Article

Stealthy Dopant-Level Hardware Trojans

Authors:

Georg T. Becker,

Francesco Regazzoni,

Wayne P. BurlesonAuthors Info & Claims

Cryptographic Hardware and Embedded Systems - CHES 2013: 15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013. Proceedings

Pages 197 - 214

https://doi.org/10.1007/978-3-642-40349-1_12

Published: 19 August 2013 Publication History

Abstract

In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like, and how difficult it would be in practice to implement one.

In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against “golden chips”. We demonstrate the effectiveness of our approach by inserting Trojans into two designs — a digital post-processing derived from Intel’s cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation — and by exploring their detectability and their effects on security.

References

[1]

Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan Detection using IC Fingerprinting. In: IEEE Symposium on Security and Privacy (SP 2007), pp. 296–310 (2007)

[2]

Brier E., Clavier C., and Olivier F. Joye M. and Quisquater J.-J. Correlation Power Analysis with a Leakage Model Cryptographic Hardware and Embedded Systems - CHES 2004 2004 Heidelberg Springer 16-29

[3]

Canright D. Rao J.R. and Sunar B. A very compact S-box for AES Cryptographic Hardware and Embedded Systems – CHES 2005 2005 Heidelberg Springer 441-455

[4]

Defense Science Board. Report of the Defense Science Board Task Force on High Performance Microchip Supply. US DoD (February 2005)

[5]

Gierlichs B., Batina L., Tuyls P., and Preneel B. Oswald E. and Rohatgi P. Mutual Information Analysis Cryptographic Hardware and Embedded Systems – CHES 2008 2008 Heidelberg Springer 426-442

[6]

Gorman C. Counterfeit chips on the rise IEEE Spectrum 2012 49 6 16-17

[7]

Hamburg, M., Kocher, P., Marson, M.E.: Analysis of Intel’s Ivy Bridge Digital Random Number Generator. Technical Report, Cryptography Research INC. (March 2012)

[8]

Hicks, M., Finnicum, M., King, S.T., Martin, M.M., Smith, J.M.: Overcoming an untrusted computing base: Detecting and removing malicious hardware automatically. In: IEEE Symposium on Security and Privacy (SP 2010), pp. 159–172 (2010)

[9]

Intel. Intel Digital Random Number Generator (DRNG) Software Implementation Guide, revision 1.1 (August 2012), http://software.intel.com/sites/default/files/m/d/4/1/d/8/441_Intel_R__DRNG_Software_Implementation_Guide_final_Aug7.pdf

[10]

King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. In: Proceedings of the 1st USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET 2008), pp. 1–8 (2008)

[11]

Li, J., Lach, J.: At-speed delay characterization for IC authentication and Trojan horse detection. In: IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2008), pp. 8–14 (2008)

[12]

Lin L., Kasper M., Güneysu T., Paar C., and Burleson W. Clavier C. and Gaj K. Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering Cryptographic Hardware and Embedded Systems - CHES 2009 2009 Heidelberg Springer 382-395

[13]

Markoff, S.: Cyberwar — Old Trick Threatens the Newest Weapons. New York Times (October 2009)

[14]

Moradi A., Kirschbaum M., Eisenbarth T., and Paar C. Masked Dual-Rail Precharge Logic Encounters State-of-the-Art Power Analysis Methods IEEE Transactions on Very Large Scale Integration (VLSI) Systems 2011 99 1-13

[15]

Nangate Inc. Nangate Open Cell Library, version PDKv1_3_v2010_12 (August. 2011), http://www.si2.org/openeda.si2.org/projects/nangatelib

[16]

Popp T., Kirschbaum M., Zefferer T., and Mangard S. Paillier P. and Verbauwhede I. Evaluation of the Masked Logic Style MDPL on a Prototype Chip Cryptographic Hardware and Embedded Systems - CHES 2007 2007 Heidelberg Springer 81-94

[17]

Popp T. and Mangard S. Rao J.R. and Sunar B. Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints Cryptographic Hardware and Embedded Systems – CHES 2005 2005 Heidelberg Springer 172-186

[18]

Rajendran, J., Jyothi, V., Karri, R.: Blue team red team approach to hardware trust assessment. In: IEEE 29th International Conference on Computer Design (ICCD 2011), pp. 285–288 (October 2011)

[19]

Rajendran, J., Jyothi, V., Sinanoglu, O., Karri, R.: Design and analysis of ring oscillator based Design-for-Trust technique. In: 29th IEEE VLSI Test Symposium (VTS 2011), pp. 105–110 (2011)

[20]

Sanger, D., Barboza, D., Perlroth, N.: Chinese Army Unit Is Seen as Tied to Hacking Against U.S. New York Times (February 2013)

[21]

Shiyanovskii, Y., Wolff, F., Rajendran, A., Papachristou, C., Weyer, D., Clay, W.: Process reliability based trojans through NBTI and HCI effects. In: NASA/ESA Conference on Adaptive Hardware and Systems (AHS 2010), pp. 215–222 (2010)

[22]

SypherMedia International. Circuit Camouflage Technology - SMI IP Protection and Anti-Tamper Technologies. White Paper Version 1.9.8j (March 2012)

[23]

Waksman, A., Sethumadhavan, S.: Silencing hardware backdoors. In: IEEE Symposium on Security and Privacy (SP 2011), pp. 49–63 (2011)

[24]

Walker, J.: Conceptual Foundations of the Ivy Bridge Random Number Generator. Presentation at ISTS Computer Science Department Colloquium at Dartmouth College (November 2012), http://www.ists.dartmouth.edu/docs/walker_ivy-bridge.pdf

[25]

Yier, J., Makris, Y.: Hardware Trojan detection using path delay fingerprint. In: IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2008), pp. 51–57 (2008)

Cited By

Dharsee KCriswell JCalandrino JTroncoso C(2023)JinnProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620627(6965-6982)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620627
Trippel TShin KBush KHicks M(2023)T-TER: Defeating A2 Trojans with Targeted Tamper-Evident RoutingProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3582837(746-759)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3582837
Ngo KDubrova ESavidis ISasan AThapliyal HDeMara R(2022)Side-Channel Analysis of the Random Number Generator in STM32 MCUsProceedings of the Great Lakes Symposium on VLSI 202210.1145/3526241.3530324(15-20)Online publication date: 6-Jun-2022
https://dl.acm.org/doi/10.1145/3526241.3530324
Show More Cited By

Index Terms

Stealthy Dopant-Level Hardware Trojans

Index terms have been assigned to the content through auto-classification.

Recommendations

How to Build Hardware Trojans
TrustED '14: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices

Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCADA ...
Hardware Trojans and Other Threats against Embedded Systems
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security- critical, e.g., automotive electronics, medical devices, or SCADA ...
Two Countermeasures Against Hardware Trojans Exploiting Non-Zero Aliasing Probability of BIST

The threat of hardware Trojans has been widely recognized by academia, industry, and government agencies. A Trojan can compromise security of a system in spite of cryptographic protection. The damage caused by a Trojan may not be limited to a business ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Cryptographic Hardware and Embedded Systems - CHES 2013: 15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013. Proceedings

Aug 2013

488 pages

ISBN:978-3-642-40348-4

DOI:10.1007/978-3-642-40349-1

Editors:
Guido Bertoni
STMicroelectronics, Agrate Brianza, Belgium
,
Jean-Sébastien Coron
University of Luxembourg, 6, rue Richard Coudenhove-Kalergi, 1359, Luxembourg, Luxemburg

© International Association for Cryptologic Research 2013.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 19 August 2013

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dharsee KCriswell JCalandrino JTroncoso C(2023)JinnProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620627(6965-6982)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620627
Trippel TShin KBush KHicks M(2023)T-TER: Defeating A2 Trojans with Targeted Tamper-Evident RoutingProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3582837(746-759)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3582837
Ngo KDubrova ESavidis ISasan AThapliyal HDeMara R(2022)Side-Channel Analysis of the Random Number Generator in STM32 MCUsProceedings of the Great Lakes Symposium on VLSI 202210.1145/3526241.3530324(15-20)Online publication date: 6-Jun-2022
https://dl.acm.org/doi/10.1145/3526241.3530324
Basiashvili GAbideen ZPagliarini S(2022)Obfuscating the Hierarchy of a Digital IPEmbedded Computer Systems: Architectures, Modeling, and Simulation10.1007/978-3-031-15074-6_19(303-314)Online publication date: 3-Jul-2022
https://dl.acm.org/doi/10.1007/978-3-031-15074-6_19
Krachenfels TSeifert JTajik SHong Chang CRührmair UKatzenbeisser SMukhopadhyay D(2021)Trojan AwakenerProceedings of the 5th Workshop on Attacks and Solutions in Hardware Security10.1145/3474376.3487282(17-27)Online publication date: 19-Nov-2021
https://dl.acm.org/doi/10.1145/3474376.3487282
Dauterman ECorrigan-Gibbs HMazières DLu SHowell J(2020)SafetyPinProceedings of the 14th USENIX Conference on Operating Systems Design and Implementation10.5555/3488766.3488829(1121-1138)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.5555/3488766.3488829
Basu KSaeed SPilato CAshraf MNabeel MChakrabarty KKarri R(2019)CAD-BaseACM Transactions on Design Automation of Electronic Systems10.1145/331557424:4(1-30)Online publication date: 18-Apr-2019
https://dl.acm.org/doi/10.1145/3315574
Zhang HGhosh SFix JApostolakis SBeard SNagendra NOh TAugust DBahar IHerlihy MWitchel ELebeck A(2019)Architectural Support for Containment-based SecurityProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3297858.3304020(361-377)Online publication date: 4-Apr-2019
https://dl.acm.org/doi/10.1145/3297858.3304020
Kison CAwad OFyrbiak MPaar C(2019)Security Implications of Intentional Capacitive CrosstalkIEEE Transactions on Information Forensics and Security10.1109/TIFS.2019.290091414:12(3246-3258)Online publication date: 1-Dec-2019
https://dl.acm.org/doi/10.1109/TIFS.2019.2900914
Hu WZhang LArdeshiricham ABlackstone JHou BTai YKastner RParameswaran S(2017)Why you should care about don't caresProceedings of the 36th International Conference on Computer-Aided Design10.5555/3199700.3199794(707-713)Online publication date: 13-Nov-2017
https://dl.acm.org/doi/10.5555/3199700.3199794
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents