Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically

Hicks, Matthew; Finnicum, Murph; King, Samuel T.; Martin, Milo M. K.; Smith, Jonathan M.

doi:10.1109/sp.2010.18

Cited by 259 publications

(213 citation statements)

References 17 publications

(14 reference statements)

Supporting

Mentioning

206

Contrasting

Unclassified

Order By: Relevance

“…Finally, our technique is complementary to other recent work on malicious trojan circuit detection (e.g., [6], [13]). We do not seek to find trojans directly, instead focusing on providing visibility in terms of high-level structures to an unstructured netlist.…”

Section: Related Workmentioning

confidence: 85%

“…6 In addition, it used 176 instead of 182 latches. In this case, WordRev found 50 words, 4 less than the number of words found in "TR Router".…”

Section: B Cmp Routermentioning

confidence: 99%

“…Hardware Trojan is a malicious modification of the circuity of an integrated circuit (IC) that aims to compromise the integrity, security and reliability of the IC. A hardware trojan can provide a foothold for software based attacks, where the attacks are orchestrated by colluding sofware [6]. It can also act as a portal for leaking sensitive information [9], or simply subvert the operation of the system under special conditions (e.g.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

WordRev: Finding word-level structures in a sea of bit-level gates

Gascón

Subramanyan

et al. 2013

2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)

View full text Add to dashboard Cite

Abstract-Systems are increasingly being constructed from offthe-shelf components acquired through a globally distributed and untrusted supply chain. Often only post-synthesis gate-level netlists or actual silicons are available for security inspection. This makes reasoning about hardware trojans particularly challenging given the enormous scale of the problem. Currently, there is no mature methodology that can provide visibility into a bitlevel design in terms of high-level components to allow more comprehensive analysis. In this paper, we present a systemic way of automatically deriving word-level structures from the gatelevel netlist of a digital circuit. Our framework also provides the possibility for a user to specify sequences of word-level operations and it can extract the collection of gates corresponding to those operations. We demonstrate the effectiveness of our approach on a system-on-a-chip (SoC) design consisting of approximately 400,000 IBM 12SOI cells and several open-source designs.

show abstract

Section: Related Workmentioning

confidence: 85%

“…6 In addition, it used 176 instead of 182 latches. In this case, WordRev found 50 words, 4 less than the number of words found in "TR Router".…”

Section: B Cmp Routermentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

WordRev: Finding word-level structures in a sea of bit-level gates

Gascón

Subramanyan

et al. 2013

2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)

View full text Add to dashboard Cite

show abstract

“…We do not address the problem of untrusted manufacturing and IC piracy, where the designer is trusted, which can be tackled by techniques such as EPIC [19]. Our technique is complementary to other recent work on malicious trojan circuit detection (e.g., [12,21]). We do not seek to find trojans, instead focusing on detecting if a subcircuit exhibits correct behavior which is captured by a set of logical specifications; if our approach deems a sub-circuit to match an abstract component, it is guaranteed to do so due to the use of formal verification.…”

Section: Related Workmentioning

confidence: 99%

Reverse engineering circuits using behavioral pattern mining

Wasson

Seshia

2012

2012 IEEE International Symposium on Hardware-Oriented Security and Trust

View full text Add to dashboard Cite

Systems are increasingly being constructed from off-the-shelf components acquired through a globally distributed, untrusted supply chain. The lack of trust in these components necessitates additional validation of the components before use. Additionally, hardware trojans are becoming a pressing concern. In this paper, we present a novel formalism and method to systematically derive the highlevel function of an unknown circuit component given its gate-level netlist. We define the high-level description of a circuit as an interconnection of instantiations of abstract library components characterized using logical specifications. The proposed approach is based on mining interesting behavioral patterns from the simulation traces of a gate-level netlist, and representing them as a pattern graph. A similar pattern graph is also generated for library components. Our method first computes input-output signal correspondences via subgraph isomorphism on the pattern graphs. The general function of the unknown circuit is then determined by finding the closest match in the component library, by model checking the unknown circuit against each logical specification. We demonstrate the effectiveness of our approach on publicly-available circuits.

show abstract

“…Furthermore, wireless security imposes a technically challenging set of objectives and requirements. For example, side channel and fault induction security attacks [18] [19][24] [32][41] [45] are much more likely on cell phones and, in particular, on sensor nodes that may be deployed in unprotected or even hostile environments. Also, operational conditions and numerous design constraints such as low energy, low power, and low cost impose difficulties on security requirements.…”

Section: Motivationmentioning

confidence: 99%

Wireless security techniques for coordinated manufacturing and on-line hardware trojan detection

Wei

Potkonjak

2012

Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks

View full text Add to dashboard Cite

This paper addresses the hardware Trojan (HT) attacks that impose severe threats to the security and integrity of wireless networks and systems. We first develop HT attack models by embedding a single HT gate in the target design that triggers advanced malicious attacks. We place the one-gate HT trigger in such a way that it exhibits rare switching activities, consumes ultra-low leakage power, and hides from delay characterizations. Therefore, the HT attack models are capable of bypassing the widely used side channel-based HT detection schemes. Furthermore, based on the HT attack models, we investigate the potential on-line threat models during the system operation and develop an in-field trusted HT detection approach using physical unclonable functions (PUFs). We evaluate the effectiveness of the HT attack and defense models on a set of ISCAS'85, ISCAS'89, and ITC'99 benchmarks.

show abstract

Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically

Cited by 259 publications

References 17 publications

WordRev: Finding word-level structures in a sea of bit-level gates

WordRev: Finding word-level structures in a sea of bit-level gates

Reverse engineering circuits using behavioral pattern mining

Wireless security techniques for coordinated manufacturing and on-line hardware trojan detection

Contact Info

Product

Resources

About