A Survey of Hardware Trojan Taxonomy
and Detection
Mohammad Tehranipoor University of Connecticut Farinaz Koushanfar Rice University
B ECAUSE OF GLOBALIZATION of the miconductor design and fabrication process,ICs are becoming in-creasingly vulnerable to malicious activities and alter-ations.The vulnerabilities have raid rious concerns regarding possible threats to military sys-tems,financial infrastructures,transportation curity, and houhold appliances.An adversary can intro-duce a Trojan designed to disable or destroy a system at some future time,or the Trojan could leak confi-dential information and cret keys covertly to the ad-versary.Trojans can be implemented as hardware modifications to ASICs,commercial-off-the-shelf (COTS)parts,microprocessors,microcontrollers,net-work processors,or digital-signal processors(DSPs). They can also be implemented as firmware modifica-tions to,for example,FPGA bitstreams.The con-cerns have been documented in recent reports from the US Defen Science Board task force,1the US Senate,2IEEE Spectrum,3and Semiconductor Equip-ment and Materials International(SEMI).4
An IC fabrication process contains three major steps:design(which includes IP,models,tools,and design
ers);fabrication(which includes mask genera-tion,lithography,and packaging),and manufacturing test.In an ASIC design process,the chip is com-monly designed using tools developed by trusted companiesÀÀthat is,commercial CAD tool
developers such as Synopsys,Cadence
Design Systems,Mentor Graphics,and
Magma Design Automation.However,
湖南最高峰
the IP blocks,models,and standard
cells ud by the designer during the de-
sign process and by the foundry during
the postdesign process are considered
untrusted.The fabrication step might
养老院的故事also be considered untrusted,becau an attacker could substitute Trojan ICs for genuine ones durin
g transit or could subvert the fabrication process itlf by implanting a Trojan into the IC mask.Manufacturing test,if done only in the produc-tion test center of the client(miconductor company or government agency),would be considered trusted.
There are two main options to ensure that a chip ud by the client is authenticÀÀmeaning it performs only tho functions originally intended and nothing more.The first option is to make the entire fabrication process trusted.This option is prohibitively expensive and nearly impossible with the current trends in the global distribution of the IC design and fabrication steps.The cond option is to verify the trustworthi-ness of the manufactured chips upon return to the cli-ents.This requires defining a postmanufacturing step to validate the chip’s conformance with the original functional and performance specifications.We call this new step silicon design authentication.
Generally,hardware-bad curity techniques modify hardware to prevent attacks and to protect IP blocks or cret keys.However,the types of attacks we’re concerned with in this article are fundamentally different.Here,the attacker is assumed to maliciously alter the design before or during fabrication.Detec-tion of such alterations is extremely difficult,for v-eral reasons.First,given the large number of soft,
Verifying Physical Trustworthiness of ICs and Systems
Editor’s note:
Today’s integrated circuits are vulnerable to hardware Trojans,which are mali-
cious alterations to the circuit,either during design or fabrication.This article
prents a classification of hardware Trojans and a survey of published tech-
niques for Trojan detection.
ÀÀKrish Chakrabarty,Editor in Chief
0740-7475/10/$26.00 c2010IEEE Copublished by the IEEE CS and the IEEE CASS IEEE Design&Test of Computers 10
firm,and hard IP cores ud in SoCs,as well as the high com-plexity of today’s IP blocks, detecting a small malicious alter-ation is extremely difficult.Sec-ond,nanometer IC feature sizes make detection by physical in-spection and destructive rever engineering very difficult and costly.Moreover,destructive rever engineering does not guarantee that the remaining ICs will be Trojan free,especially when Trojans are lectively inrted into a portion of the chip population.
Third,Trojan circuits,by de-sign,are typically activated under very specific conditions (e.g.,connected to low-transition-probability nets or nsing a
specific design signal such as power or tempera-ture),which makes them unlikely to be activated and detected using random or functional stimuli. Fourth,tests ud to detect manufacturing faults such as stuck-at and delay faults cannot guarantee de-tection of Trojans.Such tests operate on the netlist of a Trojan-free circuit and therefore cannot activate and detect Trojans.Even when100%fault coverage for all types of manufacturing faults is possible,there are no guarantees as far as Trojans are concerned.Finally, as physical feature sizes decrea becau of improve-ments in lithography,process and environmental varia-tions have an increasingly greater impact on the integrity of the circuit parametrics.Thus,detection of Trojans using simple analysis of the parametric signals would be ineffective.
Hardware Trojans are modifications to original cir-cuitry inrted by adversaries to exploit hardware or to u hardware mechanisms to gain access to data or software running on the chips.Hardware Trojan de-tection is still a fairly new rearch area,but it has gained significant attention in the past few years. This survey prents the current state of knowledge on existing detection schemes and design methodol-ogies for improving Trojan detection techniques.We discuss attempts at developing
hardware Trojans in IP cores and ICs.We also describe existing Trojan detection methods,analyze their effectiveness in dis-closing various types of Trojans,and demonstrate veral architecture-level solutions.Finally,we sum-marize design methods to improve detection tech-niques’nsitivity to Trojans.
Trojan design and taxonomy
Wang,T ehranipoor,and Plusquellic developed the first detailed taxonomy for hardware Trojans5(a sim-ple taxonomy devid earlier differentiated between payload activation logic and triggering6).This com-prehensive taxonomy lets rearchers examine their methods against different Trojan types.5Currently, the industry lacks metrics to evaluate the effective-ness of methods in detecting Trojans.Such metrics could foster a comprehensive taxonomy to help ana-lyze Trojan detection techniques.Becau malicious alterations to a chip’s structure and function can take many forms,Wang and colleagues decompod the Trojan taxonomy into three main categories(e Figure1)according to their physical,activation,and action characteristics.Although Trojans could be hybrids of this classification(for instance,they could have more than one activation characteristic), this taxonomy captures the elemental characteristics of Trojans and is uful for defining and evaluating the capabilities of various detection strategies.
The physical characteristics category describes the various hardware manifestations of Trojans.The type category partitions Trojans into functional and para-metric class.The functional class includes Trojans
Figure1.Detailed taxonomy showing physical,activation,and action characteris-
tics of Trojans.(Source:Wang et al.5)
11 January/February2010
that are physically realized through the addition or deletion of transistors or gates,whereas the paramet-ric class refers to Trojans that are realized through modifications of existing wires and logic.The size cat-egory accounts for the number of components in the chip that have been added,deleted,or compromid.The distribution category describes the location of the Trojan in the chip’s physical layout.The structure cat-egory refers to the ca when an adversary is forced to regenerate the layout to inrt a Trojan,which could then cau the chip’s physical form factor to change.Such changes could result in different place-ment for some or all design components.Any mali-cious changes in physical layout that could change the chip’s delay and power characteristics would fa-cilitate Trojan detection.Wang and colleagues identi-fied current adversaries’capabilities for minimizing the probability of detection.5Activation characteristics refer to the criteria that cau a Trojan to become active and carry out its dis-ruptive function.Trojan activation characteristics fall into two categories:externally activated (e.g.,by an antenna or a nsor that can interact with the outside world)and internally activated (which are further classified as always on and condition bad ),as Figure 1shows.‘‘Always on’’means the Trojan is always active and can disrupt the chip’s function at any time.This subclass covers Trojans that are imple-mented by modifying the chip’s geometries suc
h that certain nodes or paths have a higher susceptibility to failure.The adversary can inrt the Trojans at nodes or paths that are rarely exercid.The condition-bad subclass includes Trojans that are inactive until a specific condition is
盐水猪肝met.The activation condition could be bad on the output
老公生日祝福of a nsor that monitors temper-
ature,voltage,or any type of ex-ternal environmental condition
(such as electromagnetic inter-
ference,humidity ,altitude,or
temperature).Alternatively ,this condition could be bad on an internal logic state,a particu-lar input pattern,or an internal
counter value.The Trojan in
the cas is implemented by adding logic gates and/or flip-flops to the chip,and hence
is reprented as a combina-
tional or quential circuit.Action characteristics identify the types of disrup-tive behavior introduced by the Trojan.The classifica-tion scheme shown in Figure 1partitions Trojan actions into three categories:modify function,modify specification,and transmit information.The modify-function class refers to Trojans that change the chip’s function by adding logic or by removing or bypassing existing logic.The modify-specification class refers to Trojans that focus their attack on chang-ing the chip’s parametric properties,such as delay when an adversary modifies existing wire and transis-tor geometries.Finally ,the transmit-information class includes Trojans that transmit key information to an adversary .(Additional details on Trojan classification and examples are available elwhere.5)Rearchers have designed many types of Trojans
to evaluate their detection techniques by targeting
them in an IC.6-10To imitate adversaries’Trojan inr-tions,Alkabani and Koushanfar classified the compo-nents needed for a hardware Trojan hor (HTH)into three categories:trigger,storage,and driver (e Figure 2).7A trigger incites the planned HTH.After a trigger occurs,the action to be taken can be stored in memory or a quential circuit.A driver implements the action prompted by the trigg
er.On the basis of the classification just described,Alkabani and Koushanfar prent a systematic approach to inrt hardware Tro-jans into the IC using presynthesis manipulation of the circuit’s structure.7Such a model address the issue of trust in IP cores designed by either a third-party vendor or a system integrator when veral IP cores developed by many vendors are ud.Verifying Physical Trustworthiness of ICs and Systems HTH implanter External trigger
HTH storage Internal trigger HTH
driver 110011
00Figure 2.Three components of a hardware Trojan hor (HTH).(Source:Alkabani and Koushanfar 7)12IEEE Design &Test of Computers淘宝排名
Figure3shows an abstracted view of the design process.The Trojan designer compos the high-level design description to find the computation model of the circuit that a finite-state ma-chine(FSM)can reprent.An HTH can be inrted into the cir-cuit by altering the FSM and embedding states into it.The
modified FSM should have a trigger as an input and a driver hidden in the structure of the FSM.This
FSM can be systematically hidden in the design by merging its states within the states of the original design’s FSM.Thus,the HTH would be inparable (unremovable)from the original design’s functional-ity.A stealth communication,which us the medium for legitimate communications,can rve as a covert channel to transfer confidential data from the work-ing chips to the adversary.This Trojan-embedding approach provides a low-level mechanism for bypass-ing higher-level authentication techniques.
Jin,Kupp,and Makris investigated different types of attacks on a design at the RTL.8Specifically,they examined the possibility of designing hardware Tro-jans that can evade state-of-the-art detection method-ologies and can pass functional test.
King sidered the malicious circuit design space and introduced hardware components that can enable veral attacks.11In particular,they designed and implemented the Illinois Malicious Processor with a modified CPU.The malicious modifications allow memory access and shadow-mode mecha-nisms.The former lets an attacker violate operating-system isolation expectations,whereas the latter admits stealthy execution of malevolent firmware. The attacks were evaluated on an FPGA development board by modifying the VHDL code of the Leon pro-cessor,an open-source Sparc v8processor that includes a memory management unit.The overhead in logic is l
ess than1%for both modifications,but the timing overhead is about12%.The authors further designed and implemented three potential attacks: a privilege escalation attack,which gives an intruder access to the root without checking credentials or generating log entries;a log-in backdoor in shadow mode,which lets an intruder log in as a root without using a password;and a rvice for stealing pass-words and nding them to the attacker.They con-cluded that hardware tampering is practical and could support various attacks,while also being diffi-cult to detect.
Mechanisms for actively controlling an IC can also be ud inrt a malicious circuit in a ,IP core).For example,manipulation of the states in an FSM that cannot be rever-engineered could be ud to embed Trojan circuitry by providing mecha-nisms for remotely activating,controlling,and dis-abling the Trojan.12
Trojan detection methodologies
Several Trojan detection methodologies have been developed over the past few years.Without loss of generality,the methods are categorized as either side-channel analysis or Trojan activation,which are mainly chip-level solutions and architectural-level Trojan detection solutions.
第一次约会聊什么Trojan detection using side-channel
signal analysis
Side-channel signals,including timing and power, can be ud for Trojan detection.Trojans typically change a design’s parametric characteristicsÀÀfor example,by degrading performance,changing power characteristics,or introducing reliability prob-lems in the chip.This influences power and/or delay characteristics of wires and gates in the affected cir-cuit.Power-bad side-channel signals provide visibil-ity of the internal structure and activities within the IC,enabling detection of Trojans without fully activat-ing them.Timing-bad side channels can detect a Trojan’s prence if the chip is tested using efficient delay tests that are nsitive to small changes in the cir-cuit delay along the affected paths and that can effectively differentiate Trojans from process variations.
Power-bad analysis.Agrawal et al.were the first to u side-channel information to detect Trojan con-tributions to circuit power consumption.13T o obtain the power signature of ,genuine)
打印机更换墨盒
Figure3.Inrtion of an HTH during the design process of an IP core.(Source:
Alkabani and Koushanfar7)
13 January/February2010
ICs,random patterns are applied and power measure-ment is performed.The data belonging to each power measurement consists of veral elements,including power consumption of the circuit after applying inputs that are the same in all Trojan-free ICs;mea-surement noi,which can be removed by veral measurements;process variations,which are random and cannot be removed;and Trojan contributions to the measured power consumption.After patterns are applied,a limited number of ICs are rever-engineered to ensure they are Trojan free.Once the reference signature is obtained,the same random pat-terns are applied to the IC under authentication (IUA).If the IUA’s power signature differs from the ref-erence signature,the IUA is considered suspicious and that it might contain a Trojan.Trojans of different sizes under different process variations are detected by applying random patterns and obrving the signa-tures.If the Trojan is comparable in size with the cir-cuit,its impact on the circuit-transient current will be significant and could be measured easily.However, process variations will mask the impact of very small Trojans on circuit power consumption.
Wang and colleagues argued that most Trojans inrted into a chip require power supply and ground to operate.9The Trojans can be of different types and sizes,and their impact on circuit power characteristics could be very large or very small.The authors devel-oped a multisupply transient-current integration meth-odology to detect a hardware Trojan.Then,they introduced a Trojan isolation method bad on localized-current analysis.They assumed the current is measured from various power ports or controlled collap chip connections(C4s)on the die,and they applied random patterns to increa the switch-ing in the circuit in a test-per-clock fashion.
The amount of current that a Trojan can draw might be so small that it could be submerged into an envelope of noi and process variation effects, and thus be undetectable by conventional measure-ment equipment.However,Trojan detection capabil-ity can be greatly enhanced by measuring currents locally and from multiple power ports or pads.Figure4 shows the current(charge)integration methodology prented by Wang et al.for detecting hardware Tro-jans.9The die includes four power ports.The golden die can be identified using an exhaustive test for v-eral randomly lected dies.It can also be identified via the pattern t ud in the current integration method by comparing the results of all patterns in an exhaustive fashion.If the same results(within the range of variations)are obtained for all lected dies,tho dies can be identified as Trojan free.
上下居中
The authors assumed the adversary will inrt the Trojans randomly in a lected number of chips.9 After the golden dies are identified,the worst-ca charge is obtained(dashed line in Figure4in respon to the pattern t.The worst-ca charge is bad on the worst-ca process variations in one of the genuine ICs.Next,the pattern t is applied to each chip,and the current is measured for each pat-tern locally via the power ports or C4bumps.
Figure4shows the current waveform of n number of patterns applied to the chips.The figure also illus-trates the charge variations with time for all the cur-rent waveforms obtained after applying the patterns.
Verifying Physical Trustworthiness of ICs and Systems
Figure4.Current(charge)integration method.(Source:Wang et al.9)
14IEEE Design&Test of Computers
