Efficient Triggering of Trojan Hardware Logic

Hardware Trojans are malicious alterations to a circuit. These modifications can be inserted either during the design phase or during the fabrication process. Due to the diversity of Hardware Trojans (HTs), detecting and/or locating them are challenging tasks. Numerous approaches have been proposed to address this problem. Methods based on logic testing consist in trying to activate potential Hardware Trojans in order to detect erroneous outputs during simulation. However, traditional ATPG testing may not be sufficient to detect Hardware Trojans. Hardware Trojans are indeed stealthy in nature i.e. mostly inactive unless they are triggered by a rare value. The activation of a Hardware Trojan is therefore a major concern. In this paper, we propose a procedure to identify circuit sites where a possible HT may be easily inserted. The selection of the sites is based on the assumption that the HT is triggered (i) by signals that have potential rare values, (ii) in paths that are not criti...

Journal of Hardware and Systems Security, 2017

Research in the field of hardware Trojans has seen significant growth in the past decade. However, standard benchmarks to evaluate hardware Trojans and their detection are lacking. To this end, we have developed a suite of Trojans and 'trust benchmarks' (i.e., benchmark circuits with a hardware Trojan inserted in them) that can be used by researchers in the community to compare and contrast various Trojan detection techniques. In this paper, we present a comprehensive vulnerability analysis flow at various levels of abstraction of digital-design, that has been utilized to create these trust benchmarks. Further, we present a detailed evaluation of our benchmarks in terms of metrics such as Trojan detectability, and in the context of different attack Bicky Shakya

Lecture Notes in Computer Science, 2015

Test generation for Hardware Trojan Horses (HTH) detection is extremely challenging, as Trojans are designed to be triggered by very rare logic conditions at internal nodes of the circuit. In this paper, we propose a Genetic Algorithm (GA) based Automatic Test Pattern Generation (ATPG) technique, enhanced by automated solution to an associated Boolean Satisfiability problem. The main insight is that given a specific internal trigger condition, it is not possible to attack an arbitrary node (payload) of the circuit, as the effect of the induced logic malfunction by the HTH might not get propagated to the output. Based on this observation, a fault simulation based framework has been proposed, which enumerates the feasible payload nodes for a specific triggering condition. Subsequently, a compact set of test vectors is selected based on their ability to detect the logic malfunction at the feasible payload nodes, thus increasing their effectiveness. Test vectors generated by the proposed scheme were found to achieve higher detection coverage over large population of HTH in ISCAS benchmark circuits, compared to a previously proposed logic testing based Trojan detection technique.

Malicious hardware is a realistic threat. It can be possible to insert the malicious functionality on a device as deep as in the hardware design flow, long before manufacturing the silicon product. Towards developing a hardware Trojan horse detection methodology, we analyze capabilities and limitations of existing techniques, framing a testing strategy for uncovering efficiently hardware Trojan horses in mass-produced integrated circuits.

— Due to the increasing use of information and communication technologies in most aspects of life, security of the information has drawn the attention of governments and industry as well as the researchers. In this regard, structural attacks on the functions of a chip are called hardware Trojans, and are capable of rendering ineffective the security protecting our systems and data. This method represents a big challenge for cyber-security as it is nearly impossible to detect with any currently practical detection scheme. Due to Various methods of this type of attack, many different methods are presented by the researchers to detect them. Each of these methods has been proposed different techniques to detect the Hardware Trojan horse, and are varied in terms of performance and conditions of use. In this paper, we survey the published methods and evaluate the strengths and weaknesses of each of them and analyze the efficiency of the proposed method to introduce efficient methods for Hardware Trojan horse detecting.

