Golden-Free Hardware Trojan Detection with High Sensitivity Under Process Noise

Malicious modification of integrated circuits in untrusted design house or foundry has emerged as a major security threat. Such modifications, popularly referred to as Hardware Trojans, are difficult to detect during manufacturing test. Sequential hardware Trojans, usually triggered by a sequence of rare events, represent a common and deadly form of Trojans that can be extremely hard to detect using logic testing approaches. Side-channel analysis has emerged as an effective approach for detection of hardware Trojans. However, existing side-channel approaches suffer from increasing process variations, which largely reduce the detection sensitivity and sets a lower limit of the sizes of Trojans detectable. In this paper, we present TeSR, a Temporal Self-Referencing approach that compares the current signature of a chip at two different time windows to isolate the Trojan effect. Since it uses a chip as a reference to itself, the method completely eliminates the effect of process noise and other design marginalities (e.g. capacitive coupling), thus providing high detection sensitivity for Trojans of varying size. Furthermore, unlike most of the existing approaches, TeSR does not require a golden reference chip instance, which may impose a major limitation. Associated test generation, test application, and signature comparison approaches aimed at maximizing Trojan detection sensitivity are also presented. Simulation results for three complex sequential designs and three representative sequential Trojan circuits demonstrate the effectiveness of the approach under large inter- and intra-die process variations. The approach is also validated with current measurement results from several Xilinx Virtex-II FPGA chips.

[1]  Shaojie Zhang,et al.  Netlist reverse engineering for high-level functionality reconstruction , 2016, 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC).

[2]  Mark Mohammad Tehranipoor,et al.  RON: An on-chip ring oscillator network for hardware Trojan detection , 2011, 2011 Design, Automation & Test in Europe.

[3]  Ajay Joshi,et al.  Detecting Hardware Trojans using backside optical imaging of embedded watermarks , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[4]  Swarup Bhunia,et al.  TeSR: A robust Temporal Self-Referencing approach for Hardware Trojan detection , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[5]  Bah-Hwee Gwee,et al.  A highly efficient method for extracting FSMs from flattened gate-level netlist , 2010, Proceedings of 2010 IEEE International Symposium on Circuits and Systems.

[6]  Miron Abramovici,et al.  Integrated circuit security: new threats and solutions , 2009, CSIIRW '09.

[7]  Miodrag Potkonjak,et al.  Hardware Trojan horse detection using gate-level characterization , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[8]  Mark Mohammad Tehranipoor,et al.  An Experimental Analysis of Power and Delay Signal-to-Noise Requirements for Detecting Trojans and Methods for Achieving the Required Detection Sensitivities , 2011, IEEE Transactions on Information Forensics and Security.

[9]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[10]  Mark Mohammad Tehranipoor,et al.  A Clock Sweeping Technique for Detecting Hardware Trojans Impacting Circuits Delay , 2013, IEEE Design & Test.

[11]  Ankur Srivastava,et al.  Temperature tracking: An innovative run-time approach for hardware Trojan detection , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[12]  Swarup Bhunia,et al.  MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection , 2016, CCS.

[13]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[14]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[15]  Mark Mohammad Tehranipoor,et al.  AVFSM: A framework for identifying and mitigating vulnerabilities in FSMs , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[16]  Chandra Tirumurti,et al.  On modeling crosstalk faults , 2005, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[17]  Michael Hutter,et al.  EM-based detection of hardware trojans on FPGAs , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[18]  Yiorgos Makris,et al.  Hardware Trojan detection using path delay fingerprint , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[19]  Kaushik Roy,et al.  Multiple-parameter side-channel analysis: A non-invasive hardware Trojan detection approach , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[20]  Jarrod A. Roy,et al.  EPIC: Ending Piracy of Integrated Circuits , 2008, 2008 Design, Automation and Test in Europe.

[21]  Farinaz Koushanfar,et al.  A Unified Framework for Multimodal Submodular Integrated Circuits Trojan Detection , 2011, IEEE Transactions on Information Forensics and Security.

[22]  Mark Mohammad Tehranipoor,et al.  A Sensitivity Analysis of Power Signal Methods for Detecting Hardware Trojans Under Real Process and Environmental Conditions , 2010, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[23]  Farinaz Koushanfar,et al.  Consistency-based characterization for IC Trojan detection , 2009, 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers.

[24]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[25]  Michael S. Hsiao,et al.  Hardware Trojan Attacks: Threat Analysis and Countermeasures , 2014, Proceedings of the IEEE.

[26]  Yu Zheng,et al.  SeMIA: Self-Similarity-Based IC Integrity Analysis , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[27]  Swarup Bhunia,et al.  Self-referencing: A Scalable Side-Channel Approach for Hardware Trojan Detection , 2010, CHES.

[28]  Norimasa Yoshimizu Hardware trojan detection by symmetry breaking in path delays , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[29]  Yu Liu,et al.  Hardware Trojan detection through golden chip-free statistical side-channel fingerprinting , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[30]  Christof Paar,et al.  MOLES: Malicious off-chip leakage enabled by side-channels , 2009, 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers.

[31]  Jie Zhang,et al.  HTOutlier: Hardware Trojan detection with side-channel signature outlier identification , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[32]  James Tschanz,et al.  Parameter variations and impact on circuits and microarchitecture , 2003, Proceedings 2003. Design Automation Conference (IEEE Cat. No.03CH37451).

[33]  Swarup Bhunia,et al.  HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection , 2009, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[34]  Michael S. Hsiao,et al.  A Novel Sustained Vector Technique for the Detection of Hardware Trojans , 2009, 2009 22nd International Conference on VLSI Design.

[35]  Swarup Bhunia,et al.  Hardware Trojan: Threats and emerging solutions , 2009, 2009 IEEE International High Level Design Validation and Test Workshop.

[36]  Christos A. Papachristou,et al.  MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[37]  Jeyavijayan Rajendran,et al.  Design and analysis of ring oscillator based Design-for-Trust technique , 2011, 29th VLSI Test Symposium.

[38]  Yier Jin,et al.  Real-time trust evaluation in integrated circuits , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[39]  Mark Mohammad Tehranipoor,et al.  A layout-aware approach for improving localized switching to detect hardware Trojans in integrated circuits , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[40]  Miodrag Potkonjak,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS 1 Scalable Hardware Trojan Diagnosis , 2022 .

[41]  Ankur Srivastava,et al.  On application of one-class SVM to reverse engineering-based hardware Trojan detection , 2014, Fifteenth International Symposium on Quality Electronic Design.

[42]  Jonathan Rose,et al.  Measuring the Gap Between FPGAs and ASICs , 2007, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[43]  Dhruva Acharyya,et al.  Detecting Trojans Through Leakage Current Analysis Using Multiple Supply Pad ${I}_{\rm DDQ}$s , 2010, IEEE Transactions on Information Forensics and Security.

[44]  Zhen Wang,et al.  Power Balanced Gates Insensitive to Routing Capacitance Mismatch , 2008, 2008 Design, Automation and Test in Europe.

[45]  Bhagirath Narahari,et al.  Providing secure execution environments with a last line of defense against Trojan circuit attacks , 2009, Comput. Secur..

[46]  Farinaz Koushanfar,et al.  Novel Techniques for High-Sensitivity Hardware Trojan Detection Using Thermal and Power Maps , 2014, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[47]  Michael S. Hsiao,et al.  A region based approach for the identification of hardware Trojans , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[48]  M. Tehranipoor,et al.  Hardware Trojans: Lessons Learned after One Decade of Research , 2016, TODE.