Skip to main content
SpringerLink
Log in

A Framework for Hardware Trojan Vulnerability Estimation and Localization in RTL Designs

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

As the design complexity increases, the attack space for malicious modifications in the design also increases. Attackers in untrusted phases during the Integrated Circuit (IC) design cycle may embed a Hardware Trojan (HT). A potential and stealthy HT is triggered with nets that rarely switch during regular circuit operation. Detection of HT in the host design requires exhaustive simulation to activate the HT during pre- and post-silicon. For analyzing HT vulnerability, we present a modeling approach to capture the rare nets using word-level statistics of the inputs. It provides the capability to locate macro-block(s) in a Register Transfer Level (RTL) design to estimate the rare triggering nets. Given RTL description of a design, we decompose the design into a subset of basic arithmetic modules, each of which is pre-characterized (empirically and analytically) by which we evaluate the design for quick estimation of HT vulnerable macro-block(s). The relative impact of mapping the design to a particular module from its analytical characteristics can be used to detect “low activity” and “local regions” without expensive low-level simulation. We implement the model over a wide range of input signal statistics for Digital Signal Processing (DSP) Intellectual Property (IP) cores, and the average estimation error for different bit-widths and correlations is less than 2%. We also propose cost functions during mapping and show that identification of rare activity blocks (nets) at a higher level is closely related to the simulation results. The final mapping that identifies the candidate arithmetic modules can minimize HT vulnerability in design at the cost of accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Tehranipoor M, Koushanfar F (2010) A survey of hardware trojan taxonomy and detection. IEEE Design Test of Computers 27(1):10–25

    Article  Google Scholar 

  2. Alkabani Y, Koushanfar F (2008) Extended abstract: designer’s hardware Trojan horse. In: 2008 IEEE HOST, pp 82–83

  3. Hicks M, et al. (2010) Overcoming an untrusted computing base: detecting and removing malicious hardware automatically. In: 2010 IEEE S & P, pp 159–172

  4. Waksman A, et al. (2013) FANCI: identification of stealthy malicious logic using Boolean functional analysis. In: ACM CCS. ACM, New York, pp 697–708

  5. Sturton C, et al. (2011) Defeating UCI: building stealthy and malicious hardware. In: IEEE security and privacy. IEEE Computer Society, Washington, pp 64–77

  6. Haider SK, et al. (2017) Advancing the state-of-the-art in hardware trojans design. In: IEEE MWSCAS, pp 823–826

  7. Haider SK, et al. (2019) Advancing the state-of-the-art in hardware trojans detection. IEEE TDSC 16(1):18–32

    MathSciNet  Google Scholar 

  8. Banga M, et al. (2008) Guided test generation for isolation and detection of embedded trojans in ICs. In: ACM GLSVLSI. ACM, New York, pp 363–366

  9. Zhang X, et al. (2000) Low-power weighted random pattern testing. IEEE TCAD 19(11):1389–1398

    Google Scholar 

  10. Ramprasad S, et al. (1997) Analytical estimation of signal transition activity from word-level statistics. IEEE TCAD 16(7):718–733

    Google Scholar 

  11. Xakellis MG, Najm FN (1994) Statistical estimation of the switching activity in digital circuitry. In: 31st DAC, pp 728–733

  12. Chakraborty RS, et al. (2009) MERO: a statistical approach for hardware Trojan detection. In: CHES 2009. Springer, pp 396–410

  13. Huang Y, et al. (2016) MERS: statistical test generation for side-channel analysis based Trojan detection. In: Proceedings of the CCS. ACM, New York, pp 130–141

  14. Saha S, et al. (2015) Improved test pattern generation for hardware trojan detection using genetic algorithm and Boolean satisfiability. In: CHES 2015, pp 577–596

  15. Salmani H, et al. (2012) A novel technique for improving hardware Trojan detection and reducing trojan activation time. IEEE TVLSI 20(1):112–125

    Google Scholar 

  16. Li H, et al. (2015) A survey of hardware trojan detection, diagnosis and prevention. In: 2015 CAD/Graphics, pp 173–180

  17. Cha B, Gupta SK (2012) Efficient Trojan detection via calibration of process variations. In: 2012 IEEE 21st ATS, pp 355–361

  18. Ismari D, et al. (2016) On detecting delay anomalies introduced by hardware Trojans. In: 2016 IEEE/ACM ICCAD, pp 1–7

  19. Zhang J, et al. (2014) Detrust: defeating hardware trust verification with stealthy implicitly-triggered hardware Trojans. In: ACM CCS. ACM, New York, pp 153–166

  20. Salmani H, Tehranipoor M (2013) Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level. In: 2013 IEEE DFTS, pp 190–195

  21. Piccolboni L, et al. (2017) Efficient control-flow subgraph matching for detecting hardware Trojans in RTL models. ACM TECS 16(5s):137:1–137:19

    Google Scholar 

  22. Nahiyan A, et al. (2017) Hardware Trojan detection through information flow security verification. In: 2017 IEEE ITC, pp 1–10

  23. Jin Y, et al. (2013) Cycle-accurate information assurance by proof-carrying based signal sensitivity tracing. In: 2013 IEEE HOST, pp 99–106

  24. Rajendran J, et al. (2015) Detecting malicious modifications of data in third-party intellectual property cores. In: 2015 52nd DAC, pp 1–6

  25. Diao Y, et al. (2016) Coupling reverse engineering and sat to tackle NP-complete arithmetic circuitry verification in O(of gates). In: 2016 ASP-DAC, pp 139–146

