research-article

MaxSense: Side-channel Sensitivity Maximization for Trojan Detection Using Statistical Test Patterns

Authors:
Yangdi Lyu

University of Florida, Gainesville, FL, USA

University of Florida, Gainesville, FL, USA
View Profile

,
Prabhat Mishra

University of Florida, Gainesville, FL, USA

University of Florida, Gainesville, FL, USA
View Profile

ACM Transactions on Design Automation of Electronic Systems Volume 26 Issue 3Article No.: 22pp 1–21https://doi.org/10.1145/3436820

Published:06 January 2021Publication History

ACM Transactions on Design Automation of Electronic Systems

Abstract

Detection of hardware Trojans is vital to ensure the security and trustworthiness of System-on-Chip (SoC) designs. Side-channel analysis is effective for Trojan detection by analyzing various side-channel signatures such as power, current, and delay. In this article, we propose an efficient test generation technique to facilitate side-channel analysis utilizing dynamic current. While early work on current-aware test generation has proposed several promising ideas, there are two major challenges in applying it on large designs: (i) The test generation time grows exponentially with the design complexity, and (ii) it is infeasible to detect Trojans, since the side-channel sensitivity is marginal compared to the noise and process variations. Our proposed work addresses both challenges by effectively exploiting the affinity between the inputs and rare (suspicious) nodes. The basic idea is to quickly find the profitable ordered pairs of test vectors that can maximize side-channel sensitivity. This article makes two important contributions: (i) It proposed an efficient test generation algorithm that can produce the first patterns in the test vectors to maximize activation of suspicious nodes using an SMT solver, and (ii) it developed a genetic-algorithm based test generation technique to produce the second patterns in the test vectors to maximize the switching in the suspicious regions while minimizing the switching in the rest of the design. Our experimental results demonstrate that we can drastically improve both the side-channel sensitivity (62× on average) and time complexity (13× on average) compared to the state-of-the-art test generation techniques.

