This paper addresses the energy attacks towards wireless systems, where energy is the most critical constraint to lifetime and reliability. We for the first time propose a hardwarebased energy attack, namely energy hardware Trojans (HTs), which can be well hidden in the wireless systems and trigger ultra-high energy increases at runtime. Then, we develop a non-destructive HT detection approach to identify the energy attack by remotely sampling the power profiles of the system and characterizing the gate-level temperatures. Our evaluation results on ISCAS benchmarks indicate the effectiveness of the proposed energy attacks and defense techniques.
INTRODUCTION
Wireless communication systems, especially mobile devices, have been widely used in a variety of personal and commercial applications, including the traditional wireless phone services and the emerging Internet mobile applications, such as social networking, mobile banking, and multimedia applications. With the ever increasing popularity of these applications, security and integrity of the devices have become a critical concern. Due to the mobile and wireless nature, security primitives for wireless systems are much more challenging and vulnerable than for traditional computer systems.
Both research and practical efforts have been directed towards wireless security at various levels, including software applications, communication channels, as well as hardware systems. Among them, many conventional and new security attacks [5] [9] [18] [1] [24] [35] [16] have been well identified, analyzed, and resolved. However, we note that the security towards one of the most crucial and fundamental components in wireless systems, namely energy consumption, has rarely been discussed until now.
It is well known that all wireless devices are energy constrained, especially with the more and more popular uses of mobile devices in computation-intensive applications, such as high definition video streaming and mobile computing. Although huge efforts have been made on energy reduction and optimizations, the systems are vulnerable to energy attacks that intend to cause high energy increase and reduce the lifetime of the system. For example, an adversary may implant a malware that runs in the background of a smart phone and consumes a large amount of battery power. Besides software attacks, energy attacks at the hardware level pose a more severe threat to the wireless systems, because they are much more challenging to be detected and disabled. For example, an untrusted foundry of the cell phone chip or untrusted third party manufacturer of the phone may have hidden hardware Trojans in the hardware that leak additional energy from the phone.
We target on the energy attacks on wireless systems caused by hardware Trojans (HTs), which are malicious modifications to the hardware systems conducted by an untrusted foundry or manufacturer during the manufacturing process [25] [29] [32] [33] . We show that such an energy attack can be implemented by embedding an ultra-small hardware Trojan trigger to the integrated circuit (IC) of the system, which hides in the circuit and results in huge energy increase on the device. In particular, we for the first time develop and demonstrate two types of hardware energy attacks by manipulating the input vectors and biasing the power supply, respectively. We argue that such energy attacks are extremely difficult to detect. On one hand, the attacker tends to hide the HT trigger in the target circuit by either sizing it ultrasmall or by activating it only when an extremely rare event occurs. On the other hand, the leakage energy by itself has a high dependence on the environment temperatures and, therefore, the attacker could attribute any malicious energy attack to the variations of environment temperatures. It is significantly difficult for the detection process to distinguish between the two cases.
Based on the investigation of the powerful energy attacks, we develop defense approaches for energy attacks by leveraging power profiling and temperature characterizations. The idea is to sample the total leakage power consumption of the wireless system and characterize the gate-level temperature profile by assuming that there is no energy attack. In the case where there is indeed malicious energy attack, the characterized temperature profile will not meet the normal spatial and temporal thermal distributions on an IC. We identify the possible discrepancy in temperatures quantitatively by defining a hardware Trojan indicator concerning the spatial inconsistency of the gate-level temperatures. Note that our energy HT detection approach requires no instrumentation to the wireless system, which can be conducted remotely without having direct physical access to the target device. Figure 1 shows the overall flow of our approaches for energy attack and defense, which spreads over the wireless system manufacturing, post-silicon testing, and real time (in-field) operation. Firstly, we investigate on the energy HT attack that can be conducted by an adversary during the manufacturing process, where the design objective is to maximize the potential damage (i.e., the leakage energy consumption) and minimize the probability of being detected (i.e., placing the trigger of the HT at a rarely switching or low leakage location, as well as enabling the sequentialbased activation event). Note that we develop two attack techniques, namely input vector control and forward body biasing, which significantly increase the leakage energy in the sleep mode and operation mode of the wireless system, respectively. Secondly, we employ a gate-level temperature characterization method to monitor and identify abnormal leakage energy variations at the runtime. Our approach characterizes the gate-level temperature profiles via energy profiling and thus distinguishes the abnormal energy hike due to security attacks and the normal energy variations due to environmental factors.
