基于可满足性无关项的硬件木马设计与检测

doi:10.11959/j.issn.2096-109x.2021025

Abstract

Abstract:

Hardware Trojans are intended malicious design modifications to integrated circuits, which can be used to launch powerful low-level attacks after being activated.A new security threat of lightweight stealthy hardware Trojans leveraging discrete satisfiability don't care signals was demonstrated.These don't care could not be satisfied under normal operation and thus the circuit design with Trojan is functionally equivalent to the Trojan-free baseline.The attacker could activate the Trojan through simple yet effective fault injection.Experimental results on a 1024-bit RSA cryptographic core show that the proposed hardware Trojan can escape from logic synthesis optimization, and that the RSA private key can be retrieved by simply over-clocking the design.A defense technique that can effectively detect such stealthy Trojan design was provided.

Key words: hardware security, hardware Trojan, satisfiability don't care, fault injection, Trojan detection

CLC Number:

TP309

Lingjuan WU, Jiacheng ZHU, Shibo TANG, Jing TAN, Wei HU. Design and detection of hardware Trojan based on satisfiability don't cares[J]. Chinese Journal of Network and Information Security, 2021, 7(2): 35-42.

Figures/Tables 6

References 23

[1]	TEHRANIPOOR M , KOUSHANFAR F . A survey of hardware Trojan taxonomy and detection[J]. IEEE Design ＆ Test of Computers, 2010,27(1): 10-25.
[2]	LI H , LIU Q , ZHANG J . A survey of hardware Trojan threat and defense[J]. Integration, 2016,55: 426-437.
[3]	KARRI R , RAJENDRAN J , ROSENFELD K ,et al. Trustworthy hardware:identifying and classifying hardware Trojans[J]. Computer, 2010,43(10): 39-46.
[4]	BAUMGARTEN A , STEFFEN M , CLAUSMAN M ,et al. A case study in hardware Trojan design and implementation[J]. International Journal of Information Security, 2011,10(1): 1-14.
[5]	WAKSMAN A , SUOZZO M , SETHUMANDHAVAN S . FANCI:identification of stealthy malicious logic using Boolean functional analysis[C]// Proceedings of the 2013 ACM SIGSAC Conference on Computer ＆ Communications Security. 2013: 697-708.
[6]	HICKS M , FINNICUM M , KING S T ,et al. Overcoming an untrusted computing base:detecting and removing malicious hardware automatically[C]// 2010 IEEE Symposium on Security and Privacy. 2010: 159-172.
[7]	STURTON C , HICKS M , WAGNER D ,et al. Defeating UCI:building stealthy and malicious hardware[C]// 2011 IEEE Symposium on Security and Privacy. 2011: 64-77.
[8]	ZHANG J , YUAN F , XU Q . Detrust:defeating hardware trust verification with stealthy implicitly-triggered hardware Trojans[C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 153-166.
[9]	ZHANG J , YUAN F , WEI L ,et al. VeriTrust:verification for hardware trust[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2015,34(7): 1148-1161.
[10]	HAIDER S K , JIN C , AHMAD M ,et al. Advancing the state-of-the-art in hardware Trojans detection[R]. Cryptology ePrint Archive,Report.
[11]	FERN N , KULKARNI S , CHENG K T T . Hardware Trojans hidden in RTL don’t cares-automated insertion and prevention methodologies[C]// 2015 IEEE International Test Conference (ITC). 2015: 1-8.
[12]	FERN N , CHENG K T . Detecting hardware Trojans in unspeci?ed functionality using mutation testing[C]// 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 2015: 560-566.
[13]	NAHIYAN A , XIAO K , YANG K ,et al. AVFSM:a framework for identifying and mitigating vulnerabilities in FSMs[C]// Proceedings of the 53rd Annual Design Automation Conference. 2016: 1-6.
[14]	KRIEG C , WOLF C , JANTSCH A ,et al. Toggle MUX:how X-optimism can lead to malicious hardware[C]// 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC). 2017: 1-6.
[15]	HU W , ZHANG L , ARDESHIRICHAM A ,et al. Why you should care about don't cares:exploiting internal don't care conditions for hardware Trojans[C]// 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 2017: 707-713.
[16]	MAHMOUD D G , HU W , STOJILOVIC M . X-attack:remote activation of satisfiability don't-care hardware Trojans on shared FPGAs[C]// 2020 30th International Conference on Field Programmable Logic and Applications (FPL). 2020: 185-192.
[17]	HU W , MA Y , WAND X ,et al. Leveraging unspecified functionality in obfuscated hardware for Trojan and fault attacks[C]// 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST). 2019: 1-6.
[18]	DUBBAR C , QU G . Satisfiability don't care condition based circuit fingerprinting techniques[C]// The 20th Asia and South Pacific Design Automation Conference. 2015: 815-820.
[19]	MAO B , HU W , ALTHOFF A ,et al. Quantitative analysis of timing channel security in cryptographic hardware design[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2017,37(9): 1719-1732.
[20]	NARASIMHAN S , DU D , CHAKRABORTY R S ,et al. Hardware Trojan detection by multiple-parameter side-channel analysis[J]. IEEE Transactions on Computers, 2012,62(11): 2183-2195.
[21]	HU W , ARDESHIRICHAM A , GOBULUKOGLU M S ,et al. Property speci?c information ?ow analysis for hardware security veri?cation[C]// Proceedings of the International Conference on Computer-Aided Design. 2018: 1-8.
[22]	HU W , MAO B , OBERG J ,et al. Detecting hardware Trojans with gate-level information-flow tracking[J]. Computer, 2016,49(8): 44-52.
[23]	ARDESHIRICHAM A , TAKASHIMA Y , GAO S ,et al. Verisketch:Synthesizing secure hardware designs with timing-sensitive information flow properties[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS). 2019: 1623-1638.

Metrics

Recommended 0

No Suggested Reading articles found!

RSA密码核	参数
RSA密码核	LUT	LUTRAM	FF	BUFG	总功耗
原始RSA密码核	3627	128	1343	1	0.701W
木马RSA密码核	3621	128	1345	1	0.697W
木马设计影响	-0.16%	0	+0.15%	0	-0.57%

Design and detection of hardware Trojan based on satisfiability don't cares

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 23

Related Articles 5

Metrics

Recommended 0

[1]	Yongkang TANG, Xing HU, Ting SU, Shaoqing LI. Research on electromagnetic radiation based side-channel analysis method for hardware Trojan detection [J]. Chinese Journal of Network and Information Security, 2021, 7(2): 43-56.
[2]	Qizhi ZHANG, Yiqiang ZHAO, Ya GAO, Haocheng MA. Survey on model checking based hardware Trojan detection technology [J]. Chinese Journal of Network and Information Security, 2021, 7(2): 57-63.
[3]	Kan WANG,Hao CHEN,Xu-guang GUAN,Yong GU. Research on hardware Trojan defense [J]. Chinese Journal of Network and Information Security, 2017, 3(9): 1-12.
[4]	Xue-lian ZHANG,Zhen WU,Zhi-bo DU,Min WANG,Chun-ling XIANG. Research on Java card security [J]. Chinese Journal of Network and Information Security, 2017, 3(6): 58-64.
[5]	Qiang XU,Xing-hao JIANG,Li-hong YAO,Zhi-qiang ZHANG,Cheng ZHANG. Overview of the detection and prevention study of hardware Trojans [J]. Chinese Journal of Network and Information Security, 2017, 3(4): 1-13.