research-article

Toggle MUX: How X-Optimism Can Lead to Malicious Hardware

Authors:

Christian Krieg,

Axel Jantsch, and

Tanja ZsebyAuthors Info & Claims

DAC '17: Proceedings of the 54th Annual Design Automation Conference 2017

June 2017

Article No.: 7, Pages 1 - 6

https://doi.org/10.1145/3061639.3062328

Published: 18 June 2017 Publication History

Abstract

To highlight a potential threat to hardware security, we propose a methodology to derive a trigger signal from the behavior of Verilog simulation models of field-programmable gate array (FPGA) primitives that behave X-optimistic. We demonstrate our methodology with an example trigger that is implemented using Xilinx 7 Series FPGAs. Experimental results show that it is easily possible to create a trigger signal that is '0' in simulation (pre- and post-synthesis), and '1' in hardware. We show that this kind of trigger is neither detectable by formal equivalence checks, nor by recent Trojan detection techniques. As a countermeasure, we propose to carefully reconsider the utilization of X-optimism in FPGA simulation models.

References

[1]

7 Series FPGAs Configurable Logic Block User Guide. Tech. rep. Xilinx, Inc., Sept. 27, 2016.

[2]

N. Fern, S. Kulkarni, and K. T. T. Cheng. "Hardware Trojans hidden in RTL don't cares --- Automated insertion and prevention methodologies". In: Test Conference (ITC), 2015 IEEE International. 2015, pp. 1--8.

[3]

M. Hicks. Personal E-Mail Communication on How UCI treats 'X' input signals. Nov. 18, 2016.

[4]

M. Hicks et al. "Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically". In: Security and Privacy (SP), 2010 IEEE Symposium on. May 2010, pp. 159--172.

Digital Library

[5]

W. Hu et al. "Theoretical Fundamentals of Gate Level Information Flow Tracking". In: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 30.8 (2011), pp. 1128--1140.

Digital Library

[6]

"IEEE Standard Verilog Hardware Description Language". In: IEEE Std 1364-2001 (2001), pp. 1--856.

[7]

Y. Jin. Personal E-Mail communication if FIGHT detects single unused signals. Nov. 19, 2016.

[8]

C. Krieg, C. Wolf, and A. Jantsch. "Malicious LUT: A Stealthy FPGA Trojan Injected and Triggered by the Design Flow". In: Proceedings of the 35th International Conference on Computer-Aided Design. ICCAD '16. Austin, Texas: ACM, 2016, 43:1--43:8.

Digital Library

[9]

H. Li, Q. Liu, and J. Zhang. "A survey of hardware Trojan threat and defense". In: Integration, the {VLSI} Journal 55 (2016), pp. 426--437.

[10]

D. Sullivan et al. "FIGHT-Metric: Functional Identification of Gate-Level Hardware Trustworthiness". In: Proceedings of the 51st Annual Design Automation Conference. DAC '14. San Francisco, CA, USA: ACM, 2014, 173:1--173:4.

Digital Library

[11]

S. Sutherland. "I'm Still In Love With My X!" In: Proceedings of the Design and Verification Conference (DVCon). 2013.

[12]

M. Tiwari et al. "Complete Information Flow Tracking from the Gates Up". In: Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems. ASPLOS XIV. Washington, DC, USA: ACM, 2009, pp. 109--120.

Digital Library

[13]

R. S. Wahby. Personal conversation regarding detectability of Toggle MUX by Verifiable ASICs approach, and the appicability of Verificable ASICs to the detection of Toggle MUX. Nov. 14, 2016.

[14]

R. S. Wahby et al. "Verifiable ASICs". In: 2016 IEEE Symposium on Security and Privacy (SP). 2016, pp. 759--778.

[15]

A. Waksman, M. Suozzo, and S. Sethumadhavan. "FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis". In: Proceedings of CCS 2013. Authors version. To be published in the Proceedings of the CCS 2013. 2013.

Digital Library

[16]

T. F. Wu et al. "TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits". In: IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 35.4 (2016), pp. 521--534.

[17]

K. Xiao et al. "Hardware Trojans: Lessons Learned After One Decade of Research". In: ACM Trans. Des. Autom. Electron. Syst. 22.1 (May 2016), 6:1--6:23.

