4.5 Hardware Trojans and Split Manufcturing

Printer-friendly version PDF version

Date: Tuesday, March 26, 2019
Time: 17:00 - 18:30
Location / Room: Room 5

Chair:
Nele Mentens, KU leuven, BE, Contact Nele Mentens

Co-Chair:
Giorgio Di Natale, LIRMM, FR, Contact Giorgio Di Natale

This session elaborates on Hardware Trojans, which are an emerging threat to the security of hardware-software systems. Furthermore, it discusses split manufacturing as a technique to strengthen the security of semiconductor supply chains.

TimeLabelPresentation Title
Authors
17:004.5.1EVALUATING ASSERTION SET COMPLETENESS TO EXPOSE HARDWARE TROJANS AND VERIFICATION BLINDSPOTS
Speaker:
Nicole Fern, University of California Santa Barbara, US
Authors:
Nicole Fern1 and Tim Cheng2
1University of California Santa Barbara, US; 2HKUST, HK
Abstract
Assertion-based verification has been adopted by industry as an efficient specification mechanism. Handwritten assertions encode design intent in a parsable format and have been traditionally used to verify an implementation conforms to the properties outlined by the assertions. Our work makes the observation that design behavior not covered by the assertion set is equally revealing and can be leveraged to identify malicious behavior (hardware Trojans) as well as verification blindspots. The difficulty in examining this unspecified and unverified behavior is differentiating between benign functionality that is truly don't care and that which leaks information or violates design intent. Prior work exploring assertion set completeness suffers from this inability to distinguish benign unspecified functionality from actual verification holes, while existing Trojan detection techniques can differentiate these categories, but require unspecified functionality already be characterized. Our technique uses the assertion set and simulation trace data available in most industry design flows to characterize unspecified functionality then separates Trojans and verification blindspots from benign behavior using existing Trojan detection methods. Using our technique, we uncover missing functionality in a first-in first-out (FIFO) queue implementation and demonstrate detection of information leakage Trojans. We also illustrate Trojan detection for a system containing several components connected by an AXI4-Lite bus by analyzing the completeness of the AXI4-Lite assertion set provided by ARM.
17:304.5.2HARDWARE TROJAN IN EMERGING NON-VOLATILE MEMORIES
Speaker:
Swaroop Ghosh, The Pennsylvania State University, US
Authors:
Mohammad Nasim Imtiaz Khan, Karthikeyan Nagarajan and Swaroop Ghosh, Pennsylvania State University, US
Abstract
Malicious modification of circuit (i.e., Hardware Trojans) during design and/or fabrication process is a serious security concern due to the globalization of semiconductor production process. Since memory occupies more than 60% Silicon area, the chances of hidden Trojans could be high. Trojan's objectives would be to evade structural and functional testing, activate under certain condition and leak sensitive information or cause read/write failure. Very limited literature exists on memory Trojans although such attacks are highly likely. Emerging Non-Volatile Memories (NVMs) possess unique characteristics that make them a top target for deploying Hardware Trojan. In this paper, we investigate such knobs that can be targeted by the Trojans to cause read/write failure. For example, NVM read operation depends on reference resistance and clamp voltage which the adversary can play with. Adversary can also use ground bounce generated in NVM write operation to hamper another parallel read/write operation. We have designed a Trojan that can be activated and deactivated by writing a specific data pattern to a particular address. Once activated, the Trojan can couple two predetermined addresses and data written to one address (victim's address space) will get copied to another address (adversary's address space). This will leak sensitive information e.g., keys. Adversary can also create read/write failure to predetermined locations (fault injection). Simulation results indicate that the Trojan can be activated by writing a specific data pattern to a specific address for 1956 times. Once activated, the attack duration can be as low as 52.4s and as high as 1.1ms (with reset-enable trigger). We also show that the proposed Trojan can scale down the clamp voltage to 200mV from optimum value which is sufficient to inject specific data-polarity read error. We also propose techniques to change reference resistance and inject noise in the ground/power rail to cause read/write failure.
