Shielding Heterogeneous MPSoCs from Untrustworthy 3PIPs Richard Amos and Kory Mitchell, Chengmo Yang

Department of Electrical and Computer Engineering

The design and production of integrated circuits have become such separate processes that a new vulnerability has arisen: the possibility of inserting malicious hardware during the design or production phase of a device. These malicious modifications are known as Hardware Trojan Horses (HTH). This poses a unique threat to the users of the product, because it is not simply an unintentional sporadic malfunction of the device due to improper design or construction, but a specifically engineered malfunction. • The infected device may pass normal quality tests to

detect malfunctions. • The specific malfunction of the HTH is designed to be

subtle and undetectable. • The HTH can have effects ranging from sabotage of a

product, or harm to a user, and the products can range from consumer devices to military hardware.

• Traditional quality tests will not be sufficient for detecting HTH’s, and new ones must be designed.

Abstract

Side Channel Analysis is a method that analyzes the side effects (not the direct functional effect) of the additional logic added by an HTH to an integrated circuit. Two examples of Side Channel Analysis are: • Path-Delay Measurement of the Design Under Testing

(DUT) against the Golden Circuit. • When logical hardware is added or removed,

it will effect the propagation time between a shifted input and a shifted output. By measuring major differences, it is possible to detect the presence of an HTH

• IDDQ and IDDT Analysis can be used to measure the current supplied to the circuit in both quiescent (IDDQ) and transient (IDDT) states.

• A circuit having a significantly lower or higher power draw than the Golden Circuit is much more likely to contain an HTH.

Side Channel Analysis

A Functional Test analyzes and compares the logic of two devices, and requires two additional machines: • The Test Generator generates inputs for both devices and

has two modes based on the type of HTH it is intended to detect.

• Combinational: The first mode is meant to test for an HTH in a combinational circuit, and is extremely effective for these circuits.

• Sequential: When checking for HTH’s in sequential circuits, the order of inputs must be randomized to check for a HTH in all different states. The Functional Test is not sufficient for these circuits and Side Channel Analysis must be performed as well.

• A Comparator between the outputs of the Golden Circuit and DUT must also be added. This test must be properly synched so that the outputs of each circuit match a single input. As can be seen in Figure 5, the outputs of the Golden Circuit and DUT do not match, and thus an HTH has been detected, and an error flag thrown, which is symbolized by a single 7 segment LED turning off.

Functional Test

Design Under Testing

Golden Circuit

Test Generator

Compare

Error

Block diagram of the Functional Test

Figure 4

Our setup for the Functional Test

1 2

3

4 1: DUT Output 2: Golden Circuit Output 3: Error Flag 4: Generated Test Vector

Figure 5

DMUX

Normal Logic

Trojan Logic

Input

Normal Output

Trojan-infected Output

Figure 2

How Trojans work in a combinational circuit

DMUX

Normal Logic

Trojan Logic

Input

Normal Output

Trojan-infected Output

Figure 3

How Trojans work in a sequential circuit

Trojan Trigger

Wang, X., March, T., & Mal-sarkar, T. (2012). Detection of Malicious Insertions in Hardware through an Integrative Validation Approach. Bell, C., Lewandowski, M., & Meana, R. (2012). Hardware Trojan Detection Using Multi-Parameter Functional Side- Channel Analysis

References

Oscilloscope

Output 1. Normal Signal

2. Delayed Signal

(HTH)

or

Input

DC in A

1. IDDQ Testing

2. IDDT Testing

V DUT

Methods for Side Channel Analysis

Figure 1