References

[n.d.]. ISCAS85 Combinational Benchmark Circuits. Retrieved on May 2020 from https://filebox.ece.vt.edu/~mhsiao/iscas85.html.Google Scholar
[n.d.]. ISCAS89 Sequential Benchmark Circuits. Retrieved from https://filebox.ece.vt.edu/~mhsiao/iscas89.html.Google Scholar
[n.d.]. OpenCores. Retrieved from https://www.opencores.org/.Google Scholar
[n.d.]. TrustHub. Retrieved from https://www.trust-hub.org/.Google Scholar
I. H. Abbassi, F. Khalid, O. Hasan, A. M. Kamboh, and M. Shafique. 2018. McSeVIC: A model checking based framework for security vulnerability analysis of integrated circuits. IEEE Access 6 (2018), 32240--32257. DOI:https://doi.org/10.1109/ACCESS.2018.2846583Google ScholarCross Ref
D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar. 2007. Trojan detection using IC fingerprinting. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). 296--310. DOI:https://doi.org/10.1109/SP.2007.36Google Scholar
Alif Ahmed, Farimah Farahmandi, Yousef Iskander, and Prabhat Mishra. 2018. Scalable hardware Trojan activation by interleaving concrete simulation and symbolic execution. In Proceedings of the IEEE International Test Conference (ITC’18).Google ScholarCross Ref
M. E. Amyeen, S. Venkataraman, A. Ojha, and Sangbong Lee. 2004. Evaluation of the quality of N-detect scan ATPG patterns on a processor. In Proceedings of the International Conference on Test. 669--678.Google ScholarCross Ref
Bharathan Balaji, John McCullough, Rajesh K. Gupta, and Yuvraj Agarwal. 2012. Accurate characterization of the variability in power consumption in modern mobile processors. In Proceedings of the Workshop on Power-aware Computing and Systems. USENIX. Retrieved from https://www.usenix.org/conference/hotpower12/workshop-program/presentation/Balaji.Google Scholar
Mainak Banga, Maheshwar Chandrasekar, Lei Fang, and Michael S. Hsiao. 2008. Guided test generation for isolation and detection of embedded trojans in ICs. In Proceedings of the 18th ACM Great Lakes Symposium on VLSI (GLSVLSI’08). ACM, New York, NY, 363--366. DOI:https://doi.org/10.1145/1366110.1366196Google Scholar
C. Bao, D. Forte, and A. Srivastava. 2015. Temperature tracking: Toward robust run-time detection of hardware Trojans. IEEE Trans. Comput.-aided Des. Integ. Circ. Syst. 34, 10 (Oct. 2015), 1577--1585. DOI:https://doi.org/10.1109/TCAD.2015.2424929Google ScholarDigital Library
Amin Bazzazi, Mohammad Taghi Manzuri Shalmani, and Ali Mohammad Hemmatyar. 2017. Hardware Trojan detection based on logical testing. J. Electron. Test. 33, 4 (Aug. 2017), 381--395. DOI:https://doi.org/10.1007/s10836-017-5670-0Google ScholarDigital Library
S. Bhunia, M. S. Hsiao, M. Banga, and S. Narasimhan. 2014. Hardware Trojan attacks: Threat analysis and countermeasures. Proc. IEEE 102, 8 (Aug. 2014), 1229--1247. DOI:https://doi.org/10.1109/JPROC.2014.2334493Google ScholarCross Ref
Rajat Subhra Chakraborty, Francis Wolff, Somnath Paul, Christos Papachristou, and Swarup Bhunia. 2009. MERO: A Statistical Approach for Hardware Trojan Detection. Springer Berlin, 396--410.Google Scholar
Mingsong Chen, Xiaoke Qin, Heon-Mo Koo, and Prabhat Mishra. 2012. System-level Validation: High-level Modeling and Directed Test Generation Techniques. Springer Publishing Company, Incorporated.Google ScholarDigital Library
X. Chen, L. Wang, Y. Wang, Y. Liu, and H. Yang. 2017. A general framework for hardware Trojan detection in digital circuits by statistical learning algorithms. IEEE Trans. Comput.-aided Des. Integ. Circ. Syst. 36, 10 (Oct. 2017), 1633--1646. DOI:https://doi.org/10.1109/TCAD.2016.2638442Google ScholarDigital Library
F. Courbon, P. Loubet-Moundi, J. J. A. Fournier, and A. Tria. 2015. A high efficiency hardware Trojan detection technique based on fast SEM imaging. In Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE’15). 788--793. DOI:https://doi.org/10.7873/DATE.2015.1104Google Scholar
J. Cruz, F. Farahmandi, A. Ahmed, and P. Mishra. 2018. Hardware Trojan detection using ATPG and model checking. In Proceedings of the 31st International Conference on VLSI Design and the 17th International Conference on Embedded Systems (VLSID’18). 91--96. DOI:https://doi.org/10.1109/VLSID.2018.43Google Scholar
Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In Proceedings of the International Conference on Tools and Algorithms for the Construction and Analysis of Systems. 337--340.Google ScholarDigital Library
F. Farahmandi, Y. Huang, and P. Mishra. 2017. Trojan localization using symbolic algebra. In Proceedings of the 22nd Asia and South Pacific Design Automation Conference (ASP-DAC’17). 591--597. DOI:https://doi.org/10.1109/ASPDAC.2017.7858388Google Scholar
Farimah Farahmandi, Yuanwen Huang, and Prabhat Mishra. 2019. System-on-Chip Security: Validation and Verification. Springer Nature.Google Scholar
S. Ghosh, A. Basak, and S. Bhunia. 2015. How secure are printed circuit boards against Trojan attacks? IEEE Des. Test 32, 2 (Apr. 2015), 7--16. DOI:https://doi.org/10.1109/MDAT.2014.2347918Google ScholarCross Ref
Yuanwen Huang, Swarup Bhunia, and Prabhat Mishra. 2016. MERS: Statistical test generation for side-channel analysis based Trojan detection. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, New York, NY, 130--141. DOI:https://doi.org/10.1145/2976749.2978396Google ScholarDigital Library
Y. Huang, S. Bhunia, and P. Mishra. 2018. Scalable test generation for Trojan detection using side channel analysis. IEEE Trans. Inf. Forens. Secur. 13, 11 (Nov. 2018), 2746--2760. DOI:https://doi.org/10.1109/TIFS.2018.2833059Google ScholarCross Ref
Charalambos Ioannides and Kerstin I. Eder. 2012. Coverage-directed test generation automated by machine learning—A review. ACM Trans. Des. Autom. Electron. Syst. 17, 1 (Jan. 2012). DOI:https://doi.org/10.1145/2071356.2071363Google ScholarDigital Library
D. Ismari, J. Plusquellic, C. Lamech, S. Bhunia, and F. Saqib. 2016. On detecting delay anomalies introduced by hardware Trojans. In Proceedings of the IEEE/ACM International Conference on Computer-aided Design (ICCAD’16). 1--7. DOI:https://doi.org/10.1145/2966986.2967061Google Scholar
N. Jacob, D. Merli, J. Heyszl, and G. Sigl. 2014. Hardware Trojans: Current challenges and approaches. IET Comput. Dig. Tech. 8, 6 (2014), 264--273. DOI:https://doi.org/10.1049/iet-cdt.2014.0039Google ScholarCross Ref
