硬件木马防护技术研究

doi:10.11959/j.issn.2096-109x.2017.00197

摘要/Abstract

摘要：

对硬件木马防护技术进行了深入研究，提出一种新的硬件木马防护分类方法，系统全面地介绍了近年来主流的预防与检测技术，并通过分析比对，给出各方法的特点和存在的问题。最后，提出新的防护技术设计思路，对未来研究方向和趋势进行了展望，并给出了基于木马库的硬件木马检测技术设计思路。

关键词: 硬件木马, 预防技术, 检测技术, 侧信道分析

Abstract:

The definition and features of hardware Trojan were described firstly.After that,recent researches of defense and detection techniques were categorized with complete comparison and analysis.Then,current researches limitations were discussed based on the concepts and the trends perspectives of hardware Trojan defense and detection were proposed.

Key words: hardware Trojan, defense technology, detection technology, side-channel analysis

中图分类号:

TP402

王侃,陈浩,管旭光,顾勇. 硬件木马防护技术研究[J]. 网络与信息安全学报, 2017, 3(9): 1-12.

Kan WANG,Hao CHEN,Xu-guang GUAN,Yong GU. Research on hardware Trojan defense[J]. Chinese Journal of Network and Information Security, 2017, 3(9): 1-12.

图/表 9

图1

图2

图3

图4

图5

图6

图7

表1

图8

参考文献 75

[18]	DAS A , MEMIK G , ZAMBRENO J ,et al. Detecting preventing information leakage on the memory bus due to malicious hardware[C]// The Conference on Design,Automation and Test in Europe (DATE). 2010: 861-866.
[19]	BLOOM G , NARAHARI B , SIMHA R ,et al. FPGA SoC architecture and runtime to prevent hardware Trojans from leaking secrets[C]// IEEE International Workshop on Hardware-Oriented Security and Trust(HOST). 2015: 48-51.
[20]	SANNO B . Detecting hardware Trojans[EB/OL]. .
[21]	BHASIN S , DANGER J , GUILLEY S ,et al. Hardware Trojan horses in cryptographic IP cores[C]// Fault Diagnosis and Tolerance in Cryptography. 2013: 15-29.
[22]	ZHOU B , ADATO R . Detecting hardware Trojans using backside optical imaging of embedded watermarks[C]// ACM/IEEE Design Automation Conference (DAC). 2015.
[23]	BAO C , FORTE D , SRIVASTAVA A . On application of one-class SVM to reverse engineering-based hardware Trojan detection[C]// The International Symposium on Quality Electronic Design (ISQED). 2014: 47-54.
[1]	BHASIN S , REGAZZONI F . A survey on hardware Trojan detection techniques[C]// IEEE international Symposium on Circuits ＆Systems(ISCAS). 2015.
[2]	TEHRANIPOOR M , KOUSHANFAR F . A survey of hardware Trojan taxonomy and detection[J]. Journal of IEEE Design＆ Test of Computers, 2010,27(1): 10-25.
[24]	BAO C , XIE Y , SRIVASTAVA A . A security-aware design scheme for better hardware Trojan detection sensitivity[C]// IEEE International Symposium on Hardware Oriented Security and Trust(HOST). 2015: 52-55.
[25]	TORRANCE R , JAMES D . The state-of-the-art in semiconductor reverse engineering[C]// The 48th ACM/IEEE Design Automation Conference (DAC). 2011: 333-338.
[3]	牛小鹏, 李清宝, 王炜 ,等. 硬件木马技术研究综述[J]. 信息工程大学学报, 2012,(6): 740-748.
	NIU X P , LI Q B , WANG W ,et al. Survey on the hardware Trojan technologies[J]. Journal of Information Engineering University, 2012,(6): 740-748.
[26]	COURBON F , LOUBET-MOUNDI P , FOURNIER J J A ,et al. A high efficiency hardware Trojan detection technique based on fast SEM imaging[C]// Design,Automation ＆ Test in Europe Conference ＆ Exhibition. 2015: 788-793.
[27]	MOEIN S , SUBRAMNIAN J , GULLIVER T A ,et al. Classification of hardware Trojan detection techniques[C]// The 10th International Conference on Computer Engineering ＆ Systems. 2016: 357-362.
[4]	LI H , LIU Q , ZHANG J . A survey of hardware Trojan threat and defense[J]. Integration the VLSI Journal, 2016,55: 426-437.
[5]	XUAN T N , BHASIN S , DANGER J L ,et al. Linear complementary dual code improvement to strengthen encoded circuit against hardware Trojan horses[C]// IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 2015: 82-87.
[6]	RAJENDRAN J , GAVAS E , JIMENEZ J . Towards a comprehensive and systematic classification of hardware Trojans[C]// IEEE international Symposium on Circuits and Systems (ISCAS). 2010: 1871-1874.
