Abstract:Due to the escalating complexity of chip design and the exorbitant cost of building cutting-edge manufacturing facilities, outsourcing the fabrication of Integrated Circuits (ICs) is prevalent in modern semiconductor industry. However, significant security risks may arise because untrustworthy foundries can conduct insidious attacks without close supervision. Since prior works show the feasibility of implementing practical foundry-level Trojan attacks that circumvent post-fabrication detection, IC designers should protect their IC layouts before sending them to a third-party foundry, and such protections are known as design-time defenses. To this end, security metrics for layout vulnerability assessment are crucial to test the effectiveness of the proposed defenses. However, existing metrics are geometric-only and Trojan-oblivious, failing to capture the fundamental aspects of foundry-level Trojan insertion and the associated side effects.To bridge the gap between real attacks and threat prediction, we present SiliconCritic, a simulation-based, extensible framework that leverages design-time techniques to simulate the blackbox foundry-level Trojan attacks and post-fabrication analysis. SiliconCritic encodes the difficulty of inserting a specific Trojan into a finalized physical layout by measuring the variation of side-channel parameters (timing, power) after the simulated Trojan insertion, where larger deviations denote better detectability and thus enhanced security. SiliconCritic allows IC designers to interactively refine defensive strategies against the objective Trojan based on the feedback of side-channel analysis. Through evaluations on real-world ASIC designs and reported hardware Trojans, SiliconCritic demonstrates the limitations of existing layout-level defenses and highlights the influence of Trojan properties on defensive efficacy. Our work refreshes the understanding of Trojan prevention and suggests future directions for defenses against untrustworthy foundries.

Rethinking IC Layout Vulnerability: Simulation-Based Hardware Trojan Threat Assessment with High Fidelity

A Secure Scan Method for Crypto Chips

Security Closure of IC Layouts Against Hardware Trojans

An Extensible Framework for Quantifying the Coverage of Defenses Against Untrusted Foundries

Hardware Trojan Insertion in Finalized Layouts: From Methodology to a Silicon Demonstration

A Pragmatic Methodology for Blind Hardware Trojan Insertion in Finalized Layouts

Hardware Trojans in Chips: A Survey for Detection and Prevention

Design for Assurance: Employing Functional Verification Tools for Thwarting Hardware Trojan Threat in 3PIPs

The State-of-the-art in EDA tools: the Hardware Trojan Confrontation Framework

GDSII-Guard: ECO Anti-Trojan Optimization with Exploratory Timing-Security Trade-Offs

T-TER: Defeating A2 Trojans with Targeted Tamper-Evident Routing

A Modern Approach to IP Protection and Trojan Prevention: Split Manufacturing for 3D ICs and Obfuscation of Vertical Interconnects

TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits

SCARF: Securing Chips with a Robust Framework against Fabrication-time Hardware Trojans

TroLLoc: Logic Locking and Layout Hardening for IC Security Closure against Hardware Trojans

A case study in hardware Trojan design and implementation

An Automated Framework for Board-Level Trojan Benchmarking

Protect Your Chip Design Intellectual Property: An Overview

Side-Channel Hardware Trojan for Provably-Secure SCA-Protected Implementations

On the Difficulty of Inserting Trojans in Reversible Computing Architectures

A signature based architecture for Trojan detection