To the best of our knowledge, this is the first complete analysis and implementation of hardware-based energy attacks and defense techniques in wireless systems. In summary, our technical contributions include:
• Attack : a powerful and well hidden hardware energy attack to wireless systems by embedding and hiding hardware Trojan components in the target circuit;
• Defense: a temperature-aware power profiling approach to detect energy hardware Trojans in the wireless systems without embedding any additional hardware to the system.
The remainder of this paper is organized as follows. In Section 2, we summarize the existing research work regarding hardware Trojan detection, thermal-aware IC design, and adaptive body bias. Section 3 introduces the leakage energy model and the gate-level characterization approach that we employ in this work. In Section 4, we introduce the design of the high leakage HT in both the sleep mode and the system operation mode; Section 5 discusses our detection techniques against the high energy attack, which identifies the presence of attacks via gate-level temperature characterization. We show our experimental results in Section 6 and conclude the paper in Section 7.
RELATED WORK
In this section, we summarize the existing research efforts in the areas of hardware Trojan detection, thermal-aware IC design, and adaptive body bias techniques, with the emphasis of our new contributions compared to the previous approaches and techniques.
Hardware Trojan Detection
Hardware Trojans (HTs) [25] [28] .
The existing HT detection efforts targeted only on HTs that cause direct security attacks, such as implanting a backdoor in the circuit and extracting confidential information from the system at runtime. However, we note that the security toward one of the most crucial and fundamental components in embedded systems, namely energy consumption, has rarely been discussed until now. Our energy HT detection approach is new compared to the existing HT detection techniques. We for the first time analyze and address hardware Trojans of energy attacks towards wireless systems, which has not been discussed in the current literature.
Thermal-aware IC Design and Analysis
Thermal effect has become a crucial factor being considered in IC design and manufacturing because of the interdependency between IC properties (i.e. delay and leakage power) and temperature. Recently, many research efforts have been made on thermal-aware leakage model and leakage reduction techniques. Li et al. [20] developed an architectural model for subthreshold and gate leakage that explicitly defines the relationship between leakage power and temperature. It shows that the subthreshold leakage currents are exponentially dependent on temperature and voltage. Besides leakage power, Liao et al. [21] showed that the performance of IC also depends on temperature.
Temperature monitoring of IC systems has drawn a great deal of attention in the IC design and manufacturing community. Finite element analysis (FEA) [38] and resistor networks [7] approaches employ heat transfer model for semiconduct materials and calculate the IC temperature profiles at design time. Power blurring technique [14] reduces the computation time of FEA by using matrix convolution. However, these techniques are designed for temperature calculation and prediction at the design time, which is not resilient to the process variation and cannot be used for runtime temperature monitoring. At runtime, thermal sensorbased approaches [27] have been proposed to measure the temperatures in the real time. However, these approaches introduce a high overhead and instrumentation to the target circuit. Compared to the existing approach, our gate-level temperature profiling technique is new in the following aspects. First, our approach is non-destructive, as we do not require any additional hardware to be added in the target circuit, which minimizes the overhead; Second, we take into consideration of the process variation and measurement error, which enables us to monitor the real time temperatures for remote wireless systems. For example, our technique can also be used to facilitate remote hardware identification or watermarking [11] [17] [39] .
Adaptive Body Bias
Adaptive body bias (ABB) has been widely adopted as an efficient post-silicon approach in the research efforts of leakage energy reduction and performance optimization [23] [10] [6] . For example, Nabaa et al. [23] proposed the use of ABB through the use of the new FPGA architecture that includes an additional characterizer circuit to reduce the leakage energy by 3 times. Gregg et al. [10] proposed using ABB to compensate for the process variation and improve delay and leakage. Chen et al. [6] compare the effectiveness of adaptive supply voltage (ASV) and ABB. Furthermore, similar with the pre-silicon dual V th approach, researchers have proposed multiple body bias values in the target circuit, each drives a subset of the gates. For example, Xu et al. [36] cluster the gates at a finer-grained level and apply multiple ABB values to control the leakage energy consumption.
