presentation_DRDO

HARDWARE TROJAN : Threats and
Countermeasures
Animesh Basak Chowdhury
A joint collaboration between ISI and CAIR, DRDO
Research Supervisor : Prof. (Dr.) Bhargab B. Bhattacharya
Advanced Computing and Microelectronics Unit
Indian Statistical Institute, Kolkata, INDIA
June 07, 2016
Animesh Basak Chowdhury (ISI Kolkata) HT Detection June 07, 2016 1 / 31

Outline
1 HARDWARE TROJAN IN NEWS
2 INTRODUCTION
3 MOTIVATION
4 RELATED WORK
5 LOGIC TESTING BASED TROJAN DETECTION
6 SATBiST : An in-house developed TEST Framework for TROJAN
DETECTION
7 RESULTS
8 CONCLUSION AND FUTURE DIRECTIONS
9 REFERENCES

Hardware Trojan in News

Introduction : Hardware Trojan (HT)
Modern semiconductor industry trends :
Outsourcing the fabrication facility
Using 3rd Party IPs as an intermediate to design an SoC.
These trends have given rise to many threats.
Adversary can tamper the design at RTL Level or Gate Level Netlist
in the IPs.
A malicious circuitry can be introduced in the design by addition of
small number of gates.
Malicious tampering of design at hardware level is called
HARDWARE TROJAN.

Introduction : Hardware Trojan (HT)
Why HARDWARE TROJAN are inserted in the Design :
Modify functionality.
Gain unauthorized access to the system.
Leak out sensitive information.
Launch denial-of-service attack.
Vunerable phases of IC development Cycle [Wolﬀ10]

Motivation : WHY to Detect Hardware Trojan
Why HARDWARE TROJAN is an important area of research ?
Secured Hardware is must for areas like Military, Health and Nuclear
reactor centers.
Why HARDWARE TROJAN is a Threat?
Hard-to-detect by conventional test patterns and functional
veriﬁcation.
System may be hacked from outside world, gaining unauthorised
control over system.
Hardware Trojan activation is a RARE event. Continuous monitoring
at runtime, is a large overhead.

Trojan Detection And Countermeasures
Source : HARDWARE TROJAN - Lessons Learned After One Decade
of Research, ACM TODAES 2016, K. Xiao, D. Forte, R. Karri, S. Bhunia,
M. Tehranipoor

Trojan Detection : Pre-Silicon Stage
Pre-Silicon Verification and Validation
Use functional and formal Verification Techniques.
Assertion Based Verification flow have proven to be ineffective,
especially when the trojan triggering acts as time-bomb.[Beamont11]
Most of the ASICs, are relatively very large and complex. Formal
Tools suffer from scalability issues, inability to produce a
counter-example upto a certain level doesn’t guarantee the
design to be Trojan Free. [Beamont11]

Trojan Detection : Post-Silicon Stage
Side Channel Analysis
Use Current [Dak07], Path Delay [Jin08], Power Signatures [Rad10]
for comparision.
Requirement of Trusted IC for reference.
Unable to detect trojans, if additional 10-12 gates are introduced to
insert trojan.
False positive result on comparision of Golden IC with IC Under Test,
when smaller trojans are inserted.

Trojan Detection : Post-Silicon Stage
Design-for-TRUST and Logic Testing Based Techniques
Lesser explored area.
MERO Test Patterns : Significant contribution in reporting trojans of
smaller sizes using Statistical Approach. [RSubhra09]
DFTT : Design for Trojan Test , a framework defined to make
insertion of Trojan extremely difficult at design level and
Manufacturing level. [Jin10]
ODETTE: A non-scan design-for-test methodology for Trojan
detection in ICs. Effective for uncovering Trojans in Sequential
Circuits. [Banga11]

Logic Testing Based Trojan Detection : Trojan Modelling
Trojans are extremely stealthy in nature. They remain undetected
unless they are triggered.

Trojan activation is a rare event.

A trojan consists of two parts : TRIGGER and PAYLOAD

TRIGGER is the functionailty which activates the Trojan.

PAYLOAD is the node whose logic value is corrupted by activation of
Trigger.

