scispace - formally typeset
Search or ask a question
Journal ArticleDOI

Hardware Trojan Detection by Multiple-Parameter Side-Channel Analysis

TL;DR: A novel noninvasive, multiple-parameter side-channel analysisbased Trojan detection approach that uses the intrinsic relationship between dynamic current and maximum operating frequency of a circuit to isolate the effect of a Trojan circuit from process noise.
Abstract: Hardware Trojan attack in the form of malicious modification of a design has emerged as a major security threat. Sidechannel analysis has been investigated as an alternative to conventional logic testing to detect the presence of hardware Trojans. However, these techniques suffer from decreased sensitivity toward small Trojans, especially because of the large process variations present in modern nanometer technologies. In this paper, we propose a novel noninvasive, multiple-parameter side-channel analysisbased Trojan detection approach. We use the intrinsic relationship between dynamic current and maximum operating frequency of a circuit to isolate the effect of a Trojan circuit from process noise. We propose a vector generation approach and several design/test techniques to improve the detection sensitivity. Simulation results with two large circuits, a 32-bit integer execution unit (IEU) and a 128-bit advanced encryption standard (AES) cipher, show a detection resolution of 1.12 percent amidst ±20 percent parameter variations. The approach is also validated with experimental results. Finally, the use of a combined side-channel analysis and logic testing approach is shown to provide high overall detection coverage for hardware Trojan circuits of varying types and sizes.
Citations
More filters
Journal ArticleDOI
15 Jul 2014
TL;DR: The threat of hardware Trojan attacks is analyzed; attack models, types, and scenarios are presented; different forms of protection approaches are discussed; and emerging attack modes, defenses, and future research pathways are described.
Abstract: Security of a computer system has been traditionally related to the security of the software or the information being processed. The underlying hardware used for information processing has been considered trusted. The emergence of hardware Trojan attacks violates this root of trust. These attacks, in the form of malicious modifications of electronic hardware at different stages of its life cycle, pose major security concerns in the electronics industry. An adversary can mount such an attack with an objective to cause operational failure or to leak secret information from inside a chip-e.g., the key in a cryptographic chip, during field operation. Global economic trend that encourages increased reliance on untrusted entities in the hardware design and fabrication process is rapidly enhancing the vulnerability to such attacks. In this paper, we analyze the threat of hardware Trojan attacks; present attack models, types, and scenarios; discuss different forms of protection approaches, both proactive and reactive; and describe emerging attack modes, defenses, and future research pathways.

588 citations


Cites background or methods from "Hardware Trojan Detection by Multip..."

  • ...2) Transient Current Analysis: The goal of transient current ðIDDTÞ analysis is to detect switching activity inside a Trojan circuit [30]....

    [...]

  • ...The measured Fmax values can be used to calibrate the interdie process corner of a chip....

    [...]

  • ...First, an adversary can exploit inordinately large number of Trojan instances of varying forms and sizes [30]....

    [...]

  • ...(a) Die-to-die and within-die variation in a device parameter (threshold voltage or Vt) and corresponding impact in side-channel parameters: transient supply current ðIDDTÞ and maximum frequency ðFmaxÞ [30]....

    [...]

  • ...8(a), variations in a device parameter such as VT manifest themselves in variations at circuit level and mask the effect of Trojan in current and operating frequency ðFmaxÞ....

    [...]

Journal ArticleDOI
TL;DR: An IC market model is elaborate to illustrate the potential HT threats faced by the parties involved in the model and categorize the recent research advances in the countermeasures against HT attacks.

122 citations

Journal ArticleDOI
TL;DR: Experimental results on selected Advanced Encryption Standard benchmark circuits on FPGA show that the proposed method can effectively detect Trojans even with very small traces, and is immune to the process variation theoretically.
Abstract: The hardware Trojan (HT) has become a major threat for the integrated circuit (IC) industry and supply chain, and has motivated numerous developments of Trojan detection schemes. Although the side-channel method is the most promising one, nearly all of the side-channel methods require fabricated golden chips, which are very difficult to obtain in reality. In this paper, we propose a novel strategy for HT detection using electromagnetic side-channel-based spectrum modeling and analyzing. We utilize the design data at early stage of the IC lifecycle, and the generated spectrum can serve as the golden reference, and thus we do not need the fabricated golden chips anymore. Another very important feature is that our method is immune to the process variation theoretically. Experimental results on selected Advanced Encryption Standard benchmark circuits on FPGA show that our proposed method can effectively detect Trojans even with very small traces.

117 citations

Journal ArticleDOI
TL;DR: Impact of process parameters variations on various design metrics of the proposed cell are presented and compared with conventional differential 6T (D6T), transmission gate-based 8T (TG8T), and single ended8T (SE8T) SRAM cells.
Abstract: Low power and noise tolerant static random access memory (SRAM) cells are in high demand today. This paper presents a stable differential SRAM cell that consumes low power. The proposed cell has similar structure to conventional 6T SRAM cell with the addition of two buffer transistors, one tail transistor and one complementary word line. Due to stacking effect, the proposed cell achieves lower power dissipation. In this paper, impact of process parameters variations on various design metrics of the proposed cell are presented and compared with conventional differential 6T (D6T), transmission gate-based 8T (TG8T), and single ended 8T (SE8T) SRAM cells. Impact of process variation, like threshold voltage and length, on different design metrics of an SRAM cell like, read static noise margin (RSNM), read access time ( ${T_{\mathrm{RA}}}$ ), and write access time ( ${T_{\mathrm{ WA}}} $ ) are also presented. The proposed cell achieves ${1.12{\times } /{\mathrm{ 1}}.{\mathrm{ 43}}{\times } /{\mathrm{ 5}}.{\mathrm{ 62}}\times } $ improvement in ${T_{\mathrm {RA}}}$ compared to TG8T/D6T/SE8T at a penalty of $ {1.1{\times } /{4}.{88}\times }$ in $ {T_{\mathrm{ WA}}} $ compared to D6T/TG8T and $ {1.19{\times } /1.18\times } $ in read/write power consumption compared to D6T. An improvement of $ {\rm 1.{\mathrm{ 12}}{\times } /{\mathrm{ 2}}.{\mathrm{ 15}}\times } $ in RSNM is observed compared to D6T/TG8T. The proposed cell consumes $ {5.38\times } $ less power during hold mode and also shows ${2.33\times } $ narrower spread in hold power @ $ {V_{\mathrm{ DD}} = 0.{\mathrm{ 4}}}$ V compared to D6T SRAM cell.

110 citations

Proceedings ArticleDOI
24 Oct 2016
TL;DR: Simulation results demonstrate that the tests generated by MERS can significantly increase the Trojans sensitivity, thereby making Trojan detection effective using side-channel analysis.
Abstract: Hardware Trojan detection has emerged as a critical challenge to ensure security and trustworthiness of integrated circuits. A vast majority of research efforts in this area has utilized side-channel analysis for Trojan detection. Functional test generation for logic testing is a promising alternative but it may not be helpful if a Trojan cannot be fully activated or the Trojan effect cannot be propagated to the observable outputs. Side-channel analysis, on the other hand, can achieve significantly higher detection coverage for Trojans of all types/sizes, since it does not require activation/propagation of an unknown Trojan. However, they have often limited effectiveness due to poor detection sensitivity under large process variations and small Trojan footprint in side-channel signature. In this paper, we address this critical problem through a novel side-channel-aware test generation approach, based on a concept of Multiple Excitation of Rare Switching (MERS), that can significantly increase Trojan detection sensitivity. The paper makes several important contributions: i) it presents in detail the statistical test generation method, which can generate high-quality testset for creating high relative activity in arbitrary Trojan instances; ii) it analyzes the effectiveness of generated testset in terms of Trojan coverage; and iii) it describes two judicious reordering methods can further tune the testset and greatly improve the side channel sensitivity. Simulation results demonstrate that the tests generated by MERS can significantly increase the Trojans sensitivity, thereby making Trojan detection effective using side-channel analysis.

95 citations

References
More filters
Journal ArticleDOI
TL;DR: In this paper, an alpha-power-law MOS model that includes the carrier velocity saturation effect, which becomes prominent in short-channel MOSFETs, is introduced and closed-form expressions for the delay, short-circuit power, and transition voltage of CMOS inverters are derived.
Abstract: An alpha -power-law MOS model that includes the carrier velocity saturation effect, which becomes prominent in short-channel MOSFETs, is introduced. The model is an extension of Shockley's square-law MOS model in the saturation region. Since the model is simple, it can be used to handle MOSFET circuits analytically and can predict the circuit behavior in the submicrometer region. Using the model, closed-form expressions for the delay, short-circuit power, and transition voltage of CMOS inverters are derived. The delay expression includes input waveform slope effects and parasitic drain/source resistance effects and can be used in simulation and/or optimization CAD tools. It is found that the CMOS inverter delay becomes less sensitive to the input waveform slope and that short-circuit dissipation increases as the carrier velocity saturation effect in short-channel MOSFETs gets more severe. >

1,596 citations

Proceedings ArticleDOI
Shekhar Borkar1, Tanay Karnik1, Siva G. Narendra1, James W. Tschanz1, Ali Keshavarzi1, Vivek De1 
02 Jun 2003
TL;DR: Process, voltage and temperature variations; and their impact on circuit and microarchitecture; and possible solutions to reduce the impact of parameter variations and to achieve higher frequency bins are presented.
Abstract: Parameter variation in scaled technologies beyond 90nm will pose a major challenge for design of future high performance microprocessors. In this paper, we discuss process, voltage and temperature variations; and their impact on circuit and microarchitecture. Possible solutions to reduce the impact of parameter variations and to achieve higher frequency bins are also presented.

1,503 citations


"Hardware Trojan Detection by Multip..." refers background or methods in this paper

  • ...Index Terms—Hardware security, hardware Trojan attack, side-channel analysis, logic testing Ç...

    [...]

  • ...…not require design modification or any postmanufacturing destructive procedure; and 2) it does not require activation of the malicious payload of the Trojan to observe its impact at primary output nodes, which can be extremely difficult for a complex sequential Trojan during manufacturing test....

    [...]

  • ...Here, we consider only die-to-die or interdie variations in transistor threshold voltage (V th), where all transistors in a die experience similar variations....

    [...]

  • ...Next, we describe different techniques used to reduce Ioriginal and increase its difference from Itampered....

    [...]

Journal ArticleDOI
TL;DR: A classification of hardware Trojans and a survey of published techniques for Trojan detection are presented.
Abstract: Editor's note:Today's integrated circuits are vulnerable to hardware Trojans, which are malicious alterations to the circuit, either during design or fabrication. This article presents a classification of hardware Trojans and a survey of published techniques for Trojan detection.

1,227 citations


"Hardware Trojan Detection by Multip..." refers background in this paper

  • ...Any malicious hardware (Trojan) inserted in a trusted design will consume leakage power, which is largely dependent on the size of the Trojan....

    [...]

Proceedings ArticleDOI
20 May 2007
TL;DR: These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques and provide a starting point to address this important problem.
Abstract: Hardware manufacturers are increasingly outsourcing their IC fabrication work overseas due to their much lower cost structure. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication. We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling to construct a set of fingerprints/or an IC family utilizing side- channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints. We describe the theoretical framework and present preliminary experimental results to show that this approach is viable by presenting results obtained by using power simulations performed on representative circuits with several different Trojan circuitry. These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques. While scaling our technique to detect even smaller Trojans in complex ICs with tens or hundreds of millions of transistors would require certain modifications to the IC design process, our results provide a starting point to address this important problem.

741 citations


"Hardware Trojan Detection by Multip..." refers background or methods in this paper

  • ...Average IDDT and Fmax values for an 8-bit ALU circuit (c880 from ISCAS-85 benchmark suite) obtained from simulation in HSPICE are plotted in Figs....

    [...]

  • ...Index Terms—Hardware security, hardware Trojan attack, side-channel analysis, logic testing Ç...

    [...]

  • ...…not require design modification or any postmanufacturing destructive procedure; and 2) it does not require activation of the malicious payload of the Trojan to observe its impact at primary output nodes, which can be extremely difficult for a complex sequential Trojan during manufacturing test....

    [...]