by subtle manipulations at the sub-transistor level and on FPGAs by changing the routing of particular signals, leading to \textbf{zero} logic overhead. The underlying concept is based on modifying a securely-masked hardware implementation in such a way that running the device at a particular clock frequency violates one of its essential properties, leading to exploitable leakage. We apply our technique to a Threshold Implementation of the PRESENT block cipher realized in two different CMOS technologies, and show that triggering the Trojan makes the ASIC prototypes vulnerable.

Cryptography and Security,Hardware Architecture

Xinming Wei,Jiaxi Zhang,Guojie Luo

DOI: https://doi.org/10.1109/sp54263.2024.00160

2024-01-01

Abstract:Due to the escalating complexity of chip design and the exorbitant cost of building cutting-edge manufacturing facilities, outsourcing the fabrication of Integrated Circuits (ICs) is prevalent in modern semiconductor industry. However, significant security risks may arise because untrustworthy foundries can conduct insidious attacks without close supervision. Since prior works show the feasibility of implementing practical foundry-level Trojan attacks that circumvent post-fabrication detection, IC designers should protect their IC layouts before sending them to a third-party foundry, and such protections are known as design-time defenses. To this end, security metrics for layout vulnerability assessment are crucial to test the effectiveness of the proposed defenses. However, existing metrics are geometric-only and Trojan-oblivious, failing to capture the fundamental aspects of foundry-level Trojan insertion and the associated side effects.To bridge the gap between real attacks and threat prediction, we present SiliconCritic, a simulation-based, extensible framework that leverages design-time techniques to simulate the blackbox foundry-level Trojan attacks and post-fabrication analysis. SiliconCritic encodes the difficulty of inserting a specific Trojan into a finalized physical layout by measuring the variation of side-channel parameters (timing, power) after the simulated Trojan insertion, where larger deviations denote better detectability and thus enhanced security. SiliconCritic allows IC designers to interactively refine defensive strategies against the objective Trojan based on the feedback of side-channel analysis. Through evaluations on real-world ASIC designs and reported hardware Trojans, SiliconCritic demonstrates the limitations of existing layout-level defenses and highlights the influence of Trojan properties on defensive efficacy. Our work refreshes the understanding of Trojan prevention and suggests future directions for defenses against untrustworthy foundries.

Fan Zhang,Dongrong Zhang,Qiang Ren,Aixin Chen,Donglin Su

DOI: https://doi.org/10.23919/cje.2022.00.310

IF: 1.019

2024-01-01

Chinese Journal of Electronics

Abstract:Since many third parties involved in integrated circuit (IC) manufacturing, hardware Trojans malicious implantation have become a threat to the IC industry. Therefore, varieties of reliable hardware Trojan detection methods are needed. Since electromagnetic radiation is an inherent phenomenon of electronic devices, there are significant differences in the electromagnetic radiated characteristics for circuits with different structures and operating states. In this paper, a novel hardware Trojan detection method is proposed, which considers the electromagnetic radiation differences caused by hardware Trojan implantation. Experiments of detecting hardware Trojan in field programmable gate arrays show that the proposed method can effectively distinguish the ICs with Trojan from the ones without Trojan by the radiated emission.

Tong Xin,Li Ying,Chen Lan

DOI: https://doi.org/10.11999/jeit190532

2020-01-01

Abstract:Integrated Circuits (ICs) are suffering severer threats caused by Hardware Trojans (HTs), some of which hide in routine operations by coercing firmware or hardware. Along with conventional side-channel detection not always getting golden-chip, HTs become more difficult to detect. An improved Support Vector Machine (SVM) machine learning frameworks for this is proposed using system-level side-channel analysis. Cross validation experimental results on Field Programmable Gate Array (FPGA) show that in the condition of golden-chip, supervised SVM achieves 85.8% test accuracy in average. After grouping, outlier-removing and normalization, it rises by 4%. Even if golden-chip is out of hand, semi-supervised SVM has accuracy to judge HTs existence, averaging in 52.9%-79.5% under different test modes. Comparing with existing researches, this work verifies the efficiency of SVM for HT detection in instruction level, and points out the relationship between diversified learning conditions with detection performance.

