Modeling and test generation for combinational hardware Trojans

Due to globalization of semiconductor manufacturing, appearance of malicious circuitry known as hardware Trojan is now a recognized security threat. A Trojan may be added to the verified netlist without the knowledge of the designer or user causing unexpected malfunction or data theft when the device is in use. In this research we devise tests that would detect a Trojan in a manufactured chip. We recognize that a Trojan must escape manufacturing tests provided with the netlist by the designer. Based on the two parts of a Trojan, namely, a trigger derived as a Boolean function of any set of signals and a payload (typically, an XOR gate) inserted on a signal line, we develop a test generation model. A single-line trigger combined with a single payload line gives a set of 2K × (K − 1) Trojans in this model for a circuit with K signal lines. Tests for these are shown to be vectors that detect “conditional stuck-at” faults, for which we give a test generation algorithm using standard ATPG tools. The model allows us to define and measure a Trojan coverage metric for tests. Results show scalability of these tests, besides being more effective in detecting real Trojans than N-detect stuck-at test vectors or random vectors.

[1]  Jeyavijayan Rajendran,et al.  The cat and mouse in split manufacturing , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[2]  Mark Mohammad Tehranipoor,et al.  Sensitivity analysis to hardware Trojans using power supply transient signals , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[3]  Vishwani D. Agrawal,et al.  Test generation by fault sampling , 1988, Proceedings 1988 IEEE International Conference on Computer Design: VLSI.

[4]  Miodrag Potkonjak,et al.  Malicious Circuitry Detection Using Thermal Conditioning , 2011, IEEE Transactions on Information Forensics and Security.

[5]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Trojan Detection and Design-for-Trust Challenges , 2011, Computer.

[6]  Sally Adee,et al.  The Hunt For The Kill Switch , 2008, IEEE Spectrum.

[7]  Ujjwal Guin,et al.  Counterfeit Integrated Circuits: Detection and Avoidance , 2015 .

[8]  Swarup Bhunia,et al.  Security against hardware Trojan through a novel application of design obfuscation , 2009, 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers.

[9]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[10]  Christos A. Papachristou,et al.  MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[11]  Simha Sethumadhavan,et al.  FANCI: identification of stealthy malicious logic using boolean functional analysis , 2013, CCS.

[12]  Vishwani D. Agrawal,et al.  Essentials of electronic testing for digital, memory, and mixed-signal VLSI circuits [Book Review] , 2000, IEEE Circuits and Devices Magazine.

[13]  Lawrence T. Pileggi,et al.  Detecting reliability attacks during split fabrication using test-only BEOL stack , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[14]  Farinaz Koushanfar,et al.  Novel Techniques for High-Sensitivity Hardware Trojan Detection Using Thermal and Power Maps , 2014, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[15]  Mark Mohammad Tehranipoor,et al.  A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[16]  Omer Khan,et al.  Advancing the State-of-the-Art in Hardware Trojans Detection , 2019, IEEE Transactions on Dependable and Secure Computing.

[17]  Michael S. Hsiao,et al.  A region based approach for the identification of hardware Trojans , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[18]  Yu Liu,et al.  Hardware Trojan detection through golden chip-free statistical side-channel fingerprinting , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[19]  M. Tehranipoor,et al.  Hardware Trojans: Lessons Learned after One Decade of Research , 2016, TODE.

[20]  Yiorgos Makris,et al.  Hardware Trojan detection using path delay fingerprint , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[21]  Michael S. Hsiao,et al.  Hardware Trojan Attacks: Threat Analysis and Countermeasures , 2014, Proceedings of the IEEE.

[22]  Jeyavijayan Rajendran,et al.  Design and analysis of ring oscillator based Design-for-Trust technique , 2011, 29th VLSI Test Symposium.

[23]  Yiqiang Zhao,et al.  Hardware Trojan Detection Through Chip-Free Electromagnetic Side-Channel Statistical Analysis , 2017, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[24]  Sylvain Guilley,et al.  Linear complementary dual code improvement to strengthen encoded circuit against hardware Trojan horses , 2015, 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[25]  Jie Li,et al.  At-speed delay characterization for IC authentication and Trojan Horse detection , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[26]  Kwang-Ting Cheng,et al.  Hardware Trojan detection using exhaustive testing of k-bit subspaces , 2015, The 20th Asia and South Pacific Design Automation Conference.

[27]  Ramesh Karri,et al.  A Primer on Hardware Security: Models, Methods, and Metrics , 2014, Proceedings of the IEEE.

[28]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[29]  Jeyavijayan Rajendran,et al.  Is split manufacturing secure? , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[30]  Michael S. Hsiao,et al.  A Novel Sustained Vector Technique for the Detection of Hardware Trojans , 2009, 2009 22nd International Conference on VLSI Design.

[31]  Vishwani D. Agrawal,et al.  FACTS: fault coverage estimation by test vector sampling , 1994, Proceedings of IEEE VLSI Test Symposium.

[32]  Michael S. Hsiao,et al.  ODETTE: A non-scan design-for-test methodology for Trojan detection in ICs , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[33]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[34]  Jeyavijayan Rajendran,et al.  Reconciling the IC test and security dichotomy , 2013, 2013 18th IEEE European Test Symposium (ETS).

[35]  Mark Mohammad Tehranipoor,et al.  BISA: Built-in self-authentication for preventing hardware Trojan insertion , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).