final ts doc (2)

7/24/2019 final ts doc (2)

1/19

Hardware Trojan: Threats and Emerging Solutions

CHAPTER I

1.1 INTRODUCTION

Hardware security to ensure Trust in ICs has emerged as an important researchtopic in recent years. Economic reasons dictate that most of the modern ICs are

manufactured in off-shore fabrication facilities . Moreover, modern IC design often

involves intellectual property I!" cores supplied by third-party vendors,

outsourced design and test services as well as electronic design automation E#$"

software tools supplied by different vendors. %uch a business model has, to a large

e&tent, relin'uished the control that IC design houses had over the design and

manufacture of ICs ma(ing them vulnerable to different security attac(s.

)ig. * illustrates the level of trust at different steps of a typical IC life-cycle .

)ig. *. +ulnerable steps of a modern IC life cycle

SSJ ENGINEERING COLLEGE Page

7/24/2019 final ts doc (2)

2/19


Each party associated with the design and manufacture of an IC can be a potential

adversary who inserts malicious modications, referred as Hardware Troans .

Concern about this vulnerability of ICs and the resultant compromise of securityhas been e&pressed globally , especially since several une&plained military mishaps

are attributed to the presence of malicious hardware Troans . Ideally, any

undesired modication made to an IC should be detectable by pre-silicon

vericationsimulation and post- silicon testing. However, pre-silicon verication

or simulation re'uires a golden model of the entire IC. This might not be always

available, especially for I! based designs where I!s can come from third-party

vendors. /esides, a large multi-module design is usually not amenable to

e&haustive verication . !ost-silicon, the design can be veried either through

destructive depac(aging and reverse engineering of the IC , or by comparing its

functionality or circuit characteristics with a golden version of the IC . However,

e&isting state-of-the-art approaches do not allow destructive verication of ICs to

be scalable . Moreover, as pointed out in , it is possible for the adversary to insert

Troans in only some ICs on a wafer, not the entire population, which limits the

usefulness of a destructive approach. Traditional post-manufacturing logic testing

is not suitable for detecting hardware Troans. This is due to the stealthy nature of

hardware Troans and inordinately vast spectrum of possible Troan instances an

adversary can employ. Typically, the adversary would design a Troan that triggers

a malfunction only under rare circuit conditions in order to evade detection. #ue to

the nite si0e of the testset, the rare condition for activation of the Troan might not

be reali0ed during the testing period, especially if the Troan acts as a se'uential

state machine or 1time-bomb2 . 3n the other hand, the techni'ues for detecting

Troans by comparison of the 1side- channel parameters2 such as power trace or

delay are limited by the large process variation effect in nanoscale IC technologies,

reduced detection sensitivity for ultra-small Troans and measurement noise . In the

ne&t section, we give classication, models and e&amples of different HardwareTroans. 4e then present a survey of the emerging techni'ues of Troan detection.

)inally, we discuss the maor challenges in the eld of Troan detection and

describe future research directions.

SSJ ENGINEERING COLLEGE Page !

7/24/2019 final ts doc (2)

3/19


CHAPTER II.

2.1 TROJAN TAXONOMY AND EXAMPLES#ifferent methods of classifying hardware Troans based on various characteristics

have been proposed. In 5678, the authors propose a simple classication of Troans

9 combinational whose activation depends on the occurrence of a particular

condition at certain internal nodes of the circuit" and se'uential whose activation

depends on the occurrence of a specic se'uence of rare logic values at internal

nodes". In 5:8, the authors classify Troans based on three attributes; physical,

activation and action. %ome classications e.g. 57, 6

7/24/2019 final ts doc (2)

4/19


)ig. 6. Troan ta&onomy based on trigger and payload mechanisms

The trigger mechanisms can be of two types; digital and analog. #igitally triggered

Troans can again be classied into combinational and se'uential types. )ig. =a"

shows an e&ample of a combinationally triggered Troan where the occurrence of

the condition $>?, />? at the trigger nodes $ and / causes a payload node C to

have an incorrect value at Cmodified.

.

)ig ;=a" Combinationally triggered Troan

SSJ ENGINEERING COLLEGE Page #

7/24/2019 final ts doc (2)

5/19


Typically, an adversary would choose an e&tremely rare activation condition so that

it is very unli(ely for the Troan to trigger during conventional manufacturing test.

%e'uentially triggered Troans the so-called time bombs", on the other hand, are

activated by the occurrence of a se'uence, or a period of continuous operation. The

simplest se'uential Troans are synchronous stand-alone counters, which trigger a

malfunction on reaching a particular count.