  26. Xu J, et al. (2012) Enhanced reachability analysis via automated dynamic netlist-based hint generation. In: 2012 FMCAD, pp 157–164

  27. Landman PE, Rabaey JM (1995) Architectural power analysis: the dual bit type method. IEEE TVLSI 3(2):173–187

    Google Scholar 

  28. Subramanyan P, et al. (2014) Reverse engineering digital circuits using structural and functional analyses. IEEE TETC 2(1):63–80

    Google Scholar 

  29. Li H, Liu Q (2014) Hardware Trojan detection acceleration based on word-level statistical properties management. In: 2014 FPT, pp 153–160

  30. Cakir B, Malik S (2015) Hardware Trojan detection for gate-level ICs using signal correlation based clustering. In: 2015 DATE, pp 471–476

  31. Zhao W, et al. (2018) Hardware Trojan detection based on signal correlation. In: 2018 IEEE ATS, pp 80–85

  32. Jha S, Jha SK (2008) Randomization based probabilistic approach to detect Trojan circuits. In: 2008 IEEE HASES, pp 117–124

  33. Zhou B, et al. (2014) A low cost acceleration method for hardware Trojan detection based on fan-out cone analysis. In: 2014 CODES+ISSS, pp 1–10

  34. Ardeshiricham A, et al. (2017) Register transfer level information flow tracking for provably secure hardware design. In: DATE, pp 1691–1696

  35. Hu W, et al. (2018) Property specific information flow analysis for hardware security verification. ICCAD ’18. ACM, New York, pp 89:1–89:8

  36. Hu W, et al. (2016) Detecting hardware trojans with gate-level information-flow tracking. Computer 49(8):44–52

    Article  Google Scholar 

  37. JasperGold®;. https://tinyurl.com/yaqexzcd

  38. Xiao K, et al. (2016) Hardware trojans: lessons learned after one decade of research. ACM TODAES 22(1):6:1–6:23

    Article  Google Scholar 

  39. Mitra S, et al. (2015) Stopping hardware trojans in their tracks. IEEE Spectr 20:2015

    Google Scholar 

  40. Bobba S, et al. (1998) Analytical expressions for average bit statistics of signal lines in DSP architectures. In: ISCAS ’98, vol 6, pp 33–36

  41. Satyanarayana JH, Parhi KK (1999) Theoretical analysis of word-level switching activity in the presence of glitching and correlation. In: GLSVLSI, pp 46–49

  42. Nikolaidis S, et al. (2000) Estimation of signal transition activity in FIR filters implemented by a MAC architecture. IEEE TCAD 19(1):164–169

    Google Scholar 

  43. Canright D (2005) A very compact S-box for AES. In: Cryptographic hardware and embedded systems – CHES 2005. Springer, Berlin, pp 441–455

  44. Proakis JG, Manolakis DK (2006) Digital signal processing, 4th edn. Prentice-Hall, Inc., Englewood Cliffs

    Google Scholar 

  45. Rose O (1995) Statistical properties of MPEG video traffic and their impact on traffic modeling in ATM systems. In: Proceedings of LCN, pp 397–406

  46. Gupta S, Katkoori S (2005) Intrabus crosstalk estimation using word-level statistics. IEEE TCAD 24(3):469–478

    Google Scholar 

  47. Parhi KK (2007) VLSI digital signal processing systems: design and implementation. Wiley, New York

    Google Scholar 

  48. Synopsys VCS. https://www.synopsys.com/verification/simulation/vcs.htmlhttps://www.synopsys.com/verification/simulation/vcs.html

  49. Clarke JA, et al. (2008) Glitch-aware output switching activity from word-level statistics. In: 2008 ISCS, pp 1792–1795

  50. TetraMAX. https://www.synopsys.com/support/training/signoff/tmax1-fcd.html

  51. Bushnell M, Agrawal V (2004) Essentials of electronic testing for digital, memory and mixed-signal VLSI circuits, vol 17. Springer, Berlin

    Google Scholar 

  52. EXPRESS. https://www.ece.ucsb.edu/EXPRESS/benchmark/

  53. Salmani H (2013) On design vulnerability analysis and trust benchmarks development. In: 2013 IEEE ICCD, pp 471–474

  54. Islam SA, et al. (2018) Empirical word-level analysis of arithmetic module architectures for hardware trojan susceptibility. In: 2018 AsianHOST, pp 109–114

  55. Islam SA, et al. (2020) Analytical estimation and localization of hardware trojan vulnerability in RTL designs. In: 2020 ISQED, pp 149–154

  56. Luo J, et al. (2006) Register binding-based RTL power management for control-flow intensive designs. IEEE TCAD 23(8):1175–1183

    Google Scholar 

  57. Wang W, et al. (2003) A comprehensive high-level synthesis system for control-flow intensive behaviors. In: Proceedings GLSVLSI, ACM, pp 11–14

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of South Florida, Tampa, FL, USA

    Sheikh Ariful Islam, Love Kumar Sah & Srinivas Katkoori

Authors
  1. Sheikh Ariful Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Love Kumar Sah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Srinivas Katkoori
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sheikh Ariful Islam.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Islam, S.A., Sah, L.K. & Katkoori, S. A Framework for Hardware Trojan Vulnerability Estimation and Localization in RTL Designs. J Hardw Syst Secur 4, 246–262 (2020). https://doi.org/10.1007/s41635-020-00100-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-020-00100-2

Keywords

Search

Navigation