research-article

DeTrust: Defeating Hardware Trust Verification with Stealthy Implicitly-Triggered Hardware Trojans

Authors:

Qiang XuAuthors Info & Claims

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

Pages 153 - 166

https://doi.org/10.1145/2660267.2660289

Published: 03 November 2014 Publication History

Abstract

Hardware Trojans (HTs) inserted at design time by malicious insiders on the design team or third-party intellectual property (IP) providers pose a serious threat to the security of computing systems. Researchers have proposed several hardware trust verification techniques to mitigate such threats, and some of them are shown to be able to effectively flag all suspicious HTs implemented in the Trust-Hub hardware backdoor benchmark suite. No doubt to say, adversaries would adjust their tactics of attacks accordingly and it is hence essential to examine whether new types of HTs can be designed to defeat these hardware trust verification techniques. In this paper, we present a systematic HT design methodology to achieve the above objective, namely \emph{DeTrust}. Given an HT design, DeTrust keeps its original malicious behavior while making the HT resistant to state-of-the-art hardware trust verification techniques by manipulating its trigger designs. To be specific, DeTrust implements stealthy implicit triggers for HTs by carefully spreading the trigger logic into multiple sequential levels and combinational logic blocks and combining the trigger logic with the normal logic, so that they are not easily differentiable from normal logic. As shown in our experimental results, adversaries can easily employ DeTrust to evade hardware trust verification.

We close with a discussion on how to extend existing solutions to alleviate the threat posed by DeTrust. However, they generally suffer from high computational complexity, calling for more advanced techniques to ensure hardware trust.

References

[1]

M. Tehranipoor and F. Koushanfar. A survey of hardware trojan taxonomy and detection. Design and Test of Computers, 27(1):10--25, 2010.

Digital Library

[2]

J. Markoff. Old trick threatens the newest weapons. The New York Times, 27, 2009.

[3]

S. Adee. The hunt for the kill switch. Spectrum, IEEE, 45(5):34--39, 2008.

Digital Library

[4]

S. T. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, and Y. Zhou. Designing and implementing malicious hardware. LEET, 8:1--8, 2008.

Digital Library

[5]

J. Zhang and Q. Xu. On hardware trojan design and implementation at register-transfer level. In Proc. IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 107--112, 2013.

[6]

Trust-Hub Website. http://www.trust-hub.org/resources/benchmarks.

[7]

S. Skorobogatov and C. Woods. Breakthrough silicon scanning discovers backdoor in military chip. In Proc. International Conference on Cryptographic Hardware and Embedded Systems (CHES), pp. 23--40, 2012.

Digital Library

[8]

Y. Liu, Y. Jin, and Y. Makris. Hardware Trojans in wireless cryptographic ICs: silicon demonstration & detection method evaluation. In Proc. IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 399--404, 2013.

Digital Library

[9]

M. Beaumont, B. Hopkins, and T. Newby. Hardware trojans-prevention, detection, countermeasures (a literature review). Technical report, 2011.

[10]

U.S.A. Department of Defense. Defense science board task force on high performance microchip supply. Washington, DC, pp. 2005--02, 2005.

[11]

M. Hicks, M. Finnicum, S. T. King, M. K. Martin, and J. M. Smith. Overcoming an untrusted computing base: Detecting and removing malicious hardware automatically. In Proc. IEEE Symposium on Security and Privacy (SP), pp. 159--172, 2010.

Digital Library

[12]

A. Waksman and S. Sethumadhavan. Tamper evident microprocessors. In Proc. IEEE Symposium on Security and Privacy (SP), pp. 173--188, 2010.

Digital Library

[13]

A. Waksman and S. Sethumadhavan. Silencing hardware backdoors. In Proc. IEEE Symposium on Security and Privacy (SP), pp. 49--63, 2011.

Digital Library

[14]

J. Zhang, F. Yuan, L. Wei, Z. Sun, and Q. Xu. VeriTrust: verification for hardware trust. In Proc. IEEE/ACM Design Automation Conference (DAC),pp. 1--8, 2013.

Digital Library

[15]

A. Waksman, M. Suozzo, and S. Sethumadhavan. FANCI: Identification of stealthy malicious logic using boolean functional analysis. In Proc. ACM Conference on Computer and Communication Security (CCS), pp. 697--708, 2013.

Digital Library

[16]

C. Sturton, M. Hicks, D. Wagner, and S. T King. Defeating UCI: Building stealthy and malicious hardware. In Proc. IEEE International Symposium on Security and Privacy (SP), pp. 64--77, 2011.

Digital Library

[17]

J. Bormann, et al. Complete formal verification of tricore2 and other processors. In Design and Verification Conference, 2007.

[18]

OpenCores Website. http://opencores.org/.

[19]

F. Fallah. Binary time-frame expansion. In Proc. IEEE/ACM International Conference on Computer Aided Design (ICCAD), pp. 458--464, 2002.

Digital Library

[20]

M. Tiwari, H. Wassel, B. Mazloom, S. Mysore, F. T. Chong, and T. Sherwood. Complete information flow tracking from the gates up. In Proc. International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 109--120, 2009.

Digital Library

[21]

J. Szefer and R. B. Lee. Architectural support for hypervisor-secure virtualization. 40(1):437--450, 2012.

Digital Library

[22]

D. Champagne and R. B. Lee. Scalable architectural support for trusted software. In Proc. Symposium on High Performance Computer Architecture (HPCA), pp. 1--12. IEEE, 2010.

[23]

C. W. Fletcher, M. van Dijk, and S. Devadas. A secure processor architecture for encrypted computation on untrusted programs. In Proc. ACM workshop on Scalable Trusted Computing (STC), pp. 3--8, 2012.

Digital Library

[24]

TPM Specification Architecture Overview. http://www.trustedcomputinggroup.org/.

[25]

A. Baumgarten, M. Steffen, M. Clausman, and J. Zambreno. A case study in hardware trojan design and implementation. International Journal of Information Security, 10:1--14, 2011.

Digital Library

[26]

Y. Jin, N. Kupp, and Y. Makris. Experiences in hardware trojan design and implementation. In Proc. IEEE International Workshop on Hardware-Oriented Security and Trust (HOST), pp. 50--57, 2009.

Digital Library

[27]

L. Lin, M. Kasper, T. Güneysu, C. Paar, and W. Burleson. Trojan side-channels: lightweight hardware trojans through side-channel engineering. In Proc. International Conference on Cryptographic Hardware and Embedded Systems (CHES), pp. 382--395, 2009.

Digital Library

[28]

L. Lin, W. Burleson, and C. Paar. Moles: malicious off-chip leakage enabled by side-channels. In Proc. IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 117--122, 2009.

Digital Library

[29]

S. Wei, K. Li, F. Koushanfar, and M. Potkonjak. Hardware trojan horse benchmark via optimal creation and placement of malicious circuitry. In Proc. IEEE/ACM Design Automation Conference (DAC), pp. 90--95, 2012.

Digital Library

[30]

G. T. Becker, F. Regazzoni, C. Paar, and W. P. Burleson. Stealthy dopant-level hardware trojans. In Proc. International Conference on Cryptographic Hardware and Embedded Systems (CHES), pp. 197--214, 2013.

Digital Library

[31]

Y. Jin and Y. Makris. Hardware trojan detection using path delay fingerprint. In Proc. IEEE International Workshop on Hardware-Oriented Security and Trust (HOST), pp. 51--57, 2008.

Digital Library

[32]

D. Du, S. Narasimhan, R. S. Chakraborty, and S. Bhunia. Self-referencing: a scalable side-channel approach for hardware trojan detection. In Proc. International Conference on Cryptographic Hardware and Embedded Systems (CHES), pp. 173--187, 2010.

Digital Library

[33]

D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar. Trojan detection using IC fingerprinting. In Proc. IEEE Symposium on Security and Privacy (SP), pp. 296--310, 2007.

Digital Library

[34]

R. M. Rad, X. Wang, M. Tehranipoor, and J. Plusquellic. Power supply signal calibration techniques for improving detection resolution to hardware trojans. In Proc. IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 632--639, 2008.

