McSeVIC: A Model Checking Based Framework for Security Vulnerability Analysis of Integrated Circuits

The rising trend of globalization in the integrated circuits’ design process has increased their vulnerabilities against malicious intrusions. The security vulnerability analysis using conventional design time simulations is computationally intensive and incomplete by nature. Formal verification has the potential to overcome these limitations of simulation techniques; however, the existing state-of-the-art formal verification techniques cannot be used as such to analyze the effects of hardware Trojans (HTs) that may impact the performance of the circuit without altering its functionality. In this paper, we propose a novel model checking-based formal framework for a priori assessment of circuit vulnerabilities against both the functional and parametric HTs at the early stages of the design. This framework is characterized by the gate-level side channel parameters, i.e., dynamic power, leakage power, and propagation delay, to examine the impacts of malicious circuitry insertion. An algorithm based on the temporal logic properties is proposed, which computes the bounds for the side channel parameters to define the expected secure regions of circuit operation. Moreover, we propose a second algorithm for formally analyzing the security vulnerabilities in the circuit by introducing partitions, which significantly reduces the size of state space. We evaluate the masking effects on the intrusions while considering 3-sigma variation in the process. We demonstrate the effectiveness of our proposed approach by analyzing the security vulnerabilities on a set of ISCAS85 and $74\times $ benchmarks.

[1]  Swarup Bhunia,et al.  Golden-Free Hardware Trojan Detection with High Sensitivity Under Process Noise , 2017, J. Electron. Test..

[2]  Mark Mohammad Tehranipoor,et al.  Security vulnerability analysis of design-for-test exploits for asset protection in SoCs , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[3]  Morteza Saheb Zamani,et al.  Latch-Based Structure: A High Resolution and Self-Reference Technique for Hardware Trojan Detection , 2017, IEEE Transactions on Computers.

[4]  Subhasish Mitra,et al.  The Trojan-proof chip , 2015, IEEE Spectrum.

[5]  Morteza Saheb Zamani,et al.  A study on the efficiency of hardware Trojan detection based on path-delay fingerprinting , 2014, Microprocess. Microsystems.

[6]  Hongwei Luo,et al.  Malicious circuitry detection using transient power analysis for IC security , 2013, 2013 International Conference on Quality, Reliability, Risk, Maintenance, and Safety Engineering (QR2MSE).

[7]  Aria Nosratinia,et al.  Silicon Demonstration of Hardware Trojan Design and Detection in Wireless Cryptographic ICs , 2017, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[8]  Yu Liu,et al.  Hardware Trojan detection through golden chip-free statistical side-channel fingerprinting , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[9]  Sally Adee,et al.  The Hunt For The Kill Switch , 2008, IEEE Spectrum.

[10]  Faiq Khalid,et al.  A self-learning framework to detect the intruded integrated circuits , 2016, 2016 IEEE International Symposium on Circuits and Systems (ISCAS).

[11]  Jimson Mathew,et al.  A Flexible Online Checking Technique to Enhance Hardware Trojan Horse Detectability by Reliability Analysis , 2017, IEEE Transactions on Emerging Topics in Computing.

[12]  Stephen A. Edwards,et al.  Design of embedded systems: formal models, validation, and synthesis , 1997, Proc. IEEE.

[13]  Armin Biere,et al.  Bounded model checking , 2003, Adv. Comput..

[14]  Yanjiang Liu,et al.  A Novel Test Pattern Optimization Approach Based on Ring Oscillator Network , 2017, 2017 9th International Conference on Intelligent Human-Machine Systems and Cybernetics (IHMSC).

[15]  Fayez Gebali,et al.  Classification of hardware trojan detection techniques , 2015, 2015 Tenth International Conference on Computer Engineering & Systems (ICCES).

[16]  Florian Schupfer,et al.  Hardware Trojan detection by specifying malicious circuit properties , 2013, 2013 IEEE 4th International Conference on Electronics Information and Emergency Communication.

[17]  Charles A. Kamhoua,et al.  Translating circuit behavior manifestations of hardware Trojans using model checkers into run-time Trojan detection monitors , 2016, 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST).

[18]  H.-S. Philip Wong,et al.  TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[19]  Franziska Hoffmann,et al.  Design Of Analog Cmos Integrated Circuits , 2016 .

[20]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[21]  Farinaz Koushanfar,et al.  A Unified Framework for Multimodal Submodular Integrated Circuits Trojan Detection , 2011, IEEE Transactions on Information Forensics and Security.

[22]  Hendrikus J. M. Veendrick,et al.  Short-circuit dissipation of static CMOS circuitry and its impact on the design of buffer circuits , 1984 .

[23]  Osman Hasan,et al.  Formal analysis of macro synchronous micro asychronous pipeline for hardware Trojan detection , 2015, 2015 Nordic Circuits and Systems Conference (NORCAS): NORCHIP & International Symposium on System-on-Chip (SoC).

