Building Trustworthy Systems Using Untrusted Components: A High-Level Synthesis Approach
11 Apr 2016-IEEE Transactions on Very Large Scale Integration Systems (IEEE)-Vol. 24, Iss: 9, pp 2946-2959
TL;DR: This paper identifies design constraints for Trojan detection to achieving detection, collusion prevention, and isolating the Trojan-infected 3PIP, and incorporates them during high-level synthesis.
Abstract: Trustworthiness of system-on-chip designs is undermined by malicious logic (Trojans) in third-party intellectual properties (3PIPs). In this paper, duplication, diversity, and isolation principles have been extended to detect build trustworthy systems using untrusted, potentially Trojan-infected 3PIPs. We use a diverse set of vendors to prevent collusions between the 3PIPs from the same vendor. We identify design constraints for Trojan detection to achieving detection, collusion prevention, and isolating the Trojan-infected 3PIP, and incorporate them during high-level synthesis. In addition, we develop techniques to reduce the number of vendors. The effectiveness of the proposed techniques is validated using the high-level synthesis benchmarks.
Citations
More filters
TL;DR: This book is mainly oriented towards a final year undergraduate course on fault-tolerant computing, primarily with an implementation bias, and draws considerably on the author's experience in industry, particularly reflected in the projects accompanying chapter 5.
Abstract: Design and Analysis ofFault-Tolerant Digital Systems: B. W. JOHNSON (Addison Wesley, 1989,577 pp., £41.35) The book provides an introduction to the important aspects of designing fault-tolerant systems, and an evaluation of how well the reliability goals have been achieved. The book is mainly oriented towards a final year undergraduate course on fault-tolerant computing, primarily with an implementation bias. In chapters 1 and 2, definitions and basic terminology are covered, which sets the stage for the remaining chapters, and provides the background and motivation for the remainder of the book. Chapter 3 provides a thorough analysis of fault-tolerance techniques and concepts. This chapter in particular is remarkably well written, covering the issues of hardware and information redundancy, which form the mainstay offault-tolerant computing. Subsequent chapters on the use and evaluation of the various approaches illustrate the principles as they have been put into practice. At the end of chapter 5, small projects that allow the reader to apply the material presented in the preceding chapters are included. The resurgence of interest in fault-tolerance with the emergence of VLSI is the theme of chapter 6, focussing on designing fault-tolerant systems in a VLSI environment. The problems and opportunities presented by VLSI are discussed and the use of redundancy techniques in order to enhance manufacturing yield and to provide in-service reliability are reviewed. The final chapter covers testing, design for testability and testability analysis, which must be considered during each phase of the design process to guarantee that resulting designs can be thoroughly tested. Each chapter is followed by a summary of the key issues and concepts presented therein, and a separate list of references, which makes it easily readable. In addition, there is a reading list with more comprehensive and specialised references devoted to each chapter. Overall, the book is well written, and contains a great deal of information in 577 pages. The book has a definite implementation bias, and draws considerably on the author's experience in industry, particularly reflected in the projects accompanying chapter 5. The book should be a useful addition to a library, and a suitable text to accompany a lecture course on fault-tolerant computing. R. RAMASWAMI, Department ofComputation, UMIST
444 citations
TL;DR: Using an unsupervised clustering analysis, the paper shows that the controllability and observability characteristics of Trojan gates present significant inter-cluster distance from those of genuine gates in a Trojan-inserted circuit, such that Trojan gates are easily distinguishable.
Abstract: This paper presents a novel hardware Trojan detection technique in gate-level netlist based on the controllability and observability analyses. Using an unsupervised clustering analysis, the paper shows that the controllability and observability characteristics of Trojan gates present significant inter-cluster distance from those of genuine gates in a Trojan-inserted circuit, such that Trojan gates are easily distinguishable. The proposed technique does not require any golden model and can be easily integrated into the current integrated circuit design flow. Furthermore, it performs a static analysis and does not require any test pattern application for Trojan activation either partially or fully. In addition, the timing complexity of the proposed technique is an order of the number of signals in a circuit. Moreover, the proposed technique makes it possible to fully restore an inserted Trojan and to isolate its trigger and payload circuits. The technique has been applied on various types of Trojans, and all Trojans are successfully detected with 0 false positive and negative rates in less than 14 s in the worst case.
157 citations
TL;DR: In this article, the authors provide a classification of all possible HT attacks and then review recent developments from four perspectives, i.e., HT detection, design-for-security (DFS), bus security, and secure architecture.
