Comments on "Defeating HaTCh: Building Malicious IP Cores" by Haider, Syed Kamran et al.
ar
X
iv
:1
80
4.
04
78
3v
2 
 [c
s.C
R]
  4
 O
ct 
20
18
Comments on “Defeating HaTCh: Building
Malicious IP Cores”
Syed Kamran Haider, Chenglu Jin, and Marten van Dijk
Department of Electrical and Computer Engineering
University of Connecticut, Storrs, CT, 06269, USA
1 Introduction
Recently, Haider et al. introduced the first rigorous hardware Trojan detection
algorithm called HaTCh [7]. The foundation of HaTCh is a formal framework of
hardware Trojan design introduced in [6], which formally characterizes all the
hardware Trojans based on its properties.
However, Bhardwaj et al. recently published one paper “Defeating HaTCh:
Building Malicious IP Cores” [3], which incorrectly claims that their newly de-
signed hardware Trojan can evade the detection by HaTCh. The coding scheme
used for transmitting secret keys in [3] is interesting and valuable to the commu-
nity, but the claim that this new Trojan can defeat HaTCh is incorrect,
due to the authors’ misunderstanding of HaTCh [7] and its fundamental defini-
tional framework [6].
2 Formal Framework for Hardware Trojans
In [6], the class of hardware Trojans that the authors formally characterized is
called HD, which is referred to the class of trigger-based pre-silicon hardware
Trojans embedded in a deterministic function (IP core), and its malicious
payload is only delivered by Standard I/O channels. In HD class, the
authors further discovered four advanced properties (d, t, α and l) to formally
characterize all possible hardware Trojans in HD. The readers are referred to [6]
and its extended version [8] for a detailed discussion of these four properties.
Based on this formal definitional framework, Haider et al. proposed one hard-
ware Trojan detection algorithm, called HaTCh, that offers negligible false neg-
ative rate and controllable false positive rate for the detection of all possible
hardware Trojans in HD [7]. The readers are referred to [7] for a detailed
algorithm and formal proofs.
3 Detailed Hardware Trojan Design in [3]
The hardware Trojan design in [3] is based on an AES (Advanced Encryption
Standard [12]) core and a PRSG (Pseudorandom bit Sequence Generator). The
authors argued that in some cases, in order to provide traffic flow confidentiality
2 Syed Kamran Haider, Chenglu Jin, and Marten van Dijk
as suggested in [9], the output port of an AES core needs to keep outputting
random bit strings even when the AES core is not working. The authors intro-
duced a coding method to embed the secret key into the random string sent
out during the idle time to establish a covert channel with an eavesdropping
adversary. Since the adversary knows how the key is encoded, he/she is able
to decode the random string and retrieve the key. The authors also ran some
statistical analysis to show that the random string generated by their hardware
Trojan is indistinguishable from a “real” random string, so they choose to keep
their hardware Trojan always on, in other words, this Trojan does not have a
trigger. This is why they claim they can evade the detection of HaTCh and de-
feat HaTCh, but actually this hardware Trojan design is not in HD class,
because it is not a trigger-based hardware Trojan. Thus, their final claim
of defeating HaTCh is incorrect, because HaTCh is designed for detecting all
possible Trojans in HD class.
1
4 Common Misunderstandings about HaTCh
It is usually very easy for the readers of [7,8] to miss some crucial requirements
for using HaTCh. Let us list some important properties of hardware Trojans to
fall within the scope of HaTCh as follows:
1. The hardware Trojans need to be trigger-based, so the Trojans in [3,10] are
not in HD class, and therefore HaTCh cannot provide security guarantees.
2. The malicious payload should only be delivered by standard I/O channel, so
the side channel Trojans, e.g. [10,5], are out of the scope of HaTCh.
3. HaTCh is designed for pre-silicon Trojans, so all the Trojans inserted during
fabrication, like [2,13], will not be detected by HaTCh.
4. HaTCh requires the original IP core to be a deterministic function for its
functional testing, and therefore any IP core has non-deterministic function
(True Random Number Generator) needs to test its deterministic part sep-
arately.