PAYLOAD is the node whose logic value is corrupted by activation of
Trigger.
An attacker’s viewpoint would be ﬁnding suitable
TRIGGER-PAYLOAD combination which are hard-to-detect and
moderately triggerable.

Trojan Insertion can be done at various levels. We are particularly
interested in inserting Trojans at Gate Level Netlist.

Consider a node, in a gate level netlist, where occurrence of logic
value 0 or 1, is very RARE.

Now, if we AND these nodes, with their RARE logic values, the
simultaneous occurrence would be much more RARE.

We call each such node along with its RARE logic value, an
Activation Node.

We call each such node along with its RARE logic value, an
Activation Node.
An attacker can make a TRIGGER instance, by selecting any
number of Activation Nodes.

Logic Testing Based Trojan Detection : Problem
Statement
Number of Activation Nodes Q, depends on Attacker’s Choice.
Figure showing Sequential and Combinational Trojan Circuits

Statement
Till now, it has been ﬁgured out with existing techniques, that for
values of Q ≥ 8, the trojans can be detected by side-channel
analysis.

Statement
Till now, it has been ﬁgured out with existing techniques, that for
values of Q ≥ 8, the trojans can be detected by side-channel
analysis.
So, our primary target is to detect all possible Trojan instances, with
Q ≤ 8.

MERO Test Pattern : A statistical approach For HT
Detection
Chakraborty, R.S. proposed a testing framework MERO, which is an
ATPG designed for detecting Trojan in a given netlist, minimizing the
number of test patterns.[RSubhra09]

Detection
MERO utilizes the concept of N-detect ATPG scheme. The
framework generates test patterns which can activate the Activation
Node to its RARE valued logic at least N times.

Detection
The underlying assumption is, increasing the value of N, would also
increase the testset length, which increases the possibility of
simultaneous occurrence of rare logic at the Trigger instances, thereby
triggering the trojan.

Detection
The underlying assumption is, increasing the value of N, would also
increase the testset length, which increases the possibility of
simultaneous occurrence of rare logic at the Trigger instances, thereby
triggering the trojan.
Though the framework is a huge achievement over ATPG patterns
and Random test patterns in Trojan Detection, still the technique
suﬀers from scalability bottleneck and larger testset compared to
sample size.

SATBiST : An in-house developed scalable TEST
generation framework using ATPG Binning and SAT Solver
for HT Detection
Motivated by the drawback of scalability and providing a certain level
of reliability to a system, against small Trojans, we decided to develop
a framework with focus on scalability and covering all possible
Trigger instances

for HT Detection
Trigger instances
The next motivation was to make use of already existing Optimization
Techniques available, and make the framework easily integrable with
existing tools.

for HT Detection
Trigger instances
The next motivation was to make use of already existing Optimization
Techniques available, and make the framework easily integrable with
existing tools.
We primarily focussed on this area, as integrating this technique with
multiple parameter side channel analysis would be able to detect
Trojans, almost with any Q value.

SATBiST : Scalable ATPG Binning and SAT Based
Approach For HT Detection
Points Considered while designing the Framework
We have taken value of Rareness threshold θ, to be 0.1.
The trigger instances consist of 3 Activation Nodes, i.e. Q=3.
The trigger instances directly corrupt a primary output(PO) or a
set of POs.
We use the tools like ATALANTA ATPG tool [ATALANTA], HOPE
fault Simulator [HOPE], Transition Probability Calculator(TPC)
[Salmani12] from trust-hub.org and zchaﬀ SAT Solver [zChaﬀ].

SATBiST : Framework Layout

SATBiST : Framework Layout
SATBiST Test Generation Framework

Experimental Results
Table showing SATBiST test patterns, with Q=3, θ=0.1, Bin Size B =
2000, UE denotes Under Experimentation, Results yet to come.

Experimental Results
Table showing a comparative analysis of MERO patterns and SATBiST
patterns. Note that, SATBiST patterns provide cent percent Trigger
coverage. For Sequential Benchmarks, we restricted our results to 1million
instances and θ to 0.01, in order to comply with number of rare occuring
nodes in combinational ones.

Conclusion and Further Experimentations
Conclusion
SATBiST test patterns have shown promising results in terms of
scalability, test length, and CPU time.
SATBiST test patterns have been able to provide controlibility of all
trigger instances.
SATBiST framework can be easily integrable to already existing
ATPG tool.

Conclusion and Further Experimentations
Further Experimentations
In SATBiST pattern, we have primarily considered coverage of all
possible trigger instances and the trojan instances in which
payload is Primary Output (PO) or a set of POs.
A Bi-Partite Matching problem between uncompressed SATBiST
test patterns and stuck-at ATPG patterns, to cover maximum
possible trigger-payload combination in a given circuit.

References
Chakraborty, Rajat Subhra, et al. [RSubhra09]
”MERO: A statistical approach for hardware Trojan detection.” Cryptographic
Hardware and Embedded Systems-CHES 2009. Springer Berlin Heidelberg, 2009.
396-410.
Salmani, Hassan, Mohammad Tehranipoor, and Jim Plusquellic [Salmani12]
”A novel technique for improving hardware trojan detection and reducing trojan
activation time.” Very Large Scale Integration (VLSI) Systems, IEEE Transactions
on 20.1 (2012): 112-125.
Wolﬀ, Francis, Chris Papachristou, Swarup Bhunia, and Rajat S. Chakraborty.
[Wolﬀ08]
”Towards Trojan-free trusted ICs: Problem analysis and detection scheme.”
Proceedings of the conference on Design, automation and test in Europe. ACM,
2008.
Tehranipoor, Mohammad, and Farinaz Koushanfar [Teh101]
”A survey of hardware Trojan taxonomy and detection.” (2010).

References
Tehranipoor, Mohammad, et al. [Teh102]
”Trustworthy hardware: Trojan detection and design-for-trust challenges.”
Computer 7 (2010): 66-74.
Jin, Y. , Makris, Y. [Jin08]
”Hardware Trojan detection using path delay ﬁngerprint.” Hardware-Oriented
Security and Trust, 2008. HOST 2008. IEEE International Workshop on. IEEE,
2008.
Agrawal, Dakshi, et al. [Dak07]
”Trojan detection using IC ﬁngerprinting.” Security and Privacy, 2007. SP’07. IEEE
Symposium on. IEEE, 2007
Rad, Reza, Jim Plusquellic, and Mohammad Tehranipoor [Rad10]
A sensitivity analysis of power signal methods for detecting hardware Trojans under
real process and environmental conditions.” Very Large Scale Integration (VLSI)
Systems, IEEE Transactions on 18.12 (2010): 1735-1744.

References
Jin, Yier, Nathan Kupp, and Yiorgos Makris [Jin10]
”DFTT: Design for Trojan test.” Electronics, Circuits, and Systems (ICECS), 2010
17th IEEE International Conference on. IEEE, 2010.
Banga, Mainak, and Michael S. Hsiao [Banga11]
”ODETTE: A non-scan design-for-test methodology for trojan detection in ics.”
Hardware-Oriented Security and Trust (HOST), 2011 IEEE International
Symposium on. IEEE, 2011.
Lee, Hyung Ki, and Dong Sam Ha [HOPE]
”HOPE: An eﬃcient parallel fault simulator for synchronous sequential circuits.”
Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on
15.9 (1996): 1048-1058.
Ha, D. S. [ATALANTA]
ATALANTA: An ATPG Tool.” Bradley Department of Electrical Engineering,
Virginia Polytechnic and State University, Blacksburg, VA (1994).

References
Eggersgl, Stephan, and Rolf Drechsler [Rolf]
High Quality Test Pattern Generation and Boolean Satisfiability. Springer Science
Business Media, 2012.
Moskewicz, M. W., Madigan, C. F., Zhao, Y., Zhang, L., Malik, S. [zChaff]
”CHAFF: Engineering an efficient SAT solver.” Proceedings of the 38th annual
Design Automation Conference. ACM, 2001.
Beamont, Mark et al. [Beamont11]
”Hardware Trojan : Threat, Prevention and Countermeasures, A Literature survey.”
Unclassified Report, Australian Government, Department of Defence. 2011

Thank You

presentation_DRDO

More Related Content

What's hot

Viewers also liked

Similar to presentation_DRDO

presentation_DRDO