Visible to the public Hardware Trojan Horse Detection

SoS Newsletter- Advanced Book Block

Hardware Trojan Horse Detection

Detection and neutralization of hardware-embedded Trojans is a difficult problem. Current research is attempting to find ways to develop detection methods and processes and to automate the process. The research presented here addresses path delay, slack removal, reverse engineering, and counterfeit prevention. These papers were presented and published in the first half of 2014.

  • Kitsos, Paris; Voyiatzis, Artemios G., "Towards a Hardware Trojan Detection Methodology," Embedded Computing (MECO), 2014 3rd Mediterranean Conference on , vol., no., pp.18,23, 15-19 June 2014. ( Malicious hardware is a realistic threat. It can be possible to insert the malicious functionality on a device as deep as in the hardware design flow, long before manufacturing the silicon product. Towards developing a hardware Trojan horse detection methodology, we analyze capabilities and limitations of existing techniques, framing a testing strategy for uncovering efficiently hardware Trojan horses in mass-produced integrated circuits.
    Keywords: Delays; Hardware ;Integrated circuit modeling; Power demand; Trojan horses; Vectors; detection techniques; integrated circuits; security hardware Trojans horses; trusted hardware ID#:14-2102)
  • Kumar, P.; Srinivasan, R., "Detection of Hardware Trojan In SEA Using Path Delay," Electrical, Electronics and Computer Science (SCEECS), 2014 IEEE Students' Conference on , vol., no., pp.1,6, 1-2 March 2014. (ID#:14-2103)
    URL: Detecting hardware Trojan is a difficult task in general. The context is that of a fabless design house that sells IP blocks as GDSII hard macros, and wants to check that final products have not been infected by Trojan during the foundry stage. In this paper we analyzed hardware Trojan horses insertion and detection in Scalable Encryption Algorithm (SEA) crypto. We inserted Trojan at different levels in the ASIC design flow of SEA crypto and most importantly we focused on Gate level and layout level Trojan insertions. We choose path delays in order to detect Trojan at both levels in design phase. Because the path delays detection technique is cost effective and efficient method to detect Trojan. The comparison of path delays makes small Trojan circuits significant from a delay point of view. We used typical, fast and slow 90nm libraries in order to estimate the efficiency of path delay technique in different operating conditions. The experiment's results show that the detection rate on payload Trojan is 100%.
    Keywords: application specific integrated circuits; cryptography; delays; invasive software; logic circuits; ASIC design flow; GDSII hard macros; IP blocks; SEA crypto; Trojan circuits; fabless design house; gate level Trojan insertions; hardware Trojan detection; hardware Trojan horses insertion; layout level Trojan insertions; path delay; payload Trojan detection rate; scalable encryption algorithm crypto; Algorithm design and analysis; Delays ;Encryption; Hardware; Logic gates; Trojan horses; GDSII; HTH detection and insertion; Hardware Trojan horses (HTH);Scalable Encryption Algorithm (SEA);path delay; payload Trojan (ID#:14-2103)
  • Yoshimizu, Norimasa, "Hardware Trojan Detection By Symmetry Breaking In Path Delays," Hardware-Oriented Security and Trust (HOST), 2014 IEEE International Symposium on , vol., no., pp.107,111, 6-7 May 2014. This paper discusses the detection of hardware Trojans (HTs) by their breaking of symmetries within integrated circuits (ICs), as measured by path delays. Typically, path delay or side channel methods rely on comparisons to a golden, or trusted, sample. However, golden standards are affected by inter-and intra-die variations which limit the confidence in such comparisons. Symmetry is a way to detect modifications to an IC with increased confidence by confirming subcircuit consistencies within as it was originally designed. The difference in delays from a given path to a set of symmetric paths will be the same unless an inserted HT breaks symmetry. Symmetry can naturally exist in ICs or be artificially added. We describe methods to find and measure path delays against symmetric paths, as well as the advantages and disadvantages of this method. We discuss results of examples from benchmark circuits demonstrating the detection of hardware Trojans.
    Keywords: Delays; Hardware; Integrated circuits; Logic gates; Sensitivity; Transistors; Trojan horses; circuit symmetries; hardware Trojan; integrated circuits; path delay (ID#:14-2104)
  • Ramdas, Abishek; Saeed, Samah Mohamed; Sinanoglu, Ozgur, "Slack Removal For Enhanced Reliability And Trust," Design & Technology of Integrated Systems In Nanoscale Era (DTIS), 2014 9th IEEE International Conference On , vol., no., pp.1,4, 6-8 May 2014. Timing slacks possibly lead to reliability issues and/or security vulnerabilities, as they may hide small delay defects and malicious circuitries injected during fabrication, namely, hardware Trojans. While possibly harmless immediately after production, small delay defects may trigger reliability problems as the part is being used in field, presenting a significant threat for mission-critical applications. Hardware Trojans remain dormant while the part is tested and validated, but then get activated to launch an attack when the chip is deployed in security-critical applications. In this paper, we take a deeper look into these problems and their underlying reasons, and propose a design technique to maximize the detection of small delay defects as well as the hardware Trojans. The proposed technique eliminates all slacks by judiciously inserting delay units in a small set of locations in the circuit, thereby rendering a simple set of transition fault patterns quite effective in catching parts with small delay defects or Trojans. Experimental results also justify the efficacy of the proposed technique in improving the quality of test while retaining the pattern count and care bit density intact.
