A glimpse into the top security researches in the top global academia - Prof. Indranil Sengupta, IIT Kharagpur

1. Hardware Trojan: Threats and
Emerging Solutions
Prof. Indranil Sen Gupta
Professor, Dept. of Computer Science and Engg.
IIT Kharagpur
E-mail: isg@iitkgp.ac.in
TOP 100 CISO AWARDS

2. Outline
 Background
 Modern IC design and manufacturing
 What are Hardware Trojans?
 Reality or fantasy?
 Trojan taxonomy and examples
 Trojan taxonomy
 Trojan examples
 Trojan detection techniques
 General features
 Classification of Trojan detection techniques
 Challenges
 Invasive techniques
 Non-invasive techniques
• Logic testing
• Side-channel analysis
 Multi-level Attack
 Summary and future research directions
2

3. 3
Background

4. Modern IC Design and Manufacturing
4
IP Tools
Std.
Cells Models
DesignSpecifications Fab Interface Mask Fab
Wafer
Probe
Dice and
Package
Package
Test
Deploy
and
Monitor
Trusted
Either
Untrusted
Wafer
*http://www.darpa.mil/MTO/solicitations/baa07-24/index.html
DARPA’s Model of Hardware Security Threats*
Not really Trusted!!
Offshore
Third-party

5. Effects of Prevalent Practices
5
 Prevalence of Intellectual Property (IP) based design
 Routine use of CAD tools from EDA vendors
 Fabless manufacturing model (trend on the rise)
 Outsourcing of manufacturing to offshore fabs
 Loss of Control over design and manufacture
 Potentially untrusted parties getting involved

6. What are Hardware Trojans ?
6
 Malicious modifications to design
 Can take place pre or post manufacturing
 Inserted by intelligent adversary
 Extremely small hardware overhead
 Stealthy => difficult to detect
 Causes IC to malfunction in-field
 Results:
 Potentially disastrous consequences
 Can affect:
• Military installations
• Civilian infrastructure (power grid, transportation, etc.)
• Communication
 Loss of human life and property
 Billions of dollars in lost property and infrastructure

7. How Realistic are Hardware Trojans?
7
 Do hardware Trojans really exist?
 No concrete proof obtained yet
 Tampering masks in fab is not easy (highly complex)
 Reverse-engineering a single IC can take months
 Political issues make it difficult to verify authenticity of fabs
 But there is strong evidence they do….
 Numerous suspected military and commercial cases (as early as
1976!!)
 Reverse-engineering ICs is widely believed to be performed by
reputed companies (IBM has patents) *
 Highly sophisticated commercial software tools for reverse-
engineering available (Chipworks, etc.)**, and academic efforts
(Cambridge University)
 Tampering at design stage is highly feasible
*US Patent #6, 496, 022 B1 by Kash et al
**www.chipworks.com

8. Suspected Hardware Trojans
8
 Military
 Old Trick Threatens the New Weapons” (J. Markoff, NYT, Oct. 2009)
 “Hardware Trojans could turn microchips into timebombs” (P. Marks,
NS, Jul. 2009)
 “Towards Countering the Rise of the Silicon Trojan” (DSTO,
Australian Govt., Dec. 2008)
 “The Hunt for the Kill Switch” (S. Adee, IEEE Spectrum, May 2008)
 “FBI says military had bogus computer gear” (J. Markoff, NYT, May
2008)
 “BAA 07-24: TRUST in Integrated Circuits (IC)” (DARPA, Jul. 2007)
 Commercial
 “Cracking Security Codes: Does it Matter?” (C. Tartette, IEEE
Spectrum, Feb. 2010)
 “PC Giant Warns of Hardware Trojans” (S. Adee, IEEE Spectrum,
May 2008)

9. 9
Trojan Taxonomy and Examples

10. Trojan Taxonomy
10
Banga and Hsiao [HOST’08]
Hardware Trojans
Combinational Sequential
Wang, Tehranipoor and Plusquellic [HOST’08]
Physical
attribute
Activation
attribute
Action attribute
Wolff et al [DATE’08],
Jin and Makris [HOST’08]
Trigger Payload

11. Trojan Taxonomy (contd.)
11
Trojan
Payload
Synchronous
Asynchronous
Rare
Sequences
Digital Analog
On-chip
sensors
Digital
Bridging
Delay
Activity
Analog
Trigger
Circuit
Nodes
Other
Information
Leakage
Memory
Content
Denial-of-
Service
Hybrid
Combinational Sequential
Rare value
Activity
 Taxonomy based on [Chakraborty et al HLDVT’09]
 Activation mechanism (trigger) and
 Malicious effect (payload)

12. Digital Trojans
12
Combinational Trojan
(simplest, most widely studied)
Sequential (Synchronous )Trojan
(“Time Bomb”)
Sequential (Asynchronous)Trojan
ER ER*
0 1 2 k-1
CLK
Trigger
Payload
ER ER*
0 1 2 k-1
Trigger
Payloadp
q
A
B Cmodified
C
Trigger
Payload
HybridTrojansER ER*
CLK
CLK
CLK
k2-bit
Counter
k1-bit
Counter