5. Since HaTCh algorithm takes the four advanced properties (d, t, α and l)
of hardware Trojans as inputs, so a HaTCh instance with a given set of
these four parameters can provably detect all possible Trojans in the class
of Hd,t,α,l.
Another common misunderstanding about HaTCh is that the way how a
Trojan is triggered will affect the detection capability of HaTCh. This is not
correct. As long as there is a trigger activation condition that only appears
when the Trojan is triggered, HaTCh is able to detect it. Thus, a clock glitch
triggered Trojan [1] or a sensor triggered Trojan [11] both fall into the category
of HD, and therefore will lead to detection by HaTCh.
1 An always-on hardware Trojan which leaks information via a standard digital chan-
nel can be deterministic, but as explained in [7] it will not even pass functional
testing. Section 6 explains that in fact the hardware Trojan is not always on but it
is still not in HD because it is embedded in a non-deterministic IP core.
Comments on ”Defeating HaTCh: Building Malicious IP Cores” 3
5 Conclusion
HaTCh [7] and its definitional framework [8] are the first formal treatment of
hardware Trojan design and detection. They are supported by formal analysis
and rigorous proofs, so the readers are suggested to read and understand the
theory and proof in their study.
6 Recent Updates on October 8, 2018
Recently, Bhardwaj et al. uploaded one new article “Validating the Claim -
Defeating HaTCh : Building Malicious IP cores” [4] on 9/18/2018. According
to the arguments presented in [4], it shows that the authors still failed to fully
understand the formal definitional framework in [8] that our detection algorithm
HaTCh [7] is based on.
6.1 The Claim in [4]
The authors claim that their hardware Trojans introduced in [3] is in the class
of HD, and it is not an always-on hardware Trojan. Its trigger mechanism is em-
bedded in the AES core, because when the AES core is not encrypting anything,
the hardware Trojan is active and leaking secret key.
6.2 Our Claim
The hardware Trojan introduced in [3] is not in HD. We agree with
the claim that one can consider the trigger mechanism is in the AES core, if
one considers the AES core, PRSG and the MUX jointly as a single IP core.
However, there is a simple fact that shows why the hardware Trojan in [4] is not
in HD. The whole IP core, comprising of AES, PRSG and MUX, does
not have a deterministic behaviour.
Let us first revisit the definition of HD in [8].
Definition 1. [8] HD Trojans are the ones which are:
1. Embedded in an IP core whose output is a function of only its input – i.e.
the logical functionality of the IP core is deterministic, and
2. The algorithmic specification of the IP core can exactly predict the IP core
behavior.
Let us see the reason why a detection algorithm will not be able to catch the
abnormal behaviour of the hardware Trojan in [3].
Quoting from [3]: “The key bits are randomized before transmission by the
Trojan, so to a benign observer the flow of output bit patterns appears random,
much like the cipher text and/or the PRSG bits, however an eavesdropper with
prior knowledge of the proposed Trojan design can extract the encryption key
bits.”
4 Syed Kamran Haider, Chenglu Jin, and Marten van Dijk
Hardware Trojan class HD requires a specification to exactly predict the IP
core behavior, so if a benign observer (or a detection algorithm like HaTCh) sees
an output does not match the specification, it should have already detected this
Trojan, let alone when a random-looking output is observed. Thus, the reason
why the Trojan proposed in [3] can evade detection relies on the fact that the
specification of the large IP core allows random outputs. This means that the IP
core, compromising of AES, PSRG and MUX, is not a deterministic function,
so any hardware Trojan embedded in this IP core is not in HD.
