Designing Trusted Embedded Systems from Finite State Machines

Abstract: Sequential components are crucial for a real-time embedded system as they control the system based on the system's current state and real life input. In this article, we explore the security and trust issues of sequential system design from the perspective of a finite state machine (FSM), which is the most popular model used to describe sequential systems. Specifically, we find that the traditional FSM synthesis procedure will introduce security risks and cannot guarantee trustworthiness in the implemented cir… Show more

“…CAD tools are essential to any design flow to bring up a design from a concept to silicon. Application of malicious logic synthesis tools to introduce Trojans have been reported in References [17,18,38]. All of these approaches consider a design whose Finite-State-Machine (FSM) is not completely specified.…”

“…Although these attacks can survive standalone, they will be easily detected in a complete tool flow during post-synthesis verification. A completely specified design approach to counter the malicious synthesis tools has been presented in Reference [39]; however, as indicated by Reference [38], complete specification of an FSM incurs a considerable area overhead. Application of CAD tools for hardware metering to prevent a malicious foundry from overproduction has been examined by Koushanfar et al [40].…”

“…These additional transitions provide a backdoor into the circuit and thereby introduce vulnerabilties. An approach to mitigate such problems has been proposed by Dunbar et al [38]. However, the hardware overhead of such countermeasures is around 90%, which is unrealistic for any practical design.…”

“…The extra transitions or states proposed in References [18,38] can be detected by Post-Synthesis Verification tools like Logical Equivalence Checker (LEC) in commercial flows. Consider the extra transition B to A, when the input is 0 in Figure 7(b).…”

CAD-Base

“…CAD tools are essential to any design flow to bring up a design from a concept to silicon. Application of malicious logic synthesis tools to introduce Trojans have been reported in References [17,18,38]. All of these approaches consider a design whose Finite-State-Machine (FSM) is not completely specified.…”

“…Although these attacks can survive standalone, they will be easily detected in a complete tool flow during post-synthesis verification. A completely specified design approach to counter the malicious synthesis tools has been presented in Reference [39]; however, as indicated by Reference [38], complete specification of an FSM incurs a considerable area overhead. Application of CAD tools for hardware metering to prevent a malicious foundry from overproduction has been examined by Koushanfar et al [40].…”

“…These additional transitions provide a backdoor into the circuit and thereby introduce vulnerabilties. An approach to mitigate such problems has been proposed by Dunbar et al [38]. However, the hardware overhead of such countermeasures is around 90%, which is unrealistic for any practical design.…”

“…The extra transitions or states proposed in References [18,38] can be detected by Post-Synthesis Verification tools like Logical Equivalence Checker (LEC) in commercial flows. Consider the extra transition B to A, when the input is 0 in Figure 7(b).…”

CAD-Base

“…Novel triggers using don'tcare states [53] or silicon wear-out mechanisms [54] have been developed which makes the Trojan get triggered in very rare conditions. Added circuitry due to new payloads may cause changes in the characteristics of the whole chip such as power signature and area consumed and may facilitate Trojan detection.…”

Challenges and Opportunities in Analog and Mixed Signal (AMS) Integrated Circuit (IC) Security

Vulnerability Assessment of Controller Designs