13. Analog Trojans
13
Analog Trojan
(activity-triggered)
Analog payload Trojan

14. Information Leakage Trojans
14
Side-channel Leakage Based
Lin et al [ICCAD’09]
Logic-value Based

15. 15
Trojan Detection Techniques

16. General Features
16
 Most proposed techniques cannot guarantee Trojan detection
 Can only provide confidence levels
 Prone to false positives
 Do not have resolution to pin-point the Trojan location
 No “silver-bullet” technique available
 Most techniques assume particular Trojan models
 Arbitrarily complex Trojans have not been studied
 Most proposed techniques have not been validated
experimentally
 Based on computer simulations
 Mostly ignores experimental sources of error
 Many are futuristic (e.g. 3-D IC technology based techniques)
 Many have unacceptable design overhead

17. Approaches of Trojan Detection
17
Trojan Detection
Approaches
Non-destructive
Invasive
Destructive
Preventive
Non-
invasive
Test-timeAssistive Run-time
Logic Test
Side-
channel
Non-mainstreamMainstream

18. Why is Trojan Detection Challenging?
18
 For logic-testing based methods:
 Trigger nodes have low controllability, payload nodes have low
observability
 Trojans are stealthy
 Extremely large number of possible Trojan instances
• Combinatorial dependence on number of circuit nodes
• For the ISCAS-85 c880 circuit with 451 possible nodes, ~1011 possible Trojans !!
 Sequential Trojans extremely difficult to detect
 Finite test length and duration
 For side-channel analysis based methods:
 Modern nanometer processes have large process variation
 Susceptible to experimental measurement error
 Difficult to detect very small Trojans
 Needs a Golden sample …might not be available
 For invasive methods:
 Design overhead

19. Invasive Techniques
19
 Obfuscate the circuit functionality [Chakraborty and Bhunia, ICCAD’09]
 Design of stealthy Trojan requires identification of rare nodes
 This requires estimation of signal probability at internal nodes
 Can obfuscation be applied to make this task difficult?
 Prevent free dead space in an IC [Wang et al, HOST’08]
 Trojan insertion requires space
 Can be overcome using better logic optimization and placement
1. Preventive Techniques
S0
O
S1
O S2
OK1 K2
S0
I
S1
I
S2
I
S0
N
S3
N
S2
N
S1
N
K3
Obfuscated Functionality
Original State Space
Initialization state
space
Isolation
state space
Initialization Key = {K1, K2, K3}
S4
N
S5
N
S3
I
Obfuscation state space
Normal Functionality
Start
Invalid
Trojan
Valid
Trojan
 Modify STG of circuit
 Normal and obfuscated
modes of operation
 Initialization key
sequence required to take
circuit to normal mode
after power-up
 Well-hidden circuit
modifications

20. 2. Assistive Techniques
20
 On-demand Transparency [Chakraborty et al, HOST’08]
 Make system operate in a special mode on demand
 Presence of Trojan possibly disrupts operations in the special mode
 This changes the expected o/p logic values in the special mode
 This leads to the detection of an inserted Trojan (probabilistically)
 Limitation: Cannot guarantee Trojan detection

21. Non-invasive Techniques
21
 Hardware Approach (DEFENSE) [Abramovici and Bradley, CSIIR’09]
 Reconfigurable framework for run-time functionality monitoring
 Triggers counter-measures on deviation
 Does not mention hardware overhead
 Commercially available design tool to implement the methodology
1. Run-time Techniques

22. Run-time Techniques (contd.)
22
 Software Approach [McIntyre et al, HOST’09]
 Execute identical copies of software
on multiple CPUs
 Dynamically evaluate individual trust
levels (“Trust learning”)
 Simulation results show that the
system can successfully execute
programs in a Trojan-infested
environment
 Hardware + Software Approach
[Bloom et al HOST’09]
 “Hardware guard” module outside
CPU + enhanced OS
 Effectively protects against DoS and
privilege escalation attacks
 2.2% average performance overhead
for SPECint 2006 benchmarks

23. Run-time Techniques (contd.)
23
 BlueChip
[Hicks et al IEEE Symp. Security and Privacy’10]
 Pre-fab: Design is analyzed and “Unused Circuit Identification”
(UCI) is used to detect unused circuit blocks which are potential
Trojans
 Such suspicious modules are replaced by exception generation
hardware
 When activated, the exception generation hardware delivers the
exception to the BlueChip software layer
 The software emulates the instruction that generated the exception
 Ensures forward progress of program
 5% run-time overhead, 1.5% area overhead. 0.5% power overhead
for a FPGA-based implementation
 Challenge: Based on verification, hence difficult to have complete
coverage of the behavior of the circuit

