ABSTRACT
With the exponential increase in the popularity of the RISC-V ecosystem, the security of this platform must be re-evaluated especially for mission-critical and IoT devices. Besides, the insertion of a Hardware Trojan (HT) into a chip after the in-house mask design is outsourced to a chip manufacturer abroad for fabrication is a significant source of concern. Though abundant HT detection methods have been investigated based on side-channel analysis, physical measurements, and functional testing to overcome this problem, there exists stealthy HTs that can hide from detection. This is due to the small overhead of such HTs compared to the whole circuit.
In this work, we propose several novel HTs that can be placed into a RISC-V core's post-layout in an untrusted manufacturing environment. Next, we propose a non-invasive analytical method based on contactless optical probing to detect any stealthy HTs. Finally, we propose an open-source library of HTs that can be used to be placed into a processor unit in the post-layout phase. All the designs in this work are done using a commercial 28nm technology.
- Mainak Banga and Michael S. Hsiao. 2010. Trusted RTL: Trojan detection methodology in pre-silicon designs. In 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). 56--59. Google ScholarCross Ref
- Alex Baumgarten, Michael Steffen, Matthew Clausman, and Joseph Zambreno. 2011. A case study in hardware Trojan design and implementation. International Journal of Information Security 10, 1 (2011), 1--14.Google ScholarDigital Library
- Georg T Becker, Francesco Regazzoni, Christof Paar, and Wayne P Burleson. 2014. Stealthy dopant-level hardware trojans: extended version. Journal of Cryptographic Engineering 4, 1 (2014), 19--31.Google ScholarCross Ref
- Shivam Bhasin, Jean-Luc Danger, Sylvain Guilley, Xuan Thuy Ngo, and Laurent Sauvage. 2013. Hardware Trojan horses in cryptographic IP cores. In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE, 15--29.Google ScholarDigital Library
- Zhiqiang Cai, Aohui Wang, Wenkai Zhang, M Gruffke, and H Schweppe. 2019. 0-days & mitigations: roadways to exploit and secure connected BMW cars. Black Hat USA 2019 (2019), 39.Google Scholar
- Samaneh Ghandali, Georg T Becker, Daniel Holcomb, and Christof Paar. 2016. A design methodology for stealthy parametric trojans and its application to bug attacks. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, 625--647.Google ScholarCross Ref
- Mehran Goli and Rolf Drechsler. 2021. Early Validation of SoCs Security Architecture Against Timing Flows Using SystemC-based VPs. In 2021 IEEE/ACM International Conference On Computer Aided Design (ICCAD). 1--8. Google ScholarDigital Library
- Alexander Hepp and Georg Sigl. 2021. Tapeout of a RISC-V crypto chip with hardware trojans: a case-study on trojan design and pre-silicon detectability. In Proceedings of the 18th ACM International Conference on Computing Frontiers. 213--220.Google ScholarDigital Library
- Yier Jin and Yiorgos Makris. 2013. A proof-carrying based framework for trusted microprocessor IP. In 2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). IEEE, 824--829.Google ScholarCross Ref
- Jing-Yang Jou and Chien-Nan Jimmy Liu. 1999. Coverage analysis techniques for HDL design validation. Proc. Asia Pacific CHip Design Languages (1999), 48--55.Google Scholar
- Ulrike Kindereit. 2009. Investigation of laser-beam modulations induced by the operation of electronic devices. Doctoral Thesis. Technische Universität Berlin, Fakultät IV - Elektrotechnik und Informatik.Google Scholar
- Thilo Krachenfels, Jean-Pierre Seifert, and Shahin Tajik. 2021. Trojan awakener: Detecting dormant malicious hardware using laser logic state imaging. In Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security. 17--27.Google ScholarDigital Library
- Raghavan Kumar, Philipp Jovanovic, Wayne Burleson, and Ilia Polian. 2014. Parametric Trojans for Fault-Injection Attacks on Cryptographic Hardware. In 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography. 18--28. Google ScholarDigital Library
- Lang Lin, Markus Kasper, Tim Güneysu, Christof Paar, and Wayne Burleson. 2009. Trojan side-channels: Lightweight hardware trojans through side-channel engineering. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 382--395.Google ScholarDigital Library
- Chen Liu, Jeyavijayan Rajendran, Chengmo Yang, and Ramesh Karri. 2013. Shielding heterogeneous MPSoCs from untrustworthy 3PIPs through security-driven task scheduling. In 2013 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS). 101--106. Google ScholarCross Ref
- Eric Love, Yier Jin, and Yiorgos Makris. 2011. Proof-carrying hardware intellectual property: A pathway to trusted module acquisition. IEEE Transactions on Information Forensics and Security 7, 1 (2011), 25--40.Google ScholarDigital Library
- Tao Lu. 2021. A Survey on RISC-V Security: Hardware and Architecture. Google ScholarCross Ref
- Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015, S 91 (2015).Google Scholar
- Baohua Niu, Grace Mei Ee Khoo, Yuan-Chuan Steven Chen, Fernando Chapman, Dan Bockelman, and Tom Tong. 2014. Laser Logic State Imaging (LLSI). In ISTFA 2014. ASM International, 65--72.Google Scholar
