Huafeng CHEN,Haibin SHEN,Xiaolang YAN

2008-01-01

Abstract:The design-for-testability structure based on scan-chain often compromises the security of crypto chips.A method to attack certain hardware implementation of elliptic curve cryptography was presented.And an easy but effective secure scan method against the attack was proposed,which would not compromise the security of the chip,while maintaining high fault coverage.By controlling operational mode of the chip,the disability mechanism of scan enable signal was applied.The scan function was disabled when there existed security information in the chip.It solved the problem of secure information disclosure caused by scan chain design.

Fan Zhang,Yiran Zhang,Shengwen Shi,Shize Guo,Ziyuan Liang,Samiya Qureshi,Congyuan Xu

DOI: https://doi.org/10.1109/PADSW.2018.8644906

2018-01-01

Abstract:An optimized lightweight Hardware Trojan (HT)based fault attack is proposed, especially for those resource-constrained environments such as IoT networks. Firstly, Algebraic fault analysis (AFA)is introduced to evaluate different fault models and search for the optimal one. Next, considering the limited resource, a lightweight HT is carefully designed which only flips one bit of the circuit in IoT device. Finally, AFA is applied again to exploit the fault and recover the secret key. An illustrative attack is demonstrated on DES implemented on an FPGA platform, SASEBO-GII. This paper shows that, for single bit fault injection at different rounds or different indexes in the same round, the reduced key search space of DES varies. The proposed technique can search for the optimal fault model, guide the lightweight Hardware Trojan design and automatically recover the secret key. Only one fault is required to recover the secret key of DES, which improves the stealthiness of the designed Hardware Trojan in IoT networks. The entire attack framework can also be applied to other block ciphers such as AES and PRESENT.

Fan Zhang,Xinjie Zhao,Wei He,Shivam Bhasin,Shize Guo

DOI: https://doi.org/10.1007/s11432-016-0233-0

2017-01-01

Science China Information Sciences

Abstract:>Fault analysis is a very powerful technique to break cryptographic implementations.In particular,bitlevel fault analysis(BLFA),where faults are injected by flipping one or a few isolated bits,are among the most efficient of the lot.BLFA requires both precise fault injection capabilities and sophisticated key extraction skills.Algebraic fault analysis(AFA)[1]is a good analysis technique for BLFA.Compared with differential fault analysis(DFA),AFA relies on the automation from machine solvers.Since it fully utilizes the leakages

Samaneh Ghandali,Thorben Moos,Amir Moradi,Christof Paar

DOI: https://doi.org/10.48550/arXiv.1910.00737

2019-09-23

Abstract:Hardware Trojans have drawn the attention of academia, industry and government agencies. Effective detection mechanisms and countermeasures against such malicious designs can only be developed when there is a deep understanding of how hardware Trojans can be built in practice, in particular Trojans specifically designed to avoid detection. In this work, we present a mechanism to introduce an extremely stealthy hardware Trojan into cryptographic primitives equipped with provably-secure first-order side-channel countermeasures. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage, leading to successful key recovery attacks. Generally, such a Trojan requires neither addition nor removal of any logic which makes it extremely hard to detect. On ASICs, it can be inserted by subtle manipulations at the sub-transistor level and on FPGAs by changing the routing of particular signals, leading to \textbf{zero} logic overhead. The underlying concept is based on modifying a securely-masked hardware implementation in such a way that running the device at a particular clock frequency violates one of its essential properties, leading to exploitable leakage. We apply our technique to a Threshold Implementation of the PRESENT block cipher realized in two different CMOS technologies, and show that triggering the Trojan makes the ASIC prototypes vulnerable.

Cryptography and Security,Hardware Architecture

Jie Zhang,Guantong Su,Yannan Liu,Lingxiao Wei,Feng Yuan,Guoqiang Bai,Qiang Xu

DOI: https://doi.org/10.1109/iccad.2014.7001363

2014-01-01

Abstract:Trojan side channels (TSCs) are serious threats to the security of cryptographic systems because they facilitate to leak secret keys to attackers via covert side channels that are unknown to designers. To tackle this problem, we present a new hardware Trojan detection technique for TSCs. To be specific, we first investigate general power-based TSC designs and discuss the tradeoff between their hardware cost and the complexity of the key cracking process. Next, we present our TSC identification technique based on the correlation between the key and the covert physical side channels used by attackers. Experimental results demonstrate the effectiveness of the proposed solution.

Hao Chen,Tao Wang,Fan Zhang,Xinjie Zhao,Wei He,Lumin Xu,Yunfei Ma

DOI: https://doi.org/10.1155/2017/8051728

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:HIGHT is a lightweight block cipher which has been adopted as a standard block cipher. In this paper, we present a bit-level algebraic fault analysis (AFA) of HIGHT, where the faults are perturbed by a stealthy HT. The fault model in our attack assumes that the adversary is able to insert a HT that flips a specific bit of a certain intermediate word of the cipher once the HT is activated. The HT is realized by merely 4 registers and with an extremely low activation rate of about 0.000025. We show that the optimal location for inserting the designed HT can be efficiently determined by AFA in advance. Finally, a method is proposed to represent the cipher and the injected faults with a merged set of algebraic equations and the master key can be recovered by solving the merged equation system with an SAT solver. Our attack, which fully recovers the secret master key of the cipher in 12572.26 seconds, requires three times of activation on the designed HT. To the best of our knowledge, this is the first Trojan attack on HIGHT.

Xinjie Zhao,Fan Zhang,Shize Guo,Zheng Gong

DOI: https://doi.org/10.1007/s11432-017-9179-4

2018-01-01

Science China Information Sciences

Abstract:Dear editor, Fault analysis is a very powerful technique used to break cryptographic inplementations.In particular,bit-level fault attacks (BLFAs),where one or a few isolated bits are flipped to inject faults,are among the imost efficient of the lot.Because it requires both precise fault injection and sophisticated key extraction,a BLFA is very difficult to conduct in practice.However,if the underlying cryptographic hardware is maliciously modified,a BLFA can be easily achieved.This recent security threat is popularly known as a hardware Trojan horse (HTH) [1].An HTH is a byproduct of the very popular and economically necessary outsourcing trend in the semiconductor industry.A well-designed HTH can precisely inject any type of bit-level fault.The corresponding attack is called a hardware-Trojan-based bit-level fault attack (HTH-BLFA).

Chen Dong,Yi Xu,Ximeng Liu,Fan Zhang,Guorong He,Yuzhong Chen

DOI: https://doi.org/10.3390/s20185165

IF: 3.9

2020-01-01

Sensors

Abstract:Diverse and wide-range applications of integrated circuits (ICs) and the development of Cyber Physical System (CPS), more and more third-party manufacturers are involved in the manufacturing of ICs. Unfortunately, like software, hardware can also be subjected to malicious attacks. Untrusted outsourced manufacturing tools and intellectual property (IP) cores may bring enormous risks from highly integrated. Attributed to this manufacturing model, the malicious circuits (known as Hardware Trojans, HTs) can be implanted during the most designing and manufacturing stages of the ICs, causing a change of functionality, leakage of information, even a denial of services (DoS), and so on. In this paper, a survey of HTs is presented, which shows the threatens of chips, and the state-of-the-art preventing and detecting techniques. Starting from the introduction of HT structures, the recent researches in the academic community about HTs is compiled and comprehensive classification of HTs is proposed. The state-of-the-art HT protection techniques with their advantages and disadvantages are further analyzed. Finally, the development trends in hardware security are highlighted.

Di Wang,Liji Wu,Xiangmin Zhang,XingJun Wu

DOI: https://doi.org/10.1109/isdfs.2018.8355314

2018-01-01

Abstract:Hardware Trojan research has become an important research topic in recent time since the increased awareness of hardware security. In this work, we designed a novel counter-type Hardware Trojan based on One-hot code, which has better performance than classic solutions. By improvement in this work, the dynamic power consumption of counter Trojan has reached a decrease of 25%. At the same time, power consumption peak caused by flipping like 0111111→1000000 under binary encoding was avoided. The performance of designed Trojan has been fully tested in the software-hardware co-verification environment, which shows that Trojan implantation did not influence the proper work of background circuit, only did some tricks in the way we need; and the Trojan latent period is controllable by connecting Trojan circuit to different trigger nodes.

Yue Chen,Zhenhui Zhang,Liji Wu,Xiangmin Zhang,Yijun Yang

DOI: https://doi.org/10.1109/ICASID.2018.8693115

2018-01-01

Abstract:The cryptographic algorithm is an important part of the security system. Its purpose is to ensure that the attacker can not obtain the correct transmissive information if he has stolen the ciphertext but has not the secret key between the sender and the receiver. Therefore, the key is a part of the cryptographic algorithm, and the leakage of the key will lead to security failure. In this paper, a key leakage Trojan circuit was designed and the original circuit was SM4, a Chinese block cipher algorithm standard. The trigger part is composed of sequential and combinational circuits, so the hardware Trojan would be triggered only when the conditions are met for both two kinds of circuits. One of its components is a counter, with timing function if necessary. The scheme was verified on a DE2-115 Altera cyclone-IV FPGA board. And the total registers increasing caused by the hardware Trojan is as low as 0.26%.

