amos-mitchell poster
TRANSCRIPT
Shielding Heterogeneous MPSoCs from Untrustworthy 3PIPs Richard Amos and Kory Mitchell, Chengmo Yang
Department of Electrical and Computer Engineering
The design and production of integrated circuits have become such separate processes that a new vulnerability has arisen: the possibility of inserting malicious hardware during the design or production phase of a device. These malicious modifications are known as Hardware Trojan Horses (HTH). This poses a unique threat to the users of the product, because it is not simply an unintentional sporadic malfunction of the device due to improper design or construction, but a specifically engineered malfunction. • The infected device may pass normal quality tests to
detect malfunctions. • The specific malfunction of the HTH is designed to be
subtle and undetectable. • The HTH can have effects ranging from sabotage of a
product, or harm to a user, and the products can range from consumer devices to military hardware.
• Traditional quality tests will not be sufficient for detecting HTH’s, and new ones must be designed.
Abstract
Side Channel Analysis is a method that analyzes the side effects (not the direct functional effect) of the additional logic added by an HTH to an integrated circuit. Two examples of Side Channel Analysis are: • Path-Delay Measurement of the Design Under Testing
(DUT) against the Golden Circuit. • When logical hardware is added or removed,
it will effect the propagation time between a shifted input and a shifted output. By measuring major differences, it is possible to detect the presence of an HTH
• IDDQ and IDDT Analysis can be used to measure the current supplied to the circuit in both quiescent (IDDQ) and transient (IDDT) states.
• A circuit having a significantly lower or higher power draw than the Golden Circuit is much more likely to contain an HTH.
Side Channel Analysis
A Functional Test analyzes and compares the logic of two devices, and requires two additional machines: • The Test Generator generates inputs for both devices and
has two modes based on the type of HTH it is intended to detect.
• Combinational: The first mode is meant to test for an HTH in a combinational circuit, and is extremely effective for these circuits.
• Sequential: When checking for HTH’s in sequential circuits, the order of inputs must be randomized to check for a HTH in all different states. The Functional Test is not sufficient for these circuits and Side Channel Analysis must be performed as well.
• A Comparator between the outputs of the Golden Circuit and DUT must also be added. This test must be properly synched so that the outputs of each circuit match a single input. As can be seen in Figure 5, the outputs of the Golden Circuit and DUT do not match, and thus an HTH has been detected, and an error flag thrown, which is symbolized by a single 7 segment LED turning off.
Functional Test
Design Under Testing
Golden Circuit
Test Generator
Compare
Error
Block diagram of the Functional Test
Figure 4
Our setup for the Functional Test
1 2
3
4 1: DUT Output 2: Golden Circuit Output 3: Error Flag 4: Generated Test Vector
Figure 5
DMUX
Normal Logic
Trojan Logic
Input
Normal Output
Trojan-infected Output
Figure 2
How Trojans work in a combinational circuit
DMUX
Normal Logic
Trojan Logic
Input
Normal Output
Trojan-infected Output
Figure 3
How Trojans work in a sequential circuit
Trojan Trigger
Wang, X., March, T., & Mal-sarkar, T. (2012). Detection of Malicious Insertions in Hardware through an Integrative Validation Approach. Bell, C., Lewandowski, M., & Meana, R. (2012). Hardware Trojan Detection Using Multi-Parameter Functional Side- Channel Analysis
References
Oscilloscope
Output 1. Normal Signal
2. Delayed Signal
(HTH)
or
Input
DC in A
1. IDDQ Testing
2. IDDT Testing
V DUT
Methods for Side Channel Analysis
Figure 1