Integrated Circuits (ICs) are sensible to a wide range of (passive, active, invasive, non-invasive) physical attacks. In this context, Hardware Trojans (HTs), that are malicious modifications of a circuit by an untrusted manufacturer, are one of the most challenging threats to mitigate. HTs aim to alter the functionality of the infected chip in a malicious way, e.g. under specific conditions known by the adversary. Fault attacks are a typical attack vector. However, for a HT to be exploitable by an adversary, it also has to be stealthy. For example, a HT that would directly inject exploitable faults in a block cipher may be spotted by analyzing its functional behavior (i.e. the positions and the distribution of the faulty values appearing). In this paper, we propose a stealthy HT instance leading to successful and hidden Statistical Fault Attacks (SFA). More precisely, the faults are injected when the chip is running under condition for which metastabilty occurs (i.e. with a increased clock frequency), leading to the apparition faults at random positions within the target implementation. In addition, an internal bit is set to a value known only by the adversary, allowing him to perform efficient SFA. Compared to classical SFA, the HT uses its control on the target to circumvent behavioral detection tests. Indeed, it also adds computation errors in the early rounds of the target cipher which are not exploitable via SFA.

集成电路（IC）对广泛的（被动，主动，侵入式，非侵入式）物理攻击敏感。在这种情况下，硬件木马（HT）是不受信任的制造商对电路进行的恶意修改，是要缓解的最具挑战性的威胁之一。HT旨在以恶意方式（例如在对手已知的特定条件下）更改受感染芯片的功能。故障攻击是典型的攻击媒介。但是，要让对手​​利用HT，它也必须是隐秘的。例如，可以通过分析其功能行为（即出现的故障值的位置和分布）来发现将以块密码直接注入可利用的故障的HT。在本文中，我们提出了一个秘密的HT实例，该实例导致成功和隐藏的统计错误攻击（SFA）。更准确地说，当芯片在发生亚稳态的条件下（即时钟频率增加）运行时，就会注入故障，从而导致目标实现中随机位置的幻影故障。另外，将内部位设置为仅对手知道的值，从而使他可以执行有效的SFA。与经典SFA相比，HT使用对目标的控制来规避行为检测测试。实际上，它还会在目标密码的早期轮次中增加无法通过SFA利用的计算错误。导致目标实现中随机位置的幻影错误。另外，将内部位设置为仅对手知道的值，从而使他可以执行有效的SFA。与经典SFA相比，HT使用对目标的控制来规避行为检测测试。实际上，它还会在目标密码的早期轮次中增加无法通过SFA利用的计算错误。导致目标实现中随机位置的幻影错误。另外，将内部位设置为仅对手知道的值，从而使他可以执行有效的SFA。与经典SFA相比，HT使用对目标的控制来规避行为检测测试。实际上，它还会在目标密码的早期轮次中增加无法通过SFA利用的计算错误。