CA-Based Detection of Coherence Exploiting Hardware Trojans

2019 ◽  
Vol 29 (08) ◽  
pp. 2050120
Author(s):  
Suvadip Hazra ◽  
Mamata Dalui
Keyword(s):  
Integrated Circuits ◽  
System Performance ◽  
Chip Multiprocessors ◽  
Current Trend ◽  
Hardware Trojan ◽  
Hardware Trojans ◽  
Cache Line ◽  
Hardware Designs ◽  
Cache System ◽  
Cache Block

Nowadays, Hardware Trojan threats have become inevitable due to the growing complexities of Integrated Circuits (ICs) as well as the current trend of Intellectual Property (IP)-based hardware designs. An adversary can insert a Hardware Trojan during any of its life cycle phases — the design, fabrication or even at manufacturing phase. Once a Trojan is inserted into a system, it can cause an unwanted modification to system functionality which may degrade system performance or sometimes Trojans are implanted with the target to leak secret information. Once Trojans are implanted, they are hard to detect and impossible to remove from the system as they are already fabricated into the chip. In this paper, we propose three stealthy Trojan models which affect the coherence mechanism of Chip Multiprocessors’ (CMPs) cache system by arbitrarily modifying the cache block state which in turn may leave the cache line states as incoherent. We have evaluated the payload of such modeled Trojans and proposed a cellular automaton (CA)-based solution for detection of such Trojans.

scholarly journals Think Smart, Play Dumb: Analyzing Deception in Hardware Trojan Detection Using Game Theory

2020 ◽  
Author(s):  
Tapadhir Das
Keyword(s):  
Integrated Circuits ◽  
Repeated Game ◽  
Third Party ◽  
Hardware Trojan ◽  
Hardware Trojans ◽  
Learning Stage ◽  
Hardware Trojan Detection ◽  
Trojan Detection ◽  
Utility Gain ◽  
Game Theoretic

In recent years, integrated circuits (ICs) have become<br>significant for various industries and their security has<br>been given greater priority, specifically in the supply chain.<br>Budgetary constraints have compelled IC designers to offshore manufacturing to third-party companies. When the designer gets the manufactured ICs back, it is imperative to test for potential threats like hardware trojans (HT). In this paper, a novel multilevel game-theoretic framework is introduced to analyze the interactions between a malicious IC manufacturer and the tester. In particular, the game is formulated as a non-cooperative, zerosum, repeated game using prospect theory (PT) that captures different players’ rationalities under uncertainty. The repeated game is separated into a learning stage, in which the defender<br><div>learns about the attacker’s tendencies, and an actual game stage, where this learning is used. Experiments show great incentive for the attacker to deceive the defender about their actual rationality by “playing dumb” in the learning stage (deception). This scenario is captured using hypergame theory to model the attacker’s view of the game. The optimal deception rationality of the attacker is analytically derived to maximize utility gain. For the defender, a first-step deception mitigation process is proposed to thwart the effects of deception. Simulation results show that the attacker can profit from the deception as it can successfully insert HTs in the manufactured ICs without being detected.</div><div><br></div><div>This paper has been accepted for publication in <b>IEEE Cyber Science Conference 2020</b><br></div>

scholarly journals DANA Universal Dataflow Analysis for Gate-Level Netlist Reverse Engineering

2020 ◽  
pp. 309-336
Author(s):  
Nils Albartus ◽  
Max Hoffmann ◽  
Sebastian Temme ◽  
Leonid Azriel ◽  
Christof Paar
Keyword(s):  
Integrated Circuits ◽  
Reverse Engineering ◽  
Dataflow Analysis ◽  
Hardware Trojans ◽  
On Chip ◽  
Perfect Recovery ◽  
High Level ◽  
And Control ◽  
Hardware Designs ◽  
Ip Theft

Reverse engineering of integrated circuits, i.e., understanding the internals of Integrated Circuits (ICs), is required for many benign and malicious applications. Examples of the former are detection of patent infringements, hardware Trojans or Intellectual Property (IP)-theft, as well as interface recovery and defect analysis, while malicious applications include IP-theft and finding insertion points for hardware Trojans. However, regardless of the application, the reverse engineer initially starts with a large unstructured netlist, forming an incomprehensible sea of gates.This work presents DANA, a generic, technology-agnostic, and fully automated dataflow analysis methodology for flattened gate-level netlists. By analyzing the flow of data between individual Flip Flops (FFs), DANA recovers high-level registers. The key idea behind DANA is to combine independent metrics based on structural and control information with a powerful automated architecture. Notably, DANA works without any thresholds, scenario-dependent parameters, or other “magic” values that the user must choose. We evaluate DANA on nine modern hardware designs, ranging from cryptographic co-processors, over CPUs, to the OpenTitan, a stateof- the-art System-on-Chip (SoC), which is maintained by the lowRISC initiative with supporting industry partners like Google and Western Digital. Our results demonstrate almost perfect recovery of registers for all case studies, regardless whether they were synthesized as FPGA or ASIC netlists. Furthermore, we explore two applications for dataflow analysis: we show that the raw output of DANA often already allows to identify crucial components and high-level architecture features and also demonstrate its applicability for detecting simple hardware Trojans.Hence, DANA can be applied universally as the first step when investigating unknown netlists and provides major guidance for human analysts by structuring and condensing the otherwise incomprehensible sea of gates. Our implementation of DANA and all synthesized netlists are available as open source on GitHub.

