With Cyber warfare, detection of hardware Trojans, malicious digital circuit components that can leak data and degrade performance, is an urgent issue. Quasi-Delay Insensitive asynchronous digital circuits, such as NULL Convention Logic (NCL) and Sleep Convention Logic, also known as Multi-Threshold NULL Convention Logic (MTNCL), have inherent security properties and resilience to large fluctuations in temperatures, which make them very alluring to extreme environment applications, such as space exploration, automotive, power industry etc. This paper shows how dual-rail encoding used in NCL and MTNCL can be exploited to design Trojans, which would not be detected using existing methods. Generic threat models for Trojans are given. Formal verification methods that are capable of accurate detection of Trojans at the Register-Transfer-Level are also provided. The detection methods were tested by embedding Trojans in NCL and MTNCL Rivest-Shamir-Adleman (RSA) decryption circuits. The methods were applied to 25 NCL and 25 MTNCL RSA benchmarks of various data path width and provided 100% rate of detection.This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.
Transient execution attacks such as Spectre and Meltdown exploit speculative execution in modern microprocessors to leak information via cache side-channels. Software solutions to defend against many transient execution attacks employ the lfence serialising instruction, which does not allow instructions that come after the lfence to execute outof-order with respect to instructions that come before the lfence. However, errors and Trojans in the hardware implementation of lfence can be exploited to compromise the software mitigations that use lfence. The aforementioned security gap has not been identified and addressed previously. The authors provide a formal method solution that addresses the verification of lfence hardware implementation. The authors also show how hardware Trojans can be designed to circumvent lfence and demonstrate that their verification approach will flag such Trojans as well. The authors have demonstrated the efficacy of our approach using RSD, which is an open source RISC-V based superscalar out-of-order processor.
K E Y W O R D Scomputer architecture, electronic design automation, formal verification, integrated circuit design, logic design, microcomputers, microprocessor chipsThis is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.