Hardware IP Classification through Weighted Characteristics

Today’s business model for hardware designs frequently incorporates third-party Intellectual Property (IP) due to the many benefits it can bring to a company. For instance, outsourcing certain components of an overall design can reduce time-to-market by allowing each party to specialize and perfect a specific part of the overall design. However, allowing third-party involvement also increases the possibility of malicious attacks, such as hardware Trojan insertion. Trojan insertion is a particularly dangerous security threat because testing the functionality of an IP can often leave the Trojan undetected. Therefore, this thesis work provides an improvement on a Trojan detection method known as Structural Checking which analyzes Register-Transfer Level (RTL) and gate-level soft IPs. Given an unknown IP, the Structural Checking tool will break down the design primary ports and internal signals into assets that fall into six characteristics. These characteristics organize how the IP is structured and provide information about the unknown IP’s overall function. The tool also provides a library of known designs referred to as the Golden Reference Library (GRL). All entries in the library are also broken down into the same six characteristics and are either known to be clean or known to have a Trojan inserted. An overall percent match for each library entry against the unknown IP is calculated by first computing a percent match within each characteristic. A weighted average of these percent matches makes up the final percentage. If the library entry with the best match is known to have a Trojan inserted, then the unknown design is likely to have a Trojan as well and vice versa. Due to the structural variability of soft IP designs, it is vital to provide the best possible weighting of the six characteristics to best match the unknown IP to the most similar library entry. This thesis work provides a statistical approach to finding the best weights to optimize the Structural Checking tool’s matching algorithm

Framework of Hardware Trojan Detection Leveraging Structural Checking Tool

Since there is a significant demand for obtaining third-party soft Intellectual Property (IP) by first-party integrated circuit (IC) vendors, it is becoming easier for adversaries to insert malicious logic known as hardware Trojans into designs. Due to this, vendors need to find ways to screen the third-party IPs for possible security threats and then mitigate them. The development of the Structural Checking (SC) tool provides a solution to this issue. This tool analyzes the structure of an unknown soft IP design and creates a network of all the signals within the design and how they are connected to each other. In addition, these signals will be assigned with assets. Assets describe the central role of a signal in the entire design. These assets are then used to create asset patterns, which will be crucial for this thesis research. Previous research on SC tool focuses on Trojan detection by comparing and matching an unknown design to a trusted design in a Golden Reference Library. In this thesis research, another method of Trojan detection has been implemented in the SC tool, which focuses on recognizing specific asset patterns that mainly exist in Trojan-infested designs. These specific asset patterns can then be used to check against unknown designs for Trojans without using a Golden Reference Library. This thesis improves this method by creating a new framework for easily identifying the unique Trojan asset patterns

Characteristic Reassignment for Hardware Trojan Detection

With the current business model and increasing complexity of hardware designs, third-party Intellectual Properties (IPs) are prevalently incorporated into first-party designs. However, the use of third-party IPs increases security concerns related to hardware Trojans inserted by attackers. A core threat posed by Hardware Trojans is the difficulty in detecting such malicious insertions/alternations in order to prevent the damage. This thesis work provides major improvements on a soft IP analysis methodology and tool known as the Structural Checking tool, which analyzes Register-Transfer Level (RTL) soft IPs for determining their functionalities and screening for hardware Trojans. This is done by breaking down primary ports and internal signals into assigned assets that are spread out into six characteristics. Using characteristics based on the external primary ports and the internal signals connected to them, reassignment of assets can be used to match against entries using coarse-grained-to-coarse-grained matching against a subset of known-IPs to classify an unknown soft IP. After determining the soft IP’s functionality, asset reassignment occurs within the Golden Reference Library (GRL), a library consisting of known Trojan-free and Trojan-infested entries. A fine-grained-to-fine-grained asset reassignment is used against the GRL to contain the most up-to-date assets based on the unknown soft IP, where the matching process is used to determine if the soft IP is Trojan-free or Trojan-infested. With the increasing size of the GRL, the need to decrease computational resources while also maintaining high accuracy between unknown soft IPs and GRL entries is vital

Trojan Detection Expansion of Structural Checking

With the growth of the integrated circuit (IC) market, there has also been a rise in demand for third-party soft intellectual properties (IPs). However, the growing use of such Ips makes it easier for adversaries to hide malicious code, like hardware Trojans, into these designs. Unlike software Trojan detection, hardware Trojan detection is still an active research area. One proposed approach to this problem is the Structural Checking tool, which can detect hardware Trojans using two methodologies. The first method is a matching process, which takes an unknown design and attempts to determine if it might contain a Trojan by matching the unknown design to designs in a Golden Reference Library (GRL). The other method is interpreting structural elements of specific Trojan taxonomies via the use of Trojan detection functions, which is what this thesis research expands upon. The objective of this research is to enhance the tool’s capabilities by incorporating three additional Trojan taxonomies into the list of detectable Trojans through the implementation of new Trojan detection functions. This expansion to the Structural Checking tool is achieved through the study of sensitive data leakage Trojans, data modification Trojans, and denial-of-service Trojans

Structural Checking Tool Restructure and Matching Improvements

With the rising complexity and size of hardware designs, saving development time and cost by employing third-party intellectual property (IP) into various first-party designs has become a necessity. However, using third-party IPs introduces the risk of adding malicious behavior to the design, including hardware Trojans. Different from software Trojan detection, the detection of hardware Trojans in an efficient and cost-effective manner is an ongoing area of study and has significant complexities depending on the development stage where Trojan detection is leveraged. Therefore, this thesis research proposes improvements to various components of the soft IP analysis methodology utilized by the Structural Checking Tool. The Structural Checking Tool analyzes the register-transfer level (RTL) code of IPs to determine their functionalities and to detect and identify hardware Trojans inserted. The Structural Checking process entails parsing a design to yield a structural representation and assigning assets that encompass 12 different characteristics to the primary ports and internal signals. With coarse-grained asset reassignment based on external and internal signal connections, matching can be performed against trusted IPs to classify the functionality of an unknown soft IP. Further analysis is done using a Golden Reference Library (GRL) containing information about known Trojan-free and Trojan-infested designs and serves as a vital component for unknown soft IP comparison. Following functional identification, the unknown soft IP is run through a fine-grained reassignment strategy to ensure usage of up-to-date GRL assets, and then the matching process is used to determine whether said IP is Trojan-infested or Trojan-free. This necessitates a large GRL while maintaining a balance of computational resources and high accuracy to ensure effective matching