[7]	KARRI R , RAJENDRAN J , ROSENFELD K . Trustworthy hardware:identifying and classifying hardware Trojans[J]. Journal of Computer, 2010,43(10): 39-46.
[8]	CHAKRABORTY R , PAUL S , BHUNIA S . On-demand transparency for improving hardware Trojan detectability[C]// The 2008 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST). 2008: 48-50.
[9]	XIAO K , FORTE D , TEHRANIPOOR M . A novel built-in self-authentication technique to prevent inserting hardware Trojans[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2014,33(12): 1778-1791.
[10]	LI M , DAVOODI A , TEHRANIPOOR M . A sensor-assisted self-authentication framework for hardware Trojan detection[C]// Design,Automation ＆ Test in Europe Conference ＆ Exhibition. 2012: 1331-1336.
[11]	SALMANI H , TEHRANIPOOR M , PLUSQUELLIC J . A noveltechnique for improving hardware trojan detection and reducing Trojan activation time[C]// The 2009 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST’2009),IEEE Computer Society. 2009: 112-125.
[28]	ZHANG X , TEHRANIPOOR M . Case study:detecting hardware Trojans in third-party digital IP cores[C]// IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). 2011: 67-70.
[29]	JHA S , JHA S K . Randomization based probabilistic approach to detect Trojan circuits[C]// IEEE High Assurance Systems Engineering Symposium,IEEE Computer Society. 2008: 117-124.
[12]	ZHOU B,ZHANG W , THAMBIPILLAI S , TEO J . A low cost acceleration method for hardware Trojan detection based on fan-out cone analysis[C]// The International Conference on Hardware/Software Co-design and System Synthesis (CODES+ISSS). 2014: 1-10.
[13]	JIN Y , KUPP N . DFTT:design for Trojan test[C]// 2010 IEEE International Conference on Electronics Circuits and Systems (ICECS’2010). 2010: 1166-1171.
[30]	SALMANI H , TEHRANIPOOR M , PLUSQUELLIC J . A novel technique for improving hardware Trojan detection and reducing trojan activation time[J]. IEEE Transactions on Very Large Scale Integration Systems, 2012,20(1): 112-125.
[31]	AGRAWAL D , BAKTIR S , KARAKOYUNLU D ,et al. Trojan detection using IC fingerprinting[C]// The 2007 IEEE Symposium on Security and Privacy( SP’07). 2007: 296-310.
[14]	BANGA M , MICHAEL S . ODTETTE:a non-scan design-for-test methodology for Trojan detection in ICs[C]// The 2011 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST’2011),IEEE Computer Society. 2011: 18-23.
[15]	CHAKRABORTY R , BHUNIA S . HARPOON:an obfuscation-based SoC design methodology for hardware protection[J]. IEEE Transactions on CAD of Integrated Circuits and Systems, 2009,28(10): 1493-1502.
[32]	BANGA M , HSIAO M S . A novel sustained vector technique for the detection of hardware Trojans[C]// The 2009 22nd International Conference on VLSI Design (VLSID’09). 2009: 327-332.
[33]	MARCHAND C , FRANCQ J . Low-level implementation and side-channel detection of stealthy hardware Trojans on field programmable gate arrays[J]. IET Computers Digital Technology, 2014,8(6): 246-255.
[34]	LIU Y , HUANG K , MAKRIS Y . Hardware Trojan detection through golden chip-free statistical side-channel fingerprinting[C]// ACM/ IEEE Design Automation Conference. 2014: 1-6.
[35]	刘长龙, 赵毅强, 史亚峰 ,等. 基于相关性分析的硬件木马检测方法[J]. 计算机工程, 2013,39(9): 183-195.
[16]	CHAKRABORTY R , BHUNIA S . Security through obscurity:an approach for protecting register transfer level hardware IP[C]// IEEE International Workshop on Hardware-Oriented Security and Trust(HOST). 2009.
[17]	CHAKRABORTY R , BHUNIA S . Security against hardware Trojan through a novel application of design obfuscation[C]// ICCAD. 2009: 113-116.
[35]	LIU C L , ZHAO Y Q , SI Y F ,et al. Hardware Trojan detection method based on correlation analysis[J]. Computer Engineering, 2013,39(9): 183-195.
[36]	张鹏, 王新成, 周庆 . 基于投影寻踪分析的芯片硬件木马检测[J]. 通信学报, 2013,34(4): 126-137.