Aderinola Gbade-Alabi,David Keezer,Vincent Mooney,Axel Y. Poschmann,Marc Stöttinger,Kshitij Divekar

DOI: https://doi.org/10.1145/2668322.2668325

2014-01-01

Abstract:Trust in the integrated circuit (IC) fabrication industry is an ongoing concern given the trend towards "fabless" design and associated use of third-parties for fabrication. A Hardware Trojan (HT) introduced during fabrication can corrupt an IC's outputs, leak secret information, and yet go undetected by traditional system testing techniques. In this paper we propose an architecture to detect HTs during IC test or at run-time. An HT that would corrupt an IC's output and otherwise proceed undetected will then be rendered useless by this architecture. This approach will therefore discourage the insertion of HTs in the first place. The proposed architecture takes encryption hardware as a paradigmatic case-study and uses digital "signatures" derived from the plaintext to identify if the ciphertext has been corrupted by HTs. We test this methodology through simulation on various types of HTs inserted into a lightweight cryptographic system called "PRESENT"[13]. Our results validate that activated HTs are detected by this methodology.

Di Wang,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1049/el.2018.1153

2018-01-01

Electronics Letters

Abstract:In the security system, there is a lot of sensitive information, and the leakage of the secret key will cause security failure. In this Letter, combining the fault injection analysis of SM4 (Chinese block cipher algorithm standard), a key leakage Trojan payload circuit that requires only 4 XOR gates was designed and verified. By estimation, the area and power consumption is <1% of that in popular solutions. The scheme was successfully verified using FPGA. This Letter makes contribution to the defence for key-leakage type Trojan.

Liakot Ali,Farshad

DOI: https://doi.org/10.1371/journal.pone.0254903

IF: 3.7

2021-07-29

PLoS ONE

Abstract:Due to Hardware Trojan (HT), trustworthiness of Integrated Circuit (IC) supply chain is a burning issue in Semiconductor Industry nowadays. Over the last decade, extensive research has been carried on HT detection methods for digital circuits. However, the HT issue remains largely unexplored in the domain of Analog Mixed Signal (AMS)/ RF circuit where it is now an appealing target for the attackers. The increasing popularity of Orthogonal Frequency Division Multiplexing (OFDM) based wireless cryptographic ICs in modern communication systems makes it a lucrative target for HT-based attacks which could have a devastating impact on data security. This paper presents a trigger-based Hardware Trojan Threat model that exploits the extended cyclic prefix (ECP) property of the OFDM communication scheme to leak the secret encryption key over low noise Additive White Gaussian Channel (AWGN) and developed a Cyclic Prefix (CP) checker based detection mechanism named "SENTRY" to detect such trojans once it is triggered.

Shenghua Yang,Lei Li,Jianhao Hu,Wanting Zhou,Xueying Li

DOI: https://doi.org/10.2991/mmsa-18.2018.107

2018-01-01

Abstract:The insidious of Hardware Trojans (HT) makes it hardly to active in the Integrated Circuit(IC). We designed a special structure, been named AND-AND or OR-OR, which is inserted in the critical points that HT is liable to insert by analyze the characteristics of the IC. Then the state turnover rate of these notes will be greatly improved, and the activate time of HT that driven by these notes will be reduced. The implementation results of UART benchmarks prove that this method can significantly increase the activity of Hardware Trojans and improve the detection efficiency. Compared with the previous method such as inserting Dummy flip-flop or MFTD structure, not only will our method reduce the number of input ports and the consumption of the area, but it will easier to control. Keywords—AND-AND; OR-OR; Trojan detection; transition probability; quickly activate

Yier Jin,Nathan Kupp,Yiorgos Makris

DOI: https://doi.org/10.1109/hst.2009.5224971

2009-01-01

Abstract:We report our experiences in designing and implementing several hardware Trojans within the framework of the Embedded System Challenge competition that was held as part of the Cyber Security Awareness Week (CSAW) at the Polytechnic Institute of New York University in October 2008. Due to the globalization of the Integrated Circuit (IC) manufacturing industry, hardware Trojans constitute an increasingly probable threat to both commercial and military applications. With traditional testing methods falling short in the quest of finding hardware Trojans, several specialized detection methods have surfaced. To facilitate research in this area, a better understanding of what Hardware Trojans would look like and what impact they would incur to an IC is required. To this end, we present eight distinct attack techniques employing Register Transfer Level (RTL) hardware Trojans to compromise the security of an Alpha encryption module implemented on a Digilent BASYS Spartan-3 FPGA board. Our work, which earned second place in the aforementioned competition, demonstrates that current RTL designs are, indeed, quite vulnerable to hardware Trojan attacks.

