4.5 Hardware Trojans and Split Manufacturing

Time	Label	Presentation Title Authors
17:00	4.5.1	HARDWARE TROJAN IN EMERGING NON-VOLATILE MEMORIES Speaker: Swaroop Ghosh, The Pennsylvania State University, US Authors: Mohammad Nasim Imtiaz Khan, Karthikeyan Nagarajan and Swaroop Ghosh, Pennsylvania State University, US Abstract Emerging Non-Volatile Memories (NVMs) possess unique characteristics that make them a top target for deploying Hardware Trojan. In this paper, we investigate such knobs that can be targeted by the Trojans to cause read/write failure. For example, NVM read operation depends on clamp voltage which the adversary can manipulate. Adversary can also use ground bounce generated in NVM write operation to hamper another parallel read/write operation. We have designed a Trojan that can be activated and deactivated by writing a specific data pattern to a particular address. Once activated, the Trojan can couple two predetermined addresses and data written to one address (victim's address space) will get copied to another address (adversary's address space). This will leak sensitive information e.g., encryption keys. Adversary can also create read/write failure to predetermined locations (fault injection). Simulation results indicate that the Trojan can be activated by writing a specific data pattern to a specific address for 1956 times. Once activated, the attack duration can be as low as 52.4s and as high as 1.1ms (with reset-enable trigger). We also show that the proposed Trojan can scale down the clamp voltage by 400mV from optimum value which is sufficient to inject specific data-polarity read error. We also propose techniques to inject noise in the ground/power rail to cause read/write failure. Download Paper (PDF; Only available from the DATE venue WiFi)
17:30	4.5.2	EVALUATING ASSERTION SET COMPLETENESS TO EXPOSE HARDWARE TROJANS AND VERIFICATION BLINDSPOTS Speaker: Nicole Fern, University of California Santa Barbara, US Authors: Nicole Fern¹ and Tim Cheng² ¹University of California Santa Barbara, US; ²HKUST, HK Abstract Assertion-based verification has been adopted by industry as an efficient specification mechanism. Handwritten assertions encode design intent in a parsable format and have been traditionally used to verify an implementation conforms to the properties outlined by the assertions. Our work makes the observation that design behavior not covered by the assertion set is equally revealing and can be leveraged to identify malicious behavior (hardware Trojans) as well as verification blindspots. The difficulty in examining this unspecified and unverified behavior is differentiating between benign functionality that is truly don't care and that which leaks information or violates design intent. Prior work exploring assertion set completeness suffers from this inability to distinguish benign unspecified functionality from actual verification holes, while existing Trojan detection techniques can differentiate these categories, but require unspecified functionality already be characterized. Our technique uses the assertion set and simulation trace data available in most industry design flows to characterize unspecified functionality then separates Trojans and verification blindspots from benign behavior using existing Trojan detection methods. Using our technique, we uncover missing functionality in a first-in first-out (FIFO) queue implementation and demonstrate detection of information leakage Trojans. We also illustrate Trojan detection for a system containing several components connected by an AXI4-Lite bus by analyzing the completeness of the AXI4-Lite assertion set provided by ARM. Download Paper (PDF; Only available from the DATE venue WiFi)
18:00	4.5.3	EFFICIENT TEST GENERATION FOR TROJAN DETECTION USING SIDE CHANNEL ANALYSIS Speaker: Prabhat Mishra, University of Florida, US Authors: Yangdi Lyu and Prabhat Mishra, University of Florida, US Abstract Detection of hardware Trojans is vital to ensure the security and trustworthiness of System-on-Chip (SoC) designs. Side-channel analysis is effective for Trojan detection by analyzing various side-channel signatures such as power, current and delay. In this paper, we propose an efficient test generation technique to facilitate side-channel analysis utilizing dynamic current. While early work on current-aware test generation has proposed several promising ideas, there are two major challenges in applying it on large designs: (i) the test generation time grows exponentially with the design complexity, and (ii) it is infeasible to detect Trojans since the side-channel sensitivity is marginal compared to the noise and process variations. Our proposed work addresses both challenges by effectively exploiting the affinity between the inputs and rare (suspicious) nodes. We formalize the test generation problem as a searching problem and solve the optimization using genetic algorithm. The basic idea is to quickly find the profitable test patterns that can maximize switching in the suspicious regions while minimize switching in the rest of the circuit. Our experimental results demonstrate that we can drastically improve both the side-channel sensitivity (30x on average) and time complexity (4.6x on average) compared to the state-of-the-art test generation techniques. Download Paper (PDF; Only available from the DATE venue WiFi)
18:15	4.5.4	A NEW PARADIGM IN SPLIT MANUFACTURING: LOCK THE FEOL, UNLOCK AT THE BEOL Speaker: Abhrajit Sengupta, New York University, US Authors: Abhrajit Sengupta¹, Mohammed Nabeel², Johann Knechtel² and Ozgur Sinanoglu² ¹New York University, US; ²New York University Abu Dhabi, AE Abstract Split manufacturing was introduced as an effective countermeasure against hardware-level threats such as IP piracy, overbuilding, and insertion of hardware Trojans. Nevertheless, the security promise of split manufacturing has been challenged by various attacks, which exploit the well-known working principles of physical design tools to infer the missing BEOL interconnects. In this work, we advocate a new paradigm to enhance the security for split manufacturing. Based on Kerckhoff's principle, we protect the FEOL layout in a formal and secure manner, by embedding keys. These keys are purposefully implemented and routed through the BEOL in such a way that they become indecipherable to the state-of-the-art FEOL-centric attacks. We provide our secure physical design flow to the community. We also define the security of split manufacturing formally and provide the associated proofs. At the same time, our technique is competitive with current schemes in terms of layout overhead, especially for practical, large-scale designs (ITC'99 benchmarks). Download Paper (PDF; Only available from the DATE venue WiFi)
18:30	IP2-6, 191	DETECTION OF HARDWARE TROJANS IN SYSTEMC HLS DESIGNS VIA COVERAGE-GUIDED FUZZING Speaker: Niklas Bruns, Cyber-Physical Systems, DFKI GmbH, DE Authors: Hoang M. Le, Daniel Grosse, Niklas Bruns and Rolf Drechsler, University of Bremen, DE Abstract High-level Synthesis (HLS) is being increasingly adopted as a mean to raise design productivity. HLS designs, which can be automatically translated into RTL, are typically written in SystemC at a more abstract level. Hardware Trojan attacks and countermeasures, while well-known and well-researched for RTL and below, have been only recently considered for HLS. The paper makes a contribution to this emerging research area by proposing a novel detection approach for Hardware Trojans in SystemC HLS designs. The proposed approach is based on coverage-guided fuzzing, a new promising idea from software (security) testing research. The efficiency of the approach in identifying stealthy behavior is demonstrated on a set of open-source benchmarks. Download Paper (PDF; Only available from the DATE venue WiFi)
18:30		End of session Exhibition Reception in Exhibition Area The Exhibition Reception will take place on Tuesday in the exhibition area, where free drinks for all conference delegates and exhibition visitors will be offered. All exhibitors are welcome to also provide drinks and snacks for the attendees.