	ZOU C , ZHANG P , DENG G M ,et al. Design of hardware Trojan based on power side-channel exposure[J]. Computer Engineering, 2011,37(11): 135-137.
[37]	薛明富, 胡爱群, 刘威 ,等. 基于子空间域特征提取的硬件木马检测方法[J]. 东南大学学报(自然科学版), 2014,44(3): 457-461.
	XUE M , HU A , LIU W ,et al. Detecting hardware Trojan through feature extraction in subspace domain[J]. Journal of Southeast University(Natural Science Edition), 2014,44(3): 457-461.
[38]	WANG X , SALMANI H , TEHRANIPOOR M ,et al. Hardware Trojan detection and isolation using current integration and localized current analysis[C]// IEEE International Symposium on Defect and Fault Tolerance of VLSI Systems. 2008: 87-95.
[39]	RAD R , WANG X , TEHRANIPOOR M , PLUSQUELIC J . Power supply signal calibration techniques for improving detection resolution to hardware Trojans[C]// IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 2008: 632-639.
[40]	WEI S , POTKONJAK M . Scalable hardware Trojan diagnosis[J]. IEEE Transactions on Very Large Scale Integration Systems, 2012,20(6): 1049-1057.
[41]	WILCOX I , SAQIB F , PLUSQUELLIC J . GDS-II Trojan detection using multiple supply pad VDD and GND IDDQs in ASIC functional units[C]// IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 2015: 144-150.
[42]	SOLL O , KORAK T , MUEHLBERGHUBER M ,et al. EM-based detection of hardware Trojans on FPGAs[C]// IEEE International Symposium on Hardware-Oriented Security and Trust. 2014: 84-87.
[43]	BALASCH J , GIERLICHS B , VERBAUWHEDE I . Electromagnetic circuit fingerprints for hardware Trojan detection[C]// IEEE International Symposium on Electromagnetic Compatibility. 2015: 246-251.
[44]	李雄伟, 徐徐, 张阳 ,等. 一种基于电磁旁路分析的硬件木马检测方法[J]. 计算机工程与应用, 2013,49(12): 97-100.
	LI X , XU X , ZHANG Y ,et al. Hardware Trojan detection method based on electromagnetic side-channel analysis[J]. Computer Engineering and Applications, 2013,49(12): 97-100.
[45]	JIN Y , MAKRIS Y . Hardware Trojan detection using path delay fingerprint[C]// IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 2008: 51-57.
[46]	CHA B , GUPTA S . Trojan detection via delay measurements:a new approach to select paths and vectors to maximize effectiveness and minimize cost[C]// Design,Automation and Test in Europe Conference and Exhibition (DATE). 2013: 1265-1270.
[47]	KUMAR P , SRINIVASAN R . Detection of hardware Trojan in SEA using path delay[C]// Electrical,Electronics and Computer Science. 2014: 1-6.
[48]	YOSHIMIZU N , . Hardware Trojan detection by symmetry breaking in path delays[C]// IEEE International Symposium on HardwareOriented Security and Trust (HOST). 2014: 107-111.
[49]	NARASIMHAN S , DU D , CHAKRABORTY R S ,et al. Multiple-parameter side-channel analysis:a non-invasive hardware Trojan detection approach[C]// IEEE International Symposium on Hardware-Oriented Security and Trust. 2010: 13-18.
[50]	NOWROZ A , HU K , KOUSHANFAR F ,et al. Novel techniques for high-sensitivity hardware Trojan detection using thermal and power maps[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2014(33): 1792-1805.
[51]	CAO Y , CHANG C H , CHEN S . A cluster-based distributed active current sensing circuit for hardware Trojan detection[J]. IEEE Transactions on Information Forensics ＆ Security, 2014,9(12): 2220-2231.
[52]	NGO X , EXURVILLE I , ,et al. Hardware Trojan detection by delay and electromagnetic measurements[C]// Design,Automation and Test in Europe Conference and Exhibition (DATE). 2015: 782-787.
[53]	BANGA M , HSIAO M S . A region based approach for the identification of hardware Trojans[C]// IEEE International Workshop on Hardware-Oriented Security and Trust,IEEE Computer Society. 2008: 40-47.
[54]	XUE M , HU A , LI G . Detecting hardware Trojan through heuristic partition and activity driven test pattern generation[C]// Communications Security Conference. 2014: 1-6.
