Showing papers on "Trojan published in 2015"

Improved Test Pattern Generation for Hardware Trojan Detection Using Genetic Algorithm and Boolean Satisfiability

Abstract: Test generation for Hardware Trojan Horses (HTH) detection is extremely challenging, as Trojans are designed to be triggered by very rare logic conditions at internal nodes of the circuit. In this paper, we propose a Genetic Algorithm (GA) based Automatic Test Pattern Generation (ATPG) technique, enhanced by automated solution to an associated Boolean Satisfiability problem. The main insight is that given a specific internal trigger condition, it is not possible to attack an arbitrary node (payload) of the circuit, as the effect of the induced logic malfunction by the HTH might not get propagated to the output. Based on this observation, a fault simulation based framework has been proposed, which enumerates the feasible payload nodes for a specific triggering condition. Subsequently, a compact set of test vectors is selected based on their ability to detect the logic malfunction at the feasible payload nodes, thus increasing their effectiveness. Test vectors generated by the proposed scheme were found to achieve higher detection coverage over large population of HTH in ISCAS benchmark circuits, compared to a previously proposed logic testing based Trojan detection technique.

A score-based classification method for identifying hardware-trojans at gate-level netlists

Abstract: Recently, digital ICs are often designed by outside vendors to reduce design costs in semiconductor industry, which may introduce severe risks that malicious attackers implement Hardware Trojans (HTs) on them. Since IC design phase generates only a single design result, an RT-level or gate-level netlist for example, we cannot assume an HT-free netlist or a Golden netlist and then it is too difficult to identify whether a generated netlist is HT-free or HT-inserted. In this paper, we propose a score-based classification method for identifying HT-free or HT-inserted gate-level netlists without using a Golden netlist. Our proposed method does not directly detect HTs themselves in a gate-level netlist but a net included in HTs, which is called Trojan net, instead. Firstly, we observe Trojan nets from several HT-inserted benchmarks and extract several their features. Secondly, we give scores to extracted Trojan net features and sum up them for each net in benchmarks. Then we can find out a score threshold to classify HT-free and HT-inserted netlists. Based on these scores, we can successfully classify HT-free and HT-inserted netlists in all the Trust-HUB gate-level benchmarks. Experimental results demonstrate that our method successfully identify all the HT-inserted gate-level benchmarks to be “HT-inserted” and all the HT-free gate-level benchmarks to be “HT-free” in approximately three hours for each benchmark.

A survey on hardware trojan detection techniques

Abstract: Hardware Trojans recently emerged as a serious issue for computer systems, especially for those used in critical applications such as medical or military. Trojan proposed so far can affect the reliability of a device in various ways. Proposed effects range from the leakage of secret information to the complete malfunctioning of the device. A crucial point for securing the overall operation of a device is to guarantee the absence of hardware Trojans. In this paper, we survey several techniques for detecting malicious modification of circuit introduced at different phases of the design flow. We also highlight their capabilities limitations in thwarting hardware Trojans.

Hardware trojan detection for gate-level ICs using signal correlation based clustering

Abstract: Malicious tampering of the internal circuits of ICs can lead to detrimental results. Insertion of Trojan circuits may change system behavior, cause chip failure or send information to a third party. This paper presents an information-theoretic approach for Trojan detection. It estimates the statistical correlation between the signals in a design, and explores how this estimation can be used in a clustering algorithm to detect the Trojan logic. Compared with the other algorithms, our tool does not require extensive logic analysis. We neither need the circuit to be brought to the triggering state, nor the effect of the Trojan payload to be propagated and observed at the output. Instead we leverage already available simulation data in this information-theoretic approach. We conducted experiments on the TrustHub benchmarks to validate the practical efficacy of this approach. The results show that our tool can detect Trojan logic with up to 100% coverage with low false positive rates.

