Hardware Trojans: current challenges and approaches

Nisha Jacob; Dominik Merli; Johann Heyszl; Georg Sigl

Hardware Trojans: current challenges and approaches

View Fulltext

Author(s): Nisha Jacob ¹ ; Dominik Merli ¹ ; Johann Heyszl ¹ ; Georg Sigl ¹
- Affiliations: 1: Hardware Security, Fraunhofer AISEC, Garching, Germany
Source: Volume 8, Issue 6, November 2014, p. 264 – 273
DOI: 10.1049/iet-cdt.2014.0039 , Print ISSN 1751-8601, Online ISSN 1751-861X

Received 04/03/2013, Accepted 06/08/2014, Revised 07/07/2014, Published 16/10/2014

More and more manufacturers outsource parts of the design and fabrication of integrated circuits (ICs) for cost reduction. Recent publications show that such outsourcing can pose serious threats to governments and corporations, as they lose control of the development process. Until now, the threat of hardware Trojans is mostly considered during fabrication. Third party intellectual properties (IPs) are also gaining importance as companies wish to reduce costs and shorten the time-to-market. Through this study, the authors argue that the threat of Trojans is spread throughout the whole IC development chain. They give a survey of both hardware Trojan insertion possibilities and detection techniques. Furthermore, they identify the key vulnerabilities at each stage of IC development and describe costs of hardware Trojan insertion and detection. This way, the threat level based on feasibility of Trojan insertion and the practicability of Trojan detection techniques is evaluated. Lately, detection techniques address the issue of including third party IP. However, those techniques are not sufficient and need more research to effectively protect the design. In this way, the authors’ analysis provides a solid base to identify the issues during IC development, which should be addressed with higher priority by all entities involved in the IC development.

References

1. 1)
  - 26. Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: ‘Stealthy dopant-level hardware Trojans’. CHES, 2013, (LNCS, 8086), pp. 197–214.
2. 2)
  - 37. Wang, X., Salmani, H., Tehranipoor, M., Plusquellic, J.: ‘Hardware Trojan detection and isolation using current integration and localized current analysis’. Proc. of the 2008 IEEE Int. Symp. on Defect and Fault Tolerance of VLSI Systems, DFT‘08, IEEE Computer Society, Washington, DC, USA, 2008, pp. 87–95.
3. 3)
  - 21. Lin, L., Kasper, M., Güneysu, T., Paar, C., Burleson, W.: ‘Trojan side-channels: lightweight hardware Trojans through side-channel engineering’. CHES, 2009, (LNCS, 5747), pp. 382–395.
4. 4)
  - 28. DARPA BAA06-40: ‘TRUST for integrated circuits’. Defense Advanced Research Projects Agency, 2006.
5. 5)
  - 4. Perlroth, N., Larson, J., Shane, S.: ‘NSA able to foil basic safeguards of privacy on web’ (New York, New York Times, 2013).
6. 6)
  - 5. Shiyanovskii, Y., Wolff, F.G., Rajendran, A., Papachristou, C.A., Weyer, D.J., Clay, W.: ‘Process reliability based Trojans through NBTI and HCI effects’, 2010 NASA/ESA Conference on Adaptive Hardware and System (AHS), June 15–18 2010, Anaheim, CA (USA), (IEEE, 2010), pp. 215–222.
7. 7)
  - 6. Skorobogatov, S., Woods, C.: ‘Breakthrough silicon scanning discovers backdoor in military chip'. Cryptographic hardware and embedded systems CHES 2012, Berlin Heidelberg, 2012 (LNCS, 7428), pp. 23–40.
8. 8)
  - 5. Shiyanovskii, Y., Wolff, F.G., Rajendran, A., Papachristou, C.A., Weyer, D.J., Clay, W.: ‘Process reliability based Trojans through NBTI and HCI effects’, 2010 NASA/ESA Conference on Adaptive Hardware and System (AHS), June 15–18 2010, Anaheim, CA (USA), (IEEE, 2010), pp. 215–222.
9. 9)
  - 10. Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: ‘Trojan detection using IC fingerprinting’. IEEE Symp. on Security and Privacy, IEEE Computer Society, 2007, pp. 296–310.
10. 10)
  - 14. Wang, X., Tehranipoor, M., Plusquellic, J.: ‘Detecting malicious inclusions in secure hardware: challenges and solutions’. Proc. of the 2008 IEEE Int. Workshop on Hardware-Oriented Security and Trust, HST'08, IEEE Computer Society, Washington, DC, USA, 2008, pp. 15–19.
11. 11)
  - 47. Narasimhan, S., Yueh, W., Wang, X., Mukhopadhyay, S., Bhunia, S.: ‘Improving IC security against Trojan attacks throughintegration of security monitors’, IEEE Des. Test Comput., 2012, 29, (5), pp. 37–46 (doi: 10.1109/MDT.2012.2210183).
12. 12)
  - 40. Alkabani, Y., Koushanfar, F.: ‘Consistency-based characterization for IC Trojan detection’. Proc. of the 2009 Int. Conf. on Computer-Aided Design, ICCAD ‘09, New York, NY, USA, 2009, pp. 123–127.
13. 13)
  - 23. Kutzner, S., Poschmann, A., Stöttinger, M.: ‘Hardware Trojan designand detection – a practical evaluation’. Eighth Workshop on Embedded Systems Security, 2013.
14. 14)
  - 30. Zhang, X., Tehranipoor, M.: ‘Case study: detecting hardware Trojans in third party digital IP cores’. HOST, 2011, pp. 67–70.
15. 15)
  - 20. King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: ‘Designing and implementing malicious hardware’. Networked Systems Design and Implementation, 2008.
16. 16)
  - 11. Tehranipoor, M., Koushanfar, F.: ‘A survey of hardware Trojan taxonomyand detection’, IEEE Des. Test Comput., 2010, 27, (1), pp. 10–25 (doi: 10.1109/MDT.2010.7).
17. 17)
  - 38. Rad, R.M., Wang, X., Tehranipoor, M., Plusquellic, J.: ‘Power supply signal calibration techniques for improving detection resolution to hardware Tatrojans’. ICCAD, 2008, pp. 632–639.
18. 18)
  - 32. Waksman, A., Suozzo, M., Sethumadhavan, S.: ‘FANCI: identification of stealthy malicious logic using boolean functional analysis’. ACM Conf. on Computer and Communications Security, 2013, pp. 697–708.
19. 19)
  - 8. D. S. B. T. Force: ‘Report of defense science board task force on high performance microchip supply’, 2005.
20. 20)
  - 29. Wolff, F., Papachristou, C., Bhunia, S., Chakraborty, R.S.: ‘Towards Trojan free trusted ICs: problem analysis and detection scheme’. Proc. of the Conf. on Design, Automation and Test in Europe, DATE ‘08, New York, NY, USA, 2008, pp. 1362–1365.
21. 21)
  - 48. Chakraborty, R.S., Bhunia, S.: ‘Security against hardware Trojan througha novel application of design obfuscation’. Proc. of the 2009 Int. Conf. on Computer-Aided Design, ICCAD'09, New York, NY, USA, 2009, pp. 113–116.
22. 22)
  - 27. Banga, M., Hsiao, M.S.: ‘Trusted RTL: Trojan detection methodology in presilicon designs’. HOST, 2010, pp. 56–59.
23. 23)
  - 46. Zhang, X., Tehranipoor, M.: ‘RON: an on-chip ring oscillator network for hardware Trojan detection’. DATE, IEEE, 2011, pp. 1638–1643.
24. 24)
  - 42. Li, J., Lach, J.: ‘At-speed delay characterization for ICauthentication and Trojan horse detection’. HOST, 2008, pp. 8–14.
25. 25)
  - 1. Appelbaum, J., Horchert, J., Stöcker, : ‘Shopping for spy gear: catalog advertises NSA toolbox’. Der Spiegel, 2013.
26. 26)
  - 4. Perlroth, N., Larson, J., Shane, S.: ‘NSA able to foil basic safeguards of privacy on web’ (New York, New York Times, 2013).
27. 27)
  - 33. Jha, S., Jha, S.K.: ‘Randomization based probabilistic approach to detect Trojan circuits’. Proc. of the 2008 11th IEEE High Assurance Systems Engineering Symp., HASE'08, IEEE Computer Society, Washington, DC, USA, 2008, pp. 117–124.
28. 28)
