Using outliers to detect stealthy hardware trojan triggering?

Abstract: Hardware Trojans (HTs) are malicious alterations to a circuit introduced at design or manufacturing phases by an adversary. Due to their diversity, detecting and/or locating them are challenging tasks. Among the different kinds of detection methods, methods based on logic testing aim to reveal the presence of HTs thanks to their logical activation and observation through primary outputs. However, HTs are stealthy in nature, i.e. mostly inactive unless triggered by a very rare condition. Furthermore, test patte… Show more

“…As a result, non-destructive methods are needed to provide post-fabrication tests on all the production before deployment in the field. Related approaches are classified into sidechannel analysis [14][15][16][17][18][19], logic testing [20][21][22][23][24][25][26][27] and visual inspection [28] (not present in Fig. 2).…”

“…Logic-testing methods are therefore dedicated to HTs that change the functionality of an IC. It is generally agreed that, in order to evade detection during manufacturing test, an attacker creates a HT that is dormant until a stealthy condition triggers it [20][21][22][23][24][25][26][27]. The goal of detections methods is then to be able to activate potential HTs within a reasonable test time, i.e.…”

“…3: the stealthy triggering condition is a rare value created by a set of internal signals' logic values. In [20][21][22][23][24], a common assumption is to create this rare value using signals with low '0' or '1' controllability as trigger input signals. The controllability indeed reflects the difficulty of setting a signal to a particular value from primary inputs.…”

“…Low controllable signals are searched in [22] thanks to the statistical behavioral correlation between signals i.e. the relationship between signals' behaviors during a simulation.…”

“…signals that are pushed with high-reachability distances to the border of the clusters because they have a weak statistical correlation with the rest of the circuit. Experiments in [22] show that outliers are also found in HT-free circuits and that these "false positives" are low controllable signals.…”

Protection Against Hardware Trojans With Logic Testing: Proposed Solutions and Challenges Ahead

“…As a result, non-destructive methods are needed to provide post-fabrication tests on all the production before deployment in the field. Related approaches are classified into sidechannel analysis [14][15][16][17][18][19], logic testing [20][21][22][23][24][25][26][27] and visual inspection [28] (not present in Fig. 2).…”

“…Logic-testing methods are therefore dedicated to HTs that change the functionality of an IC. It is generally agreed that, in order to evade detection during manufacturing test, an attacker creates a HT that is dormant until a stealthy condition triggers it [20][21][22][23][24][25][26][27]. The goal of detections methods is then to be able to activate potential HTs within a reasonable test time, i.e.…”

“…3: the stealthy triggering condition is a rare value created by a set of internal signals' logic values. In [20][21][22][23][24], a common assumption is to create this rare value using signals with low '0' or '1' controllability as trigger input signals. The controllability indeed reflects the difficulty of setting a signal to a particular value from primary inputs.…”

“…Low controllable signals are searched in [22] thanks to the statistical behavioral correlation between signals i.e. the relationship between signals' behaviors during a simulation.…”

“…signals that are pushed with high-reachability distances to the border of the clusters because they have a weak statistical correlation with the rest of the circuit. Experiments in [22] show that outliers are also found in HT-free circuits and that these "false positives" are low controllable signals.…”

Protection Against Hardware Trojans With Logic Testing: Proposed Solutions and Challenges Ahead

A Novel Golden Models-Free Hardware Trojan Detection Technique Using Unsupervised Clustering Analysis

Hardware Trojan Detection Using an Advised Genetic Algorithm Based Logic Testing