Shuo Yang,Tamzidul Hoque,Prabuddha Chakraborty,Swarup Bhunia

DOI: https://doi.org/10.1109/tvlsi.2022.3140250

2022-03-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:The globalization of the semiconductor supply chain has developed a new set of challenges for security researchers. Among them, malicious alterations of hardware designs at an untrusted facility, or Trojan insertion, are considered one of the most difficult challenges. While side-channel analysis-based hardware Trojan detection techniques have shown great potential, most solutions, proposed over the past decade, require the availability of golden (i.e., Trojan-free) chips and are susceptible to process variations. Few techniques that do not require a golden chip depend on simulation-based modeling of the side-channel signature, which may not be reliable for differentiating between process and Trojan induced variations. Furthermore, most of these techniques are evaluated either using very few Trojan inserted chips or simulation-based test setup. Spatial and temporal self-referencing-based detection mechanisms proposed earlier effectively eliminate the need for a golden chip and the impact of process variations. However, these techniques have not been adequately studied to achieve high detection sensitivity. In this article, we propose a golden-free multidimensional self-referencing technique that analyzes the side-channel signatures in both the time and frequency domains to significantly broaden the Trojan coverage and strengthen the detection confidence. We introduce a fully automated detection framework containing systematic methodologies for test generation, signature extraction, signal processing, threshold calculation, and metric-based decision-making that effectively enables the synergistic self-referencing approach. Finally, we evaluate the proposed technique through a comprehensive hardware measurement setup consisting of 96 Trojan-inserted test chips. Along with achieving a high detection coverage, we demonstrate that the analysis of spatial and temporal discrepancies in both frequency and time domains helps to reliably detect small hard-to-detect Trojans under process and measurement induced variations.

Huafeng CHEN,Youtian QU,Yanbing JIANG

DOI: https://doi.org/10.3785/j.issn.1008-9497.2014.01.011

2014-01-01

Abstract:Hardware trojan horse circuit(HTH) is becoming a potential threat with the globalization of integrated circuit industry and associated supply chains. For its characteristic of concealment, diversity and variety of plant level, it's difficult to find an effective and efficient detection method. In presented HTH detection method the side channel information, such as power rail, timing delay, etc. is measured, with the assumption of obtainable golden circuit. The development tendency in HTH detect field is presented through comparison of different detect method, which includes detect technique development in high-level design, effective comparison platform among different methods and more accurate technique tolerating process variations and measurement noise.

Samir R Katte,Keith E Fernandez

2023-07-05

Abstract:A major security threat to an integrated circuit (IC) design is the Hardware Trojan attack which is a malicious modification of the design. Previously several papers have investigated into side-channel analysis to detect the presence of Hardware Trojans. The side channel analysis were prescribed in these papers as an alternative to the conventional logic testing for detecting malicious modification in the design. It has been found that these conventional logic testing are ineffective when it comes to detecting small Trojans due to decrease in the sensitivity due to process variations encountered in the manufacturing techniques. The main paper under consideration in this survey report focuses on proposing a new technique to detect Trojans by using multiple-parameter side-channel analysis. The novel idea will be explained thoroughly in this survey report. We also look into several other papers, which talk about single parameter analysis and how they are implemented. We analyzed the short comings of those single parameter analysis techniques and we then show how this multi-parameter analysis technique is better. Finally we will talk about the combined side-channel analysis and logic testing approach in which there is higher detection coverage for hardware Trojan circuits of different types and sizes.

Cryptography and Security,Hardware Architecture

Chenxu Wang,Jinghu Li,Mingyan Yu,Jinxiang Wang

DOI: https://doi.org/10.1587/elex.10.20130602

2013-01-01

IEICE Electronics Express

Abstract:Side-channel analysis is an important strategy for Hardware Trojan (HT) detection. Karhunen-Love (K-L) expansion can be used to improve side-channel signals analysis quality, As an auxiliary post-processing method of K-L expansion, One Class Support Vector Machine (OCSVM) is introduced to achieve ICs intelligent classification. With the OCSVM and the power traces of Genuine ICs (Genuines), a hyper sphere can be built to distinguish the Trojan ICs (Trojans) from Genuines. The effectiveness of the proposed approach is experimentally demonstrated using power simulations performed on a representative circuit with several different Trojan circuits.

Hanqiu Wang,Max Panoff,Zihao Zhan,Shuo Wang,Christophe Bobda,Domenic Forte

2024-01-23

Abstract:Side-channel analysis has been proven effective at detecting hardware Trojans in integrated circuits (ICs). However, most detection techniques rely on large external probes and antennas for data collection and require a long measurement time to detect Trojans. Such limitations make these techniques impractical for run-time deployment and ineffective in detecting small Trojans with subtle side-channel signatures. To overcome these challenges, we propose a Programmable Sensor Array (PSA) for run-time hardware Trojan detection, localization, and identification. PSA is a tampering-resilient integrated on-chip magnetic field sensor array that can be re-programmed to change the sensors' shape, size, and location. Using PSA, EM side-channel measurement results collected from sensors at different locations on an IC can be analyzed to localize and identify the Trojan. The PSA has better performance than conventional external magnetic probes and state-of-the-art on-chip single-coil magnetic field sensors. We fabricated an AES-128 test chip with four AES Hardware Trojans. They were successfully detected, located, and identified with the proposed on-chip PSA within 10 milliseconds using our proposed cross-domain analysis.

Cryptography and Security,Signal Processing

Tony F. Wu,Karthik Ganesan,Yunqing Alexander Hu,H.-S. Philip Wong,Simon Wong,Subhasish Mitra

DOI: https://doi.org/10.1109/TCAD.2015.2474373

2015-08-25

Abstract:There are increasing concerns about possible malicious modifications of integrated circuits (ICs) used in critical applications. Such attacks are often referred to as hardware Trojans. While many techniques focus on hardware Trojan detection during IC testing, it is still possible for attacks to go undetected. Using a combination of new design techniques and new memory technologies, we present a new approach that detects a wide variety of hardware Trojans during IC testing and also during system operation in the field. Our approach can also prevent a wide variety of attacks during synthesis, place-and-route, and fabrication of ICs. It can be applied to any digital system, and can be tuned for both traditional and split-manufacturing methods. We demonstrate its applicability for both ASICs and FPGAs. Using fabricated test chips with Trojan emulation capabilities and also using simulations, we demonstrate: 1. The area and power costs of our approach can range between 7.4-165% and 0.07-60%, respectively, depending on the design and the attacks targeted; 2. The speed impact can be minimal (close to 0%); 3. Our approach can detect 99.998% of Trojans (emulated using test chips) that do not require detailed knowledge of the design being attacked; 4. Our approach can prevent 99.98% of specific attacks (simulated) that utilize detailed knowledge of the design being attacked (e.g., through reverse-engineering). 5. Our approach never produces any false positives, i.e., it does not report attacks when the IC operates correctly.

Hardware Architecture,Cryptography and Security

Wang Chenxu,Jiang Peihe,Yu Mingyan

DOI: https://doi.org/10.3969/j.issn.1003-353x.2012.05.003

2012-01-01

Abstract:The integrated circuit(IC)plays an important role in many fields,but the Hardware Trojan Horse(HTH)can be maliciously implanted into ICs by attackers because of separated IC design and fabrication mode.The existence of HTH threatens the information security.HTH detection begins to attract widely attention and comes into a new research field.Firstly,the concept of HTH,its hazards and its classification were described.Then some important researches on HTH detection approach were summarized.The researchers focus on side channel analysis detection,in which the power finger analysis techniques are the promising method to detect HTH.Finally,the proactive defense mechanisms of HTH were also summed up briefly.