Yier Jin and Y. Makris. 2008. Hardware Trojan detection using path delay fingerprint. In Proceedings of the IEEE International Workshop on Hardware-oriented Security and Trust. 51--57. DOI:https://doi.org/10.1109/HST.2008.4559049Google Scholar
Yangdi Lyu and Prabhat Mishra. 2018. A survey of side-channel attacks on caches and countermeasures. J. Hardw. Syst. Secur. 2, 1 (01 Mar. 2018), 33--50. DOI:https://doi.org/10.1007/s41635-017-0025-yGoogle ScholarCross Ref
Yangdi Lyu and Prabhat Mishra. 2019. Efficient test generation for Trojan detection using side channel analysis. In Proceedings of the Design Automation and Test in Europe Conference (DATE’19).Google ScholarCross Ref
Yangdi Lyu and Prabhat Mishra. 2020. Automated test generation for activation of assertions in RTL models. In Proceedings of the Asia and South Pacific Design Automation Conference (ASPDAC’20).Google ScholarDigital Library
Yangdi Lyu and Prabhat Mishra. 2020. Automated test generation for Trojan detection using delay-based side channel analysis. In Proceedings of the Design Automation and Test in Europe Conference (DATE’20).Google ScholarCross Ref
Yangdi Lyu and Prabhat Mishra. 2020. Scalable activation of rare triggers in hardware Trojans by repeated maximal clique sampling. IEEE Trans. Comput.-aided Des. Integ. Circ. Syst. (2020). DOI:https://doi.org/10.1109/TCAD.2020.3019984Google ScholarCross Ref
Yangdi Lyu and Prabhat Mishra. 2020. Scalable concolic testing of RTL models. IEEE Trans. Comput. (2020). DOI:https://doi.org/10.1109/TC.2020.2997644Google ScholarCross Ref
Prabhat Mishra, Swarup Bhunia, and Mark Tehranipoor. 2017. Hardware IP Security and Trust (1st ed.). Springer Publishing Company, Incorporated.Google Scholar
Melanie Mitchell. 1996. An Introduction to Genetic Algorithms. The MIT Press, Cambridge, MA.Google Scholar
S. Narasimhan, D. Du, R. S. Chakraborty, S. Paul, F. G. Wolff, C. A. Papachristou, K. Roy, and S. Bhunia. 2013. Hardware Trojan detection by multiple-parameter side-channel analysis. IEEE Trans. Comput. 62, 11 (Nov. 2013), 2183--2195. DOI:https://doi.org/10.1109/TC.2012.200Google ScholarDigital Library
A. N. Nowroz, K. Hu, F. Koushanfar, and S. Reda. 2014. Novel techniques for high-sensitivity hardware Trojan detection using thermal and power maps. IEEE Trans. Comput.-aided Des. Integ. Circ. Syst. 33, 12 (2014), 1792--1805.Google ScholarCross Ref
Zhixin Pan and Prabhat Mishra. 2021. Automated test generation for hardware Trojan detection using reinforcement learning. In Proceedings of the Asia and South Pacific Design Automation Conference (ASPDAC’21).Google ScholarDigital Library
Zhixin Pan, Jennifer Sheldon, and Prabhat Mishra. 2020. Test generation using reinforcement learning for delay-based side-channel analysis. In Proceedings of the IEEE/ACM International Conference on Computer-aided Design (ICCAD’20).Google ScholarDigital Library
Jim Plusquellic and Fareena Saqib. 2018. Detecting Hardware Trojans Using Delay Analysis. Springer International Publishing, Cham, 219--267. DOI:https://doi.org/10.1007/978-3-319-68511-3_10Google Scholar
I. Pomeranz and S. M. Reddy. 2004. A measure of quality for n-detection test sets. IEEE Trans. Comput. 53, 11 (Nov. 2004), 1497--1503.Google ScholarDigital Library
R. Rad, J. Plusquellic, and M. Tehranipoor. 2010. A sensitivity analysis of power signal methods for detecting hardware Trojans under real process and environmental conditions. IEEE Trans. Very Large Scale Integ. (VLSI) Syst. 18, 12 (Dec. 2010), 1735--1744.Google ScholarDigital Library
S. K. Rao, D. Krishnankutty, R. Robucci, N. Banerjee, and C. Patel. 2015. Post-layout estimation of side-channel power supply signatures. In Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST’15). 92--95. DOI:https://doi.org/10.1109/HST.2015.7140244Google ScholarCross Ref
E. M. Rudnick, J. H. Patel, G. S. Greenstein, and T. M. Niermann. 1997. A genetic algorithm framework for test generation. IEEE Trans. Comput.-aided Des. Integ. Circ. Syst. 16, 9 (Sep. 1997), 1034--1044. DOI:https://doi.org/10.1109/43.658571Google ScholarDigital Library
Sayandeep Saha, Rajat Subhra Chakraborty, Srinivasa Shashank Nuthakki, Anshul, and Debdeep Mukhopadhyay. 2015. Improved Test Pattern Generation for Hardware Trojan Detection Using Genetic Algorithm and Boolean Satisfiability. Springer Berlin, 577--596.Google Scholar
H. Salmani, M. Tehranipoor, and J. Plusquellic. 2012. A novel technique for improving hardware Trojan detection and reducing Trojan activation time. IEEE Trans. Very Large Scale Integ. (VLSI) Syst. 20, 1 (Jan. 2012), 112--125. DOI:https://doi.org/10.1109/TVLSI.2010.2093547Google ScholarDigital Library
M. Tehranipoor and F. Koushanfar. 2010. A survey of hardware Trojan taxonomy and detection. IEEE Des. Test Comput. 27, 1 (Jan. 2010), 10--25. DOI:https://doi.org/10.1109/MDT.2010.7Google ScholarDigital Library
Adam Waksman, Matthew Suozzo, and Simha Sethumadhavan. 2013. FANCI: Identification of stealthy malicious logic using Boolean functional analysis. In Proceedings of the ACM SIGSAC Conference on Computer Communications Security. ACM, New York, NY, 697--708.Google ScholarDigital Library
F. Wolff, C. Papachristou, S. Bhunia, and R. S. Chakraborty. 2008. Towards Trojan-free trusted ICs: Problem analysis and detection scheme. In Proceedings of the Design, Automation and Test in Europe Conference (DATE’08). 1362--1365. DOI:https://doi.org/10.1109/DATE.2008.4484928Google Scholar
T. F. Wu, K. Ganesan, Y. A. Hu, H. P. Wong, S. Wong, and S. Mitra. 2016. TPAD: Hardware Trojan prevention and detection for trusted integrated circuits. IEEE Trans. Comput.-aided Des. Integ. Circ. Syst. 35, 4 (Apr. 2016), 521--534.Google ScholarDigital Library
K. Xiao, D. Forte, Y. Jin, R. Karri, S. Bhunia, and M. Tehranipoor. 2016. Hardware Trojans: Lessons learned after one decade of research. ACM Trans. Des. Autom. Electron. Syst. 22, 1 (May 2016). DOI:https://doi.org/10.1145/2906147Google ScholarDigital Library
Z. Zhou, U. Guin, and V. D. Agrawal. 2018. Modeling and test generation for combinational hardware Trojans. In Proceedings of the IEEE 36th VLSI Test Symposium (VTS’18). 1--6.Google Scholar

Index Terms

MaxSense: Side-channel Sensitivity Maximization for Trojan Detection Using Statistical Test Patterns
1. Hardware
  1. Hardware test
    1. Test-pattern generation and fault simulation
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Hardware Trojan detection has emerged as a critical challenge to ensure security and trustworthiness of integrated circuits. A vast majority of research efforts in this area has utilized side-channel analysis for Trojan detection. Functional test ...
Read More
Golden-Free Hardware Trojan Detection with High Sensitivity Under Process Noise

Malicious modification of integrated circuits in untrusted design house or foundry has emerged as a major security threat. Such modifications, popularly referred to as Hardware Trojans, are difficult to detect during manufacturing test. Sequential ...
Read More
Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering
CHES '09: Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems

The general trend in semiconductor industry to separate design from fabrication leads to potential threats from untrusted integrated circuit foundries. In particular, malicious hardware components can be covertly inserted at the foundry to implement ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Design Automation of Electronic Systems Volume 26, Issue 3
May 2021
171 pages
ISSN:1084-4309
EISSN:1557-7309
DOI:10.1145/3444754
Editor:
X. Sharon Hu
University of Notre Dame, USA
Issue’s Table of Contents
Copyright © 2021 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 6 January 2021
- Accepted: 1 November 2020
- Revised: 1 September 2020
- Received: 1 May 2020
Published in todaes Volume 26, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Hardware Trojan detection
dynamic current
side-channel analysis
test generation
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 18
  Total Citations
  View Citations
- 174
  Total Downloads
- Downloads (Last 12 months)28
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

MaxSense: Side-channel Sensitivity Maximization for Trojan Detection Using Statistical Test Patterns

ACM Transactions on Design Automation of Electronic Systems

Abstract

References

Cited By

Index Terms

Recommendations

MERS: Statistical Test Generation for Side-Channel Analysis based Trojan Detection

Golden-Free Hardware Trojan Detection with High Sensitivity Under Process Noise

Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering