Visible to the public Biblio

Filters: Keyword is Trojan horses  [Clear All Filters]
2021-06-28
Zhang, Ning, Lv, Zhiqiang, Zhang, Yanlin, Li, Haiyang, Zhang, Yixin, Huang, Weiqing.  2020.  Novel Design of Hardware Trojan: A Generic Approach for Defeating Testability Based Detection. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :162–173.
Hardware design, especially the very large scale integration(VLSI) and systems on chip design(SOC), utilizes many codes from third-party intellectual property (IP) providers and former designers. Hardware Trojans (HTs) are easily inserted in this process. Recently researchers have proposed many HTs detection techniques targeting the design codes. State-of-art detections are based on the testability including Controllability and Observability, which are effective to all HTs from TrustHub, and advanced HTs like DeTrust. Meanwhile, testability based detections have advantages in the timing complexity and can be easily integrated into recently industrial verification. Undoubtedly, the adversaries will upgrade their designs accordingly to evade these detection techniques. Designing a variety of complex trojans is a significant way to perfect the existing detection, therefore, we present a novel design of HTs to defeat the testability based detection methods, namely DeTest. Our approach is simple and straight forward, yet it proves to be effective at adding some logic. Without changing HTs malicious function, DeTest decreases controllability and observability values to about 10% of the original, which invalidates distinguishers like clustering and support vector machines (SVM). As shown in our practical attack results, adversaries can easily use DeTest to upgrade their HTs to evade testability based detections. Combined with advanced HTs design techniques like DeTrust, DeTest can evade previous detecions, like UCI, VeriTrust and FANCI. We further discuss how to extend existing solutions to reduce the threat posed by DeTest.
Yao, Manting, Yuan, Weina, Wang, Nan, Zhang, Zeyu, Qiu, Yuan, Liu, Yichuan.  2020.  SS3: Security-Aware Vendor-Constrained Task Scheduling for Heterogeneous Multiprocessor System-on-Chips. 2020 IEEE International Conference on Networking, Sensing and Control (ICNSC). :1–6.
Design for trust approaches can protect an MPSoC system from hardware Trojan attack due to the high penetration of third-party intellectual property. However, this incurs significant design cost by purchasing IP cores from various IP vendors, and the IP vendors providing particular IP are always limited, making these approaches unable to be performed in practice. This paper treats IP vendor as constraint, and tasks are scheduled with a minimized security constraint violations, furthermore, the area of MPSoC is also optimized during scheduling. Experimental results demonstrate the effectiveness of our proposed algorithm, by reducing 0.37% security constraint violations.
2021-06-24
Javaheripi, Mojan, Chen, Huili, Koushanfar, Farinaz.  2020.  Unified Architectural Support for Secure and Robust Deep Learning. 2020 57th ACM/IEEE Design Automation Conference (DAC). :1—6.
Recent advances in Deep Learning (DL) have enabled a paradigm shift to include machine intelligence in a wide range of autonomous tasks. As a result, a largely unexplored surface has opened up for attacks jeopardizing the integrity of DL models and hindering the success of autonomous systems. To enable ubiquitous deployment of DL approaches across various intelligent applications, we propose to develop architectural support for hardware implementation of secure and robust DL. Towards this goal, we leverage hardware/software co-design to develop a DL execution engine that supports algorithms specifically designed to defend against various attacks. The proposed framework is enhanced with two real-time defense mechanisms, securing both DL training and execution stages. In particular, we enable model-level Trojan detection to mitigate backdoor attacks and malicious behaviors induced on the DL model during training. We further realize real-time adversarial attack detection to avert malicious behavior during execution. The proposed execution engine is equipped with hardware-level IP protection and usage control mechanism to attest the legitimacy of the DL model mapped to the device. Our design is modular and can be tuned to task-specific demands, e.g., power, throughput, and memory bandwidth, by means of a customized hardware compiler. We further provide an accompanying API to reduce the nonrecurring engineering cost and ensure automated adaptation to various domains and applications.
2021-04-08
Westland, T., Niu, N., Jha, R., Kapp, D., Kebede, T..  2020.  Relating the Empirical Foundations of Attack Generation and Vulnerability Discovery. 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI). :37–44.
Automatically generating exploits for attacks receives much attention in security testing and auditing. However, little is known about the continuous effect of automatic attack generation and detection. In this paper, we develop an analytic model to understand the cost-benefit tradeoffs in light of the process of vulnerability discovery. We develop a three-phased model, suggesting that the cumulative malware detection has a productive period before the rate of gain flattens. As the detection mechanisms co-evolve, the gain will likely increase. We evaluate our analytic model by using an anti-virus tool to detect the thousands of Trojans automatically created. The anti-virus scanning results over five months show the validity of the model and point out future research directions.
2021-03-04
Afreen, A., Aslam, M., Ahmed, S..  2020.  Analysis of Fileless Malware and its Evasive Behavior. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1—8.

