A compressive sensing algorithm for hardware trojan detection

Traditionally many fabless companies outsource the fabrication of IC design to the foundries, which may not be trusted always. In order to ensure trusted IC’s it is more significant to develop an efficient technique that detects the presence of hardware Trojan. This malicious insertion causes the logic variation in the nets or leaks some sensitive information from the chip, which reduces the reliability of the system. The conventional testing algorithm for generating test vectors reduces the detection sensitivity due to high process variations. In this work, we present a compressive sensing approach, which can significantly generate optimal test patterns compared to the ATPG vectors. This approach maximizes the probability of Trojan circuit activation, with a high level of Trojan detection rate. The side channel analysis such as power signatures are measured at different time stamps to isolate the Trojan effects. The effect of process noise is minimized by this power profile comparison approach, which provides high detection sensitivity for varying Trojan size and eliminates the requirement of golden chip. The proposed test generation approach is validated on ISCAS benchmark circuits, which achieves Trojan detection coverage on an average of 88.6% reduction in test length when compared to random pattern

Design and Validation for FPGA Trust under Hardware Trojan Attacks

Field programmable gate arrays (FPGAs) are being increasingly used in a wide range of critical applications, including industrial, automotive, medical, and military systems. Since FPGA vendors are typically fabless, it is more economical to outsource device production to off-shore facilities. This introduces many opportunities for the insertion of malicious alterations of FPGA devices in the foundry, referred to as hardware Trojan attacks, that can cause logical and physical malfunctions during field operation. The vulnerability of these devices to hardware attacks raises serious security concerns regarding hardware and design assurance. In this paper, we present a taxonomy of FPGA-specific hardware Trojan attacks based on activation and payload characteristics along with Trojan models that can be inserted by an attacker. We also present an efficient Trojan detection method for FPGA based on a combined approach of logic-testing and side-channel analysis. Finally, we propose a novel design approach, referred to as Adapted Triple Modular Redundancy (ATMR), to reliably protect against Trojan circuits of varying forms in FPGA devices. We compare ATMR with the conventional TMR approach. The results demonstrate the advantages of ATMR over TMR with respect to power overhead, while maintaining the same or higher level of security and performances as TMR. Further improvement in overhead associated with ATMR is achieved by exploiting reconfiguration and time-sharing of resources

Creation and detection of hardware trojans using non-invasive off-the-shelf technologies

As a result of the globalisation of the semiconductor design and fabrication processes, integrated circuits are becoming increasingly vulnerable to malicious attacks. The most concerning threats are hardware trojans. A hardware trojan is a malicious inclusion or alteration to the existing design of an integrated circuit, with the possible effects ranging from leakage of sensitive information to the complete destruction of the integrated circuit itself. While the majority of existing detection schemes focus on test-time, they all require expensive methodologies to detect hardware trojans. Off-the-shelf approaches have often been overlooked due to limited hardware resources and detection accuracy. With the advances in technologies and the democratisation of open-source hardware, however, these tools enable the detection of hardware trojans at reduced costs during or after production. In this manuscript, a hardware trojan is created and emulated on a consumer FPGA board. The experiments to detect the trojan in a dormant and active state are made using off-the-shelf technologies taking advantage of different techniques such as Power Analysis Reports, Side Channel Analysis and Thermal Measurements. Furthermore, multiple attempts to detect the trojan are demonstrated and benchmarked. Our simulations result in a state-of-the-art methodology to accurately detect the trojan in both dormant and active states using off-the-shelf hardware

Hardware Intellectual Property Protection Through Obfuscation Methods

Security is a growing concern in the hardware design world. At all stages of the Integrated Circuit (IC) lifecycle there are attacks which threaten to compromise the integrity of the design through piracy, reverse engineering, hardware Trojan insertion, physical attacks, and other side channel attacks — among other threats. Some of the most notable challenges in this field deal specifically with Intellectual Property (IP) theft and reverse engineering attacks. The IP being attacked can be ICs themselves, circuit designs making up those larger ICs, or configuration information for the devices like Field Programmable Gate Arrays (FPGAs). Custom or proprietary cryptographic components may require specific protections, as successfully attacking those could compromise the security of other aspects of the system. One method by which these concerns can be addressed is by introducing hardware obfuscation to the design in various forms. These methods of obfuscation must be evaluated for effectiveness and continually improved upon in order to match the growing concerns in this area. Several different forms of netlist-level hardware obfuscation were analyzed, on standard benchmarking circuits as well as on two substitution boxes from block ciphers. These obfuscation methods were attacked using a satisfiability (SAT) attack, which is able to iteratively rule out classes of keys at once and has been shown to be very effective against many forms of hardware obfuscation. It was ultimately shown that substitution boxes were naturally harder to break than the standard benchmarks using this attack, but some obfuscation methods still have substantially more security than others. The method which increased the difficulty of the attack the most was one which introduced a modified SIMON block cipher as a One-way Random Function (ORF) to be used for key generation. For a substitution box obfuscated in this way, the attack was found to be completely unsuccessful within a five-day window with a severely round-reduced implementation of SIMON and only a 32-bit obfuscation key

Randomized encoding of combinational and sequential logic for resistance to hardware Trojans

Globalization of micro-chip fabrication has opened a new avenue of cyber-crime. It is now possible to insert hardware Trojans directly into a chip during the manufacturing process. These hardware Trojans are capable of destroying a chip, reducing performance or even capturing sensitive data. To date, defensive methods have focused on detection of the Trojan circuitry or prevention through design for security methods. This dissertation presents a shift away from prevention and detection to a design methodology wherein one no longer cares if a Trojan is present or not. The Randomized Encoding of Combinational Logic for Resistance to Data Leakage or RECORD process is presented in the first of three papers. This chip design process utilizes dual rail encoding and Quilt Packaging to create a secure combinational design that can resist data leakage even when the full design is known to an attacker. This is done with only a 2.28x-2.33 x area increase and 1.7x-2.24x increase in power. The second paper describes a new method, Sequential RECORD, which introduces additional randomness and moves to 3D split manufacturing to isolate the secure areas of the design. Sequential RECORD is shown to work with 3.75x area overhead and 4.5x power increase with a 3% reduction in slack. Finally, the RECORD concept is refined into a Time Division Multiplexed (TDM) version in the third paper, which reduces area and power overhead by 63% and 56% respectively. A method to safely utilize commercial chips based on the TDM RECORD concept is also demonstrated. This method allows the commercial chip to be operated safely without modification at the cost of latency, which increases by 3.9x --Abstract, page iv

Probability Based Logic Locking on Integrated Circuits

The demand of integrated circuits (IC)s are increasing and the industry has outsourced the fabrication process to untrusted environments. An adversary at these untrusted facilities can reverse engineer parts of the IC to reveal the original design. IC piracy and overproduction are serious issues that threaten the security and integrity of a system. These ICs can be copied illegally and altered to contain malicious hardware. The pirated ICs can be placed in consumer products which may harm the system or leak sensitive information. Hardware obfuscation is a technique used to protect the original design before it gets fabricated, tested, assembled, and packaged. Hardware obfuscation intends to hide or alter the original design of a circuit to prevent attackers from determining the true design. Logic locking is a type of hardware obfuscation technique where additional key gates are inserted into the circuit. Only the correct key can unlock the functionality of that circuit otherwise the system produces the wrong output. In an effort to hinder these threats on ICs, we have developed a probability-based logic locking technique to protect the design of a circuit. Our proposed technique called ProbLock can be applied to combinational and sequential circuits through a critical selection process. We used a filtering process to select the best location of key gates based on various constraints. The main constraint is based on gate probabilities in the circuit. Each step in the filtering process generates a subset of nodes for each constraint. We also integrated an anti-SAT technique into ProbLock to enhance the security against a specific boolean satisfiability (SAT) attack. We analyzed the correlation between each constraint and adjusted the strength of the constraints before inserting key gates. We adjusted an optimized ProbLock to have a small overhead but high security metric against SAT attacks. We have tested our algorithm on 40 benchmarks from the ISCAS ’85 and ISCAS ’89 suite. ProbLock is evaluated using a SAT attack on the benchmark and measuring how well the attack performs on the locked circuit. Finally, we compared ProbLock to other logic locking techniques and discussed future steps for this project

Techniques for Improving Security and Trustworthiness of Integrated Circuits

The integrated circuit (IC) development process is becoming increasingly vulnerable to malicious activities because untrusted parties could be involved in this IC development flow. There are four typical problems that impact the security and trustworthiness of ICs used in military, financial, transportation, or other critical systems: (i) Malicious inclusions and alterations, known as hardware Trojans, can be inserted into a design by modifying the design during GDSII development and fabrication. Hardware Trojans in ICs may cause malfunctions, lower the reliability of ICs, leak confidential information to adversaries or even destroy the system under specifically designed conditions. (ii) The number of circuit-related counterfeiting incidents reported by component manufacturers has increased significantly over the past few years with recycled ICs contributing the largest percentage of the total reported counterfeiting incidents. Since these recycled ICs have been used in the field before, the performance and reliability of such ICs has been degraded by aging effects and harsh recycling process. (iii) Reverse engineering (RE) is process of extracting a circuit’s gate-level netlist, and/or inferring its functionality. The RE causes threats to the design because attackers can steal and pirate a design (IP piracy), identify the device technology, or facilitate other hardware attacks. (iv) Traditional tools for uniquely identifying devices are vulnerable to non-invasive or invasive physical attacks. Securing the ID/key is of utmost importance since leakage of even a single device ID/key could be exploited by an adversary to hack other devices or produce pirated devices. In this work, we have developed a series of design and test methodologies to deal with these four challenging issues and thus enhance the security, trustworthiness and reliability of ICs. The techniques proposed in this thesis include: a path delay fingerprinting technique for detection of hardware Trojans, recycled ICs, and other types counterfeit ICs including remarked, overproduced, and cloned ICs with their unique identifiers; a Built-In Self-Authentication (BISA) technique to prevent hardware Trojan insertions by untrusted fabrication facilities; an efficient and secure split manufacturing via Obfuscated Built-In Self-Authentication (OBISA) technique to prevent reverse engineering by untrusted fabrication facilities; and a novel bit selection approach for obtaining the most reliable bits for SRAM-based physical unclonable function (PUF) across environmental conditions and silicon aging effects