scholarly journals A Cache System Design for CMPs with Built-In Coherence Verification

VLSI Design ◽  
2016 ◽  
Vol 2016 ◽  
pp. 1-16 ◽  
Author(s):  
Mamata Dalui ◽  
Biplab K. Sikdar
Keyword(s):  
Cellular Automata ◽  
Chip Multiprocessors ◽  
Cache Coherence ◽  
Attractor State ◽  
Von Neumann ◽  
Memory Block ◽  
Cache Line ◽  
The Cost ◽  
Effective Design ◽  
Cache System

This work reports an effective design of cache system for Chip Multiprocessors (CMPs). It introduces built-in logic for verification of cache coherence in CMPs realizing directory based protocol. It is developed around the cellular automata (CA) machine, invented by John von Neumann in the 1950s. A special class of CA referred to as single length cycle 2-attractor cellular automata (TACA) has been planted to detect the inconsistencies in cache line states of processors’ private caches. The TACA module captures coherence status of the CMPs’ cache system and memorizes any inconsistent recording of the cache line states during the processors’ reference to a memory block. Theory has been developed to empower a TACA to analyse the cache state updates and then to settle to an attractor state indicating quick decision on a faulty recording of cache line status. The introduction of segmentation of the CMPs’ processor pool ensures a better efficiency, in determining the inconsistencies, by reducing the number of computation steps in the verification logic. The hardware requirement for the verification logic points to the fact that the overhead of proposed coherence verification module is much lesser than that of the conventional verification units and is insignificant with respect to the cost involved in CMPs’ cache system.

scholarly journals Creation and Detection of Hardware Trojans Using Non-Invasive Off-The-Shelf Technologies

Electronics ◽  
2018 ◽  
Vol 7 (7) ◽  
pp. 124 ◽  
Author(s):  
Catherine Rooney ◽  
Amar Seeam ◽  
Xavier Bellekens
Keyword(s):  
Integrated Circuits ◽  
Integrated Circuit ◽  
Test Time ◽  
Detection Accuracy ◽  
Sensitive Information ◽  
Hardware Trojan ◽  
Hardware Trojans ◽  
Non Invasive ◽  
Channel Analysis ◽  
Open Source Hardware

As a result of the globalisation of the semiconductor design and fabrication processes, integrated circuits are becoming increasingly vulnerable to malicious attacks. The most concerning threats are hardware trojans. A hardware trojan is a malicious inclusion or alteration to the existing design of an integrated circuit, with the possible effects ranging from leakage of sensitive information to the complete destruction of the integrated circuit itself. While the majority of existing detection schemes focus on test-time, they all require expensive methodologies to detect hardware trojans. Off-the-shelf approaches have often been overlooked due to limited hardware resources and detection accuracy. With the advances in technologies and the democratisation of open-source hardware, however, these tools enable the detection of hardware trojans at reduced costs during or after production. In this manuscript, a hardware trojan is created and emulated on a consumer FPGA board. The experiments to detect the trojan in a dormant and active state are made using off-the-shelf technologies taking advantage of different techniques such as Power Analysis Reports, Side Channel Analysis and Thermal Measurements. Furthermore, multiple attempts to detect the trojan are demonstrated and benchmarked. Our simulations result in a state-of-the-art methodology to accurately detect the trojan in both dormant and active states using off-the-shelf hardware.