Time

Label

Presentation Title
Authors

17:00

4.5.1

HARDWARE TROJAN IN EMERGING NON-VOLATILE MEMORIES
Speaker:
Swaroop Ghosh, The Pennsylvania State University, US
Authors:
Mohammad Nasim Imtiaz Khan, Karthikeyan Nagarajan and Swaroop Ghosh, Pennsylvania State University, US
Abstract
Emerging Non-Volatile Memories (NVMs) possess unique characteristics that make them a top target for deploying Hardware Trojan. In this paper, we investigate such knobs that can be targeted by the Trojans to cause read/write failure. For example, NVM read operation depends on clamp voltage which the adversary can manipulate. Adversary can also use ground bounce generated in NVM write operation to hamper another parallel read/write operation. We have designed a Trojan that can be activated and deactivated by writing a specific data pattern to a particular address. Once activated, the Trojan can couple two predetermined addresses and data written to one address (victim's address space) will get copied to another address (adversary's address space). This will leak sensitive information e.g., encryption keys. Adversary can also create read/write failure to predetermined locations (fault injection). Simulation results indicate that the Trojan can be activated by writing a specific data pattern to a specific address for 1956 times. Once activated, the attack duration can be as low as 52.4s and as high as 1.1ms (with reset-enable trigger). We also show that the proposed Trojan can scale down the clamp voltage by 400mV from optimum value which is sufficient to inject specific data-polarity read error. We also propose techniques to inject noise in the ground/power rail to cause read/write failure.
Download Paper (PDF; Only available from the DATE venue WiFi)

17:30

4.5.2

EVALUATING ASSERTION SET COMPLETENESS TO EXPOSE HARDWARE TROJANS AND VERIFICATION BLINDSPOTS
Speaker:
Nicole Fern, University of California Santa Barbara, US
Authors:
Nicole Fern¹ and Tim Cheng²
¹University of California Santa Barbara, US; ²HKUST, HK
Abstract
Assertion-based verification has been adopted by industry as an efficient specification mechanism. Handwritten assertions encode design intent in a parsable format and have been traditionally used to verify an implementation conforms to the properties outlined by the assertions. Our work makes the observation that design behavior not covered by the assertion set is equally revealing and can be leveraged to identify malicious behavior (hardware Trojans) as well as verification blindspots. The difficulty in examining this unspecified and unverified behavior is differentiating between benign functionality that is truly don't care and that which leaks information or violates design intent. Prior work exploring assertion set completeness suffers from this inability to distinguish benign unspecified functionality from actual verification holes, while existing Trojan detection techniques can differentiate these categories, but require unspecified functionality already be characterized. Our technique uses the assertion set and simulation trace data available in most industry design flows to characterize unspecified functionality then separates Trojans and verification blindspots from benign behavior using existing Trojan detection methods. Using our technique, we uncover missing functionality in a first-in first-out (FIFO) queue implementation and demonstrate detection of information leakage Trojans. We also illustrate Trojan detection for a system containing several components connected by an AXI4-Lite bus by analyzing the completeness of the AXI4-Lite assertion set provided by ARM.
Download Paper (PDF; Only available from the DATE venue WiFi)

18:00

4.5.3

EFFICIENT TEST GENERATION FOR TROJAN DETECTION USING SIDE CHANNEL ANALYSIS
Speaker:
Prabhat Mishra, University of Florida, US
Authors:
Yangdi Lyu and Prabhat Mishra, University of Florida, US
Abstract
Detection of hardware Trojans is vital to ensure the security and trustworthiness of System-on-Chip (SoC) designs. Side-channel analysis is effective for Trojan detection by analyzing various side-channel signatures such as power, current and delay. In this paper, we propose an efficient test generation technique to facilitate side-channel analysis utilizing dynamic current. While early work on current-aware test generation has proposed several promising ideas, there are two major challenges in applying it on large designs: (i) the test generation time grows exponentially with the design complexity, and (ii) it is infeasible to detect Trojans since the side-channel sensitivity is marginal compared to the noise and process variations. Our proposed work addresses both challenges by effectively exploiting the affinity between the inputs and rare (suspicious) nodes. We formalize the test generation problem as a searching problem and solve the optimization using genetic algorithm. The basic idea is to quickly find the profitable test patterns that can maximize switching in the suspicious regions while minimize switching in the rest of the circuit. Our experimental results demonstrate that we can drastically improve both the side-channel sensitivity (30x on average) and time complexity (4.6x on average) compared to the state-of-the-art test generation techniques.
Download Paper (PDF; Only available from the DATE venue WiFi)

18:15

4.5.4

A NEW PARADIGM IN SPLIT MANUFACTURING: LOCK THE FEOL, UNLOCK AT THE BEOL
Speaker:
Abhrajit Sengupta, New York University, US
Authors:
Abhrajit Sengupta¹, Mohammed Nabeel², Johann Knechtel² and Ozgur Sinanoglu²
¹New York University, US; ²New York University Abu Dhabi, AE
Abstract
Split manufacturing was introduced as an effective countermeasure against hardware-level threats such as IP piracy, overbuilding, and insertion of hardware Trojans. Nevertheless, the security promise of split manufacturing has been challenged by various attacks, which exploit the well-known working principles of physical design tools to infer the missing BEOL interconnects. In this work, we advocate a new paradigm to enhance the security for split manufacturing. Based on Kerckhoff's principle, we protect the FEOL layout in a formal and secure manner, by embedding keys. These keys are purposefully implemented and routed through the BEOL in such a way that they become indecipherable to the state-of-the-art FEOL-centric attacks. We provide our secure physical design flow to the community. We also define the security of split manufacturing formally and provide the associated proofs. At the same time, our technique is competitive with current schemes in terms of layout overhead, especially for practical, large-scale designs (ITC'99 benchmarks).
Download Paper (PDF; Only available from the DATE venue WiFi)

18:30

IP2-6, 191

DETECTION OF HARDWARE TROJANS IN SYSTEMC HLS DESIGNS VIA COVERAGE-GUIDED FUZZING
Speaker:
Niklas Bruns, Cyber-Physical Systems, DFKI GmbH, DE
Authors:
Hoang M. Le, Daniel Grosse, Niklas Bruns and Rolf Drechsler, University of Bremen, DE
Abstract
High-level Synthesis (HLS) is being increasingly adopted as a mean to raise design productivity. HLS designs, which can be automatically translated into RTL, are typically written in SystemC at a more abstract level. Hardware Trojan attacks and countermeasures, while well-known and well-researched for RTL and below, have been only recently considered for HLS. The paper makes a contribution to this emerging research area by proposing a novel detection approach for Hardware Trojans in SystemC HLS designs. The proposed approach is based on coverage-guided fuzzing, a new promising idea from software (security) testing research. The efficiency of the approach in identifying stealthy behavior is demonstrated on a set of open-source benchmarks.
Download Paper (PDF; Only available from the DATE venue WiFi)

18:30

End of session
Exhibition Reception in Exhibition Area

The Exhibition Reception will take place on Tuesday in the exhibition area, where free drinks for all conference delegates and exhibition visitors will be offered. All exhibitors are welcome to also provide drinks and snacks for the attendees.