Side-Channel Trojan Insertion - a Practical Foundry-Side Attack via ECO

Perez, Tiago; Imran, Malik; Vaz, Pablo; Pagliarini, Samuel

doi:10.1109/iscas51556.2021.9401481

Cited by 16 publications

(9 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…2. Our trojan insertion methodology for an SCT capable of leaking 2 bits per power signature reading (modified from [10]).…”

Section: A Side-channel Trojan Designmentioning

confidence: 99%

“…Despite encouraging results reported from the SCT studies, only in [10] the authors discuss how SCTs could be inserted from the perspective of the attacker. Even more concerning, this discussion is also absent from silicon-validated trojans [15], [16], [21].…”

Section: Introductionmentioning

confidence: 99%

“…Even more concerning, this discussion is also absent from silicon-validated trojans [15], [16], [21]. In this work, we present an extension of the SCT design methodology described in [10]. We assume that a rogue element inside the foundry is the adversary and that he/she makes use of readily available engineering change order (ECO) capabilities of physical design tools.…”

Section: Introductionmentioning

confidence: 99%

“…A typical IC design flow. Highlighted in red is the stage where a rogue element may mount an attack (modified from [10]).…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Hardware Trojan Insertion in Finalized Layouts: From Methodology to a Silicon Demonstration

Perez

Pagliarini

2023

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

“…2. Our trojan insertion methodology for an SCT capable of leaking 2 bits per power signature reading (modified from [10]).…”

Section: A Side-channel Trojan Designmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…A typical IC design flow. Highlighted in red is the stage where a rogue element may mount an attack (modified from [10]).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Hardware Trojan Insertion in Finalized Layouts: From Methodology to a Silicon Demonstration

Perez

Pagliarini

2023

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

“…Hardware Trojans are known as one of the greatest threats against the trustworthiness of ICs, and they have raised serious concerns about the reliability and security of digital designs [2]. If an IC is utilized in a product/system while Trojan(s) remain there, it may lead to functionality change, reliability degradation/denial of service, and information or data leakage [3].…”

Section: Introductionmentioning

confidence: 99%

Reusing Verification Assertions as Security Checkers for Hardware Trojan Detection

Eslami¹,

Ghasempouri²,

Pagliarini³

2022

Preprint

Self Cite

View full text Add to dashboard Cite

Globalization in the semiconductor industry enables fabless design houses to reduce their costs, save time, and make use of newer technologies. However, the offshoring of Integrated Circuit (IC) fabrication has negative sides, including threats such as Hardware Trojans (HTs) -a type of malicious logic that is not trivial to detect. One aspect of IC design that is not affected by globalization is the need for thorough verification. Verification engineers devise complex assets to make sure designs are bug-free, including assertions. This knowledge is typically not reused once verification is over. The premise of this paper is that verification assets that already exist can be turned into effective security checkers for HT detection. For this purpose, we show how assertions can be used as online monitors. To this end, we propose a security metric and an assertion selection flow that leverages Cadence JasperGold Security Path Verification (SPV). The experimental results show that our approach scales for industry-size circuits by analyzing more than 100 assertions for different Intellectual Properties (IPs) of the OpenTitan Systemon-Chip (SoC). Moreover, our detection solution is pragmatic since it does not rely on the HT activation mechanism.

show abstract