Creation and detection of hardware trojans using non-invasive off-the-shelf technologies

As a result of the globalisation of the semiconductor design and fabrication processes, integrated circuits are becoming increasingly vulnerable to malicious attacks. The most concerning threats are hardware trojans. A hardware trojan is a malicious inclusion or alteration to the existing design of an integrated circuit, with the possible effects ranging from leakage of sensitive information to the complete destruction of the integrated circuit itself. While the majority of existing detection schemes focus on test-time, they all require expensive methodologies to detect hardware trojans. Off-the-shelf approaches have often been overlooked due to limited hardware resources and detection accuracy. With the advances in technologies and the democratisation of open-source hardware, however, these tools enable the detection of hardware trojans at reduced costs during or after production. In this manuscript, a hardware trojan is created and emulated on a consumer FPGA board. The experiments to detect the trojan in a dormant and active state are made using off-the-shelf technologies taking advantage of different techniques such as Power Analysis Reports, Side Channel Analysis and Thermal Measurements. Furthermore, multiple attempts to detect the trojan are demonstrated and benchmarked. Our simulations result in a state-of-the-art methodology to accurately detect the trojan in both dormant and active states using off-the-shelf hardware

Emerging Security Threats in Modern Digital Computing Systems: A Power Management Perspective

Design of computing systems — from pocket-sized smart phones to massive cloud based data-centers — have one common daunting challenge : minimizing the power consumption. In this effort, power management sector is undergoing a rapid and profound transformation to promote clean and energy proportional computing. At the hardware end of system design, there is proliferation of specialized, feature rich and complex power management hardware components. Similarly, in the software design layer complex power management suites are growing rapidly. Concurrent to this development, there has been an upsurge in the integration of third-party components to counter the pressures of shorter time-to-market. These trends collectively raise serious concerns about trust and security of power management solutions. In recent times, problems such as overheating, performance degradation and poor battery life, have dogged the mobile devices market, including the infamous recall of Samsung Note 7. Power outage in the data-center of a major airline left innumerable passengers stranded, with thousands of canceled flights costing over 100 million dollars. This research examines whether such events of unintentional reliability failure, can be replicated using targeted attacks by exploiting the security loopholes in the complex power management infrastructure of a computing system. At its core, this research answers an imminent research question: How can system designers ensure secure and reliable operation of third-party power management units? Specifically, this work investigates possible attack vectors, and novel non-invasive detection and defense mechanisms to safeguard system against malicious power attacks. By a joint exploration of the threat model and techniques to seamlessly detect and protect against power attacks, this project can have a lasting impact, by enabling the design of secure and cost-effective next generation hardware platforms

Creation and detection of hardware trojans using non-invasive off-the-shelf technologies

As a result of the globalisation of the semiconductor design and fabrication processes, integrated circuits are becoming increasingly vulnerable to malicious attacks. The most concerning threats are hardware trojans. A hardware trojan is a malicious inclusion or alteration to the existing design of an integrated circuit, with the possible effects ranging from leakage of sensitive information to the complete destruction of the integrated circuit itself. While the majority of existing detection schemes focus on test-time, they all require expensive methodologies to detect hardware trojans. Off-the-shelf approaches have often been overlooked due to limited hardware resources and detection accuracy. With the advances in technologies and the democratisation of open-source hardware, however, these tools enable the detection of hardware trojans at reduced costs during or after production. In this manuscript, a hardware trojan is created and emulated on a consumer FPGA board. The experiments to detect the trojan in a dormant and active state are made using off-the-shelf technologies taking advantage of different techniques such as Power Analysis Reports, Side Channel Analysis and Thermal Measurements. Furthermore, multiple attempts to detect the trojan are demonstrated and benchmarked. Our simulations result in a state-of-the-art methodology to accurately detect the trojan in both dormant and active states using off-the-shelf hardwar

Assessing Hardware Security Threats Posed by Hardware Trojans in Power Electronics

This study investigates the threat of hardware Trojans (HTs) in power electronics applications, a rising concern due to the growing demand for cost-effective embedded solutions in power systems. With the supply chain for electronic hardware devices expanding globally, particularly to low-cost foundries in foreign locations, there is an increasing risk of HT attacks. While there has been extensive research on HTs in computer applications, little consideration has been given to their threat in power electronics. This study demonstrates the effectiveness of a power electronics HT by implementing a novel HT design into a gate drive circuit. Additionally, the research proposes several HT designs that exploit factors unique to power circuits, such as high power delivery and analog circuitry in order to illustrate the distinct attack space. The research highlights the need for enhanced detection, protection, and prevention methods in power electronics applications and offers a roadmap for future studies to develop more effective countermeasures and algorithms to mitigate the risks of HT attacks in power electronics

Rapid mapping of digital integrated circuit logic gates via multi-spectral backside imaging

Modern semiconductor integrated circuits are increasingly fabricated at untrusted third party foundries. There now exist myriad security threats of malicious tampering at the hardware level and hence a clear and pressing need for new tools that enable rapid, robust and low-cost validation of circuit layouts. Optical backside imaging offers an attractive platform, but its limited resolution and throughput cannot cope with the nanoscale sizes of modern circuitry and the need to image over a large area. We propose and demonstrate a multi-spectral imaging approach to overcome these obstacles by identifying key circuit elements on the basis of their spectral response. This obviates the need to directly image the nanoscale components that define them, thereby relaxing resolution and spatial sampling requirements by 1 and 2 - 4 orders of magnitude respectively. Our results directly address critical security needs in the integrated circuit supply chain and highlight the potential of spectroscopic techniques to address fundamental resolution obstacles caused by the need to image ever shrinking feature sizes in semiconductor integrated circuits

An On-chip PVT Resilient Short Time Measurement Technique

As the CMOS technology nodes continue to shrink, the challenges of developing manufacturing tests for integrated circuits become more difficult to address. To detect parametric faults of new generation of integrated circuits such as 3D ICs, on-chip short-time intervals have to be accurately measured. The accuracy of an on-chip time measurement module is heavily affected by Process, supply Voltage, and Temperature (PVT) variations. This work presents a new on-chip time measurement scheme where the undesired effects of PVT variations are attenuated significantly. To overcome the effects of PVT variations on short-time measurement, phase locking methodology is utilized to implement a robust Vernier delay line. A prototype Time-to-Digital Converter (TDC) has been fabricated using TSMC 0.180 µm CMOS technology and experimental measurements have been carried out to verify the performance parameters of the TDC. The measurement results indicate that the proposed solution reduces the effects of PVT variations by more than tenfold compared to a conventional on-chip TDC. A coarse-fine time interval measurement scheme which is resilient to the PVT variations is also proposed. In this approach, two Delay Locked Loops (DLLs) are utilized to minimize the effects of PVT on the measured time intervals. The proposed scheme has been implemented using CMOS 65nm technology. Simulation results using Advanced Design System (ADS) indicate that the measurement resolution varies by less than 0.1ps with ±15% variations of the supply voltage. The proposed method also presents a robust performance against process and temperature variations. The measurement accuracy changes by a maximum of 0.05ps from slow to fast corners. The implemented TDC presents a robust performance against temperature variations too and its measurement accuracy varies a few femto-seconds from -40 ºC to +100 ºC. The principle of robust short-time measurement was used in practice to design and implement a state-of-the-art Coordinate Measuring Machine (CMM) for an industry partner to measure geometrical features of transmission parts with micrometer resolution. The solution developed for the industry partner has resulted in a patent and a product in the market. The on-chip short-time measurement technology has also been utilized to develop a solution to detect Hardware Trojans