2020
Lyu, Yangdi; Mishra, Prabhat
Automated Trigger Activation by Repeated Maximal Clique Sampling Proceedings Article
In: 2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 482–487, IEEE 2020, ISSN: 2153-697X.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@inproceedings{lyu2020automated2,
title = {Automated Trigger Activation by Repeated Maximal Clique Sampling},
author = {Yangdi Lyu and Prabhat Mishra},
doi = {10.1109/ASP-DAC47756.2020.9045449},
issn = {2153-697X},
year = {2020},
date = {2020-01-01},
booktitle = {2020 25th Asia and South Pacific Design Automation Conference (ASP-DAC)},
pages = {482--487},
organization = {IEEE},
abstract = {Hardware Trojans are serious threat to security and reliability of computing systems. It is hard to detect these malicious implants using traditional validation methods since an adversary is likely to hide them under rare trigger conditions. While existing statistical test generation methods are promising for Trojan detection, they are not suitable for activating extremely rare trigger conditions in stealthy Trojans. To address the fundamental challenge of activating rare triggers, we propose a new test generation paradigm by mapping trigger activation problem to clique cover problem. The basic idea is to utilize a satisfiability solver to construct a test corresponding to each maximal clique. This paper makes two fundamental contributions: 1) it proves that the trigger activation problem can be mapped to clique cover problem, 2) it proposes an efficient test generation algorithm to activate trigger conditions by repeated maximal clique sampling. Experimental results demonstrate that our approach is scalable and it outperforms state-of-the-art approaches by several orders-of-magnitude in detecting stealthy Trojans.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {inproceedings}
}
Hardware Trojans are serious threat to security and reliability of computing systems. It is hard to detect these malicious implants using traditional validation methods since an adversary is likely to hide them under rare trigger conditions. While existing statistical test generation methods are promising for Trojan detection, they are not suitable for activating extremely rare trigger conditions in stealthy Trojans. To address the fundamental challenge of activating rare triggers, we propose a new test generation paradigm by mapping trigger activation problem to clique cover problem. The basic idea is to utilize a satisfiability solver to construct a test corresponding to each maximal clique. This paper makes two fundamental contributions: 1) it proves that the trigger activation problem can be mapped to clique cover problem, 2) it proposes an efficient test generation algorithm to activate trigger conditions by repeated maximal clique sampling. Experimental results demonstrate that our approach is scalable and it outperforms state-of-the-art approaches by several orders-of-magnitude in detecting stealthy Trojans.
Lyu, Yangdi; Mishra, Prabhat
Scalable Activation of Rare Triggers in Hardware Trojans by Repeated Maximal Clique Sampling Journal Article
In: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, pp. 1-1, 2020, ISSN: 1937-4151.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@article{lyu2020scalable,
title = {Scalable Activation of Rare Triggers in Hardware Trojans by Repeated Maximal Clique Sampling},
author = {Yangdi Lyu and Prabhat Mishra},
doi = {10.1109/TCAD.2020.3019984},
issn = {1937-4151},
year = {2020},
date = {2020-01-01},
journal = {IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems},
pages = {1-1},
abstract = {Hardware Trojans are serious threat to security and reliability of computing systems. It is hard to detect these malicious implants using traditional validation methods since an adversary is likely to hide them under rare trigger conditions. While existing statistical test generation methods are promising for Trojan detection, they are not suitable for activating extremely rare trigger conditions in stealthy Trojans. To address the fundamental challenge of activating rare triggers, we propose a new test generation paradigm for Trigger Activation by Repeated Maximal Clique sampling (TARMAC). The basic idea is to utilize a satisfiability modulo theories (SMT) solver to construct a test corresponding to each maximal clique. This paper makes three fundamental contributions: (1) it proves that the trigger activation problem can be mapped to clique cover problem, and the test vectors generated by covering maximal cliques are complete and compact, (2) it proposes efficient test generation algorithms to activate trigger conditions by repeated maximal clique sampling, and (3) it outlines an efficient mechanism to run the clique sampling in parallel to significantly improve the scalability of our test generation framework. Experimental results demonstrate that our proposed approach is scalable and it outperforms state-of-the-art approaches by several orders-of-magnitude in detecting stealthy Trojans.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {article}
}
Hardware Trojans are serious threat to security and reliability of computing systems. It is hard to detect these malicious implants using traditional validation methods since an adversary is likely to hide them under rare trigger conditions. While existing statistical test generation methods are promising for Trojan detection, they are not suitable for activating extremely rare trigger conditions in stealthy Trojans. To address the fundamental challenge of activating rare triggers, we propose a new test generation paradigm for Trigger Activation by Repeated Maximal Clique sampling (TARMAC). The basic idea is to utilize a satisfiability modulo theories (SMT) solver to construct a test corresponding to each maximal clique. This paper makes three fundamental contributions: (1) it proves that the trigger activation problem can be mapped to clique cover problem, and the test vectors generated by covering maximal cliques are complete and compact, (2) it proposes efficient test generation algorithms to activate trigger conditions by repeated maximal clique sampling, and (3) it outlines an efficient mechanism to run the clique sampling in parallel to significantly improve the scalability of our test generation framework. Experimental results demonstrate that our proposed approach is scalable and it outperforms state-of-the-art approaches by several orders-of-magnitude in detecting stealthy Trojans.
Surabhi, Virinchi Roy; Krishnamurthy, Prashanth; Amrouch, Hussam; Basu, Kanad; Henkel, Jörg; Karri, Ramesh; Khorrami, Farshad
Hardware Trojan Detection Using Controlled Circuit Aging Journal Article
In: IEEE Access, vol. 8, pp. 77415–77434, 2020, ISSN: 2169-3536.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@article{surabhi2020hardware,
title = {Hardware Trojan Detection Using Controlled Circuit Aging},
author = {Virinchi Roy Surabhi and Prashanth Krishnamurthy and Hussam Amrouch and Kanad Basu and Jörg Henkel and Ramesh Karri and Farshad Khorrami},
doi = {10.1109/ACCESS.2020.2989735},
issn = {2169-3536},
year = {2020},
date = {2020-01-01},
journal = {IEEE Access},
volume = {8},
pages = {77415--77434},
publisher = {IEEE},
abstract = {This paper reports a novel approach that uses transistor aging in an integrated circuit (IC) to detect hardware Trojans. When a transistor is aged, it results in delays along several paths of the IC. This increase in delay results in timing violations that reveal as timing errors at the output of the IC during its operation. We present experiments using aging-aware standard cell libraries to illustrate the usefulness of the technique in detecting hardware Trojans. Combining IC aging with over-clocking produces a pattern of bit errors at the IC output by the induced timing violations. We use machine learning to learn the bit error distribution at the output of a clean IC. We differentiate the divergence in the pattern of bit errors because of a Trojan in the IC from this baseline distribution. We simulate the golden IC and show robustness to IC-to-IC manufacturing variations. The approach is effective and can detect a Trojan even if we place it far off the critical paths. Results on benchmarks from the Trust-hub show a detection accuracy of ≥ 99%.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {article}
}
This paper reports a novel approach that uses transistor aging in an integrated circuit (IC) to detect hardware Trojans. When a transistor is aged, it results in delays along several paths of the IC. This increase in delay results in timing violations that reveal as timing errors at the output of the IC during its operation. We present experiments using aging-aware standard cell libraries to illustrate the usefulness of the technique in detecting hardware Trojans. Combining IC aging with over-clocking produces a pattern of bit errors at the IC output by the induced timing violations. We use machine learning to learn the bit error distribution at the output of a clean IC. We differentiate the divergence in the pattern of bit errors because of a Trojan in the IC from this baseline distribution. We simulate the golden IC and show robustness to IC-to-IC manufacturing variations. The approach is effective and can detect a Trojan even if we place it far off the critical paths. Results on benchmarks from the Trust-hub show a detection accuracy of ≥ 99%.
2019
Shayan, Mohammed; Basu, Kanad; Karri, Ramesh
Hardware Trojans Inspired IP Watermarks Journal Article
In: IEEE Design & Test, vol. 36, no. 6, pp. 72–79, 2019, ISSN: 2168-2364.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@article{shayan2019hardware,
title = {Hardware Trojans Inspired IP Watermarks},
author = {Mohammed Shayan and Kanad Basu and Ramesh Karri},
doi = {10.1109/MDAT.2019.2929116},
issn = {2168-2364},
year = {2019},
date = {2019-12-01},
journal = {IEEE Design & Test},
volume = {36},
number = {6},
pages = {72--79},
publisher = {IEEE},
abstract = {Hardware watermarking (HW) is supposed to protect the authenticity of HW intellectual properties (IPs) but face the dual challenge of high overhead and ease of removal. HW Trojans are designed to overcome those same challenges for a very different purpose. In this article, the authors propose an ingenious watermarking methodology inspired by HW Trojans for efficiently and effectively protecting the authenticity of HW IPs.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {article}
}
Hardware watermarking (HW) is supposed to protect the authenticity of HW intellectual properties (IPs) but face the dual challenge of high overhead and ease of removal. HW Trojans are designed to overcome those same challenges for a very different purpose. In this article, the authors propose an ingenious watermarking methodology inspired by HW Trojans for efficiently and effectively protecting the authenticity of HW IPs.
Pilato, Christian; Basu, Kanad; Shayan, Mohammed; Regazzoni, Francesco; Karri, Ramesh
High-Level Synthesis of Benevolent Trojans Proceedings Article
In: 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1124–1129, IEEE 2019, ISSN: 1558-1101.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@inproceedings{pilato2019high,
title = {High-Level Synthesis of Benevolent Trojans},
author = {Christian Pilato and Kanad Basu and Mohammed Shayan and Francesco Regazzoni and Ramesh Karri},
doi = {10.23919/DATE.2019.8715199},
issn = {1558-1101},
year = {2019},
date = {2019-03-01},
booktitle = {2019 Design, Automation & Test in Europe Conference & Exhibition (DATE)},
pages = {1124--1129},
organization = {IEEE},
abstract = {High-Level Synthesis (HLS) allows designers to create a register transfer level (RTL) description of a digital circuit starting from its high-level specification (e.g., C/C++/SystemC). HLS reduces engineering effort and design-time errors, allowing the integration of additional features. This study introduces an approach to generate benevolent Hardware Trojans (HT) using HLS. Benevolent HTs are Intellectual Property (IP) watermarks that borrow concepts from well-known malicious HTs to ward off piracy and counterfeiting either during the design flow or in fielded integrated circuits. Benevolent HTs are difficult to detect and remove because they are intertwined with the functional units used to implement the IP. Experimental results testify to the suitability of the approach and the limited overhead.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {inproceedings}
}
High-Level Synthesis (HLS) allows designers to create a register transfer level (RTL) description of a digital circuit starting from its high-level specification (e.g., C/C++/SystemC). HLS reduces engineering effort and design-time errors, allowing the integration of additional features. This study introduces an approach to generate benevolent Hardware Trojans (HT) using HLS. Benevolent HTs are Intellectual Property (IP) watermarks that borrow concepts from well-known malicious HTs to ward off piracy and counterfeiting either during the design flow or in fielded integrated circuits. Benevolent HTs are difficult to detect and remove because they are intertwined with the functional units used to implement the IP. Experimental results testify to the suitability of the approach and the limited overhead.
Govindan, Vidya; Koteshwara, Sandhya; Das, Amitabh; Parhi, Keshab K; Chakraborty, Rajat Subhra
ProTro: A Probabilistic Counter Based Hardware Trojan Attack on FPGA Based MACSec Enabled Ethernet Switch Proceedings Article
In: International Conference on Security, Privacy, and Applied Cryptography Engineering, pp. 159–175, Springer 2019.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@inproceedings{govindan2019protro,
title = {ProTro: A Probabilistic Counter Based Hardware Trojan Attack on FPGA Based MACSec Enabled Ethernet Switch},
author = {Vidya Govindan and Sandhya Koteshwara and Amitabh Das and Keshab K Parhi and Rajat Subhra Chakraborty},
doi = {10.1007/978-3-030-35869-3_12},
year = {2019},
date = {2019-01-01},
booktitle = {International Conference on Security, Privacy, and Applied Cryptography Engineering},
pages = {159--175},
organization = {Springer},
abstract = {Over the past decades, the exponentially high rate of growth in number of connected devices has been accompanied by the discovery of new security loopholes, vulnerabilities and attacks in the network infrastructure. The original ethernet protocol was not designed considering the security aspect of the network architecture. In order to improve the security of the ethernet, many solutions and standards have been proposed. The IEEE 802.1AE Media Access Control Security (MACSec) standard is one of the most recent link layer security protocols which provides encryption and authentication between two network interfaces for secure next-generation deployments. In this paper we present a network packet redirection attack on a MACSec enabled NetFPGA-SUME based ethernet switch, by means of a Hardware Trojan (HT). The HT design is based on a probabilistic counter update mechanism with multiple triggers which eventually affects the way in which a network packet flows through the switch. In particular, an activated HT redirects a packet to an incorrect port, and in turn to a malicious eavesdropper. The proposed HT evades most of the recent hardware trust verification schemes. We present the complete architecture of the proposed MACSec enabled ethernet switch, followed by the design and mode of operation of the HT with promising experimental results.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {inproceedings}
}
Over the past decades, the exponentially high rate of growth in number of connected devices has been accompanied by the discovery of new security loopholes, vulnerabilities and attacks in the network infrastructure. The original ethernet protocol was not designed considering the security aspect of the network architecture. In order to improve the security of the ethernet, many solutions and standards have been proposed. The IEEE 802.1AE Media Access Control Security (MACSec) standard is one of the most recent link layer security protocols which provides encryption and authentication between two network interfaces for secure next-generation deployments. In this paper we present a network packet redirection attack on a MACSec enabled NetFPGA-SUME based ethernet switch, by means of a Hardware Trojan (HT). The HT design is based on a probabilistic counter update mechanism with multiple triggers which eventually affects the way in which a network packet flows through the switch. In particular, an activated HT redirects a packet to an incorrect port, and in turn to a malicious eavesdropper. The proposed HT evades most of the recent hardware trust verification schemes. We present the complete architecture of the proposed MACSec enabled ethernet switch, followed by the design and mode of operation of the HT with promising experimental results.
2018
Hoque, Tamzidul; Cruz, Jonathan; Chakraborty, Prabuddha; Bhunia, Swarup
Hardware IP Trust Validation: Learn (the Untrustworthy), and Verify Proceedings Article
In: International Test Conference (ITC), ITC IEEE, 2018, ISBN: 978-1-5386-8382-8.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@inproceedings{Hoque2018,
title = {Hardware IP Trust Validation: Learn (the Untrustworthy), and Verify},
author = {Tamzidul Hoque and Jonathan Cruz and Prabuddha Chakraborty and Swarup Bhunia},
url = {https://ieeexplore.ieee.org/document/8624727},
doi = {10.1109/TEST.2018.8624727},
isbn = {978-1-5386-8382-8},
year = {2018},
date = {2018-10-26},
booktitle = {International Test Conference (ITC)},
publisher = {IEEE},
organization = {ITC},
abstract = {Increasing reliance on hardware Intellectual Property (IP) cores in modern system-on-chip (SoC) design flow, often obtained from untrusted vendors distributed across the globe, can significantly compromise the security of SoCs. While the design could be verified for a specified functionality using existing tools, it is extremely hard to verify its trustworthiness to guarantee that no hidden, and possibly malicious function exists in the form of a hardware Trojan. Conventional verification processes and tools fail to verify the trust of a third-party IP, primarily due to the lack of trusted reference design or golden models. In this paper, for the first time to our knowledge, we introduce a systematic framework to apply machine learning-based classification for hardware IP trust verification. A supervised classifier could be trained for identifying Trojan nets within a suspect IP, but the detection coverage and accuracy are extremely sensitive to the quality of training set available. Furthermore, reliance on a static training database limits the classifier's ability in detecting new Trojans and facilitates adversarial learning. The proposed framework includes a Trojan insertion tool that dynamically generates a large number of diverse implementations of Trojan classes for creating a robust training set. It is significantly more difficult for an adversary to evade our classifier using known Trojan classes since the tool dynamically samples the entire Trojan population. To further improve the efficiency of the system, we combined three machine learning models into an average probability Voting Ensemble. Our results for two broad classes of Trojan show excellent classification accuracy of 99.69% and 99.88% with F-score of 86.69% and 88.37% for sequential and combinational Trojans, respectively.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {inproceedings}
}
Increasing reliance on hardware Intellectual Property (IP) cores in modern system-on-chip (SoC) design flow, often obtained from untrusted vendors distributed across the globe, can significantly compromise the security of SoCs. While the design could be verified for a specified functionality using existing tools, it is extremely hard to verify its trustworthiness to guarantee that no hidden, and possibly malicious function exists in the form of a hardware Trojan. Conventional verification processes and tools fail to verify the trust of a third-party IP, primarily due to the lack of trusted reference design or golden models. In this paper, for the first time to our knowledge, we introduce a systematic framework to apply machine learning-based classification for hardware IP trust verification. A supervised classifier could be trained for identifying Trojan nets within a suspect IP, but the detection coverage and accuracy are extremely sensitive to the quality of training set available. Furthermore, reliance on a static training database limits the classifier's ability in detecting new Trojans and facilitates adversarial learning. The proposed framework includes a Trojan insertion tool that dynamically generates a large number of diverse implementations of Trojan classes for creating a robust training set. It is significantly more difficult for an adversary to evade our classifier using known Trojan classes since the tool dynamically samples the entire Trojan population. To further improve the efficiency of the system, we combined three machine learning models into an average probability Voting Ensemble. Our results for two broad classes of Trojan show excellent classification accuracy of 99.69% and 99.88% with F-score of 86.69% and 88.37% for sequential and combinational Trojans, respectively.
Ahmed, Alif; Farahmandi, Farimah; Iskander, Yousef; Mishra, Prabhat
Scalable Hardware Trojan Activation by Interleaving Concrete Simulation and Symbolic Execution Proceedings Article
In: 2018 IEEE International Test Conference (ITC), pp. 1–10, IEEE 2018, ISSN: 2378-2250.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@inproceedings{ahmed2018scalable,
title = {Scalable Hardware Trojan Activation by Interleaving Concrete Simulation and Symbolic Execution},
author = {Alif Ahmed and Farimah Farahmandi and Yousef Iskander and Prabhat Mishra},
doi = {10.1109/TEST.2018.8624854},
issn = {2378-2250},
year = {2018},
date = {2018-10-00},
booktitle = {2018 IEEE International Test Conference (ITC)},
pages = {1--10},
organization = {IEEE},
abstract = {Intellectual Property (IP) based System-on-Chip (SoC) design is a widely used practice today. The IPs gathered from third-party vendors may not be trustworthy since they may contain malicious implants (hardware Trojans). To avoid the detection of the Trojan, adversaries usually hide it under rare branches or rare assignments triggered under extremely rare input sequences. Due to exponential input space complexity, state-of-the-art constrained-random test generation methods are not suitable for activating these rare scenarios. While existing model checking based directed test generation approaches are promising, they are not capable of generating tests for large RTL designs due to the capacity restrictions of formal methods. In this paper, we propose an automated and scalable test generation approach for activation of hardware Trojans in RTL designs. This paper makes three important contributions. First, it provides a scalable test generation framework by effective utilization of symbolic execution and concrete simulation. Next, it is a fully automated approach for generating directed tests for activating rare branches and rare assignments. Finally, our experimental results demonstrate that the generated tests are able to activate hard-to-cover Trojans in large and complex RTL benchmarks.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {inproceedings}
}
Intellectual Property (IP) based System-on-Chip (SoC) design is a widely used practice today. The IPs gathered from third-party vendors may not be trustworthy since they may contain malicious implants (hardware Trojans). To avoid the detection of the Trojan, adversaries usually hide it under rare branches or rare assignments triggered under extremely rare input sequences. Due to exponential input space complexity, state-of-the-art constrained-random test generation methods are not suitable for activating these rare scenarios. While existing model checking based directed test generation approaches are promising, they are not capable of generating tests for large RTL designs due to the capacity restrictions of formal methods. In this paper, we propose an automated and scalable test generation approach for activation of hardware Trojans in RTL designs. This paper makes three important contributions. First, it provides a scalable test generation framework by effective utilization of symbolic execution and concrete simulation. Next, it is a fully automated approach for generating directed tests for activating rare branches and rare assignments. Finally, our experimental results demonstrate that the generated tests are able to activate hard-to-cover Trojans in large and complex RTL benchmarks.
Govindan, Vidya; Chakraborty, Rajat Subhra; Santikellur, Pranesh; Chaudhary, Aditya Kumar
A Hardware Trojan Attack on FPGA-Based Cryptographic Key Generation: Impact and Detection Journal Article
In: Journal of Hardware and Systems Security, vol. 2, no. 3, pp. 225–239, 2018.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@article{govindan2018hardware,
title = {A Hardware Trojan Attack on FPGA-Based Cryptographic Key Generation: Impact and Detection},
author = {Vidya Govindan and Rajat Subhra Chakraborty and Pranesh Santikellur and Aditya Kumar Chaudhary},
doi = {10.1007/s41635-018-0042-5},
year = {2018},
date = {2018-01-01},
journal = {Journal of Hardware and Systems Security},
volume = {2},
number = {3},
pages = {225--239},
publisher = {Springer},
abstract = {True Random Number Generator (TRNG) circuits are important components of cryptographic systems. Lack of statistical randomness in the generated bitstreams from a TRNG can result in compromised keys, leading to serious security breaches. In this paper, we describe a Hardware Trojan Horse (HTH)-based attack on the TRNG of an FPGA-based cryptosystem, that results in reduced entropy and increased predictability of the generated keys. The proposed HTH does not cause any functional failure in the cryptosystem, and its impact is undetectable by analysis of the compromised bitstream using standard statistical randomness testing software suites (NIST, two enhanced versions of NIST Dieharder, and LIL-tests), and by a circuit-level HTH detection technique using Transition Effect Ring Oscillator (TERO). Finally, we show that the impact of the HTH can be detected by applying Wavelet Transform on the compromised bitstream.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {article}
}
True Random Number Generator (TRNG) circuits are important components of cryptographic systems. Lack of statistical randomness in the generated bitstreams from a TRNG can result in compromised keys, leading to serious security breaches. In this paper, we describe a Hardware Trojan Horse (HTH)-based attack on the TRNG of an FPGA-based cryptosystem, that results in reduced entropy and increased predictability of the generated keys. The proposed HTH does not cause any functional failure in the cryptosystem, and its impact is undetectable by analysis of the compromised bitstream using standard statistical randomness testing software suites (NIST, two enhanced versions of NIST Dieharder, and LIL-tests), and by a circuit-level HTH detection technique using Transition Effect Ring Oscillator (TERO). Finally, we show that the impact of the HTH can be detected by applying Wavelet Transform on the compromised bitstream.
2017
Bagadia, Krishna; Chatterjee, Urbi; Roy, Debapriya Basu; Mukhopadhyay, Debdeep; Chakraborty, Rajat Subhra
Exploiting Safe Error based Leakage of RFID Authentication Protocol using Hardware Trojan Horse Proceedings Article
In: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 167-167, 2017.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@inproceedings{bagadia2017exploiting,
title = {Exploiting Safe Error based Leakage of RFID Authentication Protocol using Hardware Trojan Horse},
author = {Krishna Bagadia and Urbi Chatterjee and Debapriya Basu Roy and Debdeep Mukhopadhyay and Rajat Subhra Chakraborty},
doi = {10.1109/HST.2017.7951831},
year = {2017},
date = {2017-05-01},
booktitle = {2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)},
pages = {167-167},
abstract = {Radio-Frequency Identification tags are used for several applications requiring authentication mechanisms, which if subverted can lead to dire consequences. Many of these devices are based on low-cost Integrated Circuits which are designed in off-shore fabrication facilities, raising concerns about their trust. Recently, a lightweight entity authentication protocol called LCMQ was proposed, which is based on Learning Parity with Noise, Circulant Matrix, and Multivariate Quadratic problems. This protocol was proven to be secure against Man-in-the-middle attack and cipher-text only attacks. In this paper, we show that in the standard setting, although the authentication uses two m bit keys, K1 and K2, knowledge of only K2 is sufficient to forge the authentication. Based on this observation, we design a stealthy malicious modification to the circuitry based on the idea of Safe-Errors to leak K2 which can be henceforth used to forge the entire authentication mechanism. We develop an extremely lightweight Field Programmable Gate Array prototype of the design. The malicious modification is implemented using only four Lookup Tables which leads to insignificant increase in the power, time and slice registers overhead.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {inproceedings}
