Investigation into Detection of Hardware Trojans on Printed Circuit Boards

The modern semiconductor device manufacturing flow is becoming increasingly vulnerable to malicious implants called Hardware Trojans (HT). With HTs becoming stealthier, a need for more accurate and efficient detection methods is becoming increasingly crucial at both Integrated Circuit (IC) and Printed Circuit Board (PCB) levels. While HT detection at an IC level has been widely studied, there is still very limited research on detecting and preventing HTs implanted on PCBs. In recent years the rise of outsourcing design and fabrication of electronics, including PCBs, to third parties has dramatically increased the possibility of malicious alteration and consequently the security risk for systems incorporating PCBs. Providing mechanical support for the electrical interconnections between different components, PCBs are an important part of electronic systems. Modern, complex and highly integrated designs may contain up to thirty layers, with concealed micro-vias and embedded passive components. An adversary can aim to modify the PCB design by tampering the copper interconnections or inserting extra components in an internal layer of a multi-layer board. Similar to its IC counterpart, a PCB HT can, among other things, cause system failure or leakage of private information. The disruptive actions of a carefully designed HT attack can have catastrophic implications and should therefore be taken seriously by industry, academia and the government. This thesis gives an account of work carried out in three projects concerned with HT detection on a PCB. In the first contribution a power analysis method is proposed for detecting HT components, implanted on the surface or otherwise, consuming power from the power distribution network. The assumption is that any HT device actively tampering or eavesdropping on the signals in the PCB circuit will consume electrical power. Harvesting this side-channel effect and observing the fluctuations of power consumption on the PCB power distribution network enables evincing the HT. Using a purpose-built PCB prototype, an experimental setup is developed for verification of the methodology. The results confirm the ability to detect alien components on a PCB without interference with its main functionality. In the second contribution the monitoring methodology is further developed by applying machine learning (ML) techniques to detect stealthier HTs, consuming power from I/O ports of legitimate ICs on the PCB. Two algorithms, One-Class Support Vector Machine (SVM) and Local Outlier Factor (LOF), are implemented on the legitimate power consumption data harvested experimentally from the PCB prototype. Simulation results are validated through real-life measurements and experiments are carried out on the prototype PCB. For validation of the ML classification models, one hundred categories of HTs are modelled and inserted into the datasets. Simulation results show that using the proposed methodology an HT can be detected with high prediction accuracy (F1-score at 99% for a 15 mW HT). Further, the developed ML model is uploaded to the prototype PCB for experimental validation. The results show consistency between simulations and experiments, with an average discrepancy of ±5.9% observed between One-Class SVM simulations and real-life experiments. The machine learning models developed for HT detection are low-cost in terms of memory (around 27 KB). In the third contribution an automated visual inspection methodology is proposed for detecting HTs on the surface of a PCB. It is based on a combination of conventional computer vision techniques and a dual tower Siamese Neural Network (SNN), modelled in a three stage pipeline. In the interest of making the proposed methodology broadly applicable a particular emphasis is made on the imaging modality of choice, whereby a regular digital optical camera is chosen. The dataset of PCB images is developed in a controlled environment of a photographic tent. The novelty in this work is that, instead of a generic production fault detection, the algorithm is optimised and trained specifically for implanted HT component detection on a PCB, be it active or passive. The proposed HT detection methodology is trained and tested with three groups of HTs, categorised based on their surface area, ranging from 4 mm² to 280 mm² and above. The results show that it is possible to reach effective detection accuracy of 95.1% for HTs as small as 4 mm². In case of HTs with surface area larger than 280 mm² the detection accuracy is around 96.1%, while the average performance across all HT groups is 95.6%

Hardware Trojan Detection on a PCB Through Differential Power Monitoring

There is a general consensus that contemporary electronics are at risk of cyber-attacks or malicious modifications, such as Hardware Trojans (HT). This makes it crucial to develop reliable countermeasures at both Integrated Circuit (IC) and Printed Circuit Board (PCB) levels. While HT detection at IC level has been widely studied in the past several years, there is still very limited research carried out to tackle HTs on PCBs. We propose a power analysis method for detecting HT components implanted on PCBs. An experimental setup, using a hardware prototype, is built and tested for verification of the methodology, taking process and temperature variations into account. The results confirm the ability to detect alien components on a PCB and provide directions for further research. The performance degradation of the original PCB due to the implementation of the proposed approach is negligible. The area overhead of the proposed method is small, related to the original PCB design, and consists of Sub Power Monitors of individual ICs on the PCB and Main Power Monitor for the overall power measurement of the PCB. To the best of our knowledge this research is the first to develop a PCB HT detection methodology using power analysis

Delayed inputs of hot 137Cs and 241Am particles from Chernobyl to sediments from three Finnish lakes: implications for sediment dating

Anomalous peaks in the Cs-137 and Am-241 records from three lake sediment cores from southern Finland appear to be due to the presence of micron-size hot radioactive particles, almost certainly originating in fallout from the 1986 Chernobyl accident. Since the imbedding sediments all post-date 1986 by several decades, it appears that they were initially deposited on the catchments of these lakes and transported to the lakes some years later. The activities of the particles were determined using a sequential splitting process. Two of the particles were found to contain Cs-137 with activities of 64 +/- 4 mBq and 266 +/- 15 mBq respectively. The third contained Am-241 with an activity of 17 +/- 2 mBq, but no evidence of significant amounts of Cs-137. The delayed input of such particles into the sedimentary records highlights the need for care in using Cs-137 or Am-241 as chronostratigraphic markers in areas subject to significant levels of contamination from Chernobyl fallout.Peer reviewe

Delayed inputs of hot 137Cs and 241Am particles from Chernobyl to sediments from three Finnish lakes: implications for sediment dating

Anomalous peaks in the Cs-137 and Am-241 records from three lake sediment cores from southern Finland appear to be due to the presence of micron-size hot radioactive particles, almost certainly originating in fallout from the 1986 Chernobyl accident. Since the imbedding sediments all post-date 1986 by several decades, it appears that they were initially deposited on the catchments of these lakes and transported to the lakes some years later. The activities of the particles were determined using a sequential splitting process. Two of the particles were found to contain Cs-137 with activities of 64 +/- 4 mBq and 266 +/- 15 mBq respectively. The third contained Am-241 with an activity of 17 +/- 2 mBq, but no evidence of significant amounts of Cs-137. The delayed input of such particles into the sedimentary records highlights the need for care in using Cs-137 or Am-241 as chronostratigraphic markers in areas subject to significant levels of contamination from Chernobyl fallout.Peer reviewe