Malware is any software that causes harm to the user information, computer systems or network. Modern computing and internet systems are facing increase in malware threats from the internet. It is observed that different malware follows the same patterns in their structure with minimal alterations. The type of threats has evolved, from file-based malware to fileless malware, such kind of threats are also known as Advance Volatile Threat (AVT). Fileless malware is complex and evasive, exploiting pre-installed trusted programs to infiltrate information with its malicious intent. Fileless malware is designed to run in system memory with a very small footprint, leaving no artifacts on physical hard drives. Traditional antivirus signatures and heuristic analysis are unable to detect this kind of malware due to its sophisticated and evasive nature. This paper provides information relating to detection, mitigation and analysis for such kind of threat.

2021-01-22
Ayoade, G., Akbar, K. A., Sahoo, P., Gao, Y., Agarwal, A., Jee, K., Khan, L., Singhal, A..  2020.  Evolving Advanced Persistent Threat Detection using Provenance Graph and Metric Learning. 2020 IEEE Conference on Communications and Network Security (CNS). :1—9.

Advanced persistent threats (APT) have increased in recent times as a result of the rise in interest by nation-states and sophisticated corporations to obtain high profile information. Typically, APT attacks are more challenging to detect since they leverage zero-day attacks and common benign tools. Furthermore, these attack campaigns are often prolonged to evade detection. We leverage an approach that uses a provenance graph to obtain execution traces of host nodes in order to detect anomalous behavior. By using the provenance graph, we extract features that are then used to train an online adaptive metric learning. Online metric learning is a deep learning method that learns a function to minimize the separation between similar classes and maximizes the separation between dis-similar instances. We compare our approach with baseline models and we show our method outperforms the baseline models by increasing detection accuracy on average by 11.3 % and increases True positive rate (TPR) on average by 18.3 %.

2021-01-18
Laptiev, O., Shuklin, G., Hohonianc, S., Zidan, A., Salanda, I..  2019.  Dynamic Model of Cyber Defense Diagnostics of Information Systems With The Use of Fuzzy Technologies. 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT). :116–119.
When building the architecture of cyber defense systems, one of the important tasks is to create a methodology for current diagnostics of cybersecurity status of information systems and objects of information activity. The complexity of this procedure is that having a strong security level of the object at the software level does not mean that such power is available at the hardware level or at the cryptographic level. There are always weaknesses in all levels of information security that criminals are constantly looking for. Therefore, the task of promptly calculating the likelihood of possible negative consequences from the successful implementation of cyberattacks is an urgent task today. This paper proposes an approach of obtaining an instantaneous calculation of the probabilities of negative consequences from the successful implementation of cyberattacks on objects of information activity on the basis of delayed differential equation theory and the mechanism of constructing a logical Fuzzy function. This makes it possible to diagnose the security status of the information system.
2020-11-09
Mobaraki, S., Amirkhani, A., Atani, R. E..  2018.  A Novel PUF based Logic Encryption Technique to Prevent SAT Attacks and Trojan Insertion. 2018 9th International Symposium on Telecommunications (IST). :507–513.
The manufacturing of integrated circuits (IC) outside of the design houses makes it possible for the adversary to easily perform a reverse engineering attack against intellectual property (IP)/IC. The aim of this attack can be the IP piracy, overproduction, counterfeiting or inserting hardware Trojan (HT) throughout the supply chain of the IC. Preventing hardware Trojan insertion is a significant issue in the context of hardware security (HS) and has not been considered in most of the previous logic encryption methods. To eliminate this problem, in this paper an Anti-Trojan insertion algorithm is presented. The idea is based on the fact that reducing the signals with low-observability (LO) and low-controllability (LC) can prevent HT insertion significantly. The security of logic encryption methods depends on the algorithm and the encryption key. However, the security of these methods has been compromised by SAT attacks over recent years. SAT attacks, can decode the correct key from most logic encryption techniques. In this article, by using the PUF-based encryption, the applied key in the encryption is randomized and SAT attack cannot be performed. Based on the output of PUF, a unique encryption has been made for each chip that preventing from counterfeiting and IP piracy.
Saeed, S. M., Cui, X., Zulehner, A., Wille, R., Drechsler, R., Wu, K., Karri, R..  2018.  IC/IP Piracy Assessment of Reversible Logic. 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). :1–8.
Reversible logic is a building block for adiabatic and quantum computing in addition to other applications. Since common functions are non-reversible, one needs to embed them into proper-size reversible functions by adding ancillary inputs and garbage outputs. We explore the Intellectual Property (IP) piracy of reversible circuits. The number of embeddings of regular functions in a reversible function and the percent of leaked ancillary inputs measure the difficulty of recovering the embedded function. To illustrate the key concepts, we study reversible logic circuits designed using reversible logic synthesis tools based on Binary Decision Diagrams and Quantum Multi-valued Decision Diagrams.
2020-11-02
Lin, Chun-Yu, Huang, Juinn-Dar, Yao, Hailong, Ho, Tsung-Yi.  2018.  A Comprehensive Security System for Digital Microfluidic Biochips. 2018 IEEE International Test Conference in Asia (ITC-Asia). :151—156.

Digital microfluidic biochips (DMFBs) have become popular in the healthcare industry recently because of its lowcost, high-throughput, and portability. Users can execute the experiments on biochips with high resolution, and the biochips market therefore grows significantly. However, malicious attackers exploit Intellectual Property (IP) piracy and Trojan attacks to gain illegal profits. The conventional approaches present defense mechanisms that target either IP piracy or Trojan attacks. In practical, DMFBs may suffer from the threat of being attacked by these two attacks at the same time. This paper presents a comprehensive security system to protect DMFBs from IP piracy and Trojan attacks. We propose an authentication mechanism to protect IP and detect errors caused by Trojans with CCD cameras. By our security system, we could generate secret keys for authentication and determine whether the bioassay is under the IP piracy and Trojan attacks. Experimental results demonstrate the efficacy of our security system without overhead of the bioassay completion time.

Wang, Nan, Yao, Manting, Jiang, Dongxu, Chen, Song, Zhu, Yu.  2018.  Security-Driven Task Scheduling for Multiprocessor System-on-Chips with Performance Constraints. 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :545—550.

The high penetration of third-party intellectual property (3PIP) brings a high risk of malicious inclusions and data leakage in products due to the planted hardware Trojans, and system level security constraints have recently been proposed for MPSoCs protection against hardware Trojans. However, secret communication still can be established in the context of the proposed security constraints, and thus, another type of security constraints is also introduced to fully prevent such malicious inclusions. In addition, fulfilling the security constraints incurs serious overhead of schedule length, and a two-stage performance-constrained task scheduling algorithm is then proposed to maintain most of the security constraints. In the first stage, the schedule length is iteratively reduced by assigning sets of adjacent tasks into the same core after calculating the maximum weight independent set of a graph consisting of all timing critical paths. In the second stage, tasks are assigned to proper IP vendors and scheduled to time periods with a minimization of cores required. The experimental results show that our work reduces the schedule length of a task graph, while only a small number of security constraints are violated.

