Trojan Taxonomy

Forte

Fifteenth International Symposium on Quality Electronic Design

2014

114

Due to design and fabrication outsourcing to foundries, the problem of malicious modifications to integrated circuits known as hardware Trojans has attracted attention in academia as well as industry. To reduce the risks associated with Trojans, researchers have proposed different approaches to detect them. Among these approaches, test-time detection approaches have drawn the greatest attention and most approaches assume the existence of a "golden model". Prior works suggest using reverse-engineering to identify such Trojan-free ICs for the golden model but they did not state how to do this efficiently. In this paper, we propose an innovative and robust reverseengineering approach to identify the Trojan-free ICs. We adapt a well-studied machine learning method, one-class support vector machine, to solve our problem. Simulation results using state-ofthe-art tools on several publicly available circuits show that our approach can detect hardware Trojans with high accuracy rate across different modeling and algorithm parameters.

Section: B Hardware Trojansmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 98%

On application of one-class SVM to reverse engineering-based hardware Trojan detection

Forte

Fifteenth International Symposium on Quality Electronic Design

2014

114

“…HTs can change the IC's functionality, leak secret information, disable or destroy the entire chip and are thus very dangerous [6]. Numerous countermeasures have been proposed and most of them happen at test-time.…”

Section: Introductionmentioning

confidence: 99%

A security-aware design scheme for better hardware Trojan detection sensitivity

Xie

2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

2015

Due to the trend of outsourcing designs to foundries overseas, there has been an increasing threat of malicious modifications to the original integrated circuits (ICs), also known as hardware Trojans. Numerous countermeasures have been proposed. However, very little effort has been made to design-time strategies that help to make test-time or run-time detection of Trojans easier. In this paper, we characterize each cell's sensitivity to malicious modifications and develop an algorithm to select a subset of standard cells for a given circuit such that Trojans are easily detected using [1] when the circuit is synthesized on it. Experiments on 8 publicly available benchmarks show that using our method, we could detect on average 16.87% more Trojans with very small power/area overhead and no timing violations. I. INTRODUCTIONDue to the trend of outsourcing designs to foundries overseas, there has been an increasing concern in malicious inclusions in Integrated Circuit (IC) design also known as Hardware Trojans (HTs). HTs can change the IC's functionality, leak secret information, disable or destroy the entire chip and are thus very dangerous [6]. Numerous countermeasures have been proposed and most of them happen at test-time. These approaches compare the functionality or side-channel behavior (path delay, power, etc.) of the IC under test with that of a golden IC (Trojan-free IC). Some reverse-engineering (RE) based Trojan detection schemes also happen at test-time. They apply RE to the IC under test and recover the layout or gatelevel netlist, which is then compared with that of a golden IC. Run-time approaches have also been investigated. These approaches monitor the IC for unexpected changes in functionality or side-channel behavior at run-time. If such changes are detected, the run-time logic will bypass the malicious logic to prevent Trojans from doing any damage.Other than well-studied test-time and run-time approaches, very few design-time strategies that help in either preventing the insertion of Trojans or easier detection of Trojans are proposed [10]. We should notice that Trojan detection is not a easy job and a cooperation between design-time and testtime/run-time approaches is always preferred.In this paper, we propose an innovative design-time strategy that allows easier test-time detection of Trojans using RE based method such as [1]. Our technique relies on choosing a subset of standard cells that are more sensitive to Trojan insertion from a given technology library. By synthesizing the design using the subset, we can still utilize the existing library as well as the design tools. This enables early adoption of security techniques into the EDA tool flow. We choose [1] as our test-time approach because it can be used to verify that a chip is golden which is the underlying assumption of many other test-time approaches. Furthermore, since it uses RE, it is arguably among the strongest approaches to detect Trojans.We summarize the contributions of this paper as follows: 1) We characterize each standard ...

“…Nowadays, chips, especially those with sensitive data like cryptographic devices, are subject to different kinds of attacks including both invasive and noninvasive attacks [7].Microprobing is one kind of invasive attacks that can be used to access the chip surface directly. Reverse engineering is another form of invasive attacks that is used to understand the inner structure and the functionality of a device.…”

Section: Introductionmentioning

confidence: 99%

A Secure Algorithm for Task Scheduling against Side-channel Attacks

Proceedings of the 4th International Workshop on Trustworthy Embedded Devices

2014

The problem of ordering task executions has been well studied under power, performance, and thermal constraints. However, it has been pursued less under security concerns. We have observed that different orders of task executions have different side-channel information leakage, thus having different security levels. In this paper, we first model the behavior of the attacker and then propose a secure algorithm for ordering aperiodic tasks that have soft deadlines. Our algorithm can keep a good balance between side-channel information leakage and total lateness. Experimental results show that the attacker could make 38.65% more error inferring the state of chip through side-channel analysis if tasks are scheduled using our algorithm as compared to using algorithms without security consideration (like EDF algorithm).