This document discusses hardware Trojan threats in FPGAs. It proposes a novel metric called the Hardware Trojan Threat Detectability Metric (HDM) that uses weighted physical parameters to detect Trojans. Several Trojans were designed and implemented in an FPGA testbed to compromise systems. HDM increased detection rates to 86% compared to 57% using single parameters. The document analyzes potential attack surfaces in FPGAs and discusses optimization of Trojans to avoid detection.
Detecting Hardware Trojans in FPGAs Using a Novel Metric
1. Design, Implementation and Security Analysis of Hardware Trojan
Threats in FPGA
Devu Manikantan Shila andVivekVenugopal {manikad,venugov}@utrc.utc.com
• Hardware Trojan Threats (HTTs) are virus-like stealthy
malicious components that can infect the Integrated
Circuit (IC).
• With the increasing practice of outsourcing design
and manufacturing steps, various stages of an IC
lifecycle are vulnerable to attacks;
!
!
!
!
!
!
!
!
!
!
• Destructive techniques such as de-packaging, reverse
engineering and imaging of ICs are very expensive and
can be applied to only a selected quantity of ICs.
• Non-destructive techniques such as side-channel
analysis (aka post-silicon analysis) detect malicious
intrusions by vetting the physical characteristics of IC
(power consumption, timing variation, temperature,
layout structures) with a trusted reference model.
Adversary model
[1] D. J.Wheeler and R. M. Needham.TEA, a tiny encryption algorithm, 1995.
[2] T. Huffmire,et. al,“Moats and drawbridges:An isolation primitive for reconfigurable hardware based systems,” in Security and Privacy, 2007. SP ’07. IEEE Symposium on, May 2007, pp. 281–295.
[3]Y.Jin,N.Kupp andY.Makris,“Experiences in Hardware Trojan design and implementation,” in Hardware-Oriented Security andTrust, 2009. HOST ’09. IEEE InternationalWorkshop on, 2009, pp. 50–57
[4] S.Wei, K. Li, F. Koushanfar, and M. Potkonjak,“Hardware trojan horse benchmark via optimal creation and placement of malicious circuitry,” in Design Automation Conference (DAC), 2012 49th ACM/IEEE, 2012.
Implementation and Results
• Our results manifest that using power, timing or utilization, only a maximum of
57% of designed HTTs were detected.
•We proposed a novel metric called HTT detectability metric (HDM) that uses a
weighted combination of various physical parameters.
•The detection rate of HTTs increased to 86% with HDM. We also determine the
optimal HTT detection threshold that minimizes the summation of false alarm and
missed detection probabilities.
•We found that the remaining 14% HTTs can be detected by monitoring IP access
activities.
Introduction
Insights and Conclusion
References
• Propose a novel metric for hardware Trojan
detection, termed as HTT detectability metric (HDM)
that leverages a weighted combination of normalized
physical parameters; carry out analytical studies to
derive the optimal detection threshold that minimizes
the summation of false alarm and missed detection
probabilities.
• Design and implement three hardware Trojans at the
design level in FPGA Root of Trust (RoT) testbed to
defeat the classic trusted hardware model assumptions. DetectionRate(%)
0
25
50
75
100
Power Timing Resource HDM
Detection
System model
Contributions
•The attacker model leads to potential attack surfaces that can
be exploited to successfully leverage an attack, as shown on a
Xilinx Spartan-3AN FPGA development board
• The first testbed consists of a cryptosystem
using the block cipher based on Feistel Networks,
known as the Tiny Encryption Algorithm (TEA).
• The second testbed is a classic Root of Trust
(RoT) design that consists of a secure memory
and a key guard. The authorized module is
allowed to access the contents of memory only
via a guard module.
Denial of Service HTT
Man-In-The-Middle HTT for beating
the authentication in the system
Component Usage Type of Access
FX2 Expansion Port, Expansion Headers,
USB, Ethernet
Leakage/Trigger Physical
ADC, DAC Leakage Physical
Audio Jack, LEDs, LCD,VGA, RS-232 Leakage Physical/Local
External clock Trigger Remote
Switches, Push Buttons Trigger Physical/Local
Address
Logic
Address
Logic
Response
Generator
Challenge
Generator
Encryption
Response
Generator
Memory
Authorized module Unauthorized module
Guard module
Guard system testbed
TEA Encryption/
Decryption module
Always On HTT
keys
input output
LED
keys
TEA Encryption/
Decryption module
Internal Trigger HTT
keys
input output
LED
keys
sequence
detector
enable leak
TEA Encryption/
Decryption modulekeys
input outputLegitimate User
input trigger
HTT
malformed
input
Address
Logic
Address
Logic
Response
Generator
Challenge
Generator
Encryption
Response
Generator
Memory
Authorized module Unauthorized module Guard module
Man-In-
The-
Middle
HTT
TEA Encryption/
Decryption module
keys
input
output
Denial of Service
HTT
clock
gated
clock
track event
occurrences
enable
Legitimate User HTT
Internal Trigger HTT
Always On Trigger HTT
•The target Spartan-3AN FPGA platform was analyzed to list the
potential leakage points, access points and external triggers an
attacker could utilize to design the Trojan.
• Several Trojans were designed and implemented in order to
compromise both testbeds, ranging from internally activated
Trojans to externally activated Trojans. Some HTTs compromised
the device by leaking critical information, while others
compromised by performing a denial of service attack.
• With optimization, prior to and after the Trojan being inserted,
the footprint on the device was reduced, which helped the power,
timing and utilization profiles match more closely that of the
trusted system. HDM =
mp
i=1 Wi
Oi
Ai
DetectionRate(%)
0
25
50
75
100
Threshold
1 2 3 3.1 3.2 3.3 3.6 4 5
Detection
0
25
50
75
100
Threshold
1 3.1 3.2 3.3 3.6 4 5
PFA+PMD
optimal detection threshold
• HTT detectability metric (HDM)
uses a weighted combination of
normalized physical parameters,
Specification Design Synthesis Production First Ship
• Malicious IP blocks (RTL)
• 3rd party tools and models
• Rogue designer
•Add-on scripts
• IP cloning
• Modification of bitstream
• Steal and reverse engineer
FPGA design cycle with initial entry points