Trojan Scanner: Detecting Hardware Trojans with Rapid SEM Imaging Combined with Image Processing and Machine Learning

2018 ◽  
Author(s):  
Nidish Vashistha ◽  
Hangwei Lu ◽  
Qihang Shi ◽  
M Tanjidur Rahman ◽  
Haoting Shen ◽  
...  
Keyword(s):  
Machine Learning ◽  
Integrated Circuits ◽  
Reverse Engineering ◽  
Physical Structure ◽  
Supervised Machine Learning ◽  
Hardware Trojan ◽  
Hardware Trojans ◽  
Sem Images ◽  
Sem Image ◽  
Machine Learning Model

Abstract Hardware Trojans are malicious changes to the design of integrated circuits (ICs) at different stages of the design and fabrication processes. Different approaches have been developed to detect Trojans namely non-destructive (electrical tests like run-time monitoring, functional and structural tests) and destructive (full chip reverse engineering). However, these methods cannot detect all types of Trojans and they suffer from a number of disadvantages such as slow speed of detection and lack of confidence in detecting all types of Trojans. Majority of hardware Trojans implemented in an IC will leave a footprint at the doping (active) layer. In this paper, we introduce a new version of our previously developed “Trojan Scanner” [1] framework for the untrusted foundry threat model, where a trusted GDSII layout (golden layout) is available. Advanced computer vision algorithms in combination with the supervised machine-learning model are used to classify different features of the golden layout and SEM images from an IC under authentication, as a unique descriptor for each type of gates. These descriptors are compared with each other to detect any subtle changes on the active region, which can raise the flag for the existence of a potential hardware Trojan. The descriptors can differentiate variation due to fabrication process, defects, and common SEM image distortions to rule out the possibility of false detection. Our results demonstrate that Trojan Scanner is more reliable than electrical testing and faster than full chip reverse engineering. Trojan Scanner does not rely on the functionality of the circuit rather focuses on the real physical structure to detect malicious changes inserted by the untrusted foundry.

scholarly journals Think Smart, Play Dumb: Analyzing Deception in Hardware Trojan Detection Using Game Theory

2020 ◽  
Author(s):  
Tapadhir Das ◽  
AbdelRahman Eldosouky ◽  
Shamik Sengupta
Keyword(s):  
Integrated Circuits ◽  
Repeated Game ◽  
Third Party ◽  
Hardware Trojan ◽  
Hardware Trojans ◽  
Learning Stage ◽  
Hardware Trojan Detection ◽  
Trojan Detection ◽  
Utility Gain ◽  
Game Theoretic

In recent years, integrated circuits (ICs) have become<br>significant for various industries and their security has<br>been given greater priority, specifically in the supply chain.<br>Budgetary constraints have compelled IC designers to offshore manufacturing to third-party companies. When the designer gets the manufactured ICs back, it is imperative to test for potential threats like hardware trojans (HT). In this paper, a novel multilevel game-theoretic framework is introduced to analyze the interactions between a malicious IC manufacturer and the tester. In particular, the game is formulated as a non-cooperative, zerosum, repeated game using prospect theory (PT) that captures different players’ rationalities under uncertainty. The repeated game is separated into a learning stage, in which the defender<br><div>learns about the attacker’s tendencies, and an actual game stage, where this learning is used. Experiments show great incentive for the attacker to deceive the defender about their actual rationality by “playing dumb” in the learning stage (deception). This scenario is captured using hypergame theory to model the attacker’s view of the game. The optimal deception rationality of the attacker is analytically derived to maximize utility gain. For the defender, a first-step deception mitigation process is proposed to thwart the effects of deception. Simulation results show that the attacker can profit from the deception as it can successfully insert HTs in the manufactured ICs without being detected.</div><div><br></div><div>This paper has been accepted for publication in <b>IEEE Cyber Science Conference 2020</b><br></div>

scholarly journals Think Smart, Play Dumb: Analyzing Deception in Hardware Trojan Detection Using Game Theory

2020 ◽  
Author(s):  
Tapadhir Das ◽  
AbdelRahman Eldosouky ◽  
Shamik Sengupta
Keyword(s):  
Integrated Circuits ◽  
Repeated Game ◽  
Third Party ◽  
Hardware Trojan ◽  
Hardware Trojans ◽  
Learning Stage ◽  
Hardware Trojan Detection ◽  
Trojan Detection ◽  
Utility Gain ◽  
Game Theoretic

In recent years, integrated circuits (ICs) have become<br>significant for various industries and their security has<br>been given greater priority, specifically in the supply chain.<br>Budgetary constraints have compelled IC designers to offshore manufacturing to third-party companies. When the designer gets the manufactured ICs back, it is imperative to test for potential threats like hardware trojans (HT). In this paper, a novel multilevel game-theoretic framework is introduced to analyze the interactions between a malicious IC manufacturer and the tester. In particular, the game is formulated as a non-cooperative, zerosum, repeated game using prospect theory (PT) that captures different players’ rationalities under uncertainty. The repeated game is separated into a learning stage, in which the defender<br><div>learns about the attacker’s tendencies, and an actual game stage, where this learning is used. Experiments show great incentive for the attacker to deceive the defender about their actual rationality by “playing dumb” in the learning stage (deception). This scenario is captured using hypergame theory to model the attacker’s view of the game. The optimal deception rationality of the attacker is analytically derived to maximize utility gain. For the defender, a first-step deception mitigation process is proposed to thwart the effects of deception. Simulation results show that the attacker can profit from the deception as it can successfully insert HTs in the manufactured ICs without being detected.</div><div><br></div><div>This paper has been accepted for publication in <b>IEEE Cyber Science Conference 2020</b><br></div>

scholarly journals Design, Implementation and Detection of Hardware Trojans in Sequential systems