}
Radio-Frequency Identification tags are used for several applications requiring authentication mechanisms, which if subverted can lead to dire consequences. Many of these devices are based on low-cost Integrated Circuits which are designed in off-shore fabrication facilities, raising concerns about their trust. Recently, a lightweight entity authentication protocol called LCMQ was proposed, which is based on Learning Parity with Noise, Circulant Matrix, and Multivariate Quadratic problems. This protocol was proven to be secure against Man-in-the-middle attack and cipher-text only attacks. In this paper, we show that in the standard setting, although the authentication uses two m bit keys, K1 and K2, knowledge of only K2 is sufficient to forge the authentication. Based on this observation, we design a stealthy malicious modification to the circuitry based on the idea of Safe-Errors to leak K2 which can be henceforth used to forge the entire authentication mechanism. We develop an extremely lightweight Field Programmable Gate Array prototype of the design. The malicious modification is implemented using only four Lookup Tables which leads to insignificant increase in the power, time and slice registers overhead.
2016
Chen, Zhang; Zhou, Pingqiang; Ho, Tsung-Yi; Jin, Yier
How secure is split manufacturing in preventing hardware trojan? Proceedings Article
In: 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST), pp. 1-6, 2016.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@inproceedings{7835561,
title = {How secure is split manufacturing in preventing hardware trojan?},
author = {Zhang Chen and Pingqiang Zhou and Tsung-Yi Ho and Yier Jin},
url = {https://ieeexplore.ieee.org/document/7835561},
doi = {10.1109/AsianHOST.2016.7835561},
year = {2016},
date = {2016-12-01},
booktitle = {2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST)},
pages = {1-6},
abstract = {With the trend of outsourcing fabrication, split manufacturing is regarded as a promising way to both provide the high-end nodes in untrusted external foundries and protect the design from potential attackers. However, in this work, we show that split manufacturing is not inherently secure. A hardware trojan attacker can still discover necessary information with a simulated annealing based attack approach at the placement level. We further propose a defense approach by moving the insecure gates away from their easily-attacked candidate locations. Experimental results on benchmark circuits show the effectiveness of our proposed methods.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {inproceedings}
}
With the trend of outsourcing fabrication, split manufacturing is regarded as a promising way to both provide the high-end nodes in untrusted external foundries and protect the design from potential attackers. However, in this work, we show that split manufacturing is not inherently secure. A hardware trojan attacker can still discover necessary information with a simulated annealing based attack approach at the placement level. We further propose a defense approach by moving the insecure gates away from their easily-attacked candidate locations. Experimental results on benchmark circuits show the effectiveness of our proposed methods.
2014
Bhunia, Swarup; Hsiao, Michael S.; Banga, Mainak; Narasimhan, Seetharam
Hardware Trojan Attacks: Threat Analysis and Countermeasures Journal Article
In: Proceedings of the IEEE, vol. 102, no. 8, pp. 1229-1247, 2014, ISSN: 1558-2256.
Abstract | Links | BibTeX | Tags: Hardware Trojans
@article{6856140,
title = {Hardware Trojan Attacks: Threat Analysis and Countermeasures},
author = {Swarup Bhunia and Michael S. Hsiao and Mainak Banga and Seetharam Narasimhan},
url = {https://ieeexplore.ieee.org/document/6856140},
doi = {10.1109/JPROC.2014.2334493},
issn = {1558-2256},
year = {2014},
date = {2014-08-01},
journal = {Proceedings of the IEEE},
volume = {102},
number = {8},
pages = {1229-1247},
abstract = {Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.},
keywords = {Hardware Trojans},
pubstate = {published},
tppubtype = {article}
}
Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.