The evolution of asteroids in the jumping-jupiter migration model

Abstract: In this work, we investigate the evolution of a primordial belt of asteroids, represented by a large number of massless test particles, under the gravitational effect of migrating Jovian planets in the framework of the jumping-Jupiter model. We perform several simulations considering test particles distributed in the Main Belt, as well as in the Hilda and Trojan groups. The simulations start with Jupiter and Saturn locked in the mutual 3:2 mean motion resonance plus 3 Neptune-mass planets in a compact orbital configuration. Mutual planetary interactions during migration led one of the Neptunes to be ejected in less than 10 Myr of evolution, causing Jupiter to jump by about 0.3 au in semi-major axis. This introduces a large scale instability in the studied populations of small bodies. After the migration phase, the simulations are extended over 4 Gyr, and we compare the final orbital structure of the simulated test particles to the current Main Belt of asteroids with absolute magnitude $H<9.7$. The results indicate that, in order to reproduce the present Main Belt, the primordial belt should have had a distribution peaked at $\sim10^{\circ}$ in inclination and at $\sim0.1$ in eccentricity. We discuss the implications of this for the Grand Tack model. The results also indicate that neither primordial Hildas, nor Trojans, survive the instability, confirming the idea that such populations must have been implanted from other sources. In particular, we address the possibility of implantation of Hildas and Trojans from the Main Belt population, but find that this contribution should be minor.

Temperature Tracking: Toward Robust Run-Time Detection of Hardware Trojans

Abstract: The hardware Trojan threat has motivated development of Trojan detection schemes at all stages of the integrated circuit (IC) lifecycle. While the majority of existing schemes focus on ICs at test-time, there are many unique advantages offered by post-deployment/run-time Trojan detection. However, run-time approaches have been underutilized with prior work highlighting the challenges of implementing them with limited hardware resources. In this paper, we propose three innovative low-overhead approaches for run-time Trojan detection which exploit the thermal sensors already available in many modern systems to detect deviations in power/thermal profiles caused by Trojan activation. The first one is a local sensor-based approach that uses information from thermal sensors together with hypothesis testing to make a decision. The second one is a global approach that exploits correlation between sensors and maintains track of the ICs thermal profile using a Kalman filter (KF). The third approach incorporates leakage power into the system dynamic model and apply extended KF (EKF) to track ICs thermal profile. Simulation results using state-of-the-art tools on ten publicly available Trojan benchmarks verify that all three proposed approaches can detect active Trojans quickly and with few false positives. Among three approaches, EKF is flawless in terms of the ten benchmarks tested but would require the most overhead.

How Secure Are Printed Circuit Boards Against Trojan Attacks

Abstract: Hardware Trojan attacks at the integrated circuit (IC) level have been studied extensively in recent times. Researchers have analyzed the impact of these attacks and explored possible countermeasures for ICs. However, vulnerability with respect to hardware Trojan attacks at higher levels of system abstraction, e.g., at printed circuit board (PCB) level, have not been reported earlier. Previous studies have covered security of PCBs against piracy and various post-fabrication tampering attacks. JTAG (Joint Test Access Group) and other field programmability features, e.g., probe pins, unused sockets and USB have been extensively exploited by hackers to gain access to internal features of the designs as well as snooping of secret key, collection of test responses, and manipulating JTAG test pins. One instance demonstrated that Xbox can be hacked by disabling the Digital Rights Management (DRM) policy using JTAG. The emerging business model of PCB design and fabrication that favors extensive outsourcing and integration of untrusted components/entities in the PCB life-cycle to lower manufacturing cost, makes hardware Trojan attacks in PCBs highly feasible.

Exciting FPGA cryptographic Trojans using combinatorial testing

Abstract: Contemporary hardware design shares many similarities with software development. The injection of malicious functionality (Trojans) in FPGA designs is a realistic threat. Established techniques for testing correctness do not cope well with Trojans, since Trojans are not captured in the system model. Furthermore, a well-designed Trojan activates under rare conditions and can escape detection during testing. Such conditions cannot be exhaustively searched, especially in the case of cryptographic core implementations with hundreds of inputs. In this paper, we explore the applicability of a prominent combinatorial strategy, namely combinatorial testing, for FPGA Trojan detection. We demonstrate that combinatorial testing provides the theoretical guarantees for exciting a Trojan of specific lengths by covering all input combinations. Our findings indicate that combinatorial testing constructs can improve the existing FPGA Trojan detection capabilities by reducing significantly the number of tests needed. Besides the foundations of our approach, we also report on first experiments that indicate its practical use.

Detecting Hardware Trojans using On-chip Sensors in an ASIC Design

Abstract: The modern integrated circuit (IC) manufacturing process has exposed the fabless semiconductor industry to hardware Trojans that threaten circuits bound for critical applications. This paper investigates an on-chip sensor's effectiveness for Trojan detection in an application specific integrated circuit (ASIC) and proposes new techniques to improve the sensor's sensitivity to Trojan switching activity. The sensors serve as power supply monitors by detecting fluctuations in their characteristic frequencies due to malicious inclusions (i.e. hardware Trojans) in the circuit under authentication. Our proposed on-chip structure was implemented and fabricated on an ASIC test chip using IBM 90nm technology with controlled hardware Trojans. This work analyzes the impact of both sequential and combinational Trojans with varied partial activity, area, and location on the proposed on-chip structure and demonstrates that stealthy Trojans can be effectively detected with this technique, even when obfuscated by circuit switching activity and process and environmental variations.

Detecting hardware trojans using backside optical imaging of embedded watermarks

Abstract: Hardware Trojans are a critical security threat to integrated circuits. We propose an optical method to detect and localize Trojans inserted during the chip fabrication stage. We engineer the fill cells in a standard cell library to be highly reflective at near-IR wavelengths so that they can be readily observed in an optical image taken through the backside of the chip. The pattern produced by their locations produces an easily measured watermark of the circuit layout. Replacement, modification or re-arrangement of these cells to add a Trojan can therefore be detected through rapid post-fabrication backside imaging. We evaluate our approach using various hardware blocks where the Trojan circuit area is less than 0.1% of the total area and it consumes less than 2% leakage power of the entire chip. In addition, we evaluate the tolerance of our methodology to background measurement noise and process variation.

The color-magnitude distribution of small Jupiter Trojans

Abstract: We present an analysis of survey observations targeting the leading L4 Jupiter Trojan cloud near opposition using the wide-field Suprime-Cam CCD camera on the 8.2 m Subaru Telescope. The survey covered about 38 deg2 of sky and imaged 147 fields spread across a wide region of the L4 cloud. Each field was imaged in both the g' and the i' band, allowing for the measurement of g − i color. We detected 557 Trojans in the observed fields, ranging in absolute magnitude from H = 10.0 to H = 20.3. We fit the total magnitude distribution to a broken power law and show that the power-law slope rolls over from 0.45 ± 0.05 to 0.36_(-0.09)^(+0.05) at a break magnitude of H_b = 14.93_(-0.88)^(+0.73). Combining the best-fit magnitude distribution of faint objects from our survey with an analysis of the magnitude distribution of bright objects listed in the Minor Planet Center catalog, we obtain the absolute magnitude distribution of Trojans over the entire range from H = 7.2 to H = 16.4. We show that the g − i color of Trojans decreases with increasing magnitude. In the context of the less-red and red color populations, as classified in Wong et al. using photometric and spectroscopic data, we demonstrate that the observed trend in color for the faint Trojans is consistent with the expected trend derived from extrapolation of the best-fit color population magnitude distributions for bright cataloged Trojans. This indicates a steady increase in the relative number of less-red objects with decreasing size. Finally, we interpret our results using collisional modeling and propose several hypotheses for the color evolution of the Jupiter Trojan population.

The evolution of asteroids in the jumping-Jupiter migration model

Abstract: In this work, we investigate the evolution of a primordial belt of asteroids, represented by a large number of massless test particles, under the gravitational effect of migrating Jovian planets in the framework of the jumping-Jupiter model. We perform several simulations considering test particles distributed in the Main Belt, as well as in the Hilda and Trojan groups. The simulations start with Jupiter and Saturn locked in the mutual 3:2 mean motion resonance plus 3 Neptune-mass planets in a compact orbital configuration. Mutual planetary interactions during migration led one of the Neptunes to be ejected in less than 10 Myr of evolution, causing Jupiter to jump by about 0.3 au in semi-major axis. This introduces a large scale instability in the studied populations of small bodies. After the migration phase, the simulations are extended over 4 Gyr, and we compare the final orbital structure of the simulated test particles to the current Main Belt of asteroids with absolute magnitude $H<9.7$. The results indicate that, in order to reproduce the present Main Belt, the primordial belt should have had a distribution peaked at $\sim10^{\circ}$ in inclination and at $\sim0.1$ in eccentricity. We discuss the implications of this for the Grand Tack model. The results also indicate that neither primordial Hildas, nor Trojans, survive the instability, confirming the idea that such populations must have been implanted from other sources. In particular, we address the possibility of implantation of Hildas and Trojans from the Main Belt population, but find that this contribution should be minor.

The Trojan-proof chip

Abstract: Long ago, the story goes, Greek soldiers tried for 10 years to conquer the city of Troy Eventually, they departed, leaving behind a large wooden horse, apparently as a gift The Trojans pulled the beautiful tribute inside Later, a group of Greek soldiers slipped out of the horse and opened the gates for their compatriots, who easily sacked the sleeping city

Hardware Trojans hidden in RTL don't cares — Automated insertion and prevention methodologies

Abstract: Don't cares in RTL code have long plagued chip verification due to hard-to-diagnose “X-bugs” resulting from ambiguous X simulation semantics, yet prevail in modern designs because of enormous opportunities for area/performance/power optimization during synthesis. We analyze don't cares specified at the RTL level from a security perspective and propose a novel class of Hardware Trojans which leak internal circuit node values using only existing design don't cares. Detection of this Trojan class is impossible using either functional simulation/verification or a perfect sequential equivalence checker. We then provide a formal automated X-analysis technique which both prevents the insertion of this new Trojan type and also has the potential to uncover accidental X-bugs as well. We provide several examples, including an Elliptic Curve Processor, illustrating both Trojan insertion and our prevention technique.

The Complex History of Trojan Asteroids

Abstract: The Trojan asteroids provide a unique perspective on the history of Solar System. As a large population of small bodies, they record important gravitational interactions and dynamical evolution of the Solar System. In the past decade, significant advances have been made in understanding physical properties, and there has been a revolution in thinking about the origin of Trojans. The ice and organics generally presumed to be a significant part of Trojan compositions have yet to be detected directly, though low density of the binary system Patroclus (and possibly low density of the binary/moonlet system Hektor) is consistent with an interior ice component. By contrast, fine-grained silicates that appear to be similar to cometary silicates in composition have been detected, and a color bimodality may indicate distinct compositional groups among the Trojans. Whereas Trojans had traditionally been thought to have formed near 5 AU, a new paradigm has developed in which the Trojans formed in the proto-Kuiper Belt, and they were scattered inward and captured in the Trojan swarms as a result of resonant interactions of the giant planets. Whereas the orbital and population distributions of current Trojans are consistent with this origin scenario, there are significant differences between current physical properties of Trojans and those of Kuiper Belt objects. These differences may be indicative of surface modification due to the inward migration of objects that became the Trojans, but understanding of appropriate modification mechanisms is poor and would benefit from additional laboratory studies. Many open questions remain, and the future promises significant strides in our understanding of Trojans. The time is ripe for a spacecraft mission to the Trojans, to turn these objects into geologic worlds that can be studied in detail to unravel their complex history.

A statistical search for a population of Exo-Trojans in the Kepler dataset

Abstract: Trojans are small bodies in planetary Lagrangian points. In our solar system, Jupiter has the largest number of such companions. Their existence is assumed for exoplanetary systems as well, but none has been found so far. We present an analysis by super-stacking $\sim4\times10^4$ Kepler planets with a total of $\sim9\times10^5$ transits, searching for an average trojan transit dip. Our result gives an upper limit to the average Trojan transiting area (per planet) corresponding to one body of radius $ $60 days. Our tentative results can and should be checked with improved data from future missions like PLATO2.0, and can guide planetary formation theories.

A statistical search for a population of exo-trojans in the kepler data set

Abstract: Trojans are small bodies in planetary Lagrangian points. In our solar system, Jupiter has the largest number of such companions. Their existence is assumed for exoplanetary systems as well, but none have been found so far. We present an analysis by super-stacking ~4 × 103 Kepler planets with a total of ~9 × 104 transits, searching for an average Trojan transit dip. Our results give an upper limit to the average Trojan transiting area (per planet) that corresponds to one body of radius with confidence. We find a significant Trojan-like signal in a sub-sample for planets with more (or larger) Trojans for periods >60 days. Our tentative results can and should be checked with improved data from future missions like PLATO 2.0, and can guide planetary formation theories.

Trojan resonant dynamics, stability, and chaotic diffusion, for parameters relevant to exoplanetary systems

Abstract: The possibility that giant extrasolar planets could have small Trojan co-orbital companions has been examined in the literature from both viewpoints of the origin and dynamical stability of such a configuration. Here we aim to investigate the dynamics of hypothetical small Trojan exoplanets in domains of secondary resonances embedded within the tadpole domain of motion. To this end, we consider the limit of a massless Trojan companion of a giant planet. Without other planets, this is a case of the elliptic restricted three body problem (ERTBP). The presence of additional planets (hereafter referred to as the restricted multi-planet problem, RMPP) induces new direct and indirect secular effects on the dynamics of the Trojan body. The paper contains a theoretical and a numerical part. In the theoretical part, we develop a Hamiltonian formalism in action-angle variables, which allows us to treat in a unified way resonant dynamics and secular effects on the Trojan body in both the ERTBP or the RMPP. In both cases, our formalism leads to a decomposition of the Hamiltonian in two parts, $$H=H_b+H_{sec}$$ . $$H_b$$ , called the basic model, describes resonant dynamics in the short-period (epicyclic) and synodic (libration) degrees of freedom, while $$H_{sec}$$ contains only terms depending trigonometrically on slow (secular) angles. $$H_b$$ is formally identical in the ERTBP and the RMPP, apart from a re-definition of some angular variables. An important physical consequence of this analysis is that the slow chaotic diffusion along resonances proceeds in both the ERTBP and the RMPP by a qualitatively similar dynamical mechanism. We found that this is best approximated by the paradigm of ‘modulational diffusion’. In the paper’s numerical part, we then focus on the ERTBP in order to make a detailed numerical demonstration of the chaotic diffusion process along resonances. Using color stability maps, we first provide a survey of the resonant web for characteristic mass parameter values of the primary, in which the secondary resonances from 1:5 to 1:12 (ratio of the short over the synodic period), as well as their transverse resonant multiplets, appear. We give numerical examples of diffusion of weakly chaotic orbits in the resonant web. We finally make a statistics of the escaping times in the resonant domain, and find power-law tails of the distribution of the escaping times for the slowly diffusing chaotic orbits. Implications of resonant dynamics in the search for Trojan exoplanets are discussed.

Hardware Trojan detection using exhaustive testing of k-bit subspaces

Abstract: Post-silicon hardware Trojan detection is challenging because the attacker only needs to implement one of many possible design modifications, while the verification effort must guarantee the absence of all imaginable malicious circuitry. Existing test generation strategies for Trojan detection use controllability and observability metrics to limit the modifications targeted. However, for cryptographic hardware, the n plaintext bits are ideal for an attacker to use in Trojan triggering because the size of n prohibits exhaustive testing, and all n bits have identical controllability, making it impossible to bias testing using existing methods. Our detection method addresses this difficult case by observing that an attacker can realistically only afford to use a small subset, k, of all n possible signals for triggering. By aiming to exhaustively cover all possible k subsets of signals, we guarantee detection of Trojans using less than k plaintext bits in the trigger. We provide suggestions on how to determine k, and validate our approach using an AES design.

Interdiction in Practice - Hardware Trojan Against a High-Security USB Flash Drive.

Abstract: As part of the revelations about the NSA activities, the notion of interdiction has become known to the public: the interception of deliveries to manipulate hardware in a way that backdoors are introduced. Manipulations can occur on the firmware or at hardware level. With respect to hardware, FPGAs are particular interesting targets as they can be altered by manipulating the corresponding bitstream which configures the device. In this paper, we demonstrate the first successful real-world FPGA hardware Trojan insertion into a commercial product. On the target device, a FIPS-140-2 level 2 certified USB flash drive from Kingston, the user data are encrypted using AES-256 in XTS mode, and the encryption/decryption is processed by an off-the-shelf SRAM-based FPGA. Our investigation required two reverse-engineering steps, related to the proprietary FPGA bitstream and to the firmware of the underlying ARM CPU. In our Trojan insertion scenario, the targeted USB flash drive is intercepted before being delivered to the victim. The physical Trojan insertion requires the manipulation of the SPI flash memory content, which contains the FPGA bitstream as well as the ARM CPU code. The FPGA bitstream manipulation alters the exploited AES-256 algorithm in a way that it turns into a linear function which can be broken with 32 known plaintext–ciphertext pairs. After the manipulated USB flash drive has been used by the victim, the attacker is able to obtain all user data from the ciphertexts. Our work indeed highlights the security risks and especially the practical relevance of bitstream modification attacks that became realistic due to FPGA bitstream manipulations.

Characterization of kepler-91b and the investigation of a potential trojan companion using exonest

Abstract: Presented here is an independent re-analysis of the Kepler light curve of Kepler-91 (KIC 8219268). Using the EXONEST software package, which provides both Bayesian parameter estimation and Bayesian model testing, we were able to re-confirm the planetary nature of Kepler-91b. In addition to the primary and secondary eclipses of Kepler-91b, a third dimming event appears to occur approximately $60^o$ away (in phase) from the secondary eclipse, leading to the hypothesis that a Trojan planet may be located at the L4 or L5 Lagrange points. Here, we present a comprehensive investigation of four possibilities to explain the observed dimming event using all available photometric data from the Kepler Space Telescope, recently obtained radial velocity measurements, and N-body simulations. We find that the photometric model describing Kepler-91b and a Trojan planet is highly favored over the model involving Kepler-91b alone. However, it predicts an unphysically high temperature for the Trojan companion, leading to the conclusion that the extra dimming event is likely a false-postive.

Untrusted Third Party Digital IP Cores: Power-Delay Trade-off Driven Exploration of Hardware Trojan Secured Datapath during High Level Synthesis

Abstract: An evolutionary algorithm (EA) driven novel design space exploration (DSE) of an optimized hardware Trojan secured datapath based on user power-delay constraint during high level synthesis (HLS) is presented. The focus on hardware Trojan secured datapath generation during HLS has been very little with absolutely zero effort so far in design space exploration of a user multi-objective (MO) constraint optimized hardware Trojan secured datapath. This problem mandates attention as producing a Trojan secured datapath is not inconsequential. Merely the detection process of Trojan is not as straightforward as concurrent error detection (CED) of transient faults as it involves the concept of multiple third party intellectual property (3PIP) vendors to facilitate detection, let aside the exploration process of a user optimized Trojan secured datapath based on MO constraints. The proposed DSE for hardware Trojan detection includes novel problem encoding technique that enables exploration of efficient distinct vendor allocation as well as enables exploration of an optimized Trojan secured datapath structure. The exploration backbone for the proposed approach is bacterial foraging optimization algorithm (BFOA) which is known for its adaptive feature (tumbling/swimming) and simplified model. Results of comparison with recent approach indicated an average improvement in quality of results (QoR) of >14.1%