)ig;=b" %ynchronous counter 1time-bomb2" Troan

)ig. =b" shows a synchronous (-bit counter which activates when the count

reaches 6(@*, by modifying the node EA to an incorrect value at node EA. $n

asynchronous version is shown in )ig. =c", where the count is increased not by the

cloc(, but by a rising transition at the output of an $B# gate with inputs p and '.

)ig;=c" $synchronous counter Troan

SSJ ENGINEERING COLLEGE Page $

7/24/2019 final ts doc (2)

6/19


The trigger mechanism can also be hybrid, where the counts of both a

synchronous and an asynchronous counter simultaneously determine the Troan

trigger condition, as shown in )ig. =d".

)ig;=d" Hybrid counter Troan

Bote that more comple& state machines of different types and si0es can be used to

generate the trigger condition based on a se'uence of rare events. In general, it is

more challenging to detect se'uential Troans using conventional test generation

and application, because it re'uires satisfying a se'uence of rare conditions at

internal circuit nodes to activate them. The number of such se'uential trigger

conditions for arbitrary Troan instances can be unmanageably large for a

deterministic logic testing approach.

The trigger-mechanism can also be analog in nature, where on-chip sensors are

used to trigger a malfunction.

SSJ ENGINEERING COLLEGE Page %

7/24/2019 final ts doc (2)

7/19


)ig;=e" $nalog Troan triggered based on logic value

)ig. =e" shows an e&ample of an analog trigger mechanism where the inserted

capacitance is charged through the resistor if the condition '* >*, '6 >* is

satised, and discharged otherwise, causing the logic threshold to be crossed after a

large number of cycles.

)ig;=f" $nalog Troan triggered based on circuit activity

$ different analog Troan trigger mechanism see )ig. =f"" was proposed in 58,

where higher circuit activity and the resultant rise of temperature was used to

trigger the malfunction, through a pair of ring oscillators and a counter. Troans can

also be classied based on their payload mechanisms into two main classes -

digital and analog. #igital Troans can either affect the logic values at chosen

internal payload nodes, or can modify the contents of memory locations. $nalog

payload Troans, on the other hand, affect circuit parameters such as performance,

power and noise margin.

SSJ ENGINEERING COLLEGE Page &

7/24/2019 final ts doc (2)

8/19


)ig.

7/24/2019 final ts doc (2)

9/19


)ig. . Troan detection techni'ues.

Bote that there is no single 1silver bullet2 techni'ue available yet that can be

applied to detect all classes of Troans. Maority of e&isting techni'ues address

Troan detection in manufactured ICs and assume the availability of gate-level

golden netlist. +ery few investigations have addressed Troan detection at higher

level design descriptions e.g. register transfer level I!. In 5=:8, a structural

chec(ing approach is suggested to verify integrity of third party I!, but the

techni'ue is not easily scalable to large designs 5F8. The Troan detection

approaches can be classied under two main types; destructive and non-

destructive. The destructive techni'ues 5=F-=78 use a sample of the manufactured

ICs which are subect to de-metalli0ation using Chemical Mechanical !olishing

SSJ ENGINEERING COLLEGE Page (

7/24/2019 final ts doc (2)

10/19


CM!" followed by %canning Electron Microscope %EM" image re-construction

and analysis 5=8. However, such approaches are e&tremely e&pensive and time-

consuming destructive analysis of a single chip ta(ing several months" and do not

scale well with increase in transistor integration density. Moreover, the results of

analy0ing a sample cannot be e&trapolated to the entire manufactured lot 5=8. %ince

an adversary might affect only a small population of the manufactured ICs,

destructive reverse engineering approaches cannot be effective for trust validation

in ICs. The proposed non-destructive approaches can again be classied under two

main heads; non-invasive and invasive. The non- invasive techni'ues leave the

original design unaltered while the invasive techni'ues modify the design to embed

features targeted towards Troan detection.

=.6 $". Invasive Troan #etection Techni'ues;

The invasive Troan detection techni'ues can again be classied under two

different headings - those which are directed towards preventing the insertion of

Troans during design or fabrication of an IC, and those which facilitate detection

of inserted Troans using post-manufacturing test. In 5:8, it was noted that Troan

insertion depends on the availability of free dead space within an IC layout, since

the total area of the die cannot be altered by the adversary. However, if the

adversary is capable of e&tracting the gate- level netlist from the layout, through

logic optimi0ation and better place and route techni'ues, it might be possible tofree- up space to accommodate the Troan. $ design techni'ue and associated

design automation Gow are proposed in 5*68 to prevent effective insertion of

Troans. Here, the original design is obfuscated through e&pansion of the reachable

state space to ma(e it difcult for an adversary to reverse-engineer the

functionality of the circuit and to nd the true rare events. Troans inserted into a

design without considering its true functional behavior become either invalid i.e.

not triggered in normal mode of operation" or easily detectable. The approach

results in 6

7/24/2019 final ts doc (2)

11/19


specic se'uence of inputs activates an embedded )%M in the module which ta(es

it to a special mode called the transparent mode see )ig. Fa"".

