Synthetic Trojan Inserted FPGA Benchmarks

Stage: FPGA

Summary

Over 1300 Trojan inserted variants across 8 different host designs generated using TRIT-DS. Designs are in the form of pre-place-and-route FPGA netlists mapped to Xilinx 7 Series.

Contact

Jonathan Cruz

Trojan benchmarks are available at the following links:

Xilinx 7 Series

Functional Denial of Service (DoS) (1320)

Additional Malicious LUT

Trojans realized by adding additional LUTs to the host benchmark. Available are 3-, 4-, 5-trigger Trojans as well as timing-aware variants which do not impact the critical delay.

Non-timing

Timing-Aware

FPGA Dark Silicon

Trojans realized by reusing under-utilized FPGA primitives for zero utilization impact. Available are 3-, 4-, 5-trigger Trojans as well as timing-aware variants which also do not impact the critical delay.

Non-timing

Timing-Aware

Frequently Asked Questions

Q: What host benchmarks do you use?

A: Currently, we have Trojan inserted variants for MIT-CEP and ISCAS 89 designs.

With Xilinx 7 Series, we use the following:

des3, FIR-filter, gps, IIR-filter, md5, sha256, s38417, s38584

The original benchmarks without Trojans are provided within each .zip

Q: What standard cell libraries do you use and how do I get a hold of them?

A: We currently use the Xilinx unisim library from Vivado 2021.2 with some modifications for CAD tool compatibility. The library used is provided for all Xilinx FPGA Trojan inserted benchmarks.

Q: What types of Trojans are available?

A: We currently have 1 main type of Trojan effect(s): Denial of Service (DoS). DoS Trojans will flip an internal bit upon activation. We also have FPGA-specific Trojans which reuse under-utilized space (FPGA dark silicon) in FPGA primitives for effectively zero footprint Trojans.

Q: What information is provided for each Trojan?

A: Each Trojan-inserted benchmark has a log file which contains information on what signals are used for the trigger condition and their activation values, what payload signals are leaked or perturbed, and the structure of the Trojan.

Q: How are the Trojans verified?

A: All Trojan triggers are verified via Synopsys TetraMAX using full-scan assumption or Cadence JasperGold with non-scan assumption. Trojans in sequential designs verified with JasperGold are guaranteed to be triggerable via the primary inputs. More information can be found in the paper referenced below.

Q: Is the Trojan Insertion Tool Dark Silicon (TRIT-DS) publicly available?

A: Unfortunately, due to various IP related issues we cannot release the tool. Despite these hurdles, we plan to continually update this page with more Trojan-inserted benchmarks across diverse designs.

References

Cruz, Jonathan; Posada, Christopher; Masna, Naren Vikram Raj; Chakraborty, Prabuddha; Gaikwad, Pravin; Bhunia, Swarup

A Framework for Automated Exploration of Trojan Attack Space in FPGA Netlists Miscellaneous

2022.

Links | BibTeX