  - 26. Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: ‘Stealthy dopant-level hardware Trojans’. CHES, 2013, (LNCS, 8086), pp. 197–214.
29. 29)
  - 21. Lin, L., Kasper, M., Güneysu, T., Paar, C., Burleson, W.: ‘Trojan side-channels: lightweight hardware Trojans through side-channel engineering’. CHES, 2009, (LNCS, 5747), pp. 382–395.
30. 30)
  - 15. Ball, J., Borger, J., Greenwald, G.: ‘Revealed: how US and UK spy agencies defeat internet privacy and security challenges’. The Guardian, 2013.
31. 31)
  - 13. Tehranipoor, M., Salmani, H., Zhang, X., et al: ‘Trustworthy hardware: Trojan detection and design-for-trust challenges’, IEEE Comput., 2011, 44, (7), pp. 66–74 (doi: 10.1109/MC.2010.369).
32. 32)
  - 37. Wang, X., Salmani, H., Tehranipoor, M., Plusquellic, J.: ‘Hardware Trojan detectionand isolation using current integration and localized current analysis’. Proc. of the 2008 IEEE Int. Symp. on Defect and Fault Tolerance of VLSI Systems, DFT‘08, IEEE Computer Society, Washington, DC, USA, 2008, pp. 87–95.
33. 33)
  - 16. ARS Technica: ‘Stop using NSA-influenced code in our products, RSA tells customers’. Available at http://www.arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/, 2013.
34. 34)
  - 39. Potkonjak, M., Nahapetian, A., Nelson, M., Massey, T.: ‘Hardware Trojan horse detection using gate-level characterization’. DAC, 2009, pp. 688–693.
35. 35)
  - 25. Bhasin, S., Danger, J.-L., Guilley, S., Ngo, X.T., Sauvage, L.: ‘Hardware Trojan horses in cryptographic IP cores’, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, August 20 2013, Los Alamitos, CA (USA), (IEEE, 2013), pp. 15–29..
36. 36)
  - 9. Beaumont, M., Hopkins, B., Newby, T.: ‘Hardware Trojans prevention, detection, countermeasures (a literature review)’. Defence Science and Technology Organisation, Command, Control, Communication and Intelligence Division, 2011.
37. 37)
  - 22. Jin, Y., Makris, Y.: ‘Hardware Trojans in wireless cryptographic ICs’, IEEE Des. Test Comput., 2010, 27, (1), pp. 26–35 (doi: 10.1109/MDT.2010.21).
38. 38)
  - 41. Cha, B., Gupta, S.K.: ‘Trojan detection via delay measurements: a new approach to select paths and vectors to maximize effectiveness and minimize cost’, in Macii, E. (Ed.): ‘DATE’ (EDA Consortium/ACM DL, San Jose, CA, USA, 2013), pp. 1265–1270.
39. 39)
  - 24. Muehlberghuber, M., Gurkaynak, F.K., Korak, T., Dunst, P., Hutter, M.: ‘Red team vs. blue team hardware Trojan analysis: detection of a hardware Trojan on an actual ASIC’. Hardware and Architectural Support for Security and Privacy – HASP 2013, Second Workshop, Proc., Tel-Aviv, Israel, 23 June 2013, pp. 1–8.
40. 40)
  - 19. Chakraborty, R., Saha, I., Palchaudhuri, A., Naik, G.: ‘Hardware Trojaninsertion by direct modification of FPGA configuration bitstream’, IEEE Des. Test‘, 2013, 30, (2), pp. 45–54 (doi: 10.1109/MDT.2013.2247460).
41. 41)
  - 45. Salmani, H., Tehranipoor, M.: ‘Layout-aware switching activity localization to enhance hardware Trojandetection’, IEEE Trans. Inf. Forensics Sec., 2012, 7, (1), pp. 76–87 (doi: 10.1109/TIFS.2011.2164908).
42. 42)
  - 35. Banga, M., Chandrasekar, M., Fang, L., Hsiao, M.S.: ‘Guided test generation for isolation and detection of embedded Trojans in ICs’. Proc. of the 18th ACM Great Lakes Symp. on VLSI, GLSVLSI'08, New York, NY, USA, 2008, pp. 363–366.
43. 43)
  - 17. Schneier, B.: ‘Elliptic curve crypto primer’. Available at https://www.schneier.com/blog/archives/2013/11/elliptic_curve.html, 2013.
44. 44)
  - 34. Chakraborty, R.S., Paul, S., Bhunia, S.: ‘On-demand transparency for improving hardware Trojan detectability’. HOST, 2008, pp. 48–50.
45. 45)
  - 36. Banga, M., Hsiao, M.S.: ‘VITAMIN: voltage inversion technique to ascertain malicious insertions in ICs’. HOST, 2009, pp. 104–107.
46. 46)
  - 2. Ball, J., Schneier, B.: ‘Explaining the latest NSA revelations Q&A with internet privacy experts’. The Guardian, 2013.
47. 47)
  - 31. Potkonjak, M.: ‘Synthesis of trustable ICs using untrusted CAD tools’. DAC, 2010, pp. 633–634.
48. 48)
  - 12. Europe Smart Card Industry Association: ‘Security IC Platform Protection Profile with Augmentation Packages’, 2014.
49. 49)
  - 3. Gellman, B., Nakashima, E.: ‘U.S. spy agencies mounted 231 offensive cyber-operations in 2011’, documents show, 2013.
50. 50)
  - 7. Adee, S.: ‘The hunt for the kill switch’, IEEE Spectr., 2008, 45, (5), pp. 34–39 (doi: 10.1109/MSPEC.2008.4505310).
51. 51)
  - 43. Li, M., Davoodi, A., Tehranipoor, M.: ‘A sensor-assisted self-authentication framework for hardware Trojandetection’. Proc. of the Conf. on Design, Automation and Test in Europe, DATE'12, EDA Consortium, San Jose, CA, USA, 2012, pp. 1331–1336.
52. 52)
  - 44. Salmani, H., Tehranipoor, M., Plusquellic, J.: ‘New design strategy for improving hardware Trojan detection and reducing Trojan activation time’. Proc. of the 2009 IEEE Int. Workshop on Hardware-Oriented Security and Trust, HST'09, IEEE Computer Society, Washington, DC, USA, 2009, pp. 66–73.
53. 53)
  - 18. Jin, Y., Makris, Y.: ‘Hardware Trojan detection using path delay fingerprint’. IEEE Int. Workshop on Hardware-Oriented Security and Trust, HOST 2008, Proc., Anaheim, CA, USA, 9 June 2008, pp. 51–57.
54. 54)
  - 28. DARPA BAA06-40: ‘TRUST for integrated circuits’. Defense Advanced Research Projects Agency, 2006.

Login

Not registered yet?

Share

Tools

Login to add to favourites

Key

Hardware Trojans: current challenges and approaches

References

Related content