Qin, Maoyuan, Hu, Wei, Mu, Dejun, Tai, Yu.  2018.  Property Based Formal Security Verification for Hardware Trojan Detection. 2018 IEEE 3rd International Verification and Security Workshop (IVSW). :62—67.

The design of modern computer hardware heavily relies on third-party intellectual property (IP) cores, which may contain malicious hardware Trojans that could be exploited by an adversary to leak secret information or take control of the system. Existing hardware Trojan detection methods either require a golden reference design for comparison or extensive functional testing to identify suspicious signals. In this paper, we propose a new formal verification method to verify the security of hardware designs. The proposed solution formalizes fine grained gate level information flow model for proving security properties of hardware designs in the Coq theorem prover environment. Compare with existing register transfer level (RTL) information flow security models, our model only needs to translate a small number of logic primitives to their formal representations without the need of supporting the rich RTL HDL semantics or dealing with complex conditional branch or loop structures. As a result, a gate level information flow model can be created at much lower complexity while achieving significantly higher precision in modeling the security behavior of hardware designs. We use the AES-T1700 benchmark from Trust-HUB to demonstrate the effectiveness of our solution. Experimental results show that our method can detect and pinpoint the Trojan.

Sayed-Ahmed, Amr, Haj-Yahya, Jawad, Chattopadhyay, Anupam.  2019.  SoCINT: Resilient System-on-Chip via Dynamic Intrusion Detection. 2019 32nd International Conference on VLSI Design and 2019 18th International Conference on Embedded Systems (VLSID). :359—364.

Modern multicore System-on-Chips (SoCs) are regularly designed with third-party Intellectual Properties (IPs) and software tools to manage the complexity and development cost. This approach naturally introduces major security concerns, especially for those SoCs used in critical applications and cyberinfrastructure. Despite approaches like split manufacturing, security testing and hardware metering, this remains an open and challenging problem. In this work, we propose a dynamic intrusion detection approach to address the security challenge. The proposed runtime system (SoCINT) systematically gathers information about untrusted IPs and strictly enforces the access policies. SoCINT surpasses the-state-of-the-art monitoring systems by supporting hardware tracing, for more robust analysis, together with providing smart counterintelligence strategies. SoCINT is implemented in an open source processor running on a commercial FPGA platform. The evaluation results validate our claims by demonstrating resilience against attacks exploiting erroneous or malicious IPs.

2020-09-04
Asish, Madiraju Sairam, Aishwarya, R..  2019.  Cyber Security at a Glance. 2019 Fifth International Conference on Science Technology Engineering and Mathematics (ICONSTEM). 1:240—245.
The privacy of people on internet is getting reduced day by day. Data records of many prestigious organizations are getting corrupted due to computer malwares. Computer viruses are becoming more advanced. Hackers are able penetrate into a network and able to manipulate data. In this paper, describes the types of malwares like Trojans, boot sector virus, polymorphic virus, etc., and some of the hacking techniques which include DOS attack, DDoS attack, brute forcing, man in the middle attack, social engineering, information gathering tools, spoofing, sniffing. Counter measures for cyber attacks include VPN, proxy, tor (browser), firewall, antivirus etc., to understand the need of cyber security.
2020-07-30
Shey, James, Karimi, Naghmeh, Robucci, Ryan, Patel, Chintan.  2018.  Design-Based Fingerprinting Using Side-Channel Power Analysis for Protection Against IC Piracy. 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :614—619.