Moreover, the analysis of the four properties (d, t, α and l) of their hardware
Trojan in [4] is incorrect as well. The authors only show a few vague explanations
to argue that the parameters of their Trojan are very large, but given the precise
mathematical definitions of these four properties in [8], one can precisely calcu-
late the values of these four properties, instead of saying “they are extremely
large”. In particular, the trigger signal dimension of the Trojan in [3] is very
likely to be 1, instead of being very large. In fact, one can determine whether
the Trojan is active or not by checking the selection wire (single wire) of the 2-
to-1 MUX, that chooses to output either the AES output (when AES is running
and the Trojan is deactivated) or PRSG output (when AES is not running and
therefore the Trojan is active).
6.3 Summary
We strongly encourage the authors of [3,4] to study the full version of our the-
ory paper [8], and understand the formal rigorous definitions in [8], especially
Definition 6 to 11.
We also would like to emphasize that HaTCh framework is formally and
rigorously proved in [7]. So, a claim like “defeating HaTCh” is equivalent to
finding a mistake in our proofs or designing a hardware Trojan does not satisfy
the statistical assumptions that our claims and proofs are based on. However,
notice that a claim like “defeating HaTCh” does not mean designing a hardware
Trojan not in our characterized hardware Trojan classes.
References
1. Ali, S.S., Chakraborty, R.S., Mukhopadhyay, D., Bhunia, S.: Multi-level attacks:
An emerging security concern for cryptographic hardware. In: Design, Automation
& Test in Europe Conference & Exhibition (DATE), 2011. pp. 1–4. IEEE (2011)
2. Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hard-
ware trojans. In: International Workshop on Cryptographic Hardware and Embed-
ded Systems. pp. 197–214. Springer (2013)
3. Bhardwaj, A., Roy, S.K.: Defeating hatch: Building malicious ip cores. In: Inter-
national Symposium on VLSI Design and Test. pp. 345–353. Springer (2017)
4. Bhardwaj, A., Roy, S.K.: Validating the claim - defeating hatch : Building malicious
ip cores. arXiv preprint arXiv:1809.06730 (2018)
5. Ender, M., Ghandali, S., Moradi, A., Paar, C.: The first thorough side-channel
hardware trojan. In: International Conference on the Theory and Application of
Cryptology and Information Security. pp. 755–780. Springer (2017)
Comments on ”Defeating HaTCh: Building Malicious IP Cores” 5
6. Haider, S.K., Jin, C., van Dijk, M.: Advancing the state-of-the-art in hardware
trojans design. In: 2017 IEEE 60th International Midwest Symposium on Circuits
and Systems (MWSCAS). pp. 823–826 (Aug 2017)
7. Haider, S.K., Jin, C., Ahmad, M., Shila, D., Khan, O., van Dijk, M.: Advancing the
state-of-the-art in hardware trojans detection. IEEE Transactions on Dependable
and Secure Computing (2017)
8. Haider, S.K., Jin, C., van Dijk, M.: Advancing the state-of-the-art in hardware
trojans design. arXiv preprint arXiv:1605.08413 (2016)
9. Kiraly, C., Teofili, S., Bianchi, G., Cigno, R.L., Nardelli, M., Delzeri, E.: Traffic flow
confidentiality in ipsec: Protocol and implementation. In: The Future of Identity
in the Information Society, pp. 311–324. Springer (2008)
10. Lin, L., Kasper, M., Gu¨neysu, T., Paar, C., Burleson, W.: Trojan side-channels:
lightweight hardware trojans through side-channel engineering. In: Cryptographic
Hardware and Embedded Systems-CHES 2009, pp. 382–395. Springer (2009)
11. Ng, X.T., Naj, Z., Bhasin, S., Roy, D.B., Danger, J.L., Guilley, S.: Integrated sen-
sor: a backdoor for hardware trojan insertions? In: Digital System Design (DSD),
2015 Euromicro Conference on. pp. 415–422. IEEE (2015)
12. Pub, N.F.: 197: Advanced encryption standard (aes). Federal information process-
ing standards publication 197(441), 0311 (2001)
13. Yang, K., Hicks, M., Dong, Q., Austin, T., Sylvester, D.: A2: Analog malicious
hardware. In: Security and Privacy (SP), 2016 IEEE Symposium on. pp. 18–37.
IEEE (2016)
