This is a seminar on hardware trojan that i have given during my M.tech. It follows the latest classification of hardware trojans used in research community. 3 latest hardware trojan detection technique and 2 insertion techniques are presented in slides.
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Hardware Trojans
1. Classification and Detection of Hardware Trojans
Rahul Krishnamurthy(2011VLSI06)
ABV-Indian Institute of Information Technology and Management Gwalior,
Morena Link Road, Gwalior, Madhya Pradesh, INDIA - 474010.
December 17, 2012
2. Contents
Contents
1. Introduction
2. Classification of Hardware Trojans
3. Detection Techniques for Hardware Trojans
Detection Using Power Analysis
Detection by Delay Fingerprint technique
Detection using Ring Oscillator Frequency Mechanism
4. Insertion of Hardware Trojans
Insertion Technique Bypassing Delay Fingerprint Technique
Insertion Technique Bypassing Ring Oscillator Frequency
Mechanism
5. Conclusion
3. Introduction
Introduction
A Hardware Trojan is a malicious and deliberately stealthy
modification made to an electronic device such as an IC.
It can change the chips functionality and thereby undermine
trust in the systems using that chip.
Figure : A simple Hardware trojan
4. Hypothesis
Hypothesis
In the classification of Hardware trojan it has been assumed
the attacker has the access to all the stages of the IC design.
Attacker has the access to the floorplans, layout, netlist and
RTL code.
6. Classification
Insertion Phase
Insertion Phase
At the following phases the malicious alteration can take place.
Specification phase– For example, a Trojan at the
specification phase might change the hardwares timing
requirements.
Design phase–Designer can use third-party IP blocks and
standard cells. A standard cell library can be infested with
Trojans.
7. Classification
Insertion Phase contd..
Insertion Phase contd..
Fabrication Phase–Subtle mask changes can have serious
effects. In an extreme case, an adversary can substitute a
different mask set.
Testing phase–An adversary can change the test vectors to
avoid detection of trojan.
8. Classification
Insertion Phase contd..
Insertion Phase contd..
Assembly phase–Developers assemble the tested chip and
other hardware components on a printed circuit board (PCB).
An unshielded wire can be used for information leakage and
fault injection.
9. Classification
Abstraction Phase
Abstraction phase
The phase at which the alteration occurs.
System level–Trojans might be triggered by the target
hardware modules-for example, interchanging the ASCII values
of the keyboard inputs.
Development environment–An attacker can use CAD tools
and scripts to insert Trojans. Software Trojans inserted into
these CAD tools can mask the effects of the hardware Trojans.
For example, a synthesis tool might not reveal a circuits
Trojan components to the user.
10. Classification
Abstraction Phase contd..
Abstraction phase contd..
Register-transfer level–At the RTL, chip developers describe
each functional module in terms of registers, signals, and
Boolean functions.
For example, a Trojan implemented at this level might halve
the rounds of a cryptographic algorithm by making a round
counter to advance in two steps instead of one.
11. Classification
Abstraction Phase contd..
Abstraction phase contd..
Gate level–A Trojan might be a simple comparator consisting
of XOR gates that monitor the chips internal signals.
Transistor level– A transistor-level Trojan might be a
transistor with low gate width that can cause more delay in
the critical path.
12. Classification
Abstraction Phase contd..
Abstraction phase contd..
Physical level This level describes all circuit components and
their dimensions and locations,
Changing the width of the clock grids metal wires in the chip
can cause clock skew.
13. Classification
Activation Mechanism
Activation Mechanism
Always-on– This class covers Trojans that are implemented
by modifying the geometries of the chip such that certain
nodes or paths in the chip have a higher susceptibility to
failure.
Internally triggered–An event that occurs within the target
device activates an internally triggered Trojan.
Figure : Internally Triggered
15. Classification
Effects
Effects
The effects of Trojans on target hardware or systems can
range from subtle disturbances to catastrophic system failures.
A trojan can cause an error detection module to accept inputs
that should be rejected.
A Trojan can downgrade performance by intentionally
changing device parameters, such as power and delay.
A Trojan might leak a cryptographic algorithms secret key
through unused RS-232 ports.
Denial-of-service Trojans prevent operation of a function or
resource. For example causing the processor to ignore the
interrupt from a specific peripheral.
16. Detection Techniques
Detection using Power Analysis
Detection using Power Analysis
The not gate based ring oscillator is used to monitor power.
Power supply noise (also known as voltage drop) impacts the
delay of gates.
1
f =
2 × n × td
Figure : Ring Oscilator
17. Detection Techniques
Detection using Power Analysis
Detection using Power Analysis
When the voltage drops, the delay of the gates increases.
Change in delay impacts the oscillation frequency.
For Trojan-inserted ICs, the switching gates in the Trojan
would cause small voltage drop on the VDD line and ground
bounce on VSS line.
Thus, with the same input patterns, the power supply noise
affecting the Trojan-free IC and Trojan-inserted IC will differ.
18. Detection Techniques
Detection using Power Analysis
Accuracy of single Ring Oscillator
Process variations can impact the threshold voltage, channel
length, and oxide thickness in circuit gates which, in turn,
impacts power supply noise distribution in an IC.
These effects may be localized. A single ring oscillator can not
distinguish between Trojans and process variations.
A ring oscillator placed in one corner of an IC, may not be
able to capture noise effects which occur due to a Trojan
placed in another corner of the IC.
20. Detection Techniques
Detection using Power Analysis
A Network of Ring Oscillators
One RO is inserted into each grid surrounded by power straps.
One multiplexer is used to select a ring oscillator in the
network to be enabled during the authentication.
Another multiplexer chooses the same ring oscillator to be
recorded.
21. Detection Techniques
Detection using Path delay fingerprint
Detection using Path delay fingerprint
The procedure includes three steps
Path delay gathering of nominal chips–Path delay information
of sample chips are collected. These chips are then checked
whether they are genuine or not using reverse engineering.
Fingerprint generation – According to path delays a series of
fingerprints are generated.
Trojan Detection – All other chips are then operated under
same input patterns. Their delay information is then
compared to delay fingerprints.
22. Detection Techniques
Detection using Path delay fingerprint
Hardware trojan with explicit Payload
When the Trojan is triggered, the payload part will alter the
value of internal signal.
Figure : Explicit Payload
This type of Trojan will insert extra delay in some paths
passing those signals.
23. Detection Techniques
Detection using Path delay fingerprint
Hardware trojan with implicit Payload
The implicit payload Trojan does not compromise internal
signals but only takes these signals as stimulus of the trigger.
The implicit payload may emit radio signals to leak secret
information or may destroy the whole chip.
Compared to the extra delay inserted by explicit payload
Trojan, the added delay here can be smaller and harder to
detect.
Figure : Implicit Payload
24. Detection Techniques
Detection using Path delay fingerprint
Disadvantages
It is not effective at detecting small Trojans or implicit
Trojans (whose payloads do not connect to the circuit) since
the contributions of small Trojans and implicit Trojans to the
path delay will be masked by process variations.
There are millions of paths in a circuit, it is impossible to
obtain 100% test coverage using this technique.
Trojans inserted into uncovered paths will not be detected by
this technique.
25. Detection using Ring oscillator frequency
Detection using Ring oscillator frequency
An attacker can insert malicious gates in non-critical path,
such that it does not violate the critical path constraint.
Path can be reconfigured into ring oscillators, such that the
additional delays caused by trojans can still be measured as
changes in ring oscillator’s frequencies.
26. Detection using Ring oscillator frequency
Detection using Ring oscillator frequency
Detection using Ring oscillator frequency
Figure : C17 embedded with ring oscillators
To ensure the detection of an inserted trojan, all the gates
must be covered by ring oscillators.
27. Hardware Trojan Insertion
Bypassing Delay fingerprint technique
The following trojans were inserted in [ZTT11]
Trojan
T1
T2
T3
T4
T5
T6
Class
DRULP
DRULP
DRULP
DRUPP
DRUPP
DRTPP
Trigger
din(1 downto 0)
din=4’hf
din=4’h8
Reset=1’b0
din( 1 downto 0)=2’b01
timing sequence
Payload
SP leaked by 7 segement display
Secret key leaked by 7 segement display
Secret leaked by LD7 in serial
1-stage ring oscillator
3-stage ring osillator
clock buffer chain
Out of the six trojans, T1,T2,T3 are explicit payload trojans.
28. Hardware Trojan Insertion
Bypassing Delay fingerprint technique
T1 is triggered when the last two bits of the input din are
2‘b01.
The payload is that the secret plain text (SP) will be leaked
over the 7-segment display.
If din has a low switching probability, then T1, T2, and T3
will be undetected on the silicon.
29. Hardware Trojan Insertion
Bypassing Delay fingerprint technique
Trojans T4, T5, and T6 have implicit payloads.
Trojan-inserted ICs will age faster than Trojan-free ICs, or will
create hot-spots that can damage circuit components.