Intellectual property (IP) and integrated circuit (IC) piracy are of increasing concern to IP/IC providers because of the globalization of IC design flow and supply chains. Such globalization is driven by the cost associated with the design, fabrication, and testing of integrated circuits and allows avenues for piracy. To protect the designs against IC piracy, we propose a fingerprinting scheme based on side-channel power analysis and machine learning methods. The proposed method distinguishes the ICs which realize a modified netlist, yet same functionality. Our method doesn't imply any hardware overhead. We specifically focus on the ability to detect minimal design variations, as quantified by the number of logic gates changed. Accuracy of the proposed scheme is greater than 96 percent, and typically 99 percent in detecting one or more gate-level netlist changes. Additionally, the effect of temperature has been investigated as part of this work. Results depict 95.4 percent accuracy in detecting the exact number of gate changes when data and classifier use the same temperature, while training with different temperatures results in 33.6 percent accuracy. This shows the effectiveness of building temperature-dependent classifiers from simulations at known operating temperatures.

2020-07-16
Lingasubramanian, Karthikeyan, Kumar, Ranveer, Gunti, Nagendra Babu, Morris, Thomas.  2018.  Study of hardware trojans based security vulnerabilities in cyber physical systems. 2018 IEEE International Conference on Consumer Electronics (ICCE). :1—6.

The dependability of Cyber Physical Systems (CPS) solely lies in the secure and reliable functionality of their backbone, the computing platform. Security of this platform is not only threatened by the vulnerabilities in the software peripherals, but also by the vulnerabilities in the hardware internals. Such threats can arise from malicious modifications to the integrated circuits (IC) based computing hardware, which can disable the system, leak information or produce malfunctions. Such modifications to computing hardware are made possible by the globalization of the IC industry, where a computing chip can be manufactured anywhere in the world. In the complex computing environment of CPS such modifications can be stealthier and undetectable. Under such circumstances, design of these malicious modifications, and eventually their detection, will be tied to the functionality and operation of the CPS. So it is imperative to address such threats by incorporating security awareness in the computing hardware design in a comprehensive manner taking the entire system into consideration. In this paper, we present a study in the influence of hardware Trojans on closed-loop systems, which form the basis of CPS, and establish threat models. Using these models, we perform a case study on a critical CPS application, gas pipeline based SCADA system. Through this process, we establish a completely virtual simulation platform along with a hardware-in-the-loop based simulation platform for implementation and testing.