Compared to the existing work, We investigate on an unconventional use of the ABB techniques, possibly by an adversary, to increase the leakage energy consumption of wireless systems. Instead of compensating for the process variation and reducing leakage energy consumption, an attacker may apply forward bias voltages to increase the leakage energy exponentially.
PRELIMINARIES
In this section, we summarize the preliminaries and key observations that serve as the foundation of our proposed energy attack and defense techniques, including the energy model we employ for evaluating the leakage energy, as well as the gate-level characterization scheme that recovers the gate-level physical properties from global leakage energy measurements.
Energy Model
We consider leakage energy and switching energy that are major sources of energy consumption during IC operations. The leakage energy is dependent on the IC physical properties such as effective channel length L ef f and threshold voltage V th . Equation (1) is the gate-level leakage energy model [22] , where W is gate width, L is gate length, V th is threshold voltage, and T is the temperature. The rest of the parameters are considered as constants and are discussed in details in [22] .
Equation (1) indicates that the leakage energy of logic gate depends on the temperature in a non-linear manner. Therefore, any temperature changes in the environment, or due to the switching of the gates in the circuit, will have impact on the energy consumption of the IC system.
The gate-level switching energy model [22] is described by Equation (2), where the switching energy is dependent on gate width W , gate length L, and supply voltage V dd . where α is the switching probability.
Gate-level Characterization
In gate-level characterization (GLC), we recover the gatelevel IC properties from global side-channel measurements under the application of various input vectors [29] [30] [34] . For example, when J input vectors have been applied on a target circuit with K gates, the gate-level leakage energy values can be solved using the following linear program (LP):
where E jk is the leakage energy of gate k (k = 1, . . . , K) when input vector j (j = 1, . . . , J) is applied;Ẽj is the measured total leakage energy when the input vector j is applied; errj is the measurement error; F is a metric for quantifying the measurement errors, such as l1 or l2 norm. In this LP formulation, E jk can be expressed as a product of its constant nominal value E nom,jk and a scaling factor (due to PV) δ k , i.e., E jk = δ k E nom,jk . By solving the LP with δ k as the variables, we can obtain the value of E jk for each gate k (k = 1, . . . , K). Furthermore, by following the energy models (i.e., Equations (1) and (2)), we can formulate a system of nonlinear equations and solve for the physicallevel properties (i.e., threshold voltage and effective channel length) of each individual gate. (2) trigger, which indicates the activation condition that would trigger the energy attack. By analyzing these two components, we aim to quantify the energy increase caused by the attacks as well as the probability of activation, which are quantitative indicators of the effectiveness of attacks and the difficult level for detection, respectively. An attacker would tend to maximize the action while reducing the trigger probability to impose damaging and well hidden energy attacks.
HIGH LEAKAGE ENERGY ATTACK
In this section, we design and analyze energy attacks on wireless systems via malicious hardware modification during the manufacturing process (i.e., energy hardware Trojans). We analyze two major components of the hardware Trojans, namely (1) action, which indicates what attacks the HT could impose and how the attacks are implemented; and
Sleep-mode Energy Attack: Input Vector Manipulation
For most of the wireless systems and applications, the circuit of the system would stay in the sleep mode for a large portion of the time. For example, in the case of a cell phone, the major components are only exercised once it is in a voice call. Similarly, in a wireless sensor network, the communication circuitry only operates during the data collection process. Consequently, the input vectors that are being applied during the IC sleep mode becomes crucial with regard to the leakage energy consumption, because of the fact that the leakage energy of a logic gate highly depends on the input vectors [37] . For example, as shown in Figure 2 , the leakage energy of a NAND gate can vary up to 12 times with different input vectors. Although this phenomenon can provide us with an opportunity for leakage energy reduction, it is more easily leveraged by an attacker for energy attack. Figure 3 shows a motivational example of energy attack using input vector manipulation. In this case, the HT component applies an input vector that sets the maximum number of gates in the high energy state, which results in the highest energy consumption (i.e., 2.96 times of the minimum energy consumption). If this situation continues over time without being identified by the user or tester of the system, it will cause several times more energy consumption, which is considered significant in a power hungry system. 