18:004.5.3EFFICIENT TEST GENERATION FOR TROJAN DETECTION USING SIDE CHANNEL ANALYSIS
Speaker:
Prabhat Mishra, University of Florida, US
Authors:
Yangdi Lyu and Prabhat Mishra, University of Florida, US
Abstract
Detection of hardware Trojans is vital to ensure the security and trustworthiness of System-on-Chip (SoC) designs. Side-channel analysis is effective for Trojan detection by analyzing various side-channel signatures such as power, current and delay. In this paper, we propose an efficient test generation technique to facilitate side-channel analysis utilizing dynamic current. While early work on current-aware test generation has proposed several promising ideas, there are two major challenges in applying it on large designs: (i) the test generation time grows exponentially with the design complexity, and (ii) it is infeasible to detect Trojans since the side-channel sensitivity is marginal compared to the noise and process variations. Our proposed work addresses both challenges by effectively exploiting the affinity between the inputs and rare (suspicious) nodes. We formalize the test generation problem as a searching problem and solve the optimization using genetic algorithm. The basic idea is to quickly find the profitable test patterns that can maximize switching in the suspicious regions while minimize switching in the rest of the circuit. Our experimental results demonstrate that we can drastically improve both the side-channel sensitivity (30x on average) and time complexity (4.6x on average) compared to the state-of-the-art test generation techniques.
18:154.5.4A NEW PARADIGM IN SPLIT MANUFACTURING: LOCK THE FEOL, UNLOCK AT THE BEOL
Speaker:
Abhrajit Sengupta, New York University, US
Authors:
Abhrajit Sengupta1, Mohammed Nabeel2, Johann Knetchel3 and Ozgur Sinanoglu4
1New York University, US; 2New York University Abu Dhabi, IN; 3New York University Abu Dhabi, DE; 4New York University Abu Dhabi, AE
Abstract
Split manufacturing was introduced as an effective countermeasure against hardware-level threats such as IP piracy, overbuilding, and insertion of hardware Trojans. Nevertheless, the security promise of split manufacturing has been challenged by various attacks, which exploit the well-known working principles of physical design tools to infer the missing BEOL interconnects. In this work, we advocate a new paradigm to enhance the security for split manufacturing. Based on Kerckhoff's principle, we protect the FEOL layout in a formal and secure manner, by embedding keys. These keys are purposefully implemented and routed through the BEOL in such a way that they become indecipherable to the state-of-the-art FEOL-centric attacks. We provide our secure physical design flow to the community. We also define the security of split manufacturing formally and provide the associated proofs. At the same time, our technique is competitive with current schemes in terms of layout overhead, especially for practical, large-scale designs (ITC'99 benchmarks).
18:30IP2-6, 191DETECTION OF HARDWARE TROJANS IN SYSTEMC HLS DESIGNS VIA COVERAGE-GUIDED FUZZING
Speaker:
Niklas Bruns, Cyber-Physical Systems, DFKI GmbH, DE
Authors:
Hoang M. Le1, Daniel Grosse2, Niklas Bruns1 and Rolf Drechsler2
1University of Bremen, DE; 2University of Bremen/DFKI GmbH, DE
Abstract
High-level Synthesis (HLS) is being increasingly adopted as a mean to raise design productivity. HLS designs, which can be automatically translated into RTL, are typically written in SystemC at a more abstract level. Hardware Trojan attacks and countermeasures, while well-known and well-researched for RTL and below, have been only recently considered for HLS. The paper makes a contribution to this emerging research area by proposing a novel detection approach for Hardware Trojans in SystemC HLS designs. The proposed approach is based on coverage-guided fuzzing, a new promising idea from software (security) testing research. The efficiency of the approach in identifying stealthy behavior is demonstrated on a set of open-source benchmarks.
18:30End of session
Exhibition Reception in Exhibition Area

The Exhibition Reception will take place on Tuesday in the exhibition area, where free drinks for all conference delegates and exhibition visitors will be offered. All exhibitors are welcome to also provide drinks and snacks for the attendees.