Towards a Hardware Trojan Detection Cycle

Dabrowski, Adrian; Hobel, Heidelinde; Ullrich, Johanna; Krombholz, Katharina; Weippl, Edgar

doi:10.1109/ares.2014.45

Cited by 9 publications

(2 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A process of secure development and rigorous testing at each production stage, such as the one proposed in [6], can reveal manipulations before fabrication.…”

Section: Introductionmentioning

confidence: 99%

Efficient triggering of Trojan hardware logic

Voyiatzis

Stefanidis

Kitsos

2016

2016 IEEE 19th International Symposium on Design and Diagnostics of Electronic Circuits &Amp; Systems (DDECS)

View full text Add to dashboard Cite

The detection of malicious hardware logic (hardware Trojan) requires test patterns that succeed in exciting the malicious logic part. Testing of all possible input patterns is often prohibitively expensive. As an alternative, we explored previously the applicability of the combinatorial testing principles.In this paper, we turn our focus on the efficiency of this approach for triggering the hidden malicious logic. We present a series of experiments with Trojan designs of various activation patterns and lengths that target a cryptographic module performing AES cryptography. Our findings indicate that the available test suites succeed in triggering the malicious logic in all cases requiring only a very small number of test vectors. Thus, it is an efficient means for detecting malicious hardware logic.

show abstract

“…A process of secure development and rigorous testing at each production stage, such as the one proposed in [6], can reveal manipulations before fabrication.…”

Section: Introductionmentioning

confidence: 99%

Efficient triggering of Trojan hardware logic

Voyiatzis

Stefanidis

Kitsos

2016

2016 IEEE 19th International Symposium on Design and Diagnostics of Electronic Circuits &Amp; Systems (DDECS)

View full text Add to dashboard Cite

show abstract

“…The strategy σ D3 (STRC) is a structural pattern matching method similar to those in [49,50]. It claims a Trojan is present whenever it detects disconnected or undriven wires or asynchronous feedback loops, features common in published HTHs and extremely uncommon in traditional circuit design.…”

Section: Defender Strategiesmentioning

confidence: 99%

A practical application of game theory to optimize selection of hardware Trojan detection strategies

et al. 2019

View full text Add to dashboard Cite

A wide variety of Hardware Trojan countermeasures have been developed, but less work has been done to determine which are optimal for any given design. To address this, we consider not only metrics related to the performance of the countermeasure, but also the likely action of an adversary given their goals. Trojans are inserted by an adversary to accomplish an end, so these goals must be considered and quantified in order to predict these actions. The model presented here builds upon a security economic approach that models the adversary and defender motives and goals in the context of empirically derived countermeasure efficacy metrics. The approach supports formation of a two-player strategic game to determine optimal strategy selection for both adversary and defender. A game may be played in a variety of contexts, including consideration of the entire design lifecycle or only a step in product development. As a demonstration of the practicality of this approach, we present an experiment that derives efficacy metrics from a set of countermeasures (defender strategies) when tested against a taxonomy of Trojans (adversary strategies). We further present a software framework, GameRunner, that automates not only the solution to the game but also mathematical and graphical exploration of "what if" scenarios in the context of the game. GameRunner can also issue "prescriptions," a set of commands that allows the defender to automate the application of the optimal defender strategy to their circuit of concern. Finally, we include a discussion of ongoing work to include additional software tools, a more advanced experimental framework, and the application of irrationality models to account for players who make subrational decisions.

show abstract