Operation-mode Energy Attack: Forward Adaptive Body Bias
During IC operation, the supply voltage plays an important role to the total leakage power consumption. According to Equation (1), the leakage energy of a transistor increases exponentially with the increase of supply voltage. We argue that this phenomenon can be leveraged for powerful energy attacks, since an exponential energy increase could cause huge impact to the wireless system and thus becomes the best interest of an attacker. In particular, we argue that an attacker could possibly apply a forward adaptive body bias (FBB, or forward ABB) voltage that, instead of compensating for the process variation as in the normal use of body biasing techniques [6] [10] [36] , would increase the energy exponentially in the circuit under attack. With this consideration, we implement a sample malicious circuitry that triggers the FBB-based energy attack, as shown in Figure 4 . The shaded part of the circuit is the malicious component, or HT, embedded by an adversary. During the operation mode, once triggered, the HT can select and apply a forward body bias voltage, which increases the supply voltage and maximizes the leakage energy without compromising the functionality of the system.
HT Triggers: Rare Activation of Attacks
In the previous two subsections, we have shown that HTbased energy attack could cause huge energy increase, either linearly in the sleep mode or exponentially in the operation mode. However, the attacks would not take effective unless the triggers are well hidden from the common detection approaches. In this subsection, we discuss in details how an attacker could design the trigger such that the resulting HT attack has a low probability to be detected by the HT detection attempts. The intuitions of hiding the HT trigger, from the attacker's perspective, include the following: (1) hide the HT trigger in the circuit both physically and in terms of their observable properties, such as delay and power; and (2) minimize the activation probability of the HT.
Hiding the HT trigger
In order to bypass the most commonly used side channelbased detection approaches, an attacker aims to place the HT trigger in such a way that it is non-observable via the commonly considered side channels, including delay, leakage power, and switching power. In order to achieve this goal, we add only one single gate in the target circuit that serves as the trigger. With this single gate HT trigger, we ensure that any resulting delay or power variation is minimum to increase the difficulty level for detection. Furthermore, to further complicate the side channel-based detection approaches, we place the single gate HT trigger at a circuit location where the delay and power are non-observable or difficult to measure. For example, in Figure 5 (a), the delay of the HT trigger is non-observable due to the parallel reconvergent paths. One can measure the delay between the two endpoints x and y. However, it is not possible to determine whether the measured delay is for path 1 or path 2 and, therefore, the HT can be hidden under the delay measurements.
Minimizing the activation probability
Based on the HT trigger placement that is difficult to detect, we further reduce its activation probability to bypass the security checks that are based on generated test vectors, such as automatic test pattern generation (ATPG) [2] . The idea is to set the activation condition in such a way that it is only known to the attacker and very rarely triggered during a normal IC operation or test. We achieve this goal by using two approaches. Firstly, we select the fan-in gates from the target circuit in such a way that the HT trigger is rarely switched, as shown in an example in Figure 5(b) . The activation probability of the NAND HT trigger is 1/2 n , where n is the number of inputs that can be customized by the attacker to balance the trade-off between the size of the HT trigger and the activation probability. Secondly, we leverage sequential elements (i.e., flip-flops) that create temporal-based activation conditions in a finite state machine (FSM). In this way, the activation probability of the HT trigger can be further reduced exponentially based on the results from the first approach. For example, as shown in Figure 5 (c), the 5-state FSM serves as the activation condition, which triggers the HT only when all 5 states are satisfied in 5 consecutive clock cycles. As a result, the activation probability is ∏ m i=1 Pi, where Pi is the activation probability of the vector in state i, and m is the number of states.
TEMPERATURE-AWARE CONSISTENCY-BASED HT DETECTION
In this section, we discuss our detection approach to identify the HT-based energy attacks. In order to exclude the possible impact of temperature in energy increase, which is likely to be claimed by the attacker, we conduct gatelevel temperature characterization to recover the temperature profile of the circuit. Then, we calculate the value of our defined HT indicator, which is the spatial inconsistency of temperatures among physically adjacent gates, to determine the presence of energy attack.
Energy Paradox
The most straightforward detection approach towards the energy attack is by sampling the energy profiles of the operating wireless systems on a regular basis and observe the abnormal energy increase. Although remote sampling and data collection is a common practice for wireless system performance or status monitoring, the collected power profile is not an effective indicator for energy attacks, due to the following energy paradox, which can be leveraged by energy attackers:
Energy Paradox. Due to the exponential dependence of leakage energy on temperatures, as indicated in Equation (1), it is not certain to the system user whether the energy increase is caused by normal temperature variations or malicious energy attacks. As a matter of fact, it is common that the target wireless system, such as a wireless sensor network, is deployed in a hazardous environment where the temperature varies in an unknown pattern. In this case, the power profiling approach by itself is not sufficient to reach a conclusive judgment of whether any energy attack exists or not.
Gate-level Temperature Characterization
In order to address the energy paradox and obtain accurate energy HT detection results, in the case of a high energy profile, we must measure or characterize the temperature of the target IC to either exclude its impact or report that the energy increase is due to temperature. Several approaches have been proposed in monitoring the temperatures of IC systems, such as FEA [38] , power blurring [14] , and sensors [27] . However, the FEA and power blurring approaches work at the IC design stage without the taking account of the impact of process variation and are not resilient for post-silicon attacks. The sensors-based approaches provide real-time measurements of temperatures, but they require additional sensor circuitry in the target IC, which greatly increases the complexity and cost of the system.
We develop a non-destructive gate-level temperature characterization approach using power profiling, which does not require additional hardware circuitry being added to the target IC. The approach is based on the physical-level GLC concerning threshold voltage (V th ) and effective channel length (L ef f ). We show the flow of temperature characterization in Pseudocode 1. Firstly, before the release and deployment of the wireless system, we characterize the gate-level V th and L ef f at room temperature, where we assume the temperature T in Equation (1) as a constant value. Then, after the system has been deployed and in operation, we take M power measurements and characterize the temperature (Ti) of each gate using Equation (1) based on the V th and L ef f that are already known. Finally we conduct online security checking to determine the presence of energy attack using the HT indicator, as defined and discussed in the next subsection.
Pseudocode 1 Gate-level temperature characterization via power profiling.
1: Post-silicon: 2: Gate-level characterization to solve V th , L ef f of each gate at room temperature following Equations (1) and (2); 3: Runtime: 4: Take M power measurements via sampling; 5: for all Gates gi in the circuit do 6:
Solve for temperature Ti following Equations (1); 7: end for 8: Security Check : 9: Conduct security check on temperature Ti over all gates;
HT Indicator
The problem we face in inspecting the characterized temperature profile for HT detection is that the normal temperature profile, or the "golden model", is not available in the case of wireless systems. It is because the system is often deployed in unknown environments (e.g., wireless sensor network) or has a mobile nature and a high probability of environmental changes (e.g., smart phones). Therefore, the online temperature security inspection cannot be done via simple comparisons.
We solve the problem by defining a HT indicator that represents the temperature inconsistency over gates that are adjacent to each other in the target IC. Our intuition is that the heat transfer process would create spatial correlations in the temperatures of gates that are physically close to each other. Therefore, if we ever observe that there is an abnormally large deviation between the temperatures of two or more adjacent gates, it is an indicator that the energy increase is not likely caused by temperature changes but by malicious energy attacks. This is based on the assumption that it is computationally impossible for an attacker to emulate the heat transfer model and impose energy attacks following exactly the same pattern. We define the HT indicator using the principal component analysis (PCA) models [8] that were originally used for modeling spatial correlations in IC process variations. As shown in Figure 6 , we group the gates into multiple grids at different levels in order to capture the inconsistency of the temperatures between various boundaries of adjacent gates. At each specific level, we define the HT indicator as the average standard deviation, over all grids, of temperatures among all gates within each grid. In particular, at the i-th level, the HT indicator Hi can be calculated as the following:
where Ni is the number of grids at level i, and Gij is the set of gates in the j-th grid at level i. We use Hi to evaluate the temperature deviation over adjacent gates at different granularities. Depending on the sizes and physical properties of the circuit under test, different levels of Hi plays different roles in the final evaluation of the temperature deviations. Therefore, we define the following weighted function for the overall HT indicator:
where L is the number of levels that we divide using the PCA model, and wi is the weight factor at level i concerning the physical properties of the circuit.