Yulin Zhao,Jiayou Song,Xingjun Wu,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/icasid.2018.8693139

2018-01-01

Abstract:Hardware Trojans (HT) have become a new threat to integrated circuits, which is difficult to be detected and couldn’t be removed. Most of the HTs are designed for extracting the secret key in cryptographic devices. We proposed a new implementation of Trojan side-channel (TSC) combining with side channel attacks (SCA) in this article. This TSC could change the random numbers input of the encryption algorithm with masking method and invalid the protective measures (masking scheme) of encryption algorithm. We insert the TSC into SM4 algorithm and test it on FPGA and the experimental results prove the feasibility of the proposed scheme.

Der-Chen Huang,Chun-Fang Hsiao,Tin-Wei Chang,Ying-Yi Chu

DOI: https://doi.org/10.1186/s13638-022-02165-9

2022-09-07

EURASIP Journal on Wireless Communications and Networking

Abstract:Recently, the issue of malicious circuit alteration and attack draws more attention than ever before due to the globalization of IC design and manufacturing. Malicious circuits, also known as hardware Trojans, are found able to degrade the circuit performance or even leak confidential information, and accordingly it is definitely an issue of immediate concern to develop detection techniques against hardware Trojans. This paper presents a ring oscillator-based detection technique to improve the hardware Trojan detection performance. A circuit under test is divided into a great number of blocks, path assignment is optimized using a path tracking algorithm, and a high coverage is reached accordingly.

telecommunications,engineering, electrical & electronic

Lei LI,Zijing SHANG,Jianhua FENG,Xing ZHANG,Huiyao AN

2013-01-01

Abstract:According to the hardware Trojans inserted during design and fabrication, the authors provide a new model of Trojan. New model is based on a finite state machine which is more difficult to trigger and detect than those based on combinational circuits. Also, the locations in target circuits to insert Trojans are considered to avoid being detected using path delay fingerprint method. S349 circuit from ISCAS'89 benchmark circuits is chosen as the target circuit. Functional simulations are performed and delay information is simulated. The results show that this type of hardware Trojan is difficult to activate and the insertion method is effective to hide delay information.

Xiaofei Zhang,Jianhua Feng,Zhoupeng Xue,Yinxuan Lv

DOI: https://doi.org/10.3969/j.issn.1001-0505.2017.S1.029

2017-01-01

Abstract:To reduce the dependency of hardware Trojan on low-controllability nodes,a method for improving the implanted node selection and the internal structure of hardware Trojan was designed. For Trojan implanted nodes, a node searching algorithm for finding low-probability combination from high-controllability nodes was proposed.For low-probability nodes inside Trojan,a Trojan de-sign model based on non-rare events and multi-nodes controlling attack path was presented.By the ISCAS-85 benchmark circuit,the triggering probabilities of Trojans based on low-probability nodes and the combination probability are compared,and a Trojan design with 6-inputs based on the pro-posed method was realized.The experimental results show that the hardware Trojans based on com-bination probability can achieve a comparable(or even lower)triggering probability with that based on low-probability nodes when the numbers of Trojan triggering ports increase.And Trojan internal nodes with a direct impact on Trojan triggering probability can be eliminated by the Trojan design based on non-rare events,protecting Trojan from being triggered by auto-test patterns.Thus,impro-ving the concealment of hardware Trojan.

Jiatong Tan,Jianhua Feng,Yinxuan Lyu

DOI: https://doi.org/10.1109/edssc.2019.8754248

2019-01-01

Abstract:The design methods and the detection methods for Hardware Trojan develop rapidly. Existing trustiness verification methods are effective to obviously malicious HT but no effect on Stealthy Trojan. Stealthy Trojan is an advanced attack form and hard to be detected. In this paper, we analyze the characteristic of stealthy Trojan and propose a static detection method based on feature analysis. The results on ISCAS benchmarks show that the proposed method can detect the Stealthy Trojan node and is convenient to be implanted into other scalable verification framework.