[24]  Amlan Chakrabarti,et al.  Self Aware SoC Security to Counteract Delay Inducing Hardware Trojans at Runtime , 2017, 2017 30th International Conference on VLSI Design and 2017 16th International Conference on Embedded Systems (VLSID).

[25]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[26]  Jan M. Rabaey,et al.  Ultralow-Power Design in Near-Threshold Region , 2010, Proceedings of the IEEE.

[27]  Michael S. Hsiao,et al.  Hardware Trojan Attacks: Threat Analysis and Countermeasures , 2014, Proceedings of the IEEE.

[28]  N. Mohankumar,et al.  Malicious combinational Hardware Trojan detection by Gate Level Characterization in 90nm technology , 2014, Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT).

[29]  James Tschanz,et al.  Parameter variations and impact on circuits and microarchitecture , 2003, Proceedings 2003. Design Automation Conference (IEEE Cat. No.03CH37451).

[30]  Mark Mohammad Tehranipoor,et al.  Case study: Detecting hardware Trojans in third-party digital IP cores , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[31]  Miodrag Potkonjak,et al.  Hardware Trojan horse detection using gate-level characterization , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[32]  Sylvain Guilley,et al.  Hardware property checker for run-time Hardware Trojan detection , 2015, 2015 European Conference on Circuit Theory and Design (ECCTD).

[33]  Dhruva Acharyya,et al.  Detecting Trojans Through Leakage Current Analysis Using Multiple Supply Pad ${I}_{\rm DDQ}$s , 2010, IEEE Transactions on Information Forensics and Security.

[34]  Dhiraj K. Pradhan,et al.  Practical Design Verification , 2009 .

[35]  Christos A. Papachristou,et al.  MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[36]  Nozomu Togawa,et al.  Hardware Trojans classification for gate-level netlists using multi-layer neural networks , 2017, 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS).

[37]  James F. Plusquellic,et al.  On detecting delay anomalies introduced by hardware Trojans , 2016, 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[38]  David Harris,et al.  CMOS VLSI Design: A Circuits and Systems Perspective , 2004 .

[39]  Osman Hasan,et al.  Formal Verification of Gate-Level Multiple Side Channel Parameters to Detect Hardware Trojans , 2016, FTSCS.

[40]  Jan M. Rabaey,et al.  Digital Integrated Circuits , 2003 .

[41]  Kaushik Roy,et al.  Hardware Trojan Detection by Multiple-Parameter Side-Channel Analysis , 2013, IEEE Transactions on Computers.

[42]  John Lach,et al.  Performance of delay-based Trojan detection techniques under parameter variations , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[43]  Mark Tehranipoor,et al.  Code Coverage Analysis for IP Trust Verification , 2017 .

[44]  Huawei Li,et al.  LMDet: A “Naturalness” Statistical Method for Hardware Trojan Detection , 2018, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[45]  Siva G. Narendra,et al.  Leakage in Nanometer CMOS Technologies , 2010 .

[46]  Debdeep Mukhopadhyay,et al.  Improved Test Pattern Generation for Hardware Trojan Detection Using Genetic Algorithm and Boolean Satisfiability , 2015, CHES.

[47]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[48]  Hassan Salmani,et al.  Digital Circuit Vulnerabilities to Hardware Trojans , 2017 .

[49]  Debdeep Mukhopadhyay,et al.  Testability Based Metric for Hardware Trojan Vulnerability Assessment , 2016, 2016 Euromicro Conference on Digital System Design (DSD).

[50]  Bernd Becker,et al.  Formal Vulnerability Analysis of Security Components , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[51]  Mohammad T. Manzuri Shalmani,et al.  Hardware Trojan Detection Based on Logical Testing , 2017, J. Electron. Test..

[52]  Rolf Drechsler,et al.  Advanced Formal Verification , 2004 .

[53]  Alain C. Diebold,et al.  Handbook of Silicon Semiconductor Metrology , 2009 .

[54]  Mark Mohammad Tehranipoor,et al.  AVFSM: A framework for identifying and mitigating vulnerabilities in FSMs , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[55]  Mohamed I. Elmasry,et al.  Power dissipation analysis and optimization of deep submicron CMOS digital circuits , 1996, IEEE J. Solid State Circuits.

[56]  Benjamin Carrion Schafer,et al.  Hardware Trojan Detection in Behavioral Intellectual Properties (IP's) Using Property Checking Techniques , 2017, IEEE Transactions on Emerging Topics in Computing.

[57]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[58]  H. Tuinhout Impact of Parametric Fluctuations on Performance and Yield of Deep-Submicron Technologies , 2002, 32nd European Solid-State Device Research Conference.