Sneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur

Hardware Trojan: Threats and Hardware Trojan: Threats and Emerging SolutionsEmerging Solutions

Prof. Indranil Sen GuptaProfessor, Dept. of Computer Science and Engg.

IIT Kharagpur

E-mail: [email protected]

TOP 100 CISO AWARDS

OutlineOutline Background

Modern IC design and manufacturing What are Hardware Trojans? Reality or fantasy?

Trojan taxonomy and examples Trojan taxonomy Trojan examples

Trojan detection techniques General features Classification of Trojan detection techniques Challenges Invasive techniques Non-invasive techniques• Logic testing • Side-channel analysis

Multi-level Attack

Summary and future research directions2

3

BackgroundBackground

Modern IC Design and ManufacturingModern IC Design and Manufacturing

4

IP ToolsStd. Cells Models

DesignSpecifications Fab Interface Mask Fab

WaferProbe

Dice and Package

PackageTest

Deploy and

Monitor

Trusted

Either

Untrusted

Wafer

*http://www.darpa.mil/MTO/solicitations/baa07-24/index.html

DARPA’s Model of Hardware Security Threats*

Not really Trusted!!

Offshore

Third-party

Effects of Prevalent PracticesEffects of Prevalent Practices

5

Prevalence of Intellectual Property (IP) based design

Routine use of CAD tools from EDA vendors

Fabless manufacturing model (trend on the rise)

Outsourcing of manufacturing to offshore fabs

Loss of Control over design and manufacture

Potentially untrusted parties getting involved

What are What are Hardware Trojans Hardware Trojans ??

6

Malicious modifications to design Can take place pre or post manufacturing Inserted by intelligent adversary Extremely small hardware overhead Stealthy => difficult to detect Causes IC to malfunction in-field

Results: Potentially disastrous consequences Can affect: • Military installations• Civilian infrastructure (power grid, transportation, etc.)• Communication

Loss of human life and property Billions of dollars in lost property and infrastructure

How Realistic are Hardware Trojans?How Realistic are Hardware Trojans?

7

Do hardware Trojans really exist? No concrete proof obtained yet Tampering masks in fab is not easy (highly complex) Reverse-engineering a single IC can take months Political issues make it difficult to verify authenticity of fabs

But there is strong evidence they do…. Numerous suspected military and commercial cases (as early as

1976!!) Reverse-engineering ICs is widely believed to be performed by

reputed companies (IBM has patents) * Highly sophisticated commercial software tools for reverse-

engineering available (Chipworks, etc.)**, and academic efforts (Cambridge University)

Tampering at design stage is highly feasible

*US Patent #6, 496, 022 B1 by Kash et al**www.chipworks.com

Suspected Hardware TrojansSuspected Hardware Trojans

8

Military Old Trick Threatens the New Weapons” (J. Markoff, NYT, Oct. 2009) “Hardware Trojans could turn microchips into timebombs” (P.

Marks, NS, Jul. 2009) “Towards Countering the Rise of the Silicon Trojan” (DSTO,

Australian Govt., Dec. 2008) “The Hunt for the Kill Switch” (S. Adee, IEEE Spectrum, May 2008) “FBI says military had bogus computer gear” (J. Markoff, NYT, May

2008) “BAA 07-24: TRUST in Integrated Circuits (IC)” (DARPA, Jul. 2007)

Commercial “Cracking Security Codes: Does it Matter?” (C. Tartette, IEEE

Spectrum, Feb. 2010) “PC Giant Warns of Hardware Trojans” (S. Adee, IEEE Spectrum,

May 2008)

9

Trojan Taxonomy and ExamplesTrojan Taxonomy and Examples

Trojan TaxonomyTrojan Taxonomy

10

Banga and Hsiao [HOST’08]

Hardware Trojans

Combinational Sequential

Wang, Tehranipoor and Plusquellic [HOST’08]

Physical attribute

Activation attribute

Action attribute

Wolff et al [DATE’08], Jin and Makris [HOST’08]

Trigger Payload

Trojan Taxonomy (contd.)Trojan Taxonomy (contd.)

11

Trojan

Payload

Synchronous

Asynchronous

Rare Sequences

Digital Analog

On-chip sensors

Digital

Bridging

Delay

Activity

Analog

Trigger

Circuit Nodes

Other

Information Leakage

Memory Content

Denial-of-Service

Hybrid

Combinational Sequential

Rare value

Activity

Taxonomy based on [Chakraborty et al HLDVT’09]

Activation mechanism (trigger) and Malicious effect (payload)

Digital TrojansDigital Trojans

12

Combinational Trojan (simplest, most widely studied)

Sequential (Synchronous )Trojan

(“Time Bomb”)

Sequential (Asynchronous) Trojan

ER ER*

0 1 2 k-1

CLK

Trigger

Payload

ER ER*

0 1 2 k-1

Trigger

Payloadpq

AB Cmodified

C

Trigger

Payload

Hybrid Trojans ER ER*

CLK

CLK

CLK

k2-bit Counter

k1-bit Counter

Analog TrojansAnalog Trojans

13

Analog Trojan (activity-triggered)

Analog payload Trojan

Information Leakage TrojansInformation Leakage Trojans

14

Side-channel Leakage Based

Lin et al [ICCAD’09]

Logic-value Based

15

Trojan Detection TechniquesTrojan Detection Techniques

General FeaturesGeneral Features

16

Most proposed techniques cannot guarantee Trojan detection Can only provide confidence levels Prone to false positives Do not have resolution to pin-point the Trojan location

No “silver-bullet” technique available Most techniques assume particular Trojan models Arbitrarily complex Trojans have not been studied

Most proposed techniques have not been validated experimentally Based on computer simulations Mostly ignores experimental sources of error Many are futuristic (e.g. 3-D IC technology based techniques)

Many have unacceptable design overhead

Approaches of Trojan DetectionApproaches of Trojan Detection

17

Trojan Detection Approaches

Non-destructive

Invasive

Destructive

Preventive

Non-invasive

Test-timeAssistive Run-time

Logic Test

Side-channel

Non-mainstreamMainstream

Why is Trojan Detection Challenging?Why is Trojan Detection Challenging?

18

For logic-testing based methods: Trigger nodes have low controllability, payload nodes have

low observability Trojans are stealthy Extremely large number of possible Trojan instances

• Combinatorial dependence on number of circuit nodes• For the ISCAS-85 c880 circuit with 451 possible nodes, ~1011 possible Trojans !!

Sequential Trojans extremely difficult to detect Finite test length and duration

For side-channel analysis based methods: Modern nanometer processes have large process variation Susceptible to experimental measurement error Difficult to detect very small Trojans Needs a Golden sample …might not be available

For invasive methods: Design overhead

Invasive TechniquesInvasive Techniques

19

Obfuscate the circuit functionality [Chakraborty and Bhunia, ICCAD’09]

Design of stealthy Trojan requires identification of rare nodes This requires estimation of signal probability at internal nodes Can obfuscation be applied to make this task difficult?

Prevent free dead space in an IC [Wang et al, HOST’08]

Trojan insertion requires space Can be overcome using better logic optimization and placement

1. 1. Preventive TechniquesPreventive Techniques

S0O S1

O S2OK1 K2

S0I

S1I

S2I

S0N

S3N

S2N

S1N

K3

Obfuscated Functionality

Original State Space

Initialization state space

Isolation state space

Initialization Key = {K1, K2, K3}

S4N

S5N

S3I

Obfuscation state space

Normal Functionality

Start

Invalid Trojan

Valid Trojan

Modify STG of circuit Normal and obfuscated

modes of operation Initialization key

sequence required to take circuit to normal mode after power-up

Well-hidden circuit modifications

2. 2. Assistive TechniquesAssistive Techniques

20

On-demand Transparency [Chakraborty et al, HOST’08]

Make system operate in a special mode on demand Presence of Trojan possibly disrupts operations in the special mode This changes the expected o/p logic values in the special mode This leads to the detection of an inserted Trojan (probabilistically) Limitation: Cannot guarantee Trojan detection

Non-invasive TechniquesNon-invasive Techniques

21

Hardware Approach (DEFENSE) [Abramovici and Bradley, CSIIR’09]

Reconfigurable framework for run-time functionality monitoring Triggers counter-measures on deviation Does not mention hardware overhead Commercially available design tool to implement the methodology

1. 1. Run-time TechniquesRun-time Techniques

Run-time Techniques (contd.)Run-time Techniques (contd.)

22

Software Approach [McIntyre et al, HOST’09]

Execute identical copies of software on multiple CPUs

Dynamically evaluate individual trust levels (“Trust learning”)

Simulation results show that the system can successfully execute programs in a Trojan-infested environment

Hardware + Software Approach [Bloom et al HOST’09]

“Hardware guard” module outside CPU + enhanced OS

Effectively protects against DoS and privilege escalation attacks

2.2% average performance overhead for SPECint 2006 benchmarks

Run-time Techniques (contd.)Run-time Techniques (contd.)

23

BlueChip [Hicks et al IEEE Symp. Security and Privacy’10]

Pre-fab: Design is analyzed and “Unused Circuit Identification” (UCI) is used to detect unused circuit blocks which are potential Trojans

Such suspicious modules are replaced by exception generation hardware

When activated, the exception generation hardware delivers the exception to the BlueChip software layer

The software emulates the instruction that generated the exception Ensures forward progress of program 5% run-time overhead, 1.5% area overhead. 0.5% power overhead

for a FPGA-based implementation Challenge: Based on verification, hence difficult to have complete

coverage of the behavior of the circuit

2. Test Techniques2. Test Techniques

24

Multiple Excitation of Rare Occurrence (MERO) [Chakraborty et al, CHES’09]

Recap: Complete enumeration of all possible Trojans infeasible Added difficulty of exciting multiple nodes at their rare values MERO aims to

• Enumerate rare nodes in a given netlist

• Excite these potential Trojan trigger nodes multiple times to their rare values individually

• Generate a compact set of set vectors

The technique bypasses the difficulty of directed test generation to trigger Trojans

Limitations: Limited to a class of Trojans Statistical technique => cannot guarantee 100% detection coverage

aa. Logic-testing based. Logic-testing based

Mathematical ModelMathematical Model

25

Method: Apply test vectors that trigger each node to its rare value at

least N times

Assumptions: An inserted Trojan has a small but non-zero probability of being

triggered Trigger nodes are mutually independent Trojan trigger probability is product of trigger probability of all

trigger nodes

Main inferences of analysis: Expected number of times of Trojan getting triggered

proportional to N Trojan triggering probability increases if trigger probability of

individual trigger nodes increases

Design Flow AutomationDesign Flow Automation

26

Input: N, q, θ,# of Trojan inst., # of random

patterns, circuit netlist

Determine rare events on internal nodes

RO-Finder

Select Trojan instances using Random Sampling

Eliminate false TrojansSynospsysTetraMAX

Estimate coverage for random patterns TrojanSim

Generate optimized patterns MERO

Estimate coverage for optimized patterns TrojanSim

END

Coverage for random patterns

Coverage for optimized patterns

Tro

jan

Sel

ecti

on

List of feasible Trojans

Optimized test patterns

C program to find Rare Occurrences

C program for Trojan Simulation

C program for Multiple Excitation of Rare Occurrence testset

generation

Justification

2 (b). Side-channel Analysis based 2 (b). Side-channel Analysis based TechniquesTechniques

27

IC Fingerprinting [Agrawal et al, IEEE Symp. Security and Privacy’07]

A signature (fingerprint) associated with an IC Usually path delay or power trace Usually supplemented by de-noising techniques Vector selection is important Can detect Trojans as small as 0.01% of circuit area in

presence of ±7.5% process variation

Limitations Based only on simulation results Did not conduct actual experiments and measurements Did not consider experimental noise

Current-trace based TechniquesCurrent-trace based Techniques

28

Power-supply Transient based [Rad et al, HOST’08]

Signals from multiple ports for several IC instances are calibrated

Statistical characterization Capable of detecting 50% activated and

30% inactive Trojans

Sustained-vector Technique [Banga and Hsiao, VLSID’09]

Repeat each input vector multiple times Reduce extraneous toggles Magnifies power profile differences

Region-based Trojan detection [Banga and Hsiao, HOST’08]

Partition circuits into smaller regions Generate vectors to excite selected region and minimize

activity of other regions Could detect most Trojans at ±7.5% process variation

Path-delay Based TechniquesPath-delay Based Techniques

29

Path-delay Fingerprint [Jin and Makris, HOST’08]

Multiple paths considered Extensive statistical characterization Capable of detecting Trojans with 0.13% area, under 7.5% process

variation

Gate-level Characterization [Potkonjak et al, DAC’09]

Both path delay and leakage current were considered Problem formulated as a LPP Effective for smaller ISCAS-85 circuits Limitation: Computationally challenging for larger circuits

Trojan infested

Trojan free (“convex hull”)

Multi-level AttackMulti-level Attack

30

Uses nexus between multiple parties Only parties which are part of the nexus can benefit The nexus eases the burden of individual parties More challenging to detect than Trojans considered so far

Multi-level Attack (contd.)Multi-level Attack (contd.)

31

ASIC ExampleFPGA Example

ConclusionsConclusions

32

Modern IC design and manufacturing practices are inherently insecure Third-party IPs and off-shore manufacturing Potentially untrusted parties pay a major role Trend likely to increase

Hardware Trojans are malicious circuit modifications Small overhead, hugely destructive impact Difficult to detect by traditional testing means Great threat to national security

State-of-the-art Both design and test techniques have been proposed Effectiveness of the proposed techniques limited to the particular

types of Trojans Most techniques have not been validated experimentally in-field

Future Research DirectionsFuture Research DirectionsThe main concern is the lack of a generic

technique for Trojan detectionModel-independent Trojan detection ultimate goalTesting approaches:

◦ combination of logic-testing and side-channel approaches hold most promise

Multi-level attacks pose new challengesDesign approach:

◦ Design for Security is the best bet

33

Future Research DirectionsFuture Research Directions

34

Design for Security

Design Techniques Metrics Automation Education

Methodology

Software

Courses

StudyMaterial

Degree of security

Overheads

Circuit

Architecture

System

Security Research at IIT Security Research at IIT KharagpurKharagpurGeneral security

◦Securing policy integration in cloud-based collaboration through selection of trust-worthy provider and permission authorization.

◦Trust based security access control models for MANETs.

◦Formal analysis of security policy implementations in enterprise networks.

◦Digital rights management.35

Cryptography◦Block and stream cipher design◦Lightweight crypto algorithms◦Side-channel attacks◦Physically unclonable functions (PUF)◦Malicious hardware and their

mitigation

36

Thank You for your attention!!Thank You for your attention!!

37