Digital Library

[35]

S. Wei, S. Meguerdichian, and M. Potkonjak. Gate-level characterization: foundations and hardware security applications. In Proc. IEEE/ACM Design Automation Conference (DAC), pp. 222--227, 2010.

Digital Library

[36]

K. Hu, A. N. Nowroz, S. Reda, and F. Koushanfar. High-sensitivity hardware trojan detection using multimodal characterization. In Proc. IEEE/ACM Design, Automation and Test in Europe (DATE), pp. 1271--1276, 2013.

Digital Library

[37]

J. Zhang, H. Yu and Q. Xu. HTOutlier: hardware Trojan detection with side-channel signature outlier identification. In Proc. IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 55--58, 2012.

[38]

R. S. Chakraborty and S. Bhunia. Security against hardware trojan through a novel application of design obfuscation. In Proc. IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 113--116, 2009.

Digital Library

[39]

M. Potkonjak. Synthesis of trustable ICs using untrusted CAD tools. In Proc. IEEE/ACM Design Automation Conference (DAC), pp. 633--634, 2010.

Digital Library

[40]

T. Huffmire, B. Brotherton, G. Wang, T. Sherwood, R. Kastner, T. Levin, T. Nguyen, and C. Irvine. Moats and drawbridges: An isolation primitive for reconfigurable hardware based systems. In Proc. IEEE Symposium on Security and Privacy (SP), pp. 281--295, 2007.

Digital Library

[41]

S. Dutt and L. Li. Trust-based design and check of FPGA circuits using two-level randomized ECC structures. Transcations on Reconfigurable Technology and System, 2(1):1--36, 2009.

Digital Library

[42]

S. Dai, T. Wei, C. Zhang, T. Wang, Y. Ding, Z. Liang, and W. Zou. A framework to eliminate backdoors from response-computable authentication. In Proc. IEEE Symposium on Security and Privacy (SP), pp. 3--17, 2012.

Digital Library

Cited By

Timis GValachi A(2024)Sequentially Triggering “Time-Bomb” Trojan into Hardware Wired MicrosequencerInternational Journal of Electrical Engineering and Computer Science10.37394/232027.2024.6.106(92-97)Online publication date: 19-Mar-2024
https://doi.org/10.37394/232027.2024.6.10
Duque Antón AMüller JDeutschmann LFadiheh MStoffel DKunz W(2024)A Golden-Free Formal Method for Trojan Detection in Non-Interfering Accelerators2024 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE58400.2024.10546664(1-6)Online publication date: 25-Mar-2024
https://doi.org/10.23919/DATE58400.2024.10546664
Chattopadhyay ABisariya SPatel ASunkara SSutrakar V(2024)Deep Learning Based Graph Neural Network Technique for Hardware Trojan Detection at Register Transfer Level2024 IEEE 4th International Conference on VLSI Systems, Architecture, Technology and Applications (VLSI SATA)10.1109/VLSISATA61709.2024.10560302(1-5)Online publication date: 17-May-2024
https://doi.org/10.1109/VLSISATA61709.2024.10560302
Show More Cited By

Index Terms

DeTrust: Defeating Hardware Trust Verification with Stealthy Implicitly-Triggered Hardware Trojans
1. Hardware
  1. Integrated circuits
    1. Logic circuits

Recommendations

Tamper Evident Microprocessors
SP '10: Proceedings of the 2010 IEEE Symposium on Security and Privacy

Most security mechanisms proposed to date unquestioningly place trust in microprocessor hardware. This trust, however, is misplaced and dangerous because microprocessors are vulnerable to insider attacks that can catastrophically compromise security, ...
A hardened network-on-chip design using runtime hardware Trojan mitigation methods

Due to the globalized semiconductor business model, malicious hardware modifications, known as hardware Trojans (HTs), have risen up as a big concern for chip security. HT detection and mitigation methods for general integrated circuits have been ...
Secure Model Checkers for Network-on-Chip (NoC) Architectures
GLSVLSI '16: Proceedings of the 26th edition on Great Lakes Symposium on VLSI

