网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (2): 35-42.doi: 10.11959/j.issn.2096-109x.2021025

• 专题:集成电路硬件安全 • 上一篇    

基于可满足性无关项的硬件木马设计与检测

武玲娟1,2, 朱嘉诚1, 唐时博1, 谭静1, 胡伟1   

  1. 1 西北工业大学网络空间安全学院,陕西 西安710072
    2 华中农业大学信息学院,湖北 武汉430070
  • 修回日期:2020-12-24 出版日期:2021-04-01 发布日期:2021-04-01
  • 作者简介:武玲娟(1984- ),女,河北邢台人,博士,西北工业大学研究员,主要研究方向为硬件安全与形式化安全验证。
    朱嘉诚(1996- ),男,江苏常州人,西北工业大学硕士生,主要研究方向为硬件安全。
    唐时博(1994- ),男,陕西西安人,西北工业大学博士生,主要研究方向为硬件安全。
    谭静(1997- ),女,安徽合肥人,西北工业大学硕士生,主要研究方向为硬件安全。
    胡伟(1982- ),男,湖北孝感人,博士,西北工业大学副教授,主要研究方向为硬件安全、形式化安全验证与密码学。
  • 基金资助:
    国家自然科学基金(62074131);湖北省自然科学基金(2020CFB190)

Design and detection of hardware Trojan based on satisfiability don't cares

Lingjuan WU1,2, Jiacheng ZHU1, Shibo TANG1, Jing TAN1, Wei HU1   

  1. 1 School of Cyber Security, Northwestern Polytechnical University, Xi’an 710072, China
    2 College of Informatics, Huazhong Agricultural University, Wuhan 430070, China
  • Revised:2020-12-24 Online:2021-04-01 Published:2021-04-01
  • Supported by:
    The National Natural Science Foundation of China(62074131);The Natural Science Foundation of Hubei Province(2020CFB190)

摘要:

硬件木马是集成电路中隐含的恶意设计修改,被激活后可用于发起高效的底层攻击。由此,展示了一种新的利用可满足性无关项的轻量级高隐蔽性硬件木马安全威胁。该木马设计方法将轻量级木马设计隐藏于电路正常工作条件下无法覆盖到的可满足性无关项中,使插入木马后的电路设计与原始设计完全功能等价。攻击者只需利用简单的故障注入攻击手段即可激活木马。基于1024位RSA密码核的实验结果显示,所给出的木马设计能够逃避逻辑综合优化,通过故障注入攻击能够有效恢复RSA密码核的私钥。在此基础上,提出了一种能够有效检测该高隐蔽性木马设计的防御手段。

关键词: 硬件安全, 硬件木马, 可满足性无关项, 故障注入, 木马检测

Abstract:

Hardware Trojans are intended malicious design modifications to integrated circuits, which can be used to launch powerful low-level attacks after being activated.A new security threat of lightweight stealthy hardware Trojans leveraging discrete satisfiability don't care signals was demonstrated.These don't care could not be satisfied under normal operation and thus the circuit design with Trojan is functionally equivalent to the Trojan-free baseline.The attacker could activate the Trojan through simple yet effective fault injection.Experimental results on a 1024-bit RSA cryptographic core show that the proposed hardware Trojan can escape from logic synthesis optimization, and that the RSA private key can be retrieved by simply over-clocking the design.A defense technique that can effectively detect such stealthy Trojan design was provided.

Key words: hardware security, hardware Trojan, satisfiability don't care, fault injection, Trojan detection

中图分类号: 

No Suggested Reading articles found!