ICAS: an Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive Trojans

Trippel, Timothy; Shin, Kang G.; Bush, Kevin B.; Hicks, Matthew

doi:10.1109/sp40000.2020.00083

Cited by 16 publications

(16 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1, this type of insertion would be feasible for an adversary that is involved in the integration process (i.e., we act as attacker A2). It is also conceivable that an adversary in the manufacture process could perform the ransomware insertion, but certainly the challenge would be much higher for this adversary as he/she has to find enough gaps in the placement to insert his malicious logic and then find enough routing resources to connect the inserted cells [31]. We will also show how this type of fabrication-time attack is possible (i.e., we act as attacker A3).…”

Section: Case Study: Common Evaluation Platformmentioning

confidence: 97%

Ransomware Attack as Hardware Trojan: A Feasibility and Demonstration Study

et al. 2022

View full text Add to dashboard Cite

The integrated circuit (IC) ecosystem, today, is widely distributed. Usually, a handful of companies is involved in the development of a single chip -an environment that presents many opportunities for malicious activities such as the insertion of hardware trojan horses. This work presents a specialized form of a hardware trojan that is able to mount a hardware-based ransomware attack, an attack that previously only existed in the software domain. This attack is therefore termed a hardware ransomware and is the main contribution of this work. As case studies, two architectures of the hardware ransomware are presented, along with a silicon demonstration in 65nm CMOS. In order to discuss the detectability of the malicious logic, the hardware ransomware is inserted in a complex system on chip (SoC). The experimental results show how an adversary can effortlessly insert the ransomware logic: the baseline SoC has a representative area utilization factor of 59.97% and, after the trojan is inserted, the area utilization factor increases by 0.73% to 60.70%. The inserted logic is also responsible for an increase of approximately 2% in static power -well within process variation margins. Finally, this paper discusses the implications of such an attack at length, showing that from the implementation and technological side, there are no barriers for an adversary to devise a hardware ransomware.INDEX TERMS Ransomware attack, hardware security, hardware trojan horse, malicious logic, ASIC.

show abstract

Section: Case Study: Common Evaluation Platformmentioning

confidence: 97%

Ransomware Attack as Hardware Trojan: A Feasibility and Demonstration Study

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Lastly, the IC is fabricated, and packaged into a device for mounting on a printed circuit board. In line with prior work on untrusted foundry [3,4,8,28,34,54,64,65], and economic forces, we assume all design phases-except fabrication-are trusted. Defensive Routing is deployed at the physical level, i.e., the PaR design phase.…”

Section: Background 21 Ic Design Processmentioning

confidence: 99%

“…A hardware Trojan is a malicious modification to a circuit designed to alter its operative functionality [7]. It consists of two main building blocks: a trigger and payload [12,24,54,62]. Prior work provides hardware Trojan taxonomies based on the type of trigger and payload designs they employ [12,24,54,55,62].…”

Section: Hardware Trojansmentioning

confidence: 99%

“…It consists of two main building blocks: a trigger and payload [12,24,54,62]. Prior work provides hardware Trojan taxonomies based on the type of trigger and payload designs they employ [12,24,54,55,62]. Likewise, we adopt the same taxonomy.…”

Section: Hardware Trojansmentioning

confidence: 99%

“…We define T-TER as any routing method that protects security-critical wires from fabrication-time alterations. Specifically, we leverage concepts from the signal-integrity domain [18,19] and apply them to a security domain (addressing several technical challenges along the way): we route "guard wires" around security-critical wires that make it infeasible for an attacker to tap any such wire without detection (i.e., tamper-evident), something characteristic of additive Trojans [54] (Fig. 1).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

T-TER: Defeating A2 Trojans with Targeted Tamper-Evident Routing

Trippel

Shin

Bush

et al. 2023

Proceedings of the ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

Since the inception of the Integrated Circuit (IC), the size of the transistors used to construct them has continually shrunk. While this advancement significantly improves computing capability, fabrication costs have skyrocketed. As a result, most IC designers must now outsource fabrication. Outsourcing, however, presents a security threat: comprehensive post-fabrication inspection is infeasible given the size of modern ICs, so it is nearly impossible to know if the foundry has altered the original design during fabrication (i.e., inserted a hardware Trojan). Defending against a foundry-side adversary is challenging because-even with as few as two gateshardware Trojans can completely undermine software security. Researchers have attempted to both detect and prevent foundryside attacks, but all existing defenses are ineffective against additive Trojans with footprints of a few gates or less.We present Targeted Tamper-Evident Routing (T-TER), a layoutlevel defense against untrusted foundries, capable of thwarting the insertion of even the stealthiest hardware Trojans. T-TER is directed and routing-centric: it prevents foundry-side attackers from routing Trojan wires to, or directly adjacent to, security-critical wires by shielding them with guard wires. Unlike shield wires commonly deployed for cross-talk reduction, T-TER guard wires pose an additional technical challenge: they must be tamper-evident in both the digital (deletion attacks) and analog (move and jog attacks) domains. We address this challenge by developing a class of designed-in guard wires that are added to the design specifically to protect securitycritical wires. T-TER's guard wires incur minimal overhead, scale with design complexity, and provide tamper-evidence against attacks. We implement automated tools (on top of commercial CAD tools) for deploying guard wires around targeted nets within an open-source System-on-Chip. Lastly, using an existing IC threat assessment toolchain, we show T-TER defeats even the stealthiest known hardware Trojan, with ≈ 1% overhead. CCS CONCEPTS• Security and privacy → Tamper-proof and tamper-resistant designs; Malicious design modifications; • Hardware → Interconnect.

show abstract