As chip multiprocessors (CMPs) are becoming more susceptible to process variation, crosstalk, and hard and soft errors, emerging threats from rogue employees in a compromised foundry are creating new vulnerabilities that could undermine the integrity of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

November 2014

1592 pages

ISBN:9781450329576

DOI:10.1145/2660267

General Chair:
Gail-Joon Ahn
Arizona State University, USA
,
Program Chairs:
Moti Yung
Google -- Columbia University, USA
,
Ninghui Li
Purdue University, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Research Grants Council, University Grants Committee, Hong Kong

Conference

CCS'14

Sponsor:

SIGSAC

CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security

November 3 - 7, 2014

Arizona, Scottsdale, USA

Acceptance Rates

CCS '14 Paper Acceptance Rate 114 of 585 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

115
Total Citations
View Citations
1,243
Total Downloads

Downloads (Last 12 months)80
Downloads (Last 6 weeks)4

Reflects downloads up to 11 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Timis GValachi A(2024)Sequentially Triggering “Time-Bomb” Trojan into Hardware Wired MicrosequencerInternational Journal of Electrical Engineering and Computer Science10.37394/232027.2024.6.106(92-97)Online publication date: 19-Mar-2024
https://doi.org/10.37394/232027.2024.6.10
Duque Antón AMüller JDeutschmann LFadiheh MStoffel DKunz W(2024)A Golden-Free Formal Method for Trojan Detection in Non-Interfering Accelerators2024 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE58400.2024.10546664(1-6)Online publication date: 25-Mar-2024
https://doi.org/10.23919/DATE58400.2024.10546664
Chattopadhyay ABisariya SPatel ASunkara SSutrakar V(2024)Deep Learning Based Graph Neural Network Technique for Hardware Trojan Detection at Register Transfer Level2024 IEEE 4th International Conference on VLSI Systems, Architecture, Technology and Applications (VLSI SATA)10.1109/VLSISATA61709.2024.10560302(1-5)Online publication date: 17-May-2024
https://doi.org/10.1109/VLSISATA61709.2024.10560302
Sharma RSharma GPattanaik M(2024)Adversarial Label Flipping Attack on Supervised Machine Learning-Based HT Detection Systems2024 IEEE International Symposium on Circuits and Systems (ISCAS)10.1109/ISCAS58744.2024.10557844(1-5)Online publication date: 19-May-2024
https://doi.org/10.1109/ISCAS58744.2024.10557844
Dharsee KCriswell JCalandrino JTroncoso C(2023)JinnProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620627(6965-6982)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620627
Patooghy AHasanzadeh MSarihi AAbdelrehim MBadawy A(2023)Securing Network-on-chips Against Fault-injection and Crypto-analysis Attacks via Stochastic Anonymous RoutingACM Journal on Emerging Technologies in Computing Systems10.1145/359279819:3(1-21)Online publication date: 21-Jun-2023
https://dl.acm.org/doi/10.1145/3592798
Gaikwad PCruz JChakraborty PBhunia SHoque T(2023)Hardware IP Assurance against Trojan Attacks with Machine Learning and Post-processingACM Journal on Emerging Technologies in Computing Systems10.1145/359279519:3(1-23)Online publication date: 21-Jun-2023
https://dl.acm.org/doi/10.1145/3592795
Hosseintalaee HJahanian AAlizadeh B(2023)Systematic Trojan Detection in Crypto-Systems Using the Model CheckerJournal of Circuits, Systems and Computers10.1142/S021812662450045233:03Online publication date: 5-Oct-2023
https://doi.org/10.1142/S0218126624500452
Mondal AGhosh AKarmakar SMahalat MRoy SSen B(2023)Identification of Hardware Trojan in Gate-Level NetlistJournal of Circuits, Systems and Computers10.1142/S0218126624300058Online publication date: 26-Dec-2023
https://doi.org/10.1142/S0218126624300058
Martin HDupuis SNatale GEntrena L(2023)Using Approximate Circuits Against Hardware TrojansIEEE Design & Test10.1109/MDAT.2021.311774140:3(8-16)Online publication date: Jun-2023
https://doi.org/10.1109/MDAT.2021.3117741
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents