Hardware Trojans, which are malicious modifications made to circuits, may cause severe security issues in Cyber-Physical Systems (CPS). CPS are usually composed of multiple untrusted nodes and a trusted server, with each node connecting to the server wirelessly in a multi-hop manner. A Trojan in one node may broadcast messages with triggers secretly embedded to simultaneously activate multiple Trojans in other nodes, causing system-wide catastrophe. To prevent hardware Trojan collusion in CPS, this paper presents a collaborative defensive framework. When deploying the network, a security requirement of vendor diversity is enforced between neighboring nodes, thus precluding collusion between neighboring nodes and allowing them to monitor each other's behavior. At runtime, a mutual auditing protocol is utilized to check, for each message, whether it is correctly encrypted by the source node and whether its content is maliciously changed by any node on the routing path. This protocol ensures that any message embedded with hardware Trojan trigger is either muted or detected and abandoned, while the benign messages are thwarted. The experimental results show that the framework effectively prevents hardware Trojan collusion with low latency overhead and almost no impact on packet completion rate and network throughput.

中文翻译：

---

保护网络物理系统免受硬件木马合谋

硬件木马是对电路进行的恶意修改，可能会导致网络物理系统 (CPS) 出现严重的安全问题。CPS通常由多个不可信节点和一个可信服务器组成，每个节点以多跳方式无线连接到服务器。一个节点中的木马可能会广播消息，暗藏触发器，同时激活其他节点中的多个木马，造成系统范围的灾难。为了防止CPS中的硬件木马勾结，本文提出了一种协同防御框架。在部署网络时，在相邻节点之间强制执行供应商多样性的安全要求，从而防止相邻节点之间串通并允许它们监视彼此的行为。在运行时，使用相互审计协议来检查每条消息，是否被源节点正确加密，其内容是否被路由路径上的任何节点恶意更改。该协议确保任何嵌入硬件木马触发器的消息要么被静音，要么被检测到并被放弃，而良性消息则被阻止。实验结果表明，该框架有效地防止了硬件木马勾结，延迟开销低，对数据包完成率和网络吞吐量几乎没有影响。