New Testing Procedure for Finding Insertion Sites of Stealthy Hardware Trojans

Dupuis, Sophie; Ba, P.S.; Flottes, Marie-Lise; Natale, Giorgio Di; Rouzeyre, Bruno

doi:10.7873/date.2015.1102

Cited by 21 publications

(29 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The assumption of rareness is challenged for practical reasons (time complexity to derive an appropriate test suite, as discussed in [22]) as well as because rare triggering conditions can be constructed by combining conditions that are not so rare [23]. It is beneficial to shift the focus towards providing metrics of the coverage of the input vector space.…”

Section: Testing Based On Search Space Coveragementioning

confidence: 98%

Efficient triggering of Trojan hardware logic

Voyiatzis

Stefanidis

Kitsos

2016

2016 IEEE 19th International Symposium on Design and Diagnostics of Electronic Circuits &Amp; Systems (DDECS)

View full text Add to dashboard Cite

The detection of malicious hardware logic (hardware Trojan) requires test patterns that succeed in exciting the malicious logic part. Testing of all possible input patterns is often prohibitively expensive. As an alternative, we explored previously the applicability of the combinatorial testing principles.In this paper, we turn our focus on the efficiency of this approach for triggering the hidden malicious logic. We present a series of experiments with Trojan designs of various activation patterns and lengths that target a cryptographic module performing AES cryptography. Our findings indicate that the available test suites succeed in triggering the malicious logic in all cases requiring only a very small number of test vectors. Thus, it is an efficient means for detecting malicious hardware logic.

show abstract

Section: Testing Based On Search Space Coveragementioning

confidence: 98%

Efficient triggering of Trojan hardware logic

Voyiatzis

Stefanidis

Kitsos

2016

2016 IEEE 19th International Symposium on Design and Diagnostics of Electronic Circuits &Amp; Systems (DDECS)

View full text Add to dashboard Cite

show abstract

“…Otherwise we must throw it away to avoid security leakage. For example, we can use the methods such as in [2], [5], [6], [11], [14], [19], which identify whether a given netlist is HT-inserted or not. If we can accurately identify whether the netlist is HT-inserted or not, we can decide whether to use it, redesign it, or throw it away.…”

Section: A Threat Casementioning

confidence: 99%

“…They are classified into anti-reverse engineering [10], [15], vulnerability analysis [13], HT detection [2], [4]- [6], [8], [11], [14], [16], [19], [21]. test point insertion [18], logic obfuscation [9], [12], HT prevention [20], and HT removing [7].…”

Section: A Previous Workmentioning

confidence: 99%

In-situ Trojan authentication for invalidating hardware-Trojan functions

Oya

Shi

Yanagisawa

et al. 2016

2016 17th International Symposium on Quality Electronic Design (ISQED)

View full text Add to dashboard Cite

Due to the fact that we do not know who will create hardware Trojans (HTs), and when and where they would be inserted, it is very difficult to correctly and completely detect all the real HTs in untrusted ICs, and thus it is desired to incorporate in-situ HT invalidating functions into untrusted ICs as a countermeasure against HTs. This paper proposes an insitu Trojan authentication technique for gate-level netlists to avoid security leakage. In the proposed approach, an untrusted IC operates in authentication mode and normal mode. In the authentication mode, an embedded Trojan authentication circuit monitors the bit-flipping count of a suspicious Trojan net within the pre-defined constant clock cycles and identify whether it is a real Trojan or not. If the authentication condition is satisfied, the suspicious Trojan net is validated. Otherwise, it is invalidated and HT functions are masked. By doing this, even untrusted netlists with HTs can still be used in the normal mode without security leakage. By setting the appropriate authentication condition using training sets from Trust-HUB gate-level benchmarks, the proposed technique invalidates successfully only HTs in the training sets. Furthermore, by embedding the in-situ Trojan authentication circuit into a Trojan-inserted AES crypto netlist, it can run securely and correctly even if HTs exist where its area overhead is just 1.5% with no delay overhead.

show abstract

“…HTs detection methods on fabricated ICs are commonly divided into two categories: methods based on side-channel analysis [6][7][8], or logic testing [9][10][11]. In both cases the goal is to test ICs after fabrication to ensure that they are HT free.…”

Section: Introductionmentioning

confidence: 99%

“…Logic testing methods consist in activating potential HTs in order to provoke an error on circuit's outputs [9][10][11]. A HT model is presented in [9], decomposing the HT into to parts: the trigger and the payload (cf.…”

Section: Introductionmentioning

confidence: 99%

Using outliers to detect stealthy hardware trojan triggering?

Dupuis

Flottes

et al. 2016

2016 1st IEEE International Verification and Security Workshop (IVSW)

Self Cite

View full text Add to dashboard Cite

Hardware Trojans (HTs) are malicious alterations to a circuit introduced at design or manufacturing phases by an adversary. Due to their diversity, detecting and/or locating them are challenging tasks. Among the different kinds of detection methods, methods based on logic testing aim to reveal the presence of HTs thanks to their logical activation and observation through primary outputs. However, HTs are stealthy in nature, i.e. mostly inactive unless triggered by a very rare condition. Furthermore, test patterns must be developed without any knowledge on the location and function implemented by the HT. A procedure has recently been proposed to identify in a netlist suspicious signals that may be part of a HT introduced at design stage: these so-called "outliers" present an activity poorly correlated with other signals. In this paper, we undertake to use outliers in order to detect a HT introduced at manufacturing stage. We propose a test pattern generation technique based on the exploration of outliers. Our assumption is that such signals may be selected by an attacker in order to trigger his/her HT.

show abstract

New Testing Procedure for Finding Insertion Sites of Stealthy Hardware Trojans

Cited by 21 publications

References 14 publications

Efficient triggering of Trojan hardware logic

Efficient triggering of Trojan hardware logic

In-situ Trojan authentication for invalidating hardware-Trojan functions

Using outliers to detect stealthy hardware trojan triggering?

Contact Info

Product

Resources

About