Mainak Banga

A region based approach for the identification of hardware Trojans

Outsourcing of SoC fabrication units has created the potential threat of design tampering using hardware Trojans. Methods based on side-channel analysis exist to differentiate such maligned ICs from the genuine ones but process variation in the foundries limit the effectiveness of such approaches. In this work, we propose a circuit partition based approach to detect and locate the embedded Trojan. Results show that our approach is effective in separating out candidate Trojans in the circuit. In addition, we provide a power profile based method for refining the candidate regions that may contain a Trojan. In many cases, such an isolation method leads to noticeable manifestation of the anomalous behavior of the circuit due to the presence of the Trojan thereby enhancing chances of their detection.

Hardware Trojan Attacks: Threat Analysis and Countermeasures

Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.

A Novel Sustained Vector Technique for the Detection of Hardware Trojans

Intentional tampering in the internal circuit structure by implanting Trojans can result in disastrous operational consequences. While a faulty manufacturing leads to a nonfunctional device, effect of an external implant can be far more detrimental. Therefore, effective detection and diagnosis of such maligned ICs in the post silicon testing phase is imperative, if the parts are intended to be used in mission critical applications. We propose a novel sustained vector methodology that proves to be very effective in detecting the presence of a Trojan in an IC. Each vector is repeated multiple times at the input of both the genuine and the Trojan circuits that ensures the reduction of extraneous toggles within the genuine circuit. Regions showing wide variations in the power behavior are analyzed to isolate the infected gate(s). Experimental results on ISCAS benchmark circuits show that this approach can magnify the behavioral difference between a genuine and infected IC up to thirty times as compared to the previous approaches.

Guided test generation for isolation and detection of embedded trojans in ics

Testing the genuineness of a manufactured chip is an important step in an IC product life cycle. This becomes more prominent with the outsourcing of the manufacturing process, since the manufacturer may tamper the internal circuit behavior using Trojan circuits in the original design. Traditional testing methods cannot detect these stealthy Trojans because the triggering scenario, which activates it, is unknown. Recently, approaches based on side-channel analysis have shown promising results in detecting Trojans. In this paper, we propose a novel test generation technique that aims at magnifying the disparity between side-channel signal waveforms of tampered and genuine circuits to indicate the possibility of internal tampering. Experimental results indicate that our approach could magnify the likelihood of Trojans 4 to 20 times more than existing side-channel analysis based approaches.

Kiss the Scan Goodbye: A Non-scan Architecture for High Coverage, Low Test Data Volume and Low Test Application Time

Scan-based DFT is the de-facto industrial practice for testing integrated circuits (ICs). Variations in the scan architecture to improve test metrics have been the primary focus in recent years. In this paper, we propose a new nonscan DFT in which a subset of the circuit flip-flops are made directly loadable from the primary inputs and another subset of flip-flops are made observable at the output via a state compactor. In this architecture, multiple flip-flops may share the same primary input in the loading mode. A load-enable pin is added to distinguish the direct-loading mode from the functional mode. With a modest area overhead, this architecture offers several attractive features, including (1) at-speed testing, which eliminates the need for scan-shifting and would thus capture delay-related defects, (2) low test data volume and test application time, as we no longer need to store all the scan and response data, (3) high coverages, since the low-testability flipflops are made to be loadable and/or observable, and (4) low test power. Experimental results on large ISCAS’89 circuits validate the aforementioned metrics with 10× to 100× reduction in test application time with respect to Illinois Scan.

Hardware IP Trust

The chapter focuses on the trust issues in hardware intellectual property (IP) blocks – specially the scope of Trojan insertion in modern IPs, types of IP-level Trojan, and challenges in detecting them. The chapter starts with a discussion on the political and socioeconomic factors that made such a possibility, a reality. It also contains a brief history of the early developments in Trojan research done by DARPA in 2000s. A detailed taxonomy of Trojans and their operational behavior is presented to illustrate the wide range of possibilities associated with the deployment and action of a Trojan. A general discussion on detection techniques follows. Toward the latter half of the chapter two detection techniques specifically aimed for detecting Trojans at the IP level are discussed in detail. One of them is a “prevention technique,” while the other is a “detection technique.”