2020-05-15
Wang, Jian, Guo, Shize, Chen, Zhe, Zhang, Tao.  2019.  A Benchmark Suite of Hardware Trojans for On-Chip Networks. IEEE Access. 7:102002—102009.
As recently studied, network-on-chip (NoC) suffers growing threats from hardware trojans (HTs), leading to performance degradation or information leakage when it provides communication service in many/multi-core systems. Therefore, defense techniques against NoC HTs experience rapid development in recent years. However, to the best of our knowledge, there are few standard benchmarks developed for the defense techniques evaluation. To address this issue, in this paper, we design a suite of benchmarks which involves multiple NoCs with different HTs, so that researchers can compare various HT defense methods fairly by making use of them. We first briefly introduce the features of target NoC and its infected modules in our benchmarks, and then, detail the design of our NoC HTs in a one-by-one manner. Finally, we evaluate our benchmarks through extensive simulations and report the circuit cost of NoC HTs in terms of area and power consumption, as well as their effects on NoC performance. Besides, comprehensive experiments, including functional testing and side channel analysis are performed to assess the stealthiness of our HTs.
J.Y.V., Manoj Kumar, Swain, Ayas Kanta, Kumar, Sudeendra, Sahoo, Sauvagya Ranjan, Mahapatra, Kamalakanta.  2018.  Run Time Mitigation of Performance Degradation Hardware Trojan Attacks in Network on Chip. 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :738—743.
Globalization of semiconductor design and manufacturing has led to several hardware security issues. The problem of Hardware Trojans (HT) is one such security issue discussed widely in industry and academia. Adversary design engineer can insert the HT to leak confidential data, cause a denial of service attack or any other intention specific to the design. HT in cryptographic modules and processors are widely discussed. HT in Multi-Processor System on Chips (MPSoC) are also catastrophic, as most of the military applications use MPSoCs. Network on Chips (NoC) are standard communication infrastructure in modern day MPSoC. In this paper, we present a novel hardware Trojan which is capable of inducing performance degradation and denial of service attacks in a NoC. The presence of the Hardware Trojan in a NoC can compromise the crucial details of packets communicated through NoC. The proposed Trojan is triggered by a particular complex bit pattern from input messages and tries to mislead the packets away from the destined addresses. A mitigation method based on bit shuffling mechanism inside the router with a key directly extracted from input message is proposed to limit the adverse effects of the Trojan. The performance of a 4×4 NoC is evaluated under uniform traffic with the proposed Trojan and mitigation method. Simulation results show that the proposed mitigation scheme is useful in limiting the malicious effect of hardware Trojan.
Daoud, Luka.  2018.  Secure Network-on-Chip Architectures for MPSoC: Overview and Challenges. 2018 IEEE 61st International Midwest Symposium on Circuits and Systems (MWSCAS). :542—543.
Network-on-Chip (NOC) is the heart of data communication between processing cores in Multiprocessor-based Systems on Chip (MPSoC). Packets transferred via the NoC are exposed to snooping, which makes NoC-based systems vulnerable to security attacks. Additionally, Hardware Trojans (HTs) can be deployed in some of the NoC nodes to apply security threats of extracting sensitive information or degrading the system performance. In this paper, an overview of some security attacks in NoC-based systems and the countermeasure techniques giving prominence on malicious nodes are discussed. Work in progress for secure routing algorithms is also presented.
2020-05-08
Fu, Tian, Lu, Yiqin, Zhen, Wang.  2019.  APT Attack Situation Assessment Model Based on optimized BP Neural Network. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :2108—2111.
In this paper, it first analyzed the characteristics of Advanced Persistent Threat (APT). according to APT attack, this paper established an BP neural network optimized by improved adaptive genetic algorithm to predict the security risk of nodes in the network. and calculated the path of APT attacks with the maximum possible attack. Finally, experiments verify the effectiveness and correctness of the algorithm by simulating attacks. Experiments show that this model can effectively evaluate the security situation in the network, For the defenders to adopt effective measures defend against APT attacks, thus improving the security of the network.
2020-03-23
Daoud, Luka, Rafla, Nader.  2019.  Analysis of Black Hole Router Attack in Network-on-Chip. 2019 IEEE 62nd International Midwest Symposium on Circuits and Systems (MWSCAS). :69–72.

Network-on-Chip (NoC) is the communication platform of the data among the processing cores in Multiprocessors System-on-Chip (MPSoC). NoC has become a target to security attacks and by outsourcing design, it can be infected with a malicious Hardware Trojan (HT) to degrades the system performance or leaves a back door for sensitive information leaking. In this paper, we proposed a HT model that applies a denial of service attack by deliberately discarding the data packets that are passing through the infected node creating a black hole in the NoC. It is known as Black Hole Router (BHR) attack. We studied the effect of the BHR attack on the NoC. The power and area overhead of the BHR are analyzed. We studied the effect of the locations of BHRs and their distribution in the network as well. The malicious nodes has very small area and power overhead, 1.98% and 0.74% respectively, with a very strong violent attack.

2020-02-26
Abraham, Jacob A..  2019.  Resiliency Demands on Next Generation Critical Embedded Systems. 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS). :135–138.

Emerging intelligent systems have stringent constraints including cost and power consumption. When they are used in critical applications, resiliency becomes another key requirement. Much research into techniques for fault tolerance and dependability has been successfully applied to highly critical systems, such as those used in space, where cost is not an overriding constraint. Further, most resiliency techniques were focused on dealing with failures in the hardware and bugs in the software. The next generation of systems used in critical applications will also have to be tolerant to test escapes after manufacturing, soft errors and transients in the electronics, hardware bugs, hardware and software Trojans and viruses, as well as intrusions and other security attacks during operation. This paper will assess the impact of these threats on the results produced by a critical system, and proposed solutions to each of them. It is argued that run-time checks at the application-level are necessary to deal with errors in the results.