Jumping mechanisms of Trojan asteroids in the planar restricted three- and four-body problems

Abstract: We explore minimal dynamical mechanisms for the transport of Trojan asteroids between the vicinities of the stable Lagrange points \(L_{4}\) and \(L_{5}\) within the framework of the planar restricted three- and four-body problems. This transport, called “jumping” of Trojan asteroids, has been observed numerically in the sophisticated Solar System models. However its dynamical mechanisms have not been fully explored yet. The present study shows that invariant manifolds emanating from an unstable periodic orbit around the unstable Lagrange point \(L_{3}\) mediate the jumping of Trojan asteroids in the Sun–Jupiter planar restricted three-body problem. These invariant manifolds form homoclinic tangles and lobes when projected onto the configuration space through a discrete mapping. Thus the resulted lobe dynamics explains the mechanism for the jumping of Jupiter’s Trojan asteroids. In the Sun–Earth planar restricted three-body problem, on the other hand, invariant manifolds of an unstable periodic orbit around \(L_{3}\) do not exhibit clear homoclinic tangles nor lobes, indicating that the jumping is very difficult to occur. It is then shown that the effect of perturbation of Venus is important for the onset of the jumping of Earth’s Trojan asteroids within the framework of the Sun–Earth–Venus planar restricted four-body problem. The results presented here could shed new insights into the transport mechanism as well as trajectory design associated with \(L_{3}\), \(L_{4}\), and \(L_5\).

Binary candidates in the jovian trojan and hilda populations from neowise light curves

Abstract: Determining the binary fraction for a population of asteroids, particularly as a function of separation between the two components, helps describe the dynamical environment at the time the binaries formed, which in turn offers constraints on the dynamical evolution of the solar system. We searched the NEOWISE archival data set for close and contact binary Trojans and Hildas via their diagnostically large light curve amplitudes. We present 48 out of 554 Hilda and 34 out of 953 Trojan binary candidates in need of follow-up to confirm their large light curve amplitudes and subsequently constrain the binary orbit and component sizes. From these candidates, we calculate a preliminary estimate of the binary fraction without confirmation or debiasing of 14%-23% for Trojans larger than ~12 km and 30%-51% for Hildas larger than ~4 km. Once the binary candidates have been confirmed, it should be possible to infer the underlying, debiased binary fraction through estimation of survey biases.

Hardware Trojans embedded in the dynamic operation of analog and mixed-signal circuits

Abstract: This paper introduces several examples of dynamic analog hardware Trojans. The dynamic circuits can have multiple operating modes, and the Trojan modes could be triggered if some initial conditions are added at the energy storage elements. Based on these examples, the Trojan dynamic operating modes can be either accidentally or intentionally embedded, even in the most widely used structures.

System, method and computer-accessible medium for security verification of third party intellectual property cores

Abstract: An exemplary system, method and computer-accessible medium for detecting the presence of a Trojan(s) in a circuit(s), can include, for example, receiving information related to a property(s) configured to determine the presence of the Trojan(s), and determining the presence of the Trojan(s) based on the property(s) and a design(s) of the circuit(s) using a bounded model checking tool.

Integrated Sensor: A Backdoor for Hardware Trojan Insertions?

Abstract: Embedded system face a serious threat from physical attacks when applied in critical applications. Therefore, modern systems have several integrated sensors to detect potential threats. In this paper, we put forward a new issue where these sensors can open other security loopholes. We demonstrate that sensors, which are deployed to prevent faults, can be exploited to insert effective and almost zero-overhead hardware Trojans. Two case studies are presented on Xilinx Virtex-5 FPGA. The first case study exploits the in-build temperature sensor of Virtex-5 system monitors while the other exploits a user deployed sensor. Both the sensor can be used to trigger a powerful Trojan with minimal and at times zero overhead.