COTD: Reference-Free Hardware Trojan Detection and Recovery Based on Controllability and Observability in Gate-Level Netlist

This paper presents a novel hardware Trojan detection technique in gate-level netlist based on the controllability and observability analyses. Using an unsupervised clustering analysis, the paper shows that the controllability and observability characteristics of Trojan gates present significant inter-cluster distance from those of genuine gates in a Trojan-inserted circuit, such that Trojan gates are easily distinguishable. The proposed technique does not require any golden model and can be easily integrated into the current integrated circuit design flow. Furthermore, it performs a static analysis and does not require any test pattern application for Trojan activation either partially or fully. In addition, the timing complexity of the proposed technique is an order of the number of signals in a circuit. Moreover, the proposed technique makes it possible to fully restore an inserted Trojan and to isolate its trigger and payload circuits. The technique has been applied on various types of Trojans, and all Trojans are successfully detected with 0 false positive and negative rates in less than 14 s in the worst case.

[1]  Vishwani D. Agrawal,et al.  A theory of testability with application to fault coverage analysis , 1989, [1989] Proceedings of the 1st European Test Conference.

[2]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[3]  Sally Adee,et al.  The Hunt For The Kill Switch , 2008, IEEE Spectrum.

[4]  Mark Mohammad Tehranipoor,et al.  Hardware Trojan Detection and Isolation Using Current Integration and Localized Current Analysis , 2008, 2008 IEEE International Symposium on Defect and Fault Tolerance of VLSI Systems.

[5]  Jie Li,et al.  At-speed delay characterization for IC authentication and Trojan Horse detection , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[6]  C. Pipper,et al.  [''R"--project for statistical computing]. , 2008, Ugeskrift for laeger.

[7]  Miodrag Potkonjak,et al.  Hardware Trojan horse detection using gate-level characterization , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[8]  Christos A. Papachristou,et al.  MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[9]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[10]  Milo M. K. Martin,et al.  Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically , 2010, 2010 IEEE Symposium on Security and Privacy.

[11]  Michael S. Hsiao,et al.  Trusted RTL: Trojan detection methodology in pre-silicon designs , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[12]  Mark Mohammad Tehranipoor,et al.  Case study: Detecting hardware Trojans in third-party digital IP cores , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[13]  Farinaz Koushanfar,et al.  A Unified Framework for Multimodal Submodular Integrated Circuits Trojan Detection , 2011, IEEE Transactions on Information Forensics and Security.

[14]  Cliff Wang,et al.  Introduction to Hardware Security and Trust , 2011 .

[15]  Mark Mohammad Tehranipoor,et al.  Layout-Aware Switching Activity Localization to Enhance Hardware Trojan Detection , 2012, IEEE Transactions on Information Forensics and Security.

[16]  Mark Mohammad Tehranipoor,et al.  A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[17]  Yiorgos Makris,et al.  Proof-Carrying Hardware Intellectual Property: A Pathway to Trusted Module Acquisition , 2012, IEEE Transactions on Information Forensics and Security.

[18]  Mark Mohammad Tehranipoor,et al.  Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level , 2013, 2013 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS).

[19]  Yiorgos Makris,et al.  A proof-carrying based framework for trusted microprocessor IP , 2013, 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[20]  Jeyavijayan Rajendran,et al.  High-level synthesis for security and trust , 2013, 2013 IEEE 19th International On-Line Testing Symposium (IOLTS).

[21]  Mark Mohammad Tehranipoor,et al.  On design vulnerability analysis and trust benchmarks development , 2013, 2013 IEEE 31st International Conference on Computer Design (ICCD).

[22]  Simha Sethumadhavan,et al.  FANCI: identification of stealthy malicious logic using boolean functional analysis , 2013, CCS.

[23]  Jie Zhang,et al.  VeriTrust: Verification for hardware trust , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[24]  Ramesh Karri,et al.  Run-time detection of hardware Trojans: The processor protection unit , 2013, 2013 18th IEEE European Test Symposium (ETS).

[25]  Yu Liu,et al.  Hardware Trojan detection through golden chip-free statistical side-channel fingerprinting , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[26]  Jie Zhang,et al.  DeTrust: Defeating Hardware Trust Verification with Stealthy Implicitly-Triggered Hardware Trojans , 2014, CCS.

[27]  Liang Shi,et al.  High-level synthesis for run-time hardware Trojan detection and recovery , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[28]  Shaojie Zhang,et al.  FIGHT-metric: Functional identification of gate-level hardware trustworthiness , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[29]  Kwang-Ting Cheng,et al.  Hardware Trojans hidden in RTL don't cares — Automated insertion and prevention methodologies , 2015, 2015 IEEE International Test Conference (ITC).

[30]  Yu Zheng,et al.  IIPS: Infrastructure IP for Secure SoC Design , 2015, IEEE Transactions on Computers.

[31]  Marten van Dijk,et al.  HaTCh : A Formal Framework of Hardware Trojan Design and Detection , 2015 .

[32]  Sharad Malik,et al.  Hardware Trojan detection for gate-level ICs using signal correlation based clustering , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[33]  Kwang-Ting Cheng,et al.  Hardware Trojan detection using exhaustive testing of k-bit subspaces , 2015, The 20th Asia and South Pacific Design Automation Conference.

[34]  Youhua Shi,et al.  A score-based classification method for identifying Hardware-Trojans at gate-level netlists , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[35]  Prabhat Mishra,et al.  Pre-silicon security verification and validation: A formal perspective , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[36]  Ramesh Karri,et al.  Building Trustworthy Systems Using Untrusted Components: A High-Level Synthesis Approach , 2016, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[37]  Swarup Bhunia,et al.  MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection , 2016, CCS.

[38]  Yu Zheng,et al.  SeMIA: Self-Similarity-Based IC Integrity Analysis , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[39]  Paris Kitsos,et al.  Efficient triggering of Trojan hardware logic , 2016, 2016 IEEE 19th International Symposium on Design and Diagnostics of Electronic Circuits & Systems (DDECS).

[40]  Anirban Sengupta,et al.  TL-HLS: Methodology for Low Cost Hardware Trojan Security Aware Scheduling With Optimal Loop Unrolling Factor During High Level Synthesis , 2017, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.