Black-Hat High-Level Synthesis: Myth or Reality?

Hardware Trojans are a major concern for integrated circuits. All parts of the electronics supply chain are vulnerable to this threat. Trojans can be inserted directly by a rogue employee or through a compromised computer-aided design tool at each step of the design cycle, including an alteration of the design files in the early stages and the fabrication process in a third-party malicious foundry. While Trojan insertion during the latter stages has been largely investigated, we focus on high-level synthesis (HLS) tools as a likely attack vector. HLS tools are used to generate intellectual property blocks from high-level specifications. To demonstrate the threat, we compromised an open-source HLS tool to inject three examples of HLS-aided hardware Trojans with functional and nonfunctional effects. Our results show that a black-hat HLS tool can be successfully used to maliciously alter electronic circuits to add latency, drain energy, or undermine the security of cryptographic hardware cores. This threat is an important security concern to address.

[1]  Keshab K. Parhi,et al.  Obfuscating DSP Circuits via High-Level Transformations , 2015, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[2]  Christof Paar,et al.  Stealthy dopant-level hardware Trojans: extended version , 2014, Journal of Cryptographic Engineering.

[3]  Prabhat Mishra,et al.  FSM Anomaly Detection Using Formal Analysis , 2017, 2017 IEEE International Conference on Computer Design (ICCD).

[4]  Jianwen Zhu,et al.  A unified formal model of ISA and FSMD , 1999, CODES '99.

[5]  Kwang-Ting Cheng,et al.  Hardware Trojans hidden in RTL don't cares — Automated insertion and prevention methodologies , 2015, 2015 IEEE International Test Conference (ITC).

[6]  Kurt Keutzer,et al.  Coverage Metrics for Functional Validation of Hardware Designs , 2001, IEEE Des. Test Comput..

[7]  Luca P. Carloni,et al.  System-Level Optimization of Accelerator Local Memory for Heterogeneous Systems-on-Chip , 2017, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[8]  Leon Stok,et al.  Data path synthesis , 1994, Integr..

[9]  Ken Thompson,et al.  Reflections on trusting trust , 1984, CACM.

[10]  Hiroyuki Tomiyama,et al.  Proposal and Quantitative Analysis of the CHStone Benchmark Program Suite for Practical C-based High-level Synthesis , 2009, J. Inf. Process..

[11]  Swarup Bhunia,et al.  The Hardware Trojan War Attacks, Myths, and Defenses , 2018 .

[12]  Ramesh Karri,et al.  Securing Hardware Accelerators: A New Challenge for High-Level Synthesis , 2018, IEEE Embedded Systems Letters.

[13]  Yu Ting Chen,et al.  A Survey and Evaluation of FPGA High-Level Synthesis Tools , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[14]  Tinoosh Mohsenin,et al.  Adaptive real-time Trojan detection framework through machine learning , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[15]  M. Balakrishnan,et al.  Sequential Equivalence Checking , 2006, VLSI Design.

[16]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[17]  Miodrag Potkonjak,et al.  Synthesis of trustable ICs using untrusted CAD tools , 2010, Design Automation Conference.

[18]  Sandip Ray,et al.  Challenges and Trends in Modern SoC Design Verification , 2017, IEEE Design & Test.

[19]  Priyank Kalla,et al.  Word-level traversal of finite state machines using algebraic geometry , 2016, 2016 IEEE International High Level Design Validation and Test Workshop (HLDVT).

[20]  Palash Sarkar,et al.  Attacking Reduced Round SHA-256 , 2008, IACR Cryptol. ePrint Arch..

[21]  Dennis Sylvester,et al.  A2: Analog Malicious Hardware , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[22]  Mark Mohammad Tehranipoor,et al.  AVFSM: A framework for identifying and mitigating vulnerabilities in FSMs , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[23]  Fabrizio Ferrandi,et al.  Enabling Automated Bug Detection for IP-Based Designs Using High-Level Synthesis , 2018, IEEE Design & Test.

[24]  Fabrizio Ferrandi,et al.  Trace-based automated logical debugging for high-level synthesis generated circuits , 2015, 2015 33rd IEEE International Conference on Computer Design (ICCD).

[25]  M. Tehranipoor,et al.  Hardware Trojans: Lessons Learned after One Decade of Research , 2016, TODE.

[26]  Fabrizio Ferrandi,et al.  Bambu: A modular framework for the high level synthesis of memory-intensive applications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[27]  Ilia Polian,et al.  Trojans in Early Design Steps—An Emerging Threat , 2016 .

[28]  Gu-Yeon Wei,et al.  MachSuite: Benchmarks for accelerator design and customized architectures , 2014, 2014 IEEE International Symposium on Workload Characterization (IISWC).

[29]  Jeyavijayan Rajendran,et al.  Belling the CAD: Toward Security-Centric Electronic System Design , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[30]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..