ForASec: Formal Analysis of Security Vulnerabilities in Sequential Circuits

Security vulnerability analysis of Integrated Circuits using conventional design-time validation and verification techniques (like simulations, emulations, etc.) is generally a computationally intensive task and incomplete by nature, especially under limited resources and time constraints. To overcome this limitation, we propose a novel methodology based on model checking to formally analyze security vulnerabilities in sequential circuits while considering side-channel parameters like propagation delay, switching power, and leakage power. In particular, we present a novel algorithm to efficiently partition the state-space into corresponding smaller state-spaces to enable distributed security analysis of complex sequential circuits and thereby mitigating the associated state-space explosion due to their feedback loops. We analyze multiple ISCAS89 and trust-hub benchmarks to demonstrate the efficacy of our framework in identifying security vulnerabilities. The experimental results show that ForASec successfully performs the complete analysis of the given complex and large sequential circuits, and provides approximately 11x to 16x speedup in analysis time compared to state-of-the-art model checking-based techniques. Moreover, it also identifies the number of gates required by an HT that can go undetected for a given design and variability conditions.

[1]  Corina S. Pasareanu,et al.  Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[2]  Yuanlin Zhang,et al.  Accelerating Boolean Satisfiability (SAT) solving by common subclause elimination , 2018, Artificial Intelligence Review.

[3]  Swarup Bhunia,et al.  Security and Trust Vulnerabilities in Third-Party IPs , 2017 .

[4]  Osman Hasan,et al.  Power profiling of microcontroller's instruction set for runtime hardware Trojans detection without golden circuit models , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[5]  Mark Mohammad Tehranipoor,et al.  Benchmarking of Hardware Trojans and Maliciously Affected Circuits , 2017, Journal of Hardware and Systems Security.

[6]  Osman Hasan,et al.  Formal analysis of macro synchronous micro asychronous pipeline for hardware Trojan detection , 2015, 2015 Nordic Circuits and Systems Conference (NORCAS): NORCHIP & International Symposium on System-on-Chip (SoC).

[7]  Osman Hasan,et al.  Formal Verification of Gate-Level Multiple Side Channel Parameters to Detect Hardware Trojans , 2016, FTSCS.

[8]  Zenon W. Pylyshyn,et al.  Cognitive psychology , 1978, Behavioral and Brain Sciences.

[9]  Charles A. Kamhoua,et al.  A Novel Framework to Introduce Hardware Trojan Monitors using Model Checking Based Counterexamples: Inspired by Game Theory , 2018, 2018 IEEE 61st International Midwest Symposium on Circuits and Systems (MWSCAS).

[10]  Shivam Bhasin,et al.  A survey on hardware trojan detection techniques , 2015, 2015 IEEE International Symposium on Circuits and Systems (ISCAS).

[11]  Qiang Liu,et al.  A survey of hardware Trojan threat and defense , 2016, Integr..

[12]  Sally Adee,et al.  The Hunt For The Kill Switch , 2008, IEEE Spectrum.

[13]  Mark Mohammad Tehranipoor,et al.  Case study: Detecting hardware Trojans in third-party digital IP cores , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[14]  Bernd Becker,et al.  Formal Vulnerability Analysis of Security Components , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[15]  Benjamin Carrion Schafer,et al.  Hardware Trojan Detection in Behavioral Intellectual Properties (IP's) Using Property Checking Techniques , 2017, IEEE Transactions on Emerging Topics in Computing.

[16]  Stephen A. Edwards,et al.  Design of embedded systems: formal models, validation, and synthesis , 1997, Proc. IEEE.

[17]  Prabhat Mishra,et al.  Scalable SoC trust verification using integrated theorem proving and model checking , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[18]  Muhammad Shafique,et al.  McSeVIC: A Model Checking Based Framework for Security Vulnerability Analysis of Integrated Circuits , 2018, IEEE Access.

[19]  Peng Gao,et al.  Formal Verification and Simulation for Performance Analysis for Probabilistic Broadcast Protocols , 2006, ADHOC-NOW.

[20]  Wei Hu,et al.  Property Based Formal Security Verification for Hardware Trojan Detection , 2018, 2018 IEEE 3rd International Verification and Security Workshop (IVSW).

[21]  Van-Phuc Hoang,et al.  Hardware Trojan Detection Techniques Using Side-Channel Analysis , 2019, 2019 6th NAFOSTED Conference on Information and Computer Science (NICS).

[22]  Mehdi Khosrow-Pour,et al.  Printed at: , 2011 .

[23]  Jimson Mathew,et al.  A Flexible Online Checking Technique to Enhance Hardware Trojan Horse Detectability by Reliability Analysis , 2017, IEEE Transactions on Emerging Topics in Computing.

[24]  Marcel Pelgrom Nyquist Analog-to-Digital Conversion , 2017 .

[25]  Charles A. Kamhoua,et al.  Translating circuit behavior manifestations of hardware Trojans using model checkers into run-time Trojan detection monitors , 2016, 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST).

[26]  Christophe Bobda,et al.  Synthesis of Hardware Sandboxes for Trojan Mitigation in Systems on Chip , 2019, 2019 IEEE High Performance Extreme Computing Conference (HPEC).

[27]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[28]  Morteza Saheb Zamani,et al.  Latch-Based Structure: A High Resolution and Self-Reference Technique for Hardware Trojan Detection , 2017, IEEE Transactions on Computers.

[29]  Faiq Khalid,et al.  A self-learning framework to detect the intruded integrated circuits , 2016, 2016 IEEE International Symposium on Circuits and Systems (ISCAS).

[30]  Prabhat Mishra,et al.  Hardware Trojan Detection Using ATPG and Model Checking , 2018, 2018 31st International Conference on VLSI Design and 2018 17th International Conference on Embedded Systems (VLSID).

[31]  Osman Hasan,et al.  Formal Timing Analysis of Digital Circuits , 2018, FTSCS.

[32]  Stefan Frehse,et al.  Effective Robustness Analysis Using Bounded Model Checking Techniques , 2011, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[33]  Rolf Drechsler,et al.  Advanced Formal Verification , 2004 .

[34]  Florian Schupfer,et al.  Hardware Trojan detection by specifying malicious circuit properties , 2013, 2013 IEEE 4th International Conference on Electronics Information and Emergency Communication.

[35]  Mark Mohammad Tehranipoor,et al.  Security vulnerability analysis of design-for-test exploits for asset protection in SoCs , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[36]  Toni Mancini,et al.  System Level Formal Verification via Model Checking Driven Simulation , 2013, CAV.

[37]  Mark Mohammad Tehranipoor,et al.  On design vulnerability analysis and trust benchmarks development , 2013, 2013 IEEE 31st International Conference on Computer Design (ICCD).

[38]  Michael S. Hsiao,et al.  Hardware Trojan Attacks: Threat Analysis and Countermeasures , 2014, Proceedings of the IEEE.

[39]  James F. Plusquellic,et al.  On detecting delay anomalies introduced by hardware Trojans , 2016, 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[40]  Swarup Bhunia,et al.  Golden-Free Hardware Trojan Detection with High Sensitivity Under Process Noise , 2017, J. Electron. Test..

[41]  Liang Fang,et al.  Activity Factor Based Hardware Trojan Detection and Localization , 2019, J. Electron. Test..

[42]  Sylvain Guilley,et al.  Hardware property checker for run-time Hardware Trojan detection , 2015, 2015 European Conference on Circuit Theory and Design (ECCTD).

[43]  Sofiène Tahar,et al.  Formal Verification Methods , 2015 .

[44]  Mark Mohammad Tehranipoor,et al.  AVFSM: A framework for identifying and mitigating vulnerabilities in FSMs , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[45]  Marco Roveri,et al.  Verilog2SMV: A tool for word-level verification , 2016, 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[46]  Shiyan Hu,et al.  Guest editorial - Special issue on hardware assisted techniques for IoT and bigdata applications , 2017, Integr..

[47]  Saiyu Ren,et al.  Self-Reference-Based Hardware Trojan Detection , 2018, IEEE Transactions on Semiconductor Manufacturing.

[48]  Mark Mohammad Tehranipoor,et al.  Sensitivity analysis to hardware Trojans using power supply transient signals , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[49]  Orna Kupferman,et al.  Coverage metrics for formal verification , 2003, International Journal on Software Tools for Technology Transfer.

[50]  Saiyu Ren,et al.  Power analysis-based Hardware Trojan detection , 2017, 2017 IEEE National Aerospace and Electronics Conference (NAECON).

[51]  Fayez Gebali,et al.  Hardware Trojan Detection Using Reconfigurable Assertion Checkers , 2019, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[52]  Kurt Keutzer,et al.  Estimation of average switching activity in combinational and sequential circuits , 1992, [1992] Proceedings 29th ACM/IEEE Design Automation Conference.

[53]  Faiq Khalid,et al.  Using gate-level side channel parameters for formally analyzing vulnerabilities in integrated circuits , 2019, Sci. Comput. Program..