Abstract: The remarkable success of machine learning (ML) in a variety of research domains has inspired academic and industrial communities to explore its potential to address hardware Trojan (HT) attacks. While numerous works have been published over the past decade, few survey papers, to the best of our knowledge, have systematically reviewed the achievements and analyzed the remaining challenges in this area. To fill this gap, this article surveys ML-based approaches against HT attacks available in the literature. In particular, we first provide a classification of all possible HT attacks and then review recent developments from four perspectives, i.e., HT detection, design-for-security (DFS), bus security, and secure architecture. Based on the review, we further discuss the lessons learned in and challenges arising from previous studies. Despite current work focusing more on chip-layer HT problems, it is notable that novel HT threats are constantly emerging and have evolved beyond chips and to the component, device, and even behavior layers, therein compromising the security and trustworthiness of the overall hardware ecosystem. Therefore, we divide the HT threats into four layers and propose a hardware Trojan defense (HTD) reference model from the perspective of the overall hardware ecosystem, therein categorizing the security threats and requirements in each layer to provide a guideline for future research in this direction.
90 citations
TL;DR: This letter discusses extensions to HLS tools for creating secure heterogeneous architectures for system-on-chip architectures.
Abstract: High-level synthesis (HLS) tools have made significant progress in the past few years, improving the design productivity for hardware accelerators and becoming mainstream in industry to create specialized system-on-chip architectures Increasing the level of security of these heterogeneous architectures is becoming critical However, state-of-the-art security countermeasures are still applied only to the code executing on the processor cores or manually implemented into the generated components, leading to suboptimal and sometimes even insecure designs This letter discusses extensions to HLS tools for creating secure heterogeneous architectures
67 citations
Cites background from "Building Trustworthy Systems Using ..."
...These techniques can also limit the insertion of hardware Trojans [27]–[29]....
[...]
42 citations
References
More filters
TL;DR: Principal requirements for the implementation of N-version software are summarized and the DEDIX distributed supervisor and testbed for the execution of N -version software is described.
Abstract: Evolution of the N-version software approach to the tolerance of design faults is reviewed. Principal requirements for the implementation of N-version software are summarized and the DEDIX distributed supervisor and testbed for the execution of N-version software is described. Goals of current research are presented and some potential benefits of the N-version approach are identified.
1,093 citations
"Building Trustworthy Systems Using ..." refers methods in this paper
...This is called diversity and is popular in the N-version software design [33]....
[...]
Book•
01 Oct 1988
910 citations
"Building Trustworthy Systems Using ..." refers background in this paper
...in the context of classical fault tolerance, it has been shown that the likelihood of two 3PIPs designed by two independent sources failing in the same way is extremely low [34], [35]....
[...]
...When targeting random faults, fault detection techniques use area, time, and information redundancy [34], [35]....
[...]
...2) Duplication and Diversity: The likelihood of two IPs from two independent IP vendors failing in the same way is extremely low [34], [35]....
[...]
...Thus, multiple faulty IPs of the same type can be detected [35]....
[...]
20 May 2007
TL;DR: These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques and provide a starting point to address this important problem.
Abstract: Hardware manufacturers are increasingly outsourcing their IC fabrication work overseas due to their much lower cost structure. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication. We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling to construct a set of fingerprints/or an IC family utilizing side- channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints. We describe the theoretical framework and present preliminary experimental results to show that this approach is viable by presenting results obtained by using power simulations performed on representative circuits with several different Trojan circuitry. These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques. While scaling our technique to detect even smaller Trojans in complex ICs with tens or hundreds of millions of transistors would require certain modifications to the IC design process, our results provide a starting point to address this important problem.
741 citations
09 Jun 2008
TL;DR: A new behavior-oriented category method is proposed to divide trojans into two categories: explicit payload trojan and implicit payloadtrojan, which makes it possible to construct trojan models and then lower the cost of testing.
Abstract: Trusted IC design is a recently emerged topic since fabrication factories are moving worldwide in order to reduce cost. In order to get a low-cost but effective hardware trojan detection method to complement traditional testing methods, a new behavior-oriented category method is proposed to divide trojans into two categories: explicit payload trojan and implicit payload trojan. This categorization method makes it possible to construct trojan models and then lower the cost of testing. Path delays of nominal chips are collected to construct a series of fingerprints, each one representing one aspect of the total characteristics of a genuine design. Chips are validated by comparing their delay parameters to the fingerprints. The comparison of path delays makes small trojan circuits significant from a delay point of view. The experimentpsilas results show that the detection rate on explicit payload trojans is 100%, while this method should be developed further if used to detect implicit payload trojans.
611 citations
"Building Trustworthy Systems Using ..." refers background in this paper
...Researchers have proposed solutions to detect Trojans inserted by a malicious foundry [5], [6], [9]–[14]....
[...]
15 Jul 2014
TL;DR: The threat of hardware Trojan attacks is analyzed; attack models, types, and scenarios are presented; different forms of protection approaches are discussed; and emerging attack modes, defenses, and future research pathways are described.
Abstract: Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.
588 citations
"Building Trustworthy Systems Using ..." refers background in this paper
...Trojans that affect the performance of an SoC can be detected and disabled by a complementary technique that monitors 3PIP power consumption/delay [41]....
[...]