[55]	DU D , NARASIMHAN S , CHAKRABORTY R S ,et al. Self-referencing:a scalable side-channel approach for hardware Trojan detection[C]// The International Conference on Cryptographic Hardware and Embedded Systems (CHES). 2010: 173-187.
[56]	POTKONJAK M , NAHAPETIAN A , NELSON M ,et al. Hardware Trojan horse detection using gate-level characterization[C]// ACM/IEEE Design Automation Conference(DAC). 2009: 688-693.
[57]	KARUNAKARAN D K , MOHANKUMAR N . Malicious combinational hardware Trojan detection by gate level characterization in 90nm technology[C]// The International Conference on Computing,Communication and Networking Technologies. 2014: 1-7.
[58]	MCINTYRE D , WOLFF F , PAPACHRISTOU C ,et al. Dynamic evaluation of hardware trust[C]// IEEE International Workshop on Hardware-Oriented Security and Trust. 2009: 108-111.
[59]	ABRAMOVICI M , BRADLEY P . Integrated circuit security:new threats and solutions[J]. China Gems ＆ Jades, 2009: 1-3.
[60]	BLOOM G , NARAHARI B , SIMHA R . OS support for detecting Trojan circuit attacks[C]// IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 2009: 100-103.
[61]	FORTE D , BAO C , SRIVASTAVA A . Temperature tracking:an innovative run-time approach for hardware Trojan detection[C]// The International Conference on Computer-Aided Design. 2013: 532-539.
[62]	BAO C , FORTE D , SRIVASTAVA A . Temperature tracking:toward robust run-time detection of hardware Trojans[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2015,34(10): 1577-1585.
[63]	XUAN T N , DANGER J L , GUILLEY S ,et al. Hardware property checker for run-time hardware Trojan detection[C]// European Conference on Circuit Theory and Design. 2015: 1-4.
[64]	CUI X , MA K , SHI L ,et al. High-level synthesis for run-time hardware Trojan detection and recovery[C]// ACM/IEEE Design Automation Conference (DAC). 2014: 1-6.
[65]	KITSOS P , VOYIATZIS A G . FPGA Trojan detection using length-optimized ring oscillators[C]// Digital System Design. 2014: 675-678.
[66]	ZHANG X , TEHRANIPOOR M . RON:an on-chip ring oscillator network for hardware Trojan detection[C]// Design,Automation and Test in Europe Conference and Exhibition. 2011: 1-6.
[67]	FERRAIUOLO A , ZHANG X , TEHRANIPOOR M . Experimentalanalysis of a ring oscillator network for hardware Trojan detection in a 90nm ASIC[C]// IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 2012: 37-42.
[68]	NGO X , DANGER J , GUILLEY S ,et al. Cryptographically secure shield for security IP protection[J]. IEEE Transaction on Computers, 2017,66(2): 354-360.
[69]	张赟, 赵毅强, 刘军伟 ,等. 一种抗物理攻击防篡改检测技术[J]. 微电子学与计算机, 2016,33(4): 121-124.
	ZHANG Y , ZHAO Y Q , LIU J W ,et al. A temper-resistant detecting technique against physical attack[J]. Microelectronics ＆ Computer, 2016,33(4): 121-124.
[70]	BRIAIS S , CIORANESCO J , DANGER J ,et al. Random active shield[C]// Fault Diagnosis and Tolerance in Cryptography, 2012: 103-113.
[71]	SHAHRJERDI D , RAJENDRAN J , GARG S ,et al. Shielding and securing integrated circuits with sensors[C]// ICCAD. 2014: 170-174.
[72]	CIORANESCO J , DANGER J , GRABA T ,et al. Cryptographically secure shields[C]// HOST. 2014: 25-31.
[73]	ZHANG J , QU G , LV Y , ZHOU Q . A survey on silicon PUFs and recent advances in ring oscillator PUFs[J]. Journal of Computer Science and Technology, 2014,29(4): 664-678.
[74]	GASSEND B . Identification and authentication of integrated circuits:research articles[J]. Concurrency and Computation:Practice＆ Experience, 2004,16(11): 1077-1098.
[75]	WU T , GANESAN K , HU Y ,et al. TPAD:Hardware Trojanprevention and detection for trusted integrated circuits[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD), 2016,35(4): 521-534.

方法	复杂度	代价	有效性	覆盖范围	可实施性	可扩展性	增加面积	需要原型
预防技术	H	H	H	H	H	L	Y	N
反向工程	H	H	H	H	L	L	N	Y
逻辑测试	M	L	L	M	H	H	N	N
侧信道分析	M	M	H	M	H	M	N	Y
运行时监控	M	M	M	M	M	M	N	N
协同检测	M	M	H	H	H	M	N	Y/N