- Sajjad Parvin and et al. 2022. Toward Optical Probing Resistant Circuits: A Comparison of Logic Styles and Circuit Design Techniques. In ASP-DAC.Google Scholar
- Tiago Perez and Samuel Pagliarini. 2021. Hardware Trojan Insertion in Finalized Layouts: a Silicon Demonstration. arXiv preprint arXiv:2112.02972 (2021).Google Scholar
- Rachel Selina Rajarathnam, Yibo Lin, Yier Jin, and David Z Pan. 2020. ReGDS: a reverse engineering framework from gdsii to gate-level netlist. In 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). IEEE, 154--163.Google ScholarCross Ref
- Jeyavijayan JV Rajendran, Ozgur Sinanoglu, and Ramesh Karri. 2016. Building trustworthy systems using untrusted components: A high-level synthesis approach. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 24, 9 (2016), 2946--2959.Google ScholarDigital Library
- Venkat Krishnan Ravikumar, Gabriel Lim, Jiann Min Chin, Kin Leong Pey, and Joel KW Yang. 2018. Understanding spatial resolution of laser voltage imaging. Microelectronics Reliability 88 (2018), 255--261.Google ScholarCross Ref
- Hassan Salmani, Mohammad Tehranipoor, and Ramesh Karri. 2013. On design vulnerability analysis and trust benchmarks development. In 2013 IEEE 31st international conference on computer design (ICCD). IEEE, 471--474.Google ScholarCross Ref
- Bicky Shakya, Tony He, Hassan Salmani, Domenic Forte, Swarup Bhunia, and Mark Tehranipoor. 2017. Benchmarking of hardware trojans and maliciously affected circuits. Journal of Hardware and Systems Security 1, 1 (2017), 85--102.Google ScholarCross Ref
- Yuriy Shiyanovskii, F Wolff, Aravind Rajendran, C Papachristou, D Weyer, and W Clay. 2010. Process reliability based trojans through NBTI and HCI effects. In 2010 NASA/ESA Conference on Adaptive Hardware and Systems. IEEE, 215--222.Google ScholarCross Ref
- Andrew Stern, Dhwani Mehta, Shahin Tajik, Farimah Farahmandi, and Mark Tehranipoor. 2020. SPARTA: A laser probing approach for trojan detection. In 2020 IEEE International Test Conference (ITC). IEEE, 1--10.Google ScholarCross Ref
- Takeshi Sugawara, Daisuke Suzuki, Ryoichi Fujii, Shigeaki Tawa, Ryohei Hori, Mitsuru Shiozaki, and Takeshi Fujino. 2014. Reversing stealthy dopant-level circuits. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 112--126.Google ScholarDigital Library
- Pawel Swierczynski, Marc Fyrbiak, Philipp Koppe, Amir Moradi, and Christof Paar. 2017. Interdiction in practice---Hardware Trojan against a high-security USB flash drive. Journal of Cryptographic Engineering 7, 3 (2017), 199--211.Google ScholarCross Ref
- Shahin Tajik, Heiko Lohrke, Jean-Pierre Seifert, and Christian Boit. 2017. On the power of optical contactless probing: Attacking bitstream encryption of FPGAs. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 1661--1674.Google ScholarDigital Library
- Nandeesha Veeranna and Benjamin Carrion Schafer. 2016. Hardware Trojan detection in behavioral intellectual properties (IP's) using property checking techniques. IEEE Transactions on Emerging Topics in Computing 5, 4 (2016), 576--585.Google ScholarCross Ref
- Xinmu Wang, Seetharam Narasimhan, Aswin Krishna, Tatini Mal-Sarkar, and Swarup Bhunia. 2011. Sequential hardware trojan: Side-channel aware design and placement. In 2011 IEEE 29th International Conference on Computer Design (ICCD). IEEE, 297--300.Google ScholarDigital Library
- Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, and Dennis Sylvester. 2016. A2: Analog malicious hardware. In 2016 IEEE symposium on security and privacy (SP). IEEE, 18--37.Google ScholarCross Ref
- Xuehui Zhang and Mohammad Tehranipoor. 2011. Case study: Detecting hardware Trojans in third-party digital IP cores. In 2011 IEEE International Symposium on Hardware-Oriented Security and Trust. IEEE, 67--70.Google ScholarCross Ref
Index Terms
- Trojan-D2: Post-Layout Design and Detection of Stealthy Hardware Trojans - A RISC-V Case Study
Recommendations
Trojan Awakener: Detecting Dormant Malicious Hardware Using Laser Logic State Imaging
ASHES '21: Proceedings of the 5th Workshop on Attacks and Solutions in Hardware SecurityThe threat of hardware Trojans (HTs) and their detection is a widely studied field. While the effort for inserting a Trojan into an application-specific integrated circuit (ASIC) can be considered relatively high, especially when trusting the chip ...
Red team vs. blue team hardware trojan analysis: detection of a hardware trojan on an actual ASIC
HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and PrivacyWe infiltrate the ASIC development chain by inserting a small denial-of-service (DoS) hardware Trojan at the fabrication design phase into an existing VLSI circuit, thereby simulating an adversary at a semiconductor foundry. Both the genuine and the ...
Security against hardware Trojan through a novel application of design obfuscation
ICCAD '09: Proceedings of the 2009 International Conference on Computer-Aided DesignMalicious hardware Trojan circuitry inserted in safety-critical applications is a major threat to national security. In this work, we propose a novel application of a key-based obfuscation technique to achieve security against hardware Trojans. The ...
Comments