)ig;Fa" 3n-demand Transparency %cheme

In this mode, the controllability and observability of probable Troan trigger and

payload nodes is enhanced and a compacted signature is presented at the primary

outputs, which indicates the presence or absence of a Troan. In 5*8, a design

techni'ue termed +IT$MIB based on the inversion of the supply voltage of

alternate logic levels in an IC is proposed. The logic behavior of a gate operating

with inverted supply voltage is inverted during test mode. $s a result, the activity

of a rarely activated Troan circuit is enhanced and it can be detected by comparing

the power proles of different ICs. In 5*F8, the authors propose a low-overhead 1at-

speed2 delay characteri0ation techni'ue which is capable of detecting

modications to the circuit, both at run-time and at test-time. The path delaycharacteri0ation is based on the insertion of 1shadow latches2 see )ig. Fb"" in the

design to capture and compare with the data latched by registers in the original

circuit paths.

SSJ ENGINEERING COLLEGE Page

7/24/2019 final ts doc (2)

12/19


)ig;Fb" %hadow-latch /ased #elay Characteri0ation Techni'ue

The test-time measurements are compared to the design-time proections and any

substantial statistical difference indicates malicious design alteration. In 568, this

method was shown to be capable of detecting Troans in an :: array multiplier

circuit under J6? process variations. $ dummy Gip-Gop insertion techni'ue to

increase the trigger probability of Troans was presented in 568, to aid in thedetection of Troans through side-channel techni'ues. It can also help in Troan

detection with logic testing by ma(ing the malicious effect of a Troan observable

at the primary output. $nother novel techni'ue proposed in 5*

7/24/2019 final ts doc (2)

13/19


plane". The paper describes several security mechanisms to be performed by the

control planeK however, it does not discuss the technical challenges and the design

overhead.

=.= /". Bon-invasive Troan #etection Techni'ues;

In the non-invasive Troan detection techni'ues, a Troan is detected by comparing

the behavior of the test IC with the golden IC instance or a golden functional

model. They can be further classied into two main types; run-time and test- time

techni'ues. The run-time techni'ues employ an online monitoring system that tries

to detect suspicious activity during in-eld operation, while the test-time

techni'ues are aimed at detecting Troan-infected chips before deployment. *"Aun-time, non-invasive Troan detection approaches; In 5F8, the authors propose

the addition of recongurable #e- sign for Enabling %ecurity #E)EB%E" logic in

a given %oC to enable real-time functionality monitoring. The chec(s can be

performed concurrently with the normal circuit operation and trigger appropriate

countermeasures when a deviation from normal functionality is detected. However,

the effectiveness and the hardware overhead associated with this scheme is not

mentioned in the wor(. In 5*78, the authors propose a novel %oC bus architecture

that can detect malicious bus behaviors associated with Troan hardware, protect

the system and system bus from them and report the malicious behaviors to the

system C!L, without loss of bus performance. The authors report an additional

gate-count of about :?? logic gates in a four million gate %oC, and negligible delay

overhead. In 5*:8 the authors propose a scheme whereby functionally e'uivalent

software instances are e&ecuted on multiple C!L cores, assisted by dynamic

distributed software scheduling. The sub-tas( outputs from different cores are

compared to dynamically evaluate their individual trust-levels, with the distributed

scheduler undergoing a trust learning procedure for multiple runs. The authors

show that the scheme is capable of successfully completing obs in a Troaninfested environment, with improvement in throughput over successive runs. $

combined hardware-software approach to perform run- time e&ecution monitoring

has been proposed in 5*, =8. Here, a simple veriable 1hardware guard2 module

e&ternal to the C!L is considered. The wor( targets primarily #o% and privilege

escalation attac(s, using periodic chec(s by the operating system 3%" which is

SSJ ENGINEERING COLLEGE Page "

7/24/2019 final ts doc (2)

14/19


enhanced with live chec( functionality. The authors report 6.6 average

performance overhead using %!ECint 6??F benchmar( programs, but do not report

the hardware design overhead. 6" Test-time, non-invasive Troan detection

approaches; There are two main classes of testing based approaches for Troan

detection; a" those based on logic testing, and b" those based on the measurement

of side-channel parameters such as power, delay, etc. The main advantage of the

test- time techni'ues over the run-time techni'ues is that the test- time techni'ues

incur no hardware overhead, while the main disadvantage is the re'uirement of a

1golden2 i.e. Troan-free" manufactured IC or functional model. Aun-time

methods typically involve considerable performance and power overhead,

however, they provide the last line of defense and are capable of providing *??

