Hardware Malware

In our digital world, integrated circuits are present in nearly every moment of our daily life. Even when using the coffee machine in the morning, or driving our car to work, we interact with integrated circuits. The increasing spread of information technology in virtually all areas of life in the industrialized world offers a broad range of attack vectors. So far, mainly software-based attacks have been considered and investigated, while hardware-based attacks have attracted comparatively little interest. The design and production process of integrated circuits is mostly decentralized due to financial and logistical reasons. Therefore, a high level of trust has to be established between the parties involved in the hardware development lifecycle. During the complex production chain, malicious attackers can insert non-specified functionality by exploiting untrusted processes and backdoors. This work deals with the ways in which such hidden, non-specified functionality can be introduced into hardware systems. After briefly outlining the development and production process of hardware systems, we systematically describe a new type of threat, the hardware Trojan. We provide a historical overview of the development of research activities in this field to show the growing interest of international research in this topic. Current work is considered in more detail. We discuss the components that make up a hardware Trojan as well as the parameters that are relevant for an attack. Furthermore, we describe current approaches for detecting, localizing, and avoiding hardware Trojans to combat them effectively. Moreover, this work develops a comprehensive taxonomy of countermeasures and explains in detail how specific problems are solved. In a final step, we provide an overview of related work and offer an outlook on further research in this field. Table of Contents: List of Figures / Introduction / Hardware Trojans / Countermeasures / Historical Overview / Hot Topics and Conclusions / Glossary / Bibliography / Authors' Biographies

[1]  Farinaz Koushanfar,et al.  A Unified Framework for Multimodal Submodular Integrated Circuits Trojan Detection , 2011, IEEE Transactions on Information Forensics and Security.

[2]  Miodrag Potkonjak,et al.  Scalable segmentation-based malicious circuitry detection and diagnosis , 2010, 2010 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[3]  John Lach,et al.  Performance of delay-based Trojan detection techniques under parameter variations , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[4]  Swarup Bhunia,et al.  On-demand transparency for improving hardware Trojan detectability , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[5]  Miodrag Potkonjak,et al.  Hardware Trojan horse detection using gate-level characterization , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[6]  John D. Villasenor,et al.  A System-On-Chip Bus Architecture for Thwarting Integrated Circuit Trojan Horses , 2011, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[7]  Mark Mohammad Tehranipoor,et al.  Sensitivity analysis to hardware Trojans using power supply transient signals , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[8]  Miodrag Potkonjak,et al.  Gate-level characterization: Foundations and hardware security applications , 2010, Design Automation Conference.

[9]  Mark Mohammad Tehranipoor,et al.  A Sensitivity Analysis of Power Signal Methods for Detecting Hardware Trojans Under Real Process and Environmental Conditions , 2010, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[10]  Yiorgos Makris,et al.  Hardware Trojans in Wireless Cryptographic ICs , 2010, IEEE Design & Test of Computers.

[11]  Michael S. Hsiao,et al.  ODETTE: A non-scan design-for-test methodology for Trojan detection in ICs , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[12]  Mark Mohammad Tehranipoor,et al.  An Experimental Analysis of Power and Delay Signal-to-Noise Requirements for Detecting Trojans and Methods for Achieving the Required Detection Sensitivities , 2011, IEEE Transactions on Information Forensics and Security.

[13]  Mark Mohammad Tehranipoor,et al.  Hardware Trojan Horses , 2010, Towards Hardware-Intrinsic Security.

[14]  Jia Di,et al.  Detecting Malicious Logic Through Structural Checking , 2007, 2007 IEEE Region 5 Technical Conference.

[15]  Swarup Bhunia,et al.  Hardware protection and authentication through netlist level obfuscation , 2008, ICCAD 2008.

[16]  Michael S. Hsiao,et al.  A region based approach for the identification of hardware Trojans , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[17]  Phillip H. Jones,et al.  Circumventing a ring oscillator approach to FPGA-based hardware Trojan detection , 2011, 2011 IEEE 29th International Conference on Computer Design (ICCD).

[18]  Miron Abramovici,et al.  Integrated circuit security: new threats and solutions , 2009, CSIIRW '09.

[19]  Jeyavijayan Rajendran,et al.  Blue team red team approach to hardware trust assessment , 2011, 2011 IEEE 29th International Conference on Computer Design (ICCD).

[20]  Susmit Jha,et al.  Randomization Based Probabilistic Approach to Detect Trojan Circuits , 2008, 2008 11th IEEE High Assurance Systems Engineering Symposium.

[21]  Lok-Won Kim,et al.  A Trojan-resistant system-on-chip bus architecture , 2009, MILCOM 2009 - 2009 IEEE Military Communications Conference.

[22]  Swarup Bhunia,et al.  Self-referencing: A Scalable Side-Channel Approach for Hardware Trojan Detection , 2010, CHES.

[23]  Bhagirath Narahari,et al.  OS support for detecting Trojan circuit attacks , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[24]  Alok N. Choudhary,et al.  Detecting/preventing information leakage on the memory bus due to malicious hardware , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[25]  David A. Wagner,et al.  Defeating UCI: Building Stealthy and Malicious Hardware , 2011, 2011 IEEE Symposium on Security and Privacy.

[26]  Tom Kean,et al.  Verifying the authenticity of chip designs with the DesignTag system , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[27]  Mark Mohammad Tehranipoor,et al.  Hardware Trojan Detection and Isolation Using Current Integration and Localized Current Analysis , 2008, 2008 IEEE International Symposium on Defect and Fault Tolerance of VLSI Systems.

