ABSTRACT
This paper presents design and integration of four hardware Trojans (HTs) into a post-quantum-crypto-enhanced RISC-V micro-controller, which was taped-out in September 2020. We cover multiple HTs ranging from a simple denial-of-service HT to a side-channel HT transmitting arbitrary information to external observers. For each HT, we give estimations of the detectability by the microcontroller-integration team using design tools or by simulation. We conclude that some HTs are easily detected by design-tool warnings. Other powerful HTs, modifying software control flow, cause little disturbance, but require covert executable code modifications. With this work, we strengthen awareness for HT risks and present a realistic testing device for HT detection tools.
- S. Adee. 2008. The Hunt For The Kill Switch. IEEE Spectr., 45, 5, (May 2008), 34--39. Google ScholarDigital Library
- Roberto Avanzi et al. 2019. CRYSTALS-Kyber (version 2.0). https://pq-crystals.org/kyber/data/kyber-specification-round2.pdf.Google Scholar
- Reza Azarderakhsh et al. 2020. Supersingular Isogeny Key Encapsulation. https://sike.org/files/SIDH-spec.pdf.Google Scholar
- S. Bhasin, J. Danger, S. Guilley, X. T. Ngo, and L. Sauvage. 2013. Hardware Trojan Horses in Cryptographic IP Cores. In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography. (Aug. 2013), 15--29. Google ScholarDigital Library
- J. Cruz, Y. Huang, P. Mishra, and S. Bhunia. 2018. An automated configurable Trojan insertion framework for dynamic trust benchmarks. In 2018 Design, Automation Test in Europe Conference Exhibition (DATE), 1598--1603. Google ScholarCross Ref
- A. Ferraiuolo, X. Zhang, and M. Tehranipoor. 2012. Experimental analysis of a ring oscillator network for hardware Trojan detection in a 90nm ASIC. In Proc. 2012 IEEE/ACM Int. Conf. on Comput.-Aided Des.. (Nov. 2012), 37--42.Google Scholar
- Eiichiro Fujisaki and Tatsuaki Okamoto. 2013. Secure Integration of Asymmetric and Symmetric Encryption Schemes. J. Cryptology, 26, 1, 80--101. Google ScholarDigital Library
- M. Gautschi, P. D. Schiavone, A. Traber, I. Loi, A. Pullini, D. Rossi, E. Flamand, F. K. Gürkaynak, and L. Benini. 2017. Near-Threshold RISC-V Core With DSP Extensions for Scalable IoT Endpoint Devices. IEEE Trans. Very Large Scale Integr. (VLSI) Syst., 25, 10, 2700--2713. Google ScholarDigital Library
- Syed Kamran Haider, Chenglu Jin, and Marten van Dijk. 2016. Advancing the State-of-the-Art in Hardware Trojans Design. CoRR, abs/1605.08413. arXiv: 1605.08413.Google Scholar
- R. Karri, J. Rajendran, K. Rosenfeld, and M. Tehranipoor. 2010. Trustworthy Hardware: Identifying and Classifying Hardware Trojans. Computer, 43, 10, (Oct. 2010), 39--46. Google ScholarDigital Library
- Samuel T King, Joseph Tucek, Anthony Cozzie, Chris Grier, Weihang Jiang, and Yuanyuan Zhou. 2008. Designing and Implementing Malicious Hardware. Leet, 8, 1--8.Google ScholarDigital Library
- Xavier Leroy. 2009. Formal Verification of a Realistic Compiler. Commun. ACM, 52, 7, (July 2009), 107--115. Google ScholarDigital Library
- Lang Lin, Markus Kasper, Tim Güneysu, Christof Paar, and Wayne Burleson. 2009. Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering. In Proc. CHES '09. Christophe Clavier and Kris Gaj, (Eds.) Springer Berlin Heidelberg, Berlin, Heidelberg, 382--395. ISBN: 978-3-642-04138-9.Google ScholarDigital Library
- Y. Liu, Y. Jin, A. Nosratinia, and Y. Makris. 2017. Silicon Demonstration of Hardware Trojan Design and Detection in Wireless Cryptographic ICs. IEEE Trans. Very Large Scale Integr. (VLSI) Syst, 25, 4, 1506--1519. Google ScholarDigital Library
- D. Merli, J. Heyszl, B. Heinz, D. Schuster, F. Stumpf, and G. Sigl. 2013. Localized electromagnetic analysis of RO PUFs. In 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 19--24. Google ScholarCross Ref
- Michael Muehlberghuber, Frank K. Gürkaynak, Thomas Korak, Philipp Dunst, and Michael Hutter. 2013. Red Team vs. Blue Team Hardware Trojan Analysis: Detection of a Hardware Trojan on an Actual ASIC. In Proc. 2nd Int. Workshop on Hardware and Architectural Support for Secur. and Privacy Article 1, 8 pages. ISBN: 9781450321181. Google ScholarDigital Library
- OpenHW Group. 2020. PULP Hardware Loop Extensions. Retrieved Mar. 25, 2020 from https://core-v-docs-verif-strat.readthedocs.io/projects/cv32e40p_um/en/latest/pulp_hw_loop.html.Google Scholar
- Bicky Shakya, Tony He, Hassan Salmani, Domenic Forte, Swarup Bhunia, and Mark Tehranipoor. 2017. Benchmarking of Hardware Trojans and Maliciously Affected Circuits. HASS, 1, 1, (Mar. 2017), 85--102. Google ScholarCross Ref
- Sergei Skorobogatov and Christopher Woods. 2012. Breakthrough Silicon Scanning Discovers Backdoor in Military Chip. In Proc. 2012 Int. Workshop on Cryptographic Hardware and Embedded Syst., 23--40. ISBN: 978-3-642-33027-8.Google ScholarDigital Library
- X. Wang, T. Mal-Sarkar, A. Krishna, S. Narasimhan, and S. Bhunia. 2012. Software exploitable hardware Trojans in embedded processor. In 2012 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 55--58. Google ScholarDigital Library
- K. Xiao, D. Forte, Y. Jin, R. Karri, S. Bhunia, and M. Tehranipoor. 2016. Hardware Trojans: Lessons Learned after One Decade of Research. ACM Trans. Des. Automat. Electron. Syst., 22, 1, Article 6, (May 2016), 23 pages. Google ScholarDigital Library
- Mingfu Xue, Chongyan Gu, Weiqiang Liu, Shichao Yu, and Máire O'Neill. 2020. Ten years of hardware Trojans: a survey from the attacker's perspective. IET Comput. & Digit. Techn., 14, 6, (Nov. 2020), 231--246.Google Scholar
- K. Yang, M. Hicks, Q. Dong, T. Austin, and D. Sylvester. 2016. A2: Analog Malicious Hardware. In Proc. 2016 IEEE Symp. on Secur. and Privacy, 18--37. Google ScholarCross Ref
Index Terms
- Tapeout of a RISC-V crypto chip with hardware trojans: a case-study on trojan design and pre-silicon detectability
Recommendations
Is your FPGA bitstream Hardware Trojan-free? Machine learning can provide an answer
AbstractSoftware exploitable Hardware Trojan Horses (HTHs) inserted into commercial CPUs allow the attacker to run his/her own software or to gain unauthorized privileges. Recently a novel menace raised: HTHs inserted by CAD tools. A ...
How to Build Hardware Trojans
TrustED '14: Proceedings of the 4th International Workshop on Trustworthy Embedded DevicesCountless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCADA ...
Stealthy Dopant-Level Hardware Trojans
Cryptographic Hardware and Embedded Systems - CHES 2013AbstractIn recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be ...
Comments