Hardware Trojan Detection and Invalidation Methods

早大学位記番号:新8123早稲田大

Hardware IP Classification through Weighted Characteristics

Today’s business model for hardware designs frequently incorporates third-party Intellectual Property (IP) due to the many benefits it can bring to a company. For instance, outsourcing certain components of an overall design can reduce time-to-market by allowing each party to specialize and perfect a specific part of the overall design. However, allowing third-party involvement also increases the possibility of malicious attacks, such as hardware Trojan insertion. Trojan insertion is a particularly dangerous security threat because testing the functionality of an IP can often leave the Trojan undetected. Therefore, this thesis work provides an improvement on a Trojan detection method known as Structural Checking which analyzes Register-Transfer Level (RTL) and gate-level soft IPs. Given an unknown IP, the Structural Checking tool will break down the design primary ports and internal signals into assets that fall into six characteristics. These characteristics organize how the IP is structured and provide information about the unknown IP’s overall function. The tool also provides a library of known designs referred to as the Golden Reference Library (GRL). All entries in the library are also broken down into the same six characteristics and are either known to be clean or known to have a Trojan inserted. An overall percent match for each library entry against the unknown IP is calculated by first computing a percent match within each characteristic. A weighted average of these percent matches makes up the final percentage. If the library entry with the best match is known to have a Trojan inserted, then the unknown design is likely to have a Trojan as well and vice versa. Due to the structural variability of soft IP designs, it is vital to provide the best possible weighting of the six characteristics to best match the unknown IP to the most similar library entry. This thesis work provides a statistical approach to finding the best weights to optimize the Structural Checking tool’s matching algorithm

TrojanNet: Detecting Trojans in Quantum Circuits using Machine Learning

Quantum computing holds tremendous potential for various applications, but its security remains a crucial concern. Quantum circuits need high-quality compilers to optimize the depth and gate count to boost the success probability on current noisy quantum computers. There is a rise of efficient but unreliable/untrusted compilers; however, they present a risk of tampering such as Trojan insertion. We propose TrojanNet, a novel approach to enhance the security of quantum circuits by detecting and classifying Trojan-inserted circuits. In particular, we focus on the Quantum Approximate Optimization Algorithm (QAOA) circuit that is popular in solving a wide range of optimization problems. We investigate the impact of Trojan insertion on QAOA circuits and develop a Convolutional Neural Network (CNN) model, referred to as TrojanNet, to identify their presence accurately. Using the Qiskit framework, we generate 12 diverse datasets by introducing variations in Trojan gate types, the number of gates, insertion locations, and compiler backends. These datasets consist of both original Trojan-free QAOA circuits and their corresponding Trojan-inserted counterparts. The generated datasets are then utilized for training and evaluating the TrojanNet model. Experimental results showcase an average accuracy of 98.80% and an average F1-score of 98.53% in effectively detecting and classifying Trojan-inserted QAOA circuits. Finally, we conduct a performance comparison between TrojanNet and existing machine learning-based Trojan detection methods specifically designed for conventional netlists.Comment: 9 Pages, 6 Figures, 2 Tables, conferenc

Golden Reference-Free Hardware Trojan Localization using Graph Convolutional Network

The globalization of the Integrated Circuit (IC) supply chain has moved most of the design, fabrication, and testing process from a single trusted entity to various untrusted third-party entities worldwide. The risk of using untrusted third-Party Intellectual Property (3PIP) is the possibility for adversaries to insert malicious modifications known as Hardware Trojans (HTs). These HTs can compromise the integrity, deteriorate the performance, deny the service, and alter the functionality of the design. While numerous HT detection methods have been proposed in the literature, the crucial task of HT localization is overlooked. Moreover, a few existing HT localization methods have several weaknesses: reliance on a golden reference, inability to generalize for all types of HT, lack of scalability, low localization resolution, and manual feature engineering/property definition. To overcome their shortcomings, we propose a novel, golden reference-free HT localization method at the pre-silicon stage by leveraging Graph Convolutional Network (GCN). In this work, we convert the circuit design to its intrinsic data structure, graph and extract the node attributes. Afterward, the graph convolution performs automatic feature extraction for nodes to classify the nodes as Trojan or benign. Our automated approach does not burden the designer with manual code review. It locates the Trojan signals with 99.6% accuracy, 93.1% F1-score, and a false-positive rate below 0.009%.Comment: IEEE Transactions on Very Large Scale Integration Systems (TVLSI), 202

Novel Computational Methods for Integrated Circuit Reverse Engineering

Production of Integrated Circuits (ICs) has been largely strengthened by globalization. System-on-chip providers are capable of utilizing many different providers which can be responsible for a single task. This horizontal structure drastically improves to time-to-market and reduces manufacturing cost. However, untrust of oversea foundries threatens to dismantle the complex economic model currently in place. Many Intellectual Property (IP) consumers become concerned over what potentially malicious or unspecified logic might reside within their application. This logic which is inserted with the intention of causing harm to a consumer has been referred to as a Hardware Trojan (HT). To help IP consumers, researchers have looked into methods for finding HTs. Such methods tend to rely on high-level information relating to the circuit, which might not be accessible. There is a high possibility that IP is delivered in the gate or layout level. Some services and image processing methods can be leveraged to convert layout level information to gate-level, but such formats are incompatible with detection schemes that require hardware description language. By leveraging standard graph and dynamic programming algorithms a set of tools is developed that can help bridge the gap between gate-level netlist access and HT detection. To help in this endeavor this dissertation focuses on several problems associated with reverse engineering ICs. Logic signal identification is used to find malicious signals, and logic desynthesis is used to extract high level details. Each of the proposed method have their results analyzed for accuracy and runtime. It is found that method for finding logic tends to be the most difficult task, in part due to the degree of heuristic\u27s inaccuracy. With minor improvements moderate sized ICs could have their high-level function recovered within minutes, which would allow for a trained eye or automated methods to more easily detect discrepancies within a circuit\u27s design

Graph Neural Networks for Hardware Vulnerability Analysis -- Can you Trust your GNN?

The participation of third-party entities in the globalized semiconductor supply chain introduces potential security vulnerabilities, such as intellectual property piracy and hardware Trojan (HT) insertion. Graph neural networks (GNNs) have been employed to address various hardware security threats, owing to their superior performance on graph-structured data, such as circuits. However, GNNs are also susceptible to attacks. This work examines the use of GNNs for detecting hardware threats like HTs and their vulnerability to attacks. We present BadGNN, a backdoor attack on GNNs that can hide HTs and evade detection with a 100% success rate through minor circuit perturbations. Our findings highlight the need for further investigation into the security and robustness of GNNs before they can be safely used in security-critical applications.Comment: Will be presented at 2023 IEEE VLSI Test Symposium (VTS

Structural Checking Tool Restructure and Matching Improvements

With the rising complexity and size of hardware designs, saving development time and cost by employing third-party intellectual property (IP) into various first-party designs has become a necessity. However, using third-party IPs introduces the risk of adding malicious behavior to the design, including hardware Trojans. Different from software Trojan detection, the detection of hardware Trojans in an efficient and cost-effective manner is an ongoing area of study and has significant complexities depending on the development stage where Trojan detection is leveraged. Therefore, this thesis research proposes improvements to various components of the soft IP analysis methodology utilized by the Structural Checking Tool. The Structural Checking Tool analyzes the register-transfer level (RTL) code of IPs to determine their functionalities and to detect and identify hardware Trojans inserted. The Structural Checking process entails parsing a design to yield a structural representation and assigning assets that encompass 12 different characteristics to the primary ports and internal signals. With coarse-grained asset reassignment based on external and internal signal connections, matching can be performed against trusted IPs to classify the functionality of an unknown soft IP. Further analysis is done using a Golden Reference Library (GRL) containing information about known Trojan-free and Trojan-infested designs and serves as a vital component for unknown soft IP comparison. Following functional identification, the unknown soft IP is run through a fine-grained reassignment strategy to ensure usage of up-to-date GRL assets, and then the matching process is used to determine whether said IP is Trojan-infested or Trojan-free. This necessitates a large GRL while maintaining a balance of computational resources and high accuracy to ensure effective matching

Characteristic Reassignment for Hardware Trojan Detection

With the current business model and increasing complexity of hardware designs, third-party Intellectual Properties (IPs) are prevalently incorporated into first-party designs. However, the use of third-party IPs increases security concerns related to hardware Trojans inserted by attackers. A core threat posed by Hardware Trojans is the difficulty in detecting such malicious insertions/alternations in order to prevent the damage. This thesis work provides major improvements on a soft IP analysis methodology and tool known as the Structural Checking tool, which analyzes Register-Transfer Level (RTL) soft IPs for determining their functionalities and screening for hardware Trojans. This is done by breaking down primary ports and internal signals into assigned assets that are spread out into six characteristics. Using characteristics based on the external primary ports and the internal signals connected to them, reassignment of assets can be used to match against entries using coarse-grained-to-coarse-grained matching against a subset of known-IPs to classify an unknown soft IP. After determining the soft IP’s functionality, asset reassignment occurs within the Golden Reference Library (GRL), a library consisting of known Trojan-free and Trojan-infested entries. A fine-grained-to-fine-grained asset reassignment is used against the GRL to contain the most up-to-date assets based on the unknown soft IP, where the matching process is used to determine if the soft IP is Trojan-free or Trojan-infested. With the increasing size of the GRL, the need to decrease computational resources while also maintaining high accuracy between unknown soft IPs and GRL entries is vital