With Cyber warfare, detection of hardware Trojans, malicious digital circuit components that can leak data and degrade performance, is an urgent issue. Quasi-Delay Insensitive asynchronous digital circuits, such as NULL Convention Logic (NCL) and Sleep Convention Logic, also known as Multi-Threshold NULL Convention Logic (MTNCL), have inherent security properties and resilience to large fluctuations in temperatures, which make them very alluring to extreme environment applications, such as space exploration, automotive, power industry etc. This paper shows how dual-rail encoding used in NCL and MTNCL can be exploited to design Trojans, which would not be detected using existing methods. Generic threat models for Trojans are given. Formal verification methods that are capable of accurate detection of Trojans at the Register-Transfer-Level are also provided. The detection methods were tested by embedding Trojans in NCL and MTNCL Rivest-Shamir-Adleman (RSA) decryption circuits. The methods were applied to 25 NCL and 25 MTNCL RSA benchmarks of various data path width and provided 100% rate of detection.This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.
Several mitigations to thwart Spectre attacks have been proposed. However, design errors or trojans can be exploited to circumvent these mitigations. We have developed a highly-automated formal verification methodology that can detect if modern microprocessor designs are vulnerable to Spectre and its variants or prove otherwise. The methodology comprises of a refinement-based formal Spectre invulnerability property, and refinement maps, abstractions and invariants required to efficiently check the property. The methodology was evaluated on 29 benchmarks based on the RSD, which is an open source RISC-V based out-of-order superscalar processor. The benchmarks incorporated two Spectre defenses including software-controlled speculation and data track. Also incorporated were various implementation errors and hardware Trojans such as internally-triggered, rare-circuit-state and time-bombs that induce Spectre. What was evaluated was if the methodology could efficiently prove that an implementation is not vulnerable to Spectre and provide a counterexample otherwise. The methodology provided accurate classification for all benchmarks. The verification times were very efficient, ranging from 30 seconds to 1,500 seconds.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.