condence in computed results.

a) Logic teti!g"#ae$ a%%&oac'e; The main challenge in a logic testing based

approach is the enormously large Troan space, which ma(es the generation of an

e&haustive set of test vectors to detect all possible Troans computation- ally

infeasible. $s an e&ample, even with the constraint of ma&imum four trigger nodes

and a single payload node, a small I%C$%-: benchmar( circuit c::? with

7/24/2019 final ts doc (2)

15/19


)ig. 7. Dogic testing based techni'ue; Impact of B number of times a rare pointsatises its rare value" on the triggerTroan coverage and test length for an

I%C$%-: benchmar( circuit .The procedure achieves an : reduction in test

length compared to a weighted random pattern set, for similar Troan detection

coverage.

#) Si$e"c'a!!e( a!a(i"#ae$ a%%&oac'e; The side- channel analysis based

Troan detection approaches are based on observing the effect of an inserted Troan

on a physical parameter such as circuit current transient, power consumption or

path delay. The advantage of these approaches lies in the fact that even if the

Troan circuit does not cause observable malfunction in the circuit during test, the

presence of the e&tra circuitry can be reGected in some side-channel parameter.

However, the main challenges associated with side-channel analysis are large

process variation in modern nanometer technologies and measurement noise,

which can mas( the effect of the Troan circuit, especially for small Troans. In

5668, the authors introduced the concept of IC nger- printing, where each IC

instance is associated with a signature, called a 1ngerprint2 obtained by

measurement of one or more side-channel parameters. )rom the analysis of powertraces, used as the IC ngerprint in this wor(, the authors were able to identify

Troan instances with an e'uivalent area as small as ?.?* of the total si0e of the

circuit, in the presence of J7. random parameter variations. $nother approach

based on measurement of power-supply transient signal is described in 56=8, where

signals from multiple power ports for several IC instances are obtained by a

SSJ ENGINEERING COLLEGE Page $

7/24/2019 final ts doc (2)

16/19


calibration process and subected to statistical characteri0ation. The techni'ue was

capable of detecting around ? of activated Troans and =? of inactive Troans

in an I%C$%-: benchmar( circuit see )ig. :a"".

In 5678, the authors propose a test vector generation approach to ma&imi0e the

activity in individual partitions of a circuit, while minimi0ing the activity of other

partitions. %imulation results assuming a process variation of up to 7. were able

SSJ ENGINEERING COLLEGE Page %

7/24/2019 final ts doc (2)

17/19


to successfully detect most of the inserted Troans. In 56:8, a sustained vector

techni'ue for Troan detection is proposed, where each input test vector is repeated

multiple times to ensure the reduction of e&traneous toggles within the genuine

circuit. This techni'ue is shown to magnify the power prole difference between

the original and the infected circuit by up to thirty times compared to previous

approaches. !ath delays of output ports were used as the ngerprint in 56

7/24/2019 final ts doc (2)

18/19


two approaches have complementary scope in terms of Troan detection capa-

bility. Hence, approaches that combine the best of both worlds can be the most

promising in terms of generic Troan detection capability.

I*. CONCLUSION

SSJ ENGINEERING COLLEGE Page '

7/24/2019 final ts doc (2)

19/19


The issue of hardware Troans and effective countermeasures against them have

drawn considerable interest in recent times. Here presented a comprehensive study

of different Troan types and discussed emerging methods of detecting them.

Considering the varied nature and si0e of hardware Troans, it is li(ely that a

combination of techni'ues, both during design and test, would be re'uired to

provide acceptable level of security. #esign time approaches would span various

levels of design descriptions. 3n the other hand, post-silicon validation would

re'uire a combination of logic and side- channel test approaches to cover Troans

of different types and si0es under large parameter variations. Maor future

challenges in this area would include developing detection mechanisms for analog

Troans which can implement numerous types of activation and observation

conditionsK an integrated metric to 'uantify the level of trust that combines both

design and test time approachesK and an evaluation platform that analy0es a designto identify vulnerable regions and the impact of a design change on the level of

achievable trust.

+,t,&e -o&/

)uture wor( would focus on three maor areas related to hardware Troans; *"

e&ploring emerging attac(s, in particular, attac(s on circuits made with emerging

nanoscale devicesK 6" developing a unified trust metric for coverage estimation,

which can be e&tremely valuable in providing confidence level against arbitrary

attac(sK and =" novel protection approaches. )uture research on protection

approaches would include improving detection sensitivity for un(nown Troans

and eliminating the need of golden ICs, Troan-resilient design, and efficient online

detection approaches.

SSJ ENGINEERING COLLEGE Page (

final ts doc (2)

Documents