[28]  Xiaoxiao Wang,et al.  Power supply signal calibration techniques for improving detection resolution to hardware Trojans , 2008, ICCAD 2008.

[29]  Jie Li,et al.  At-speed delay characterization for IC authentication and Trojan Horse detection , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[30]  Ryan Kastner,et al.  Extended abstract: Trustworthy system security through 3-D integrated hardware , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[31]  Bhagirath Narahari,et al.  Providing secure execution environments with a last line of defense against Trojan circuit attacks , 2009, Comput. Secur..

[32]  Michael S. Hsiao,et al.  A Novel Sustained Vector Technique for the Detection of Hardware Trojans , 2009, 2009 22nd International Conference on VLSI Design.

[33]  Michael S. Hsiao,et al.  Guided test generation for isolation and detection of embedded trojans in ics , 2008, GLSVLSI '08.

[34]  Joseph Zambreno,et al.  A case study in hardware Trojan design and implementation , 2011, International Journal of Information Security.

[35]  Mark Mohammad Tehranipoor,et al.  New design strategy for improving hardware Trojan detection and reducing Trojan activation time , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[36]  Dhruva Acharyya,et al.  Detecting Trojans Through Leakage Current Analysis Using Multiple Supply Pad ${I}_{\rm DDQ}$s , 2010, IEEE Transactions on Information Forensics and Security.

[37]  Farinaz Koushanfar,et al.  Consistency-based characterization for IC Trojan detection , 2009, 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers.

[38]  Swarup Bhunia,et al.  Hardware Trojan: Threats and emerging solutions , 2009, 2009 IEEE International High Level Design Validation and Test Workshop.

[39]  Mark Mohammad Tehranipoor,et al.  Trustworthy Hardware: Identifying and Classifying Hardware Trojans , 2010, Computer.

[40]  Miodrag Potkonjak,et al.  Synthesis of trustable ICs using untrusted CAD tools , 2010, Design Automation Conference.

[41]  Simha Sethumadhavan,et al.  Tamper Evident Microprocessors , 2010, 2010 IEEE Symposium on Security and Privacy.

[42]  Mark Mohammad Tehranipoor,et al.  RON: An on-chip ring oscillator network for hardware Trojan detection , 2011, 2011 Design, Automation & Test in Europe.

[43]  Farinaz Koushanfar,et al.  Extended abstract: Designer’s hardware Trojan horse , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[44]  Michael S. Hsiao,et al.  VITAMIN: Voltage inversion technique to ascertain malicious insertions in ICs , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[45]  Debdeep Mukhopadhyay,et al.  Multi-level attacks: An emerging security concern for cryptographic hardware , 2011, 2011 Design, Automation & Test in Europe.

[46]  Yiorgos Makris,et al.  Hardware Trojan detection using path delay fingerprint , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[47]  Swarup Bhunia,et al.  Security against hardware Trojan through a novel application of design obfuscation , 2009, 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers.

[48]  Christos A. Papachristou,et al.  MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[49]  Mark Mohammad Tehranipoor,et al.  Case study: Detecting hardware Trojans in third-party digital IP cores , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[50]  Mark Mohammad Tehranipoor,et al.  A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time , 2012, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[51]  Christof Paar,et al.  MOLES: Malicious off-chip leakage enabled by side-channels , 2009, 2009 IEEE/ACM International Conference on Computer-Aided Design - Digest of Technical Papers.

[52]  Mark Mohammad Tehranipoor,et al.  Detecting malicious inclusions in secure hardware: Challenges and solutions , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[53]  Christos A. Papachristou,et al.  Dynamic evaluation of hardware trust , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[54]  Christos A. Papachristou,et al.  Trustworthy computing in a multi-core system using distributed scheduling , 2010, 2010 IEEE 16th International On-Line Testing Symposium.

[55]  Tim Güneysu,et al.  Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering , 2009, CHES.

[56]  Mark Mohammad Tehranipoor,et al.  A layout-aware approach for improving localized switching to detect hardware Trojans in integrated circuits , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[57]  James Tschanz,et al.  Impact of Parameter Variations on Circuits and Microarchitecture , 2006, IEEE Micro.

[58]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[59]  Jarrod A. Roy,et al.  Extended abstract: Circuit CAD tools as a security threat , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[60]  Michael S. Hsiao,et al.  Trusted RTL: Trojan detection methodology in pre-silicon designs , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[61]  Kaushik Roy,et al.  Multiple-parameter side-channel analysis: A non-invasive hardware Trojan detection approach , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[62]  Jeyavijayan Rajendran,et al.  Towards a comprehensive and systematic classification of hardware Trojans , 2010, Proceedings of 2010 IEEE International Symposium on Circuits and Systems.

[63]  Milo M. K. Martin,et al.  Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically , 2010, 2010 IEEE Symposium on Security and Privacy.

[64]  Simha Sethumadhavan,et al.  Silencing Hardware Backdoors , 2011, 2011 IEEE Symposium on Security and Privacy.

[65]  Zhang Ping,et al.  Towards Hardware Trojan: Problem Analysis and Trojan Simulation , 2010, 2010 2nd International Conference on Information Engineering and Computer Science.

[66]  Helen J. Wang,et al.  SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[67]  Miodrag Potkonjak,et al.  SVD-Based Ghost Circuitry Detection , 2009, Information Hiding.