Digital Library

Cited By

Mahmoud DShokry BLenders VHu WStojilović M(2024)X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAsIEEE Access10.1109/ACCESS.2024.335313412(8983-9011)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3353134
McKendrick RFaulkner KGoeders J(2023)Assuring Netlist-to-Bitstream Equivalence using Physical Netlist Generation and Structural Comparison2023 International Conference on Field Programmable Technology (ICFPT)10.1109/ICFPT59805.2023.00021(142-151)Online publication date: 12-Dec-2023
https://doi.org/10.1109/ICFPT59805.2023.00021
Krieg C(2023)Reflections on Trusting TrustHUB2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD)10.1109/ICCAD57390.2023.10323782(1-9)Online publication date: 28-Oct-2023
https://doi.org/10.1109/ICCAD57390.2023.10323782
Show More Cited By

Recommendations

A 10 GHz 4:1 MUX and 1:4 DEMUX implemented by a Gigahertz SiGe FPGA for fast ADC
Special issue: ACM great lakes symposium on VLSI

This paper describes the implementation of a scalable SiGe FPGA that serves as an interleaving and deinterleaving block in a high-speed reconfigurable data acquisition system. In this paper, the different generations of SiGe configurable blocks (Basic ...
Read More
An Efficient Hardware Architecture for High Throughput AES Encryptor Using MUX Based Sub Pipelined S-Box

In this paper an efficient structural architecture is proposed for AES Encryption process to achieve high throughput with less device utilization. Breakable and controllable structures for main AES blocks at the gate level are designed and used here. ...
Read More
Decomposition-based vectorless toggle rate computation for FPGA circuits

This paper presents a novel and accurate method of estimating the toggle rates of signals in field-programmable gate array (FPGA)-based logic circuits without the use of simulation vectors. Compared to previous vectorless techniques, our approach ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '17: Proceedings of the 54th Annual Design Automation Conference 2017

June 2017

533 pages

ISBN:9781450349277

DOI:10.1145/3061639

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

EDAC: Electronic Design Automation Consortium
SIGDA: ACM Special Interest Group on Design Automation
IEEE-CEDA

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

DAC '17

Sponsor:

EDAC
SIGDA

DAC '17: The 54th Annual Design Automation Conference 2017

June 18 - 22, 2017

TX, Austin, USA

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
194
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)2

Other Metrics

View Author Metrics

Citations

Cited By

Mahmoud DShokry BLenders VHu WStojilović M(2024)X-Attack 2.0: The Risk of Power Wasters and Satisfiability Don’t-Care Hardware Trojans to Shared Cloud FPGAsIEEE Access10.1109/ACCESS.2024.335313412(8983-9011)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3353134
McKendrick RFaulkner KGoeders J(2023)Assuring Netlist-to-Bitstream Equivalence using Physical Netlist Generation and Structural Comparison2023 International Conference on Field Programmable Technology (ICFPT)10.1109/ICFPT59805.2023.00021(142-151)Online publication date: 12-Dec-2023
https://doi.org/10.1109/ICFPT59805.2023.00021
Krieg C(2023)Reflections on Trusting TrustHUB2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD)10.1109/ICCAD57390.2023.10323782(1-9)Online publication date: 28-Oct-2023
https://doi.org/10.1109/ICCAD57390.2023.10323782
Zhang YGe MChen XYao JMao Z(2021)Blinding HT: Hiding Hardware Trojan signals traced across multiple sequential levelsIET Circuits, Devices & Systems10.1049/cds2.1208816:1(105-115)Online publication date: 25-Jun-2021
https://doi.org/10.1049/cds2.12088
Mahmoud DHu WStojilovic M(2020)X-Attack: Remote Activation of Satisfiability Don't-Care Hardware Trojans on Shared FPGAs2020 30th International Conference on Field-Programmable Logic and Applications (FPL)10.1109/FPL50879.2020.00039(185-192)Online publication date: Aug-2020
https://doi.org/10.1109/FPL50879.2020.00039
Xue MGu CLiu WYu SO'Neill M(2020)Ten years of hardware Trojans: a survey from the attacker's perspectiveIET Computers & Digital Techniques10.1049/iet-cdt.2020.0041Online publication date: 12-Aug-2020
https://doi.org/10.1049/iet-cdt.2020.0041
Hu WMa YWang XWang X(2019)Leveraging Unspecified Functionality in Obfuscated Hardware for Trojan and Fault Attacks2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)10.1109/AsianHOST47458.2019.9006725(1-6)Online publication date: Dec-2019
https://doi.org/10.1109/AsianHOST47458.2019.9006725
Hastings AJensen SGoeders JHutchings B(2018)Using Physical and Functional Comparisons to Assure 3rd-Party IP for Modern FPGAs2018 IEEE 3rd International Verification and Security Workshop (IVSW)10.1109/IVSW.2018.8494874(80-86)Online publication date: Jul-2018
https://doi.org/10.1109/IVSW.2018.8494874
Bhardwaj AChhabra SLata K(2018)FPGA Implementation of Traffic Light Controller and its Analysis in the Presence of Hardware Trojan2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI)10.1109/ICACCI.2018.8554439(375-380)Online publication date: Sep-2018
https://doi.org/10.1109/ICACCI.2018.8554439

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents