Yier Jin

Hardware Trojan detection using path delay fingerprint

Trusted IC design is a recently emerged topic since fabrication factories are moving worldwide in order to reduce cost. In order to get a low-cost but effective hardware trojan detection method to complement traditional testing methods, a new behavior-oriented category method is proposed to divide trojans into two categories: explicit payload trojan and implicit payload trojan. This categorization method makes it possible to construct trojan models and then lower the cost of testing. Path delays of nominal chips are collected to construct a series of fingerprints, each one representing one aspect of the total characteristics of a genuine design. Chips are validated by comparing their delay parameters to the fingerprints. The comparison of path delays makes small trojan circuits significant from a delay point of view. The experimentpsilas results show that the detection rate on explicit payload trojans is 100%, while this method should be developed further if used to detect implicit payload trojans.

Experiences in Hardware Trojan design and implementation

We report our experiences in designing and implementing several hardware Trojans within the framework of the Embedded System Challenge competition that was held as part of the Cyber Security Awareness Week (CSAW) at the Polytechnic Institute of New York University in October 2008. Due to the globalization of the Integrated Circuit (IC) manufacturing industry, hardware Trojans constitute an increasingly probable threat to both commercial and military applications. With traditional testing methods falling short in the quest of finding hardware Trojans, several specialized detection methods have surfaced. To facilitate research in this area, a better understanding of what Hardware Trojans would look like and what impact they would incur to an IC is required. To this end, we present eight distinct attack techniques employing Register Transfer Level (RTL) hardware Trojans to compromise the security of an Alpha encryption module implemented on a Digilent BASYS Spartan-3 FPGA board. Our work, which earned second place in the aforementioned competition, demonstrates that current RTL designs are, indeed, quite vulnerable to hardware Trojan attacks.

Proof-Carrying Hardware Intellectual Property: A Pathway to Trusted Module Acquisition

We present a novel framework for facilitating the acquisition of provably trustworthy hardware intellectual property (IP). The proposed framework draws upon research in the field of proof-carrying code (PCC) to allow for formal yet computationally straightforward validation of security-related properties by the IP consumer. These security-related properties, agreed upon a priori by the IP vendor and consumer and codified in a temporal logic, outline the boundaries of trusted operation, without necessarily specifying the exact IP functionality. A formal proof of these properties is then crafted by the vendor and presented to the consumer alongside the hardware IP. The consumer, in turn, can easily and automatically check the correctness of the proof and, thereby, validate compliance of the hardware IP with the agreed-upon properties. We implement the proposed framework using a synthesizable subset of Verilog and a series of pertinent definitions in the Coq theorem-proving language. Finally, we demonstrate the application of this framework on a simple IP acquisition scenario, including specification of security-related properties, Verilog code for two alter- native circuit implementations, as well as proofs of their security compliance.

Hardware Trojans in Wireless Cryptographic ICs

The article studies the problem of hardware Trojans in wireless cryptographic ICs. The objective is to design Trojans to leak secret information through the wireless channel. The authors investigate challenges related to detection for such Trojans and propose using statistical analysis of the side-channel signals to help detect them.

HAFIX: hardware-assisted flow integrity extension

Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity Extension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementation and evaluation of HAFIX for the Intel® Siskiyou Peak and SPARC embedded system architectures, and demonstrates its security and efficiency in code-reuse protection while incurring only 2% performance overhead.

Privacy and Security in Internet of Things and Wearable Devices

Enter the nascent era of Internet of Things (IoT) and wearable devices, where small embedded devices loaded with sensors collect information from its surroundings, process it, and relay it to remote locations for further analysis. Albeit looking harmless, these nascent technologies raise security and privacy concerns. We pose the question of the possibility and effects of compromising such devices. Concentrating on the design flow of IoT and wearable devices, we discuss some common design practices and their implications on security and privacy. Two representatives from each category, the Google Nest Thermostat and the Nike+ Fuelband, are selected as examples on how current industry practices of security as an afterthought or an add-on affect the resulting device and the potential consequences to the users security and privacy. We then discuss design flow enhancements, through which security mechanisms can efficiently be added into a device, vastly differing from traditional practices.

Hardware Trojans: Lessons Learned after One Decade of Research

Given the increasing complexity of modern electronics and the cost of fabrication, entities from around the globe have become more heavily involved in all phases of the electronics supply chain. In this environment, hardware Trojans (i.e., malicious modifications or inclusions made by untrusted third parties) pose major security concerns, especially for those integrated circuits (ICs) and systems used in critical applications and cyber infrastructure. While hardware Trojans have been explored significantly in academia over the last decade, there remains room for improvement. In this article, we examine the research on hardware Trojans from the last decade and attempt to capture the lessons learned. A comprehensive adversarial model taxonomy is introduced and used to examine the current state of the art. Then the past countermeasures and publication trends are categorized based on the adversarial model and topic. Through this analysis, we identify what has been covered and the important problems that are underinvestigated. We also identify the most critical lessons for those new to the field and suggest a roadmap for future hardware Trojan research.

Proof carrying-based information flow tracking for data secrecy protection and hardware trust

We discuss a new approach for protecting the secrecy of internal information in an Integrated Circuit (IC) from malicious hardware Trojan threats and, thereby, enhancing hardware trust. The proposed approach is based on Register Transfer Level (RTL) code certification within a formal logic environment. The key novelty lies in the introduction of a new semantic model for the Verilog Hardware Description Language (HDL) in the Coq theorem-proving platform, which facilitates tracking and proving secrecy labels of internal sensitive data and, by extension, security properties of the design. Additional framework enhancements include the ability to encapsulate sub-module properties in the top module proof environment, thereby strengthening the ability of Coq representation to reason on hierarchically organized RTL code. We demonstrate the proposed framework on a DES encryption core, wherein we employ it to prevent secret information (e.g. round keys) leaking by hardware Trojans inserted at the RTL description of the circuit.

Hardware Trojans in wireless cryptographic ICs: silicon demonstration & detection method evaluation

We present a silicon implementation of a hardware Trojan, which is capable of leaking the secret key of a wireless cryptographic integrated circuit (IC) consisting of an Advanced Encryption Standard (AES) core and an Ultra-Wide-Band (UWB) transmitter. With its impact carefully hidden in the transmission specification margins allowed for process variations, this hardware Trojan cannot be detected by production testing methods of either the digital or the analog part of the IC and does not violate the transmission protocol or any system-level specifications. Nevertheless, the informed adversary, who knows what to look for in the transmission power waveform, is capable of retrieving the 128-bit AES key, which is leaked with every 128-bit ciphertext block sent by the UWB transmitter. Using silicon measurements from 40 chips fabricated in TSMCs 0.35μm technology, we also assess the effectiveness of a side channel-based statistical analysis method in detecting this hardware Trojan.

Cycle-accurate information assurance by proof-carrying based signal sensitivity tracing

We propose a new information assurance model which can dynamically track the information flow in circuit designs and hence protect sensitive data from malicious leakage. Relying on the Coq proof assistant platform, the new model maps register transfer level (RTL) codes written in hardware description languages (HDLs) into structural Coq representatives by assigning all input, output, and internal signal sensitivity levels. The signal sensitivity levels can be dynamically adjusted after each clock cycle based on proposed signal sensitivity transition rules. The development of data secrecy properties and theorem generation functions makes the translation process from security properties to Coq theorems independent of target circuits and, for the first time, makes it possible to construct a property library, facilitating (semi) automation of the proof. The proposed cycle accurate information assurance scheme is successfully demonstrated on cryptographic circuits with various complexities from a small-scale DES encryption core to a state-of-the-art AES encryption design prohibiting the leakage of sensitive information caused by hardware Trojans inserted in RTL codes.