    Keywords: Circuit faults; Delays; Hardware; Logic gates; Testing; Trojan horses; Wires; At-speed Testing; Hardware Trojan; Slacks; Small Delay Defects (ID#:14-2105)
  • Chongxi Bao; Forte, D.; Srivastava, A, "On Application Of One-Class SVM To Reverse Engineering-Based Hardware Trojan Detection," Quality Electronic Design (ISQED), 2014 15th International Symposium on , vol., no., pp.47,54, 3-5 March 2014. Due to design and fabrication outsourcing to foundries, the problem of malicious modifications to integrated circuits known as hardware Trojans has attracted attention in academia as well as industry. To reduce the risks associated with Trojans, researchers have proposed different approaches to detect them. Among these approaches, test-time detection approaches have drawn the greatest attention and most approaches assume the existence of a "golden model". Prior works suggest using reverse-engineering to identify such Trojan-free ICs for the golden model but they did not state how to do this efficiently. In this paper, we propose an innovative and robust reverse engineering approach to identify the Trojan-free ICs. We adapt a well-studied machine learning method, one-class support vector machine, to solve our problem. Simulation results using state-of-the-art tools on several publicly available circuits show that our approach can detect hardware Trojans with high accuracy rate across different modeling and algorithm parameters.
    Keywords: electronic engineering computing; integrated circuit design; invasive software; learning (artificial intelligence);reverse engineering; support vector machines; Trojan-free IC identification; fabrication outsourcing; golden model; integrated circuits; one-class SVM; one-class support vector machine; reverse engineering-based hardware Trojan detection; test-time detection approach; well-studied machine learning method; Feature extraction; Integrated circuit modeling; ayout; Support vector machines; Training; Trojan horses (ID#:14-2106)
  • Tehranipoor, M.; Forte, D., "Tutorial T4: All You Need to Know about Hardware Trojans and Counterfeit ICs," VLSI Design and 2014 13th International Conference on Embedded Systems, 2014 27th International Conference on , vol., no., pp.9,10, 5-9 Jan. 2014. The migration from a vertical to horizontal business model has made it easier to introduce hardware Trojans and counterfeit electronic parts into the electronic component supply chain. Hardware Trojans are malicious modifications made to original IC designs that reduce system integrity (change functionality, leak private data, etc.). Counterfeit parts are often below specification and/or of substandard quality. The existence of Trojans and counterfeit parts creates risks for the life-critical systems and infrastructures that incorporate them including automotive, aerospace, military, and medical systems. In this tutorial, we will cover: (i) Background and motivation for hardware Trojan and counterfeit prevention/detection; (ii) Taxonomies related to both topics; (iii) Existing solutions; (iv) Open challenges; (v) New and unified solutions to address these challenges.
    Keywords: {hardware-software codesign; integrated circuit testing; invasive software; counterfeit IC; counterfeit detection; counterfeit electronic parts; counterfeit prevention; electronic component supply chain; hardware Trojans; horizontal business model; life-critical systems; original IC designs; system integrity; vertical business model; Awards activities; Conferences ;Educational institutions; Hardware; Trojan horses; Tutorials; Very large scale integration (ID#:14-2107)
  • Soll, Oliver; Korak, Thomas; Muehlberghuber, Michael; Hutter, Michael, "EM-based Detection Of Hardware Trojans On FPGAs," Hardware-Oriented Security and Trust (HOST), 2014 IEEE International Symposium on , vol., no., pp.84,87, 6-7 May 2014. The detectability of malicious circuitry on FPGAs with varying placement properties yet has to be investigated. The authors utilize a Xilinx Virtex-II Pro target platform in order to insert a sequential denial-of-service Trojan into an existing AES design by manipulating a Xilinx-specific, intermediate file format prior to the bitstream generation. Thereby, there is no need for an attacker to acquire access to the hardware description language representation of a potential target architecture. Using a side-channel analysis setup for electromagnetic emanation (EM) measurements, they evaluate the detectability of different Trojan designs with varying location and logic distribution properties. The authors successfully distinguish the malicious from the genuine designs and provide information on how the location and distribution properties of the Trojan logic affect its detectability. To the best of their knowledge, this has been the first practically conducted Trojan detection using localized EM measurements.
