Design Comparison to Identify Malicious Hardware in External Intellectual Property

Reece, Trey; Limbrick, Daniel B.; Robinson, William H.

doi:10.1109/trustcom.2011.82

Cited by 22 publications

(13 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One way to alleviate this issue is the concept of using design diversity in order to identify differences between designs [26]. Two recent studies [27,28] provide frameworks for addressing the issue of software Trojans hidden in Systemon-Chips (SoCs), and developing hardware/software codesign techniques to use two untrusted IPs in order to create secure implementations for SoCs.…”

Section: B Further Work Addressing Third-party Ipmentioning

confidence: 99%

“…The primary concept behind Design Comparison is to logically compare two untrusted hardware designs with similar functionality, identifying wherever their outputs differ in order to verify a design pre-fabrication [26]. As Trojan triggers are designed to have astronomically low odds to prevent accidental triggering, the odds are even less that two Trojans would have the same Trigger and the same payload.…”

Section: Design Comparisonmentioning

confidence: 99%

See 1 more Smart Citation

Detection of Hardware Trojans in Third-Party Intellectual Property Using Untrusted Modules

Reece

Robinson

2016

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

Self Cite

View full text Add to dashboard Cite

During the design of an integrated circuit, there are several opportunities for adversaries to make malicious modifications or insertions to a design. These attacks, known as hardware Trojans, can have catastrophic effects on a circuit if left undetected. This paper describes a technique for identifying hardware Trojans with logic-based payloads that are hidden within third-party intellectual property. Through comparison of two similar but untrusted designs, functional differences can be identified for all possible input combinations within a window of time. This technique was tested on multiple Trojan benchmarks and was found to be very effective, both in detectability and in speed of testing. As this technique has very low costs to implement, it represents an easy way for designers to gain a level of trust in previously untrusted designs.

show abstract

Section: B Further Work Addressing Third-party Ipmentioning

confidence: 99%

Section: Design Comparisonmentioning

confidence: 99%

Detection of Hardware Trojans in Third-Party Intellectual Property Using Untrusted Modules

Reece

Robinson

2016

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

Self Cite

View full text Add to dashboard Cite

show abstract

“…But those techniques may not be complete or optimal. For instance, in [51], the authors make the primary outputs of the designs as functions of only primary inputs during equivalence checking. However, in most of the designs, it is impossible to make the outputs independent of the state variables.…”

Section: Motivationmentioning

confidence: 99%

“…This can be done by a fully trusted third party or by the buyer oneself. The other way is to use a second untrusted third-party IP assuming that even if both circuits have malicious inclusions, the chances of both Trojans being at the same place, and having same trigger conditions and same functional effect is very unlikely [51]. Our technique assumes that the reference circuit is an unoptimized (potentially much larger) circuit free from malicious insertions prepared in a trusted environment.…”

Section: Random Simulation and Equivalence Checkingmentioning

confidence: 99%

Ensuring trust of third-party hardware design with constrained sequential equivalence checking

Shrestha

Hsiao

2012

2012 IEEE Conference on Technologies for Homeland Security (HST)

View full text Add to dashboard Cite

Globalization of semiconductor design and manufacturing has led to a concern of trust in the final product. The components may now be designed and manufactured from anywhere in the world without the direct supervision of the buyer. As a result, the hardware designs and fabricated chips may be vulnerable to malicious alterations by an adversary at any stage of VLSI design flow, thus compromising the integrity of the component. The effect of any modifications made by the adversary can be catastrophic in the critical applications.Because of the stealthy nature of such insertions, it is extremely difficult to detect them using traditional testing and verification methods. Therefore, the trust of the hardware systems require a new approach and have drawn much attention in the hardware security community.For many years, the researchers have developed sophisticated techniques to detect, isolate and prevent malicious attacks in cyber security community assuming that the underlying hardware platform is extremely secure and trustworthy. But the hardware may contain one or more backdoors that can be exploited by software at the time of operation. Therefore, the trust of the computing system cannot be guaranteed unless we can guarantee the trust of the hardware platform.A malicious insertion can be very stealthy and may only involve minor modification in the hardware design or the fabricated chip. The insertion may require rare or specific conditions in order to be activated. The effect may be denial of service, change of function, destruction of chip, leakage of secret information from cryptographic hardware etc.In this thesis, we propose a novel technique for the detection of malicious alteration(s) in a third party soft intellectual property (IP) using a clever combination of sequential equivalence checking (SEC) and automatic test generation. The use of powerful inductive invariants can prune a large illegal state space, and test generation helps to provide a sensitization path for nodes of interest. Results for a set of hard-to-verify designs show that our method can either ensure that the suspect design is free from the functional effect of any malicious change (s) or return a small group of most likely malicious signals.

show abstract

“…Figure 1 illustrates possible points of insertion in an example production cycle [3]. Depending on the method through which a Trojan is inserted, possible detection methods can vary [4][5][6].…”

Section: Introductionmentioning

confidence: 99%

Stealth Assessment of Hardware Trojans in simple Processors

Nikopoulos

Milidonis

Efstathiou

et al. 2014

Proceedings of the 18th Panhellenic Conference on Informatics

View full text Add to dashboard Cite

Many experimental hardware Trojans explore the potential threat vectors. However, if a Trojan largely affects area, power or operating speed, then it can be easy to detect. We explore the cost in area, power and operating speed of two small, focused attacks on the Parwan processor implemented with a standard cell library. The resulting cost in total area varied from a 0.05% to a 0.09% increase in the area of the design and similar results in the power consumption, while no delay overhead was imposed.

show abstract

Design Comparison to Identify Malicious Hardware in External Intellectual Property

Cited by 22 publications

References 20 publications

Detection of Hardware Trojans in Third-Party Intellectual Property Using Untrusted Modules

Detection of Hardware Trojans in Third-Party Intellectual Property Using Untrusted Modules

Ensuring trust of third-party hardware design with constrained sequential equivalence checking

Stealth Assessment of Hardware Trojans in simple Processors

Contact Info

Product

Resources

About