Mohammad Tehranipoor

A Survey of Hardware Trojan Taxonomy and Detection

Editors note:Todays integrated circuits are vulnerable to hardware Trojans, which are malicious alterations to the circuit, either during design or fabrication. This article presents a classification of hardware Trojans and a survey of published techniques for Trojan detection.

Trustworthy Hardware: Identifying and Classifying Hardware Trojans

For reasons of economy, critical systems will inevitably depend on electronics made in untrusted factories. A proposed new hardware Trojan taxonomy provides a first step in better understanding existing and potential threats.

Detecting malicious inclusions in secure hardware: Challenges and solutions

This paper addresses a new threat to the security of integrated circuits (ICs) used in safety critical, security and military systems. The migration of IC fabrication to low-cost foundries has made ICs vulnerable to malicious alterations, that could, under specific conditions, result in functional changes and/or catastrophic failure of the system in which they are embedded. We refer to such malicious alternations and inclusions as Hardware Trojans. The modification(s) introduced by the Trojan depends on the application, with some designed to disable the system or degrade signal integrity, while others are designed to defeat hardware security and encryption to leak plain text information. This paper explores the wide range of malicious alternations of ICs that are possible and proposes a general framework for their classification. The taxonomy is essential for properly evaluating the effectiveness of methods designed to detect Trojans. The latter portion of the paper explores several Trojan detection strategies and the classes of Trojans each is most likely to detect.

A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time

Fabless semiconductor industry and government agencies have raised serious concerns about tampering with inserting hardware Trojans in an integrated circuit supply chain in recent years. Most of the recently proposed Trojan detection methods are based on Trojan activation to observe either a faulty output or measurable abnormality on side-channel signals. Time to activate a hardware Trojan circuit is a major concern from the authentication standpoint. This paper analyzes time to generate a transition in functional Trojans. Transition is modeled by geometric distribution and the number of clock cycles required to generate a transition is estimated. Furthermore, a dummy scan flip-flop insertion procedure is proposed aiming at decreasing transition generation time. The procedure increases transition probabilities of nets beyond a specific threshold. The relation between circuit topology, authentication time, and the threshold is carefully studied. The simulation results on s38417 benchmark circuit demonstrate that, with a negligible area overhead, our proposed method can significantly increase Trojan activity and reduce Trojan activation time.

Hardware Trojan Detection and Isolation Using Current Integration and Localized Current Analysis

This paper addresses a new threat to the security of integrated circuits (ICs). The migration of IC fabrication to untrusted foundries has made ICs vulnerable to malicious alterations, that could, under specific conditions, result infunctional changes and/or catastrophic failure of the system in which they are embedded. Such malicious alternations and inclusions are referred to as Hardware Trojans. In this paper, we propose a current integration methodology to observe Trojan activity in the circuit and a localized current analysis approach to isolate the Trojan. Our simulation results considering process variations show that with a very small number of clock cycles the method can detect hardware Trojans as small as few gates without fully activating them. However, for very small Trojan circuits with less than few gates, process variations could negatively impact the detection and isolation process.

Introduction to Hardware Security and Trust

This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade. Coverage includes security and trust issues in all types of electronic devices and systems such as ASICs, COTS, FPGAs, microprocessors/DSPs, and embedded systems. This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of, and trust in, modern societys microelectronic-supported infrastructures.

Power supply signal calibration techniques for improving detection resolution to hardware Trojans

Chip design and fabrication is becoming increasingly vulnerable to malicious activities and alternations with globalization. An adversary can introduce a Trojan designed to disable and/or destroy a system at some future time (Time Bomb) or the Trojan may serve to leak confidential information covertly to the adversary. This paper proposes a taxonomy for Trojan classification and then describes a statistical approach for detecting hardware Trojans that is based on the analysis of an ICs power supply transient signals. A key component to improving the resolution of power analysis techniques to Trojans is calibrating for process and test environment (PE) variations. The main focus of this research is on the evaluation of four signal calibration techniques, each designed to reduce the adverse impact of PE variations on our statistical Trojan detection method.

Sensitivity analysis to hardware Trojans using power supply transient signals

Trust in reference to integrated circuits addresses the concern that the design and/or fabrication of the IC may be purposely altered by an adversary. The insertion of a hardware Trojan involves a deliberate and malicious change to an IC that adds or removes functionality or reduces its reliability. Trojans are designed to disable and/or destroy the IC at some future time or they may serve to leak confidential information covertly to the adversary. Trojans are cleverly hidden by the adversary to make it extremely difficult for chip validation processes, such as manufacturing test, to accidentally discover them. This paper investigates a power supply transient signal analysis method for detecting Trojans that is based on the analysis of multiple power port signals. In particular, we focus on determining the smallest detectable Trojan in a set of process simulation models that characterize a TSMC 0.18 um process.

Case study: Detecting hardware Trojans in third-party digital IP cores

The intellectual property (IP) blocks are designed by hundreds of IP vendors distributed across the world. Such IPs cannot be assumed trusted as hardware Trojans can be maliciously inserted into them and could be used in military, financial and other critical applications. It is extremely difficult to detect Trojans in third-party IPs (3PIPs) simply with conventional verification methods as well as methods developed for detecting Trojans in fabricated ICs. This paper first discusses the difficulties to detect Trojans in 3PIPs. Then a complementary flow is presented to verify the presence of Trojans in 3PIPs by identifying suspicious signals (SS) with formal verification, coverage analysis, removing redundant circuit, sequential automatic test pattern generation (ATPG), and equivalence theorems. Experimental results, shown in the paper for detecting many Trojans inserted into RS232 circuit, demonstrate the efficiency of the flow.

New design strategy for improving hardware Trojan detection and reducing Trojan activation time

Hardware Trojans in integrated circuits and systems have become serious concern to fabless semiconductor industry and government agencies in recent years. Most of the previously proposed Trojan detection methods rely on Trojan activation to either observe a faulty output or measure side-channel signals such as transient current or charge. From the authentication stand point, time to trigger a hardware Trojan circuit is a a major concern. This paper analyzes time to (i) generate a transition in functional Trojans and (ii) fully activate them. An efficient dummy flip-flop insertion procedure is proposed to increase Trojan activity. Depending on authentication time and circuit topology, a transition probability threshold is selected so that inserted dummy flip-flops would moderately impact area overhead. The simulation results on s38417 benchmark circuit demonstrate that, with a negligible area overhead, our proposed method can significantly increase Trojan activity and reduce Trojan activation time.