Circumventing a ring oscillator approach to FPGA-based hardware Trojan detection

Ring oscillators are commonly used as a locking mechanism that binds a hardware design to a specific area of silicon within an integrated circuit (IC). This locking mechanism can be used to detect malicious modifications to the hardware design, also known as a hardware Trojan, in situations where such modifications result in a change to the physical placement of the design on the IC. However, careful consideration is needed when designing ring oscillators for such a scenario to guarantee the integrity of the locking mechanism. This paper presents a case study in which flaws discovered in a ring oscillator-based Trojan detection scheme allowed for the circumvention of the security mechanism and the implementation of a large and diverse set of hardware Trojans, limited only by hardware resources.

[1]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[2]  Patrick Schaumont,et al.  A large scale characterization of RO-PUF , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[3]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[4]  John P. Hayes,et al.  On-line sensing for healthier FPGA systems , 2010, FPGA '10.

[5]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[6]  Jeyavijayan Rajendran,et al.  Design and analysis of ring oscillator based Design-for-Trust technique , 2011, 29th VLSI Test Symposium.

[7]  Joseph Zambreno,et al.  A case study in hardware Trojan design and implementation , 2011, International Journal of Information Security.

[8]  Jie Li,et al.  At-speed delay characterization for IC authentication and Trojan Horse detection , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.