2019 ◽  
Vol 8 (4) ◽  
pp. 3665-3670
Keyword(s):  
Integrated Circuits ◽  
Technological Development ◽  
Semiconductor Industry ◽  
Quiescent State ◽  
Manufacturing Companies ◽  
End User ◽  
Hardware Trojans ◽  
Threat Level ◽  
Telecommunication Companies ◽  
Health Care Equipment

For decades, digital systems have been designed based on assumptions that the underlying hardware, though not perfectly reliable, is free of malicious elements. The demand for IC’s is greatly increasing due to tremendous technological development. Without appropriate resources the companies are hard pressed to produce trusted IC’s. This is driving the companies into the ‘fabless’ trend predominant in semiconductor industry, where the companies are depending on cheaper foundries for the IC fabrication instead of depending on their own resources. This growth brings with it a big rise in threat level in terms of Hardware Trojans that hits the manufacturing companies which make use of Integrated Circuits. This transcends many industries, including strategic organizations and telecommunication companies, mobile phones and computers, embedded systems used in domestic applications and health care equipment. These adversarial inclusions are generally triggered to do malicious modifications in the end user system by the intruder, which is difficult to detect in their quiescent state. This paper focuses on understanding Hardware Trojans, their implications and detection methodologies. It is extremely important for all industries and more so for defense organizations, who are involved in developing systems to protect the nation’s boundaries.

Hardware Trojan Detection Technique Using Frequency Characteristic Analysis of Path Delay in Application Specific Integrated Circuits

2020 ◽  
Vol 10 (2) ◽  
pp. 36-43
Author(s):  
Ha Thai Tran ◽  
Phuc Van Hoang ◽  
Tuan Ngoc Do ◽  
Duong Hai Nguyen
Keyword(s):  
Integrated Circuits ◽  
Frequency Characteristic ◽  
Integrated Circuit ◽  
Hardware Security ◽  
Hardware Trojan ◽  
Path Delay ◽  
Characteristic Analysis ◽  
Hardware Trojan Detection ◽  
Ic Manufacturing ◽  
Application Specific

 Abstract—  Since the last decade, hardware Trojan (HT) have become a serious problem for hardware security because of outsourcing trends in Integrated Circuit (IC) manufacturing. As the fabrication of IC is becoming very complex and costly, more and more chipmakers outsource their designs or parts of the fabrication process. This trend opens a loophole in hardware security, as an untrusted company could perform malicious modifications to the golden circuit at design or fabrication stages. Therefore, assessing risks and proposing solutions to detect HT are very important tasks. This paper presents a technique for detecting HT using frequency characteristic analysis of path delay. The results show that measuring with the frequency step of 0.016 MHz can detect a HT having the size of 0.2% of the original design.Tóm tắt— Từ thập niên 2010, Trojan phần cứng (HT) đã trở thành một vấn đề nghiêm trọng đối với bảo mật phần cứng, do xu hướng thuê sản xuất mạch tích hợp (Integrated Circuit - IC). Khi quá trình chế tạo IC trở nên phức tạp và tốn kém, ngày càng nhiều nhà sản xuất chip lựa chọn phương án thuê lại một phần hoặc toàn bộ thiết kế IC. Xu hướng này tạo ra lỗ hổng trong bảo mật phần cứng, vì một công ty không đáng tin cậy có thể thực hiện các sửa đổi độc hại vào trong mạch nguyên bản ở giai đoạn thiết kế hoặc chế tạo. Do đó, đánh giá rủi ro và đề xuất giải pháp phát hiện HT là một trong những nhiệm vụ hết sức quan trọng. Bài báo này trình bày một giải pháp phát hiện HT sử dụng phân tích đặc tính tần số của độ trễ đường truyền tín hiệu. Kết quả cho thấy, thực hiện khảo sát với bước tần số 0,016 MHz có thể phát hiện được HT có kích thước 0,2% so với thiết kế ban đầu. 

Sign in / Sign up

Export Citation Format

Share Document