Tychalas, Dimitrios, Keliris, Anastasis, Maniatakos, Michail.  2019.  LED Alert: Supply Chain Threats for Stealthy Data Exfiltration in Industrial Control Systems. 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS). :194–199.

Industrial Internet-of-Things has been touted as the next revolution in the industrial domain, offering interconnectivity, independence, real-time operation, and self-optimization. Integration of smart systems, however, bridges the gap between information and operation technology, creating new avenues for attacks from the cyber domain. The dismantling of this air-gap, in conjunction with the devices' long lifespan -in the range of 20-30 years-, motivates us to bring the attention of the community to emerging advanced persistent threats. We demonstrate a threat that bridges the air-gap by leaking data from memory to analog peripherals through Direct Memory Access (DMA), delivered as a firmware modification through the supply chain. The attack automatically adapts to a target device by leveraging the Device Tree and resides solely in the peripherals, completely transparent to the main CPU, by judiciously short-circuiting specific components. We implement this attack on a commercial Programmable Logic Controller, leaking information over the available LEDs. We evaluate the presented attack vector in terms of stealthiness, and demonstrate no observable overhead on both CPU performance and DMA transfer speed. Since traditional anomaly detection techniques would fail to detect this firmware trojan, this work highlights the need for industrial control system-appropriate techniques that can be applied promptly to installed devices.

Kuo, Man-Hsuan, Hu, Chun-Ming, Lee, Kuen-Jong.  2019.  Time-Related Hardware Trojan Attacks on Processor Cores. 2019 IEEE International Test Conference in Asia (ITC-Asia). :43–48.

Real-time clock circuits are widely used in modern electronic systems to provide time information to the systems at the beginning of the system power-on. In this paper, we present two types of Hardware Trojan designs that employ the time information as the trigger conditions. One is a real-time based Trojan, which will attack a system at some specific realworld time. The other is a relative-time based Trojan, which will be triggered when a specific time period passes after the system is powered on. In either case when a Trojan is triggered its payload may corrupt the system or leakage internal information to the outside world. Experimental results show that the extra power consumption, area overhead and delay time are all quite small and thus the detection of the Trojans is difficult by using traditional side-channel detection methods.

Guo, Xiaolong, Zhu, Huifeng, Jin, Yier, Zhang, Xuan.  2019.  When Capacitors Attack: Formal Method Driven Design and Detection of Charge-Domain Trojans. 2019 Design, Automation Test in Europe Conference Exhibition (DATE). :1727–1732.

The rapid growth and globalization of the integrated circuit (IC) industry put the threat of hardware Trojans (HTs) front and center among all security concerns in the IC supply chain. Current Trojan detection approaches always assume HTs are composed of digital circuits. However, recent demonstrations of analog attacks, such as A2 and Rowhammer, invalidate the digital assumption in previous HT detection or testing methods. At the system level, attackers can utilize the analog properties of the underlying circuits such as charge-sharing and capacitive coupling effects to create information leakage paths. These new capacitor-based vulnerabilities are rarely covered in digital testings. To address these stealthy yet harmful threats, we identify a large class of such capacitor-enabled attacks and define them as charge-domain Trojans. We are able to abstract the detailed charge-domain models for these Trojans and expose the circuit-level properties that critically contribute to their information leakage paths. Aided by the abstract models, an information flow tracking (IFT) based solution is developed to detect charge-domain leakage paths and then identify the charge-domain Trojans/vulnerabilities. Our proposed method is validated on an experimental RISC microcontroller design injected with different variants of charge-domain Trojans. We demonstrate that successful detection can be accomplished with an automatic tool which realizes the IFT-based solution.