On hardware Trojan design and implementation at register-transfer level

Zhang, Jie; Xu, Qiang

doi:10.1109/hst.2013.6581574

Cited by 38 publications

(51 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As a result, the extensive simulation/emulation is likely to detect this type of HTs. From this perspective, bug-based HT is usually not a good choice for attackers in terms of the stealthy requirement, and almost all HT designs appeared in the literature (e.g., [3,[11][12][13][16][17][18]) belong to the parasite-based type, as discussed in the following.…”

Section: Bug-based Htmentioning

confidence: 99%

“…However, the fact that the effectiveness of [11] relies on HT implementation style enables the simple attack. That is, it is fairly easy to modify the implementation of the HT so that no signal pairs are equal to each other during verification (an example is given in Section 3.2), which has been shown in [12,13].…”

Section: Verification For Hardware Trustmentioning

confidence: 99%

“…Clearly, such restricted definition of unused circuits can only cover a small set of possible HTs. Later, [12,13] presented how to automatically construct HTs that can evade the HT detection algorithm shown in [11].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

VeriTrust: Verification for Hardware Trust

Zhang

Yuan

Wei

et al. 2015

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

168

120

View full text Add to dashboard Cite

Hardware Trojans (HTs) implemented by adversaries serve as backdoors to subvert or augment the normal operation of infected devices, which may lead to functionality changes, sensitive information leakages, or Denial of Service attacks. To tackle such threats, this paper proposes a novel verification technique for hardware trust, namely VeriTrust, which facilitates to detect HTs inserted at design stage. Based on the observation that HTs are usually activated by dedicated trigger inputs that are not sensitized with verification test cases, VeriTrust automatically identifies such potential HT trigger inputs by examining verification corners. The key difference between VeriTrust and existing HT detection techniques is that VeriTrust is insensitive to the implementation style of HTs. Experimental results show that VeriTrust is able to detect all HTs evaluated in this paper (constructed based on various HT design methodologies shown in the literature) at the cost of moderate extra verification time, which is not possible with existing solutions.

show abstract

Section: Bug-based Htmentioning

confidence: 99%

Section: Verification For Hardware Trustmentioning

confidence: 99%

See 1 more Smart Citation

VeriTrust: Verification for Hardware Trust

Zhang

Yuan

Wei

et al. 2015

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

168

120

View full text Add to dashboard Cite

show abstract

“…A true random number generator (TRNG), for example, is a non-deterministic IP core since its output cannot be predicted and verified by logic testing against an expected output. 3 Any St Trojan in such a core is considered H N D . A pseudo random number generator (PRNG), on the other hand, is considered a deterministic IP core as its output depends upon the initial seed and is therefore predictable by a logic based testing tool (hence H D ).…”

Section: H D Vs H N D Hardware Trojansmentioning

confidence: 99%

“…Hicks et al [2] proposed Unused Circuit Identification (UCI) which centers on the fact that the HT circuitry mostly remains inactive within a design, and hence such minimally used logic can be distinguished from the other parts of the circuit. However later works [3], [4] showed how to design HTs which can defeat the UCI detection scheme. Zhang et al [5] and Waksman et al [6] proposed detection schemes called VeriTrust and FANCI respectively and showed that they can detect all HTs from the TrustHub [7] benchmark suite.…”