24. 2. Test Techniques
24
 Multiple Excitation of Rare Occurrence (MERO) [Chakraborty et al, CHES’09]
 Recap: Complete enumeration of all possible Trojans infeasible
 Added difficulty of exciting multiple nodes at their rare values
 MERO aims to
• Enumerate rare nodes in a given netlist
• Excite these potential Trojan trigger nodes multiple times to their rare
values individually
• Generate a compact set of set vectors
 The technique bypasses the difficulty of directed test generation to
trigger Trojans
 Limitations:
 Limited to a class of Trojans
 Statistical technique => cannot guarantee 100% detection coverage
a. Logic-testing based

25. Mathematical Model
25
 Method:
 Apply test vectors that trigger each node to its rare value at
least N times
 Assumptions:
 An inserted Trojan has a small but non-zero probability of being
triggered
 Trigger nodes are mutually independent
 Trojan trigger probability is product of trigger probability of all
trigger nodes
 Main inferences of analysis:
 Expected number of times of Trojan getting triggered
proportional to N
 Trojan triggering probability increases if trigger probability of
individual trigger nodes increases

26. Design Flow Automation
26
Input: N, q, θ,
# of Trojan inst., # of random
patterns, circuit netlist
Determine rare events on
internal nodes
RO-Finder
Select Trojan instances
using Random Sampling
Eliminate false Trojans
Synospsys
TetraMAX
Estimate coverage for
random patterns TrojanSim
Generate optimized
patterns MERO
Estimate coverage for
optimized patterns TrojanSim
END
Coverage for
random patterns
Coverage for
optimized
patterns
TrojanSelection
List of feasible
Trojans
Optimized test
patterns
C program to find
Rare Occurrences
C program for
Trojan Simulation
C program for Multiple
Excitation of Rare
Occurrence testset
generation
Justification

27. 2 (b). Side-channel Analysis based
Techniques
27
 IC Fingerprinting [Agrawal et al, IEEE Symp. Security and Privacy’07]
 A signature (fingerprint) associated with an IC
 Usually path delay or power trace
 Usually supplemented by de-noising techniques
 Vector selection is important
 Can detect Trojans as small as 0.01% of circuit area in
presence of ±7.5% process variation
 Limitations
 Based only on simulation results
 Did not conduct actual experiments and measurements
 Did not consider experimental noise

28. Current-trace based Techniques
28
 Power-supply Transient based
[Rad et al, HOST’08]
 Signals from multiple ports for several
IC instances are calibrated
 Statistical characterization
 Capable of detecting 50% activated and
30% inactive Trojans
 Sustained-vector Technique
[Banga and Hsiao, VLSID’09]
 Repeat each input vector multiple times
 Reduce extraneous toggles
 Magnifies power profile differences
 Region-based Trojan detection [Banga and Hsiao, HOST’08]
 Partition circuits into smaller regions
 Generate vectors to excite selected region and minimize
activity of other regions
 Could detect most Trojans at ±7.5% process variation

29. Path-delay Based Techniques
29
 Path-delay Fingerprint [Jin and Makris, HOST’08]
 Multiple paths considered
 Extensive statistical characterization
 Capable of detecting Trojans with 0.13% area, under 7.5% process
variation
 Gate-level Characterization [Potkonjak et al, DAC’09]
 Both path delay and leakage current were considered
 Problem formulated as a LPP
 Effective for smaller ISCAS-85 circuits
 Limitation: Computationally challenging for larger circuits
Trojan infested
Trojan free (“convex hull”)

30. Multi-level Attack
30
 Uses nexus between multiple parties
 Only parties which are part of the nexus can benefit
 The nexus eases the burden of individual parties
 More challenging to detect than Trojans considered so far

31. Multi-level Attack (contd.)
31
ASIC Example
FPGA Example

32. Conclusions
32
 Modern IC design and manufacturing practices are inherently
insecure
 Third-party IPs and off-shore manufacturing
 Potentially untrusted parties pay a major role
 Trend likely to increase
 Hardware Trojans are malicious circuit modifications
 Small overhead, hugely destructive impact
 Difficult to detect by traditional testing means
 Great threat to national security
 State-of-the-art
 Both design and test techniques have been proposed
 Effectiveness of the proposed techniques limited to the particular
types of Trojans
 Most techniques have not been validated experimentally in-field

33. Future Research Directions
 The main concern is the lack of a generic
technique for Trojan detection
 Model-independent Trojan detection ultimate goal
 Testing approaches:
◦ combination of logic-testing and side-channel
approaches hold most promise
 Multi-level attacks pose new challenges
 Design approach:
◦ Design for Security is the best bet
33

34. Future Research Directions
34
Design for Security
Design
Techniques Metrics Automation Education
Methodology
Software
Courses
Study
Material
Degree of security
Overheads
Circuit
Architecture
System

35. Security Research at IIT Kharagpur
 General security
◦ Securing policy integration in cloud-based
collaboration through selection of trust-worthy
provider and permission authorization.
◦ Trust based security access control models for
MANETs.
◦ Formal analysis of security policy
implementations in enterprise networks.
◦ Digital rights management.
35

36.  Cryptography
◦ Block and stream cipher design
◦ Lightweight crypto algorithms
◦ Side-channel attacks
◦ Physically unclonable functions (PUF)
◦ Malicious hardware and their mitigation
36

37. Thank You for your attention!!
37