EXPERIMENTAL RESULTS
We evaluate our temperature-aware energy HT detection approach on a set of ISCAS benchmarks that are widely used in the IC design and hardware security community [4] [3] . In this section, we discuss in details our evaluation results in the energy HT attack and defense.
Effectiveness of Energy HT Attack
We evaluate the effectiveness of energy HT attack from two aspects that are essential for a hardware Trojan: (1) HT action, i.e., how much energy increase the energy HT causes to the circuit under attack; and (2) HT trigger, i.e., the probability of activation of the HTs, which indicates how well they can be hidden from common detection approaches.
Energy Increase
We evaluate the energy increase caused by forward ABBbased energy attack by inserting a HT trigger that selects ABB voltages up to 1.0V. Figure 7 shows the energy increase due to the attack on a set of ISCAS benchmarks. We observe that the energy consumption grows exponentially with the linear increase of the ABB voltage, creating huge impacts on the circuit under attack.
Activation Probabilities of the Energy HTs
We further evaluate the activation probabilities of the HT triggers in order to quantify the difficulty levels for detecting these energy attacks. Table 1 shows our simulation results on a set of ISCAS benchmarks. We evaluate two cases with the number of fan-in gates for the HT trigger selected from the target circuit varying between 5 and 10. In each case, we employ a 5-state finite state machine that randomly generates 5 sequential activation input vectors that serve as the activation condition of the HT trigger. Our results show that the activation probabilities are extremely low and decrease exponentially with the increase of fain-in signals and the number of states in the finite state machine. The probabilities are low enough to create challenging attacks that are computationally infeasible to be covered by any existing functional test detection schemes.
Effectiveness of Temperature-aware HT Detection
We evaluate the effectiveness of our temperature-aware HT detection approach from two aspects. Firstly, we evaluate the accuracy of the gate-level temperature characterization, which is an indicator of how accurate we can capture the abnormal temperature variations. Then, we evaluate the HT detection approach by comparing the HT indicator values in two cases where HTs are present and where there are no HTs, in order to determine the false positives and false negatives in HT detection.
Accuracy of Gate-level Temperature Characterization
We evaluate the accuracy of the gate-level temperature characterization by comparing the characterized temperatures and the actual temperatures and quantifying the average characterization errors. Figure 8 shows the distribution of the characterization errors for each gate in a set of ISCAS benchmarks. The results indicate that characterization errors of all gates are controlled within the 2% mark except for very few outliers gates. Also, the accuracy does not decrease with the increase of the circuit sizing, indicating the scalability of our detection approach.
Effectiveness of Detection Using HT Indicator
In order to evaluate the effectiveness of HT detection, we characterize the gate-level temperature profiles in two cases where there are no energy attacks (i.e., HT-free) and where there are forward ABB-based energy HTs embedded and triggered in the target circuit (i.e., HT-present). For each case, we calculate the value of the HT indicator as defined in Section 5.3 to observe the difference between the two cases. In our simulation, we use 3 level of grids in the PCA model (L=3) and use evenly assigned weight factors for the wi (i.e., wi = 1/3, i = 1, 2, 3) in calculating H. Figure 9 shows our evaluation results of HT indicator H in both the HT-present and HT-free cases. There is an obvious and large difference between the HT indicators in the two cases. In the HTpresent case, the HT indicator is significantly larger than that of the HT-free case. Therefore, the HT indicator is a good metric for differentiating the two cases, which provides us with zero false positives and zero false negatives in the detection of energy HTs.
CONCLUSION
We developed the first hardware Trojan-based energy attack towards wireless systems using input vector manipulation and forward body biasing. To complicate the detection process, we hide the trigger of the energy hardware Trojan by embedding it in unobservable paths and minimizing its activation probability. Then, as defense, we developed a temperature-aware gate level characterization approach that distinguishes between the energy increase caused by normal temperature variations and due to malicious attacks. Our simulation results on ISCAS benchmarks verified the effectiveness of the energy attack and defense approaches. To the best of our knowledge, this is the first attempt to analyze and address hardware Trojan-based energy attacks in wireless systems.
ACKNOWLEDGEMENTS
This work was supported in part by the NSF under Award CNS-0958369, Award CNS-1059435, and Award CCF-0926127, and in part by the Air Force Award FA8750-12-2-0014. 
REFERENCES