    Keywords: Clocks; Field programmable gate arrays; Hardware; Layout; Probes; Software; Trojan horses; Hardware Trojan injection; RapidSmith; Trojan placement; electromagnetic emanation; side-channel analysis (ID#:14-2108)
  • Yier Jin; Sullivan, D., "Real-time Trust Evaluation In Integrated Circuits," Design, Automation and Test in Europe Conference and Exhibition (DATE), 2014 , vol., no., pp.1,6, 24-28 March 2014. The use of side-channel measurements and fingerprinting, in conjunction with statistical analysis, has proven to be the most effective method for accurately detecting hardware Trojans in fabricated integrated circuits. However, these post-fabrication trust evaluation methods overlook the capabilities of advanced design skills that attackers can use in designing sophisticated Trojans. To this end, we have designed a Trojan using power-gating techniques and demonstrate that it can be masked from advanced side-channel fingerprinting detection while dormant. We then propose a real-time trust evaluation framework that continuously monitors the on-board global power consumption to monitor chip trustworthiness. The measurements obtained corroborate our frameworks effectiveness for detecting Trojans. Finally, the results presented are experimentally verified by performing measurements on fabricated Trojan-free and Trojan-infected variants of a reconfigurable linear feedback shift register (LFSR) array.
    Keywords: integrated circuits; invasive software; shift registers; statistical analysis; LFSR array; Trojan-free variants; Trojan-infected variants; advanced design skills; chip trustworthiness; hardware Trojan detection; integrated circuits; on-board global power consumption; post-fabrication trust evaluation methods; power-gating techniques; real-time trust evaluation framework; reconfigurable linear feedback shift register array; side-channel fingerprinting detection; side-channel measurements; Erbium; Hardware; Power demand; Power measurement; Semiconductor device measurement; Testing; Trojan horses (ID#:14-2109)
  • Bhunia, S.; Hsiao, M.S.; Banga, M.; Narasimhan, S., "Hardware Trojan Attacks: Threat Analysis and Countermeasures," Proceedings of the IEEE , vol.102, no.8, pp.1229,1247, Aug. 2014 Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip--e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.
    Keywords: Circuit faults; Computer security; Fabrication; Hardware; Integrated circuit modeling; Integrated circuits; Trojan horses; Hardware intellectual property (IP) trust; Trojan detection; Trojan taxonomy; Trojan tolerance; hardware Trojan attacks; hardware obfuscation; self-referencing; side-channel analysis (ID#:14-2110)
  • Rathmair, Michael; Schupfer, Florian; Krieg, Christian, "Applied Formal Methods For Hardware Trojan Detection," Circuits and Systems (ISCAS), 2014 IEEE International Symposium on , vol., no., pp.169,172, 1-5 June 2014. This paper addresses the potential danger using integrated circuits which contain malicious hardware modifications hidden in the silicon structure. A so called hardware Trojan may be added at several stages of the chip development process. This work concentrates on formal hardware Trojan detection during the design phase and highlights applied verification techniques. Selected methods are discussed and their combination used to increase an introduced "Trojan Assurance Level".
    Keywords: Data structures; Equations; Hardware; Mathematical model; Model checking; Trojan horses; Vectors (ID#:14-2111)
  • Subramanyan, P.; Tsiskaridze, N.; Wenchao Li; Gascon, A; Wei Yang Tan; Tiwari, A; Shankar, N.; Seshia, S.A; Malik, S., "Reverse Engineering Digital Circuits Using Structural and Functional Analyses," Emerging Topics in Computing, IEEE Transactions on , vol.2, no.1, pp.63,80, March 2014. Integrated circuits (ICs) are now designed and fabricated in a globalized multivendor environment making them vulnerable to malicious design changes, the insertion of hardware Trojans/malware, and intellectual property (IP) theft. Algorithmic reverse engineering of digital circuits can mitigate these concerns by enabling analysts to detect malicious hardware, verify the integrity of ICs, and detect IP violations. In this paper, we present a set of algorithms for the reverse engineering of digital circuits starting from an unstructured netlist and resulting in a high-level netlist with components such as register files, counters, adders, and subtractors. Our techniques require no manual intervention and experiments show that they determine the functionality of >45% and up to 93% of the gates in each of the test circuits that we examine. We also demonstrate that our algorithms are scalable to real designs by experimenting with a very large, highly-optimized system-on-chip (SOC) design with over 375000 combinational elements. Our inference algorithms cover 68% of the gates in this SOC. We also demonstrate that our algorithms are effective in aiding a human analyst to detect hardware Trojans in an unstructured netlist.
    Keywords: industrial property; integrated circuit design; invasive software; reverse engineering; system-on-chip ;ICs; IP theft; IP violation detection; SoC design; adders; algorithmic reverse engineering digital circuits; combinational elements; counters; functional analysis; globalized multivendor environment; hardware trojans-malware; high-level netlist; integrated circuits ;intellectual property; register files; structural analysis; subtractors; test circuits; unstructured netlist; very large highly-optimized system-on-chip design; Algorithm design and analysis; Globalization; Hardware; Inference algorithms; Integrated circuits; Logic gates; Reverse engineering; Trojan horses; Digital circuits; computer security; design automation; formal verification (ID#:14-2112)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.