Trojan

About: Trojan is a research topic. Over the lifetime, 2028 publications have been published within this topic receiving 33209 citations.

Exposing vulnerabilities of untrusted computing platforms

Abstract: This work seeks to expose the vulnerability of un-trusted computing platforms used in critical systems to hardware Trojans and combined hardware/software attacks. As part of our entry in the Cyber Security Awareness Week (CSAW) Embedded System Challenge hosted by NYU-Poly in 2011, we developed and presented 10 such processor-level hardware Trojans. These are split in five categories with various impacts, such as altering instruction memory, modifying the communication channel, stealing user information, changing interrupt handler location and RC-5 encryption algorithm checking of a medium complexity micro-processor (8051). Our work serves as a good starting point for researchers to develop Trojan detection and prevention methodologies on modern processor and to ensure trustworthiness of computing platforms.

Design, implementation and security analysis of Hardware Trojan Threats in FPGA

Abstract: Hardware Trojan Threats (HTTs) are stealthy components embedded inside integrated circuits (ICs) with an intention to attack and cripple the IC similar to viruses infecting the human body. Previous efforts have focused essentially on systems being compromised using HTTs and the effectiveness of physical parameters including power consumption, timing variation and utilization for detecting HTTs. We propose a novel metric for hardware Trojan detection coined as HTT detectability metric (HDM) that uses a weighted combination of normalized physical parameters. HTTs are identified by comparing the HDM with an optimal detection threshold; if the monitored HDM exceeds the estimated optimal detection threshold, the IC will be tagged as malicious. As opposed to existing efforts, this work investigates a system model from a designer perspective in increasing the security of the device and an adversary model from an attacker perspective exposing and exploiting the vulnerabilities in the device. Using existing Trojan implementations and Trojan taxonomy as a baseline, seven HTTs were designed and implemented on a FPGA testbed; these Trojans perform a variety of threats ranging from sensitive information leak, denial of service to beat the Root of Trust (RoT). Security analysis on the implemented Trojans showed that existing detection techniques based on physical characteristics such as power consumption, timing variation or utilization alone does not necessarily capture the existence of HTTs and only a maximum of 57% of designed HTTs were detected. On the other hand, 86% of the implemented Trojans were detected with HDM. We further carry out analytical studies to determine the optimal detection threshold that minimizes the summation of false alarm and missed detection probabilities.

The Trojan square

Abstract: An experimental design, based on orthogonal Latin squares, is described. It is of particular value for variety trials in glasshouses.

Detecting hardware Trojans in unspecified functionality through solving satisfiability problems

Abstract: For modern complex designs it is impossible to fully specify design behavior, and only feasible to verify functionally meaningful scenarios. Hardware Trojans modifying only unspecified functionality are not possible to detect using existing verification methodologies and Trojan detection strategies. We propose a detection methodology for these Trojans by 1) precisely defining “suspicious” unspecified functionality in terms of information leakage, and 2) formulating detection as a satisfiability problem that can take advantage of the recent advances in both boolean and satisfiability modulo theory (SMT) solvers. The formulated detection procedure can be applied to a gate-level design using commercial equivalence checking tools, or directly to the Verilog/VHDL code by reasoning about the satisfiability of SMT expressions built from traversing the data-flow graph. We demonstrate the effectiveness of our approach on an adder coprocessor and a UART communication controller infected with Trojans which process information leaked from the on-chip bus during idle cycles using signals with only partially specified behavior.

Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models

Abstract: Only few solutions for Hardware Trojan (HT) detection work at Register-Transfer Level (RTL), thus delaying the identification of possible security issues at lower abstraction levels of the design process In addition, the most of existing approaches work only for specific kinds of HTs To overcome these limitations, we present a verification approach that detects different types of HTs in RTL models by exploiting an efficient control-flow subgraph matching algorithm The prototypes of HTs that can be detected are modelled in a library by using Control-Flow Graphs (CFGs) that can be parametrised and extended to cover several variants of Trojan patterns Experimental results show that our approach is effective and efficient in comparison with other state-of-the-art solutions