Trojan

About: Trojan is a research topic. Over the lifetime, 2028 publications have been published within this topic receiving 33209 citations.

Trojans in habitable zones.

Abstract: With the aid of numerical experiments we examined the dynamical stability of fictitious terrestrial planets in 1:1 mean motion resonance with Jovian-like planets of extrasolar planetary systems. In our stability study of the so-called "Trojan" planets in the habitable zone, we used the restricted three-body problem with different mass ratios of the primary bodies. The application of the three-body problem showed that even massive Trojan planets can be stable in the 1:1 mean motion resonance. From the 117 extrasolar planetary systems only 11 systems were found with one giant planet in the habitable zone. Out of this sample set we chose four planetary systems—HD17051, HD27442, HD28185, and HD108874—for further investigation. To study the orbital behavior of the stable zone in the different systems, we used direct numerical computations (Lie Integration Method) that allowed us to determine the escape times and the maximum eccentricity of the fictitious "Trojan planets." Astrobiology 5, 579–586.

Practical methods for verifying removal of Trojan stable operating points

Abstract: Several methods that can be used to verify effectiveness of startup circuits in eliminating known stable Trojan operating states will be discussed. It will be shown that some widely used approaches do not guarantee Trojan states have been removed. Some of the methods introduced appear to be more practical to work with than others. These methods can also be used to identify the presence of unknown stable Trojan states in many useful circuits.

Exploring Branch Predictors for Constructing Transient Execution Trojans

Abstract: Transient execution is one of the most critical features used in CPUs to achieve high performance. Recent Spectre attacks demonstrated how this feature can be manipulated to force applications to reveal sensitive data. The industry quickly responded with a series of software and hardware mitigations among which microcode patches are the most prevalent and trusted. In this paper, we argue that currently deployed protections still leave room for constructing attacks. We do so by presenting transient trojans, software modules that conceal their malicious activity within transient execution mode. They appear completely benign, pass static and dynamic analysis checks, but reveal sensitive data when triggered. To construct these trojans, we perform a detailed analysis of the attack surface currently present in today's systems with respect to the recommended mitigation techniques. We reverse engineer branch predictors in several recent x86_64 processors which allows us to uncover previously unknown exploitation techniques. Using these techniques, we construct three types of transient trojans and demonstrate their stealthiness and practicality.

EETD: An Energy Efficient Design for Runtime Hardware Trojan Detection in Untrusted Network-on-Chip

Abstract: Network-on-chip (NoC) is a communication intellectual property (IP) core, popularly used in the system-on-a-chip (SoC) designs. The NoC IP core often comes from an untrusted 3rd-party vendor and may have hardware Trojans. The Trojan in the NoC can eavesdrop packets, modify data and divert packet to the wrong location, hence, endangering system's confidentiality, integrity, and availability. However, if the activation probability of the Trojan is very low or the Trojan is never activated, a significant amount of energy is wasted due to authentication. The unnecessary authentication in such cases also greatly affects the system performance and availability. In this paper, we propose an energy efficient Trojan detection design (EETD) where the authentication gets activated only when the hardware Trojan has been triggered in the system. Our experimental results show that EETD improves the energy overhead and performance overhead by 38% and 40% as compared to the state-of-the-art technique on an 8×8 2D-mesh NoC. Our experiments, also show that EETD takes almost 10μs to localize 95% of the Trojan infected nodes.

The First Thorough Side-Channel Hardware Trojan

Abstract: Hardware Trojans have gained high attention in academia, industry and by government agencies. The effective detection mechanisms and countermeasures against such malicious designs are only possible when there is a deep understanding of how hardware Trojans can be built in practice. In this work, we present a mechanism which shows how easily a stealthy hardware Trojan can be inserted in a provably-secure side-channel analysis protected implementation. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage leading to successful key recovery attacks. Such a Trojan does not add or remove any logic (even a single gate) to the design which makes it very hard to detect. In ASIC platforms, it is indeed inserted by subtle manipulations at the sub-transistor level to modify the parameters of a few transistors. The same is applicable on FPGA applications by changing the routing of particular signals, leading to null resource utilization overhead. The underlying concept is based on a secure masked hardware implementation which does not exhibit any detectable leakage. However, by running the device at a particular clock frequency one of the requirements of the underlying masking scheme is not fulfilled anymore, i.e., the Trojan is triggered, and the device’s side-channel leakage can be exploited.