ACM Transactions on Embedded Computing Systems

Hardware Trojans (HTs) are malicious manipulations of the standard functionality of an IC. Sophisticated defense against HT attacks has become the utmost current research endeavor. Especially, the HTs whose operations depend on the rare activation condition are the most critical ones. Among other techniques, logic test by rare net excitation is advocated as one of the viable detection methods due to no extra hardware requirement. However, logic test faces a tremendous challenge of the overhead of testing configuration. This work presents a methodology based on the primary input’s impact over rare nets using transition probability to select the useful test vectors. To generate a test vector, each input’s toggle probability is calculated, which drastically minimizes the search space. The capability of rare-signal generation selects the final list of test vectors. Simulations performed in the presence of different HT triggers on different benchmark circuits, like ISCAS’85, ISCAS’89 and...

Computers & Security, 2018

Hardware Trojan detection is a very difficult challenge. However, the combination of symbolic execution and metamorphic testing is useful for detecting hardware Trojans in Verilog code. In this paper, symbolic execution and metamorphic testing were combined to detect internal conditionally triggered hardware Trojans in the register-transfer level design. First, control flow graphs of Verilog code were generated. Next, parallel symbolic execution and satisfiability modulo theories solver generated test patterns. Finally, metamorphic testing detected the hardware Trojans. The work used Trust-Hub benchmarks in experiments.

2008

In this paper, we propose a randomization based technique to verify whether a manufactured chip conforms to its design or is infected by any trojan circuit. A trojan circuit can be inserted into the design or fabrication mask by a malicious manufacturer such that it monitors for a specific rare trigger condition, and then it produces a payload error in the circuit which alters the functionality of the circuit often causing a catastrophic crash of the system where the chip was being used. Since trojans are activated by rare input patterns, they are stealthy by nature and are difficult to detect through conventional techniques of functional testing. In this paper, we propose a novel randomized approach to probabilistically compare the functionality of the implemented circuit with the design of the circuit. Using hypothesis testing, we provide quantitative guarantees when our algorithm reports that there is no trojan in the implemented circuit. This allows us to trade runtime for accuracy. The technique is sound, that is, it reports presence of a trojan only if the implemented circuit is actually infected. If our algorithm finds that the implemented circuit is infected with a trojan, it also reports a fingerprint input pattern to distinguish the implemented circuit from the design. We illustrate the effectiveness of our technique on a set of infected and benign combinational circuits.

ACM Journal on Emerging Technologies in Computing Systems

Hardware Trojans (HT) are small circuits intentionally designed by an adversary for harmful purposes. These types of circuits are extremely difficult to detect. An HT often requires some specific signals to activate which is almost impossible to discover. For this reason, test generation for side channel analysis has gained significant attraction in recent times which does not require HT activation. Such test generation techniques aim to generate a large amount of switching activity inside the HT circuit, increasing transient current measurement. However, such methods suffer from either long runtime or reliable results. In this work, a test generation technique is proposed based on the relative switching activity of the circuit to overcome the limitations of the existing works. Initially, the proposed technique measures the impact of each input on rare nets individually using random vector simulation. Potent inputs are selected to obtain a new set of test vectors that provides high ...

As a result of the globalisation of the semiconductor design and fabrication processes, integrated circuits are becoming increasingly vulnerable to malicious attacks. The most concerning threats are hardware trojans. A hardware trojan is a malicious inclusion or alteration to the existing design of an integrated circuit, with the possible effects ranging from leakage of sensitive information to the complete destruction of the integrated circuit itself. While the majority of existing detection schemes focus on test-time, they all require expensive methodologies to detect hardware trojans. Off-the-shelf approaches have often been overlooked due to limited hardware resources and detection accuracy. With the advances in technologies and the democratisation of open-source hardware, however, these tools enable the detection of hardware trojans at reduced costs during or after production. In this manuscript, a hardware trojan is created and emulated on a consumer FPGA board. The experiments to detect the trojan in a dormant and active state are made using off-the-shelf technologies taking advantage of different techniques such as Power Analysis Reports, Side Channel Analysis and Thermal Measurements. Furthermore, multiple attempts to detect the trojan are demonstrated and benchmarked. Our simulations result in a state-of-the-art methodology to accurately detect the trojan in both dormant and active states using off-the-shelf hardware.