Section: Introductionmentioning

confidence: 99%

Advancing the state-of-the-art in hardware Trojans design

Haider

Jin

Dijk

2017

2017 IEEE 60th International Midwest Symposium on Circuits and Systems (MWSCAS)

View full text Add to dashboard Cite

Abstract-Electronic Design Automation (EDA) industry heavily reuses third party IP cores. These IP cores are vulnerable to insertion of Hardware Trojans (HTs) at design time by third party IP core providers or by malicious insiders in the design team. State of the art research has shown that existing HT detection techniques, which claim to detect all publicly available HT benchmarks, can still be defeated by carefully designing new sophisticated HTs. The reason being that these techniques consider the HT landscape to be limited only to the publicly known HT benchmarks, or other similar (simple) HTs. However the adversary is not limited to these HTs and may devise new HT design principles to bypass these countermeasures. In this paper, we discover certain crucial properties of HTs which lead to the definition of an exponentially large class of Deterministic Hardware Trojans H D that an adversary can (but is not limited to) design. The discovered properties serve as HT design principles, based on which we design a new HT called XOR-LFSR and present it as a 'proof-of-concept' example from the class H D . These design principles help us understand the tremendous ways an adversary has to design a HT, and show that the existing publicly known HT benchmarks are just the tip of the iceberg on this huge landscape. This work, therefore, stresses that instead of guaranteeing a certain (low) false negative rate for a small constant set of publicly known HTs, a rigorous HT detection tool should take into account these newly discovered HT design principles and hence guarantee the detection of an exponentially large class (exponential in number of wires in IP core) of HTs with negligible false negative rate.

show abstract

A PCA and Mahalanobis distance‐based detection method for logical hardware Trojan

Huang

Yang

Gao

et al. 2018

Concurrency and Computation

View full text Add to dashboard Cite

Due to wide application of FPGA devices, which are easy to be attacked by HTs, it has been risen up more concern on chip security. In order to ensure the efficiency of detection, side-channel analysis is used to detect HTs. However, existing methods for HT detection cannot detect the LHTs with the small size, which takes up lower than 1% area of the whole chip, considering that signal of LHTs is drowned in process deviations. To complete the side-channel analysis for LHT, we proposed an algorithm that combines PCA and Mahalanobis distance to improve the accuracy of LHTs detection. In addition, performed on FPGA of Xilinx, a sample of LHTs was designed and verified, which took up nearly 0.1% area of the whole chip. The influence of process deviation on the power consumption of FPGA was simulated by Hspice. A set of power-frequency data of golden FPGA was generated by Matlab as panel data, which was considering the influence. Another two sets of FPGA with and without LHT were generated to test the accuracy of the proposed method. For LHT and golden FPGA, the detection accuracy of proposed method is 99% and 87%, respectively. KEYWORDS detection methods, hardware security, hardware trojans, side-channel analysis INTRODUCTIONWith the increasingly complex design of integrated circuits, the cost of manufacturing is becoming higher, and integrated circuits industry is developing toward global cooperation. Due to the outsourced fabrication, assembly, and testing, the security of integrated circuits is facing a new challenge, which is the emergence of HTs. They are stealthy malicious modifications on the original circuits. 1An HT is composed of trigger and payload circuit. The trigger circuit determines the condition when HT is activated. 2 When HT is activated, payload circuit causes functional tampering, downgrade performance, leakage information, or denial of service problem. 3 Frey and Yu concluded that, as the development of HT design, it will be more difficult to detect them. 4 A wireless bypass hardware Trojan is designed by Jin and Makris for the first time in a digital analog hybrid circuit based on the analog characteristics of the wireless channel, such as amplitude, frequency, and phase.This hardware realized depth concealment. 5 Zhang and Xu proposed a systematic hardware Trojan design and implementation methodology, which makes the HT not only hard to trigger but also easy to evade existing detection techniques based on 'unused circuit identification ' . 6 Existing efforts on HT detection can be divided into destructive and nondestructive methods. The destructive method is mainly based on cutting molding coat to reveal the circuit, using SEM to observe the surfaces while grinding the layers of the chip, comparing the image to origin circuit in order to examine the fingerprint. 7 For the chips with simple structure, the destructive method is more suitable. The cost and time consumption of detection will be huge when the structure of chips is complex. The nondestructive detection methods include functional t...

show abstract

On hardware Trojan design and implementation at register-transfer level

Cited by 38 publications

References 8 publications

VeriTrust: Verification for Hardware Trust

VeriTrust: Verification for Hardware Trust

Advancing the state-of-the-art in hardware Trojans design

A PCA and Mahalanobis distance‐based detection method for logical hardware Trojan

Contact Info

Product

Resources

About