Random functional test vectors could not detect these Trojans
because they do not change the circuits original functionality.
The trigger of T6 is a timing sequence → 8’h03, 8’h1c, 8’h23,
1
8’h6c, 8’ha3, 8’hfc. The probability of activating T6 is 48
2
30. Hardware Trojan Insertion
Bypassing Delay fingerprint technique
Once T6 is activated, a buffer chain with a clock frequency
input will be enabled and increase the temperature of the chip
quickly.
This Trojan, with an implicit payload, has a negligible effect
on the path delay. The path delay trojan detection method is
not effective for this type of Trojan.
31. Hardware Trojan Insertion
Bypassing the Ring oscillator detection technique
The loops in the circuit are identified.
If the loops consist an odd number of inverters, then test
vectors will be generated to enable each ring oscillator.
Test Pattern–A0,B0,C0,TE0,P1=1011
32. Hardware Trojan Insertion
Bypassing the Ring oscillator detection technique
After generating the test patterns, two methods were
employed in [ZTT11] to evade the detection:Modelling the Ring oscillator frequency(Hard code attack).
Redesigning the floorplan.
33. Hardware Trojan Insertion
Hard Code attack
The test vectors provide different frequency values for trojan
inserted and trojan free IC’s.
Figure : RTL code
These test vectors are translated into a logic function in the
RTL code.
34. Hardware Trojan Insertion
Hard Code attack contd..
The counter value for each ring oscillator in a Trojan-inserted
circuit will always be the same as in the Trojan-free circuit
With the look-up table, any kind of Trojan could be inserted
into the design without being detected.
35. Hardware Trojan Insertion
Redesigning floorplan
Ring oscillators frequency is sensitive to both process
variations and the location of its components.
Figure : Trojan insertion flow
36. Hardware Trojan Insertion
Hardware Trojan Insertion
Redesigning floorplan
If the ring oscillator’s frequency in the Trojan–inserted design
is larger than its frequency in the Trojan–free design, then the
components of that ring oscillator will be placed further away
from each other.
This increases loop delay and decreases oscillator frequency.
37. Conclusion
Conclusion
The insertion of hardware trojans is not limited to just the
fabrication stage. The trojans can be inserted at any stage of
IC design cycle.
The delay fingerprint is ineffective to detect implicit payload
trojans.
The design can be made resilient to hard code attack by
observing the counter values at different voltage levels.
The embedded ring oscillator network for power analysis has a
large area overhead.
38. References
References
Y. Jin, N. Kupp, and Y. Makris, Experiences in hardware
trojan design and implementation, Hardware-Oriented Security
and Trust, 2009. HOST ’09. IEEE International Workshop on,
july 2009, pp. 50 –57.
Yier Jin and Y. Makris, Hardware trojan detection using path
delay fingerprint, Hardware-Oriented Security and Trust, 2008.
HOST 2008. IEEE International Workshop on, june 2008,
pp. 51 –57.
R. Karri, J. Rajendran, K. Rosenfeld, and M. Tehranipoor,
Trustworthy hardware: Identifying and classifying hardware
trojans, Computer 43 (2010), no. 10, 39 –46.
J. Rajendran, V. Jyothi, O. Sinanoglu, and R. Karri, Design
and analysis of ring oscillator based design-for-trust technique,
39. References
VLSI Test Symposium (VTS), 2011 IEEE 29th, may 2011,
pp. 105 –110.
J.A. Roy, F. Koushanfar, and I.L. Markov, Extended abstract:
Circuit cad tools as a security threat, Hardware-Oriented
Security and Trust, 2008. HOST 2008. IEEE International
Workshop on, june 2008, pp. 65 –66.
M. Tehranipoor, H. Salmani, Xuehui Zhang, Xiaoxiao Wang,
R. Karri, J. Rajendran, and K. Rosenfeld, Trustworthy
hardware: Trojan detection and design-for-trust challenges,
Computer 44 (2011), no. 7, 66 –74.
Xuehui Zhang and M. Tehranipoor, Ron: An on-chip ring
oscillator network for hardware trojan detection, Design,
Automation Test in Europe Conference Exhibition (DATE),
2011, march 2011, pp. 1 –6.
40. References
Xuehui Zhang, N. Tuzzio, and M. Tehranipoor, Red team:
Design of intelligent hardware trojans with known defense
schemes, Computer Design (ICCD), 2011 IEEE 29th
International Conference on, oct. 2011, pp. 309 –312.