Assessing and Detecting Malicious Hardware in Integrated Circuits

Abstract

System security often focuses on the software, causing hardware security to be overlooked. Such oversight allows for attacks that can completely undermine the use of hardware as the root of trust. During the design of an integrated circuit, there are several opportunities for adversaries to make malicious modifications or insertions to a design. These attacks, known as hardware Trojans, can have catastrophic effects on a circuit if left undetected. This dissertation addresses Trojan impact, and proposes two low-cost detection methods for hardware Trojans inserted at different points in the production pipeline, namely: (1) Trojans hidden within third-party intellectual property (IP) licensed from a vendor, and (2) Trojans inserted during the fabrication steps taking place at external fabrication plants.

Determining whether third-party IP does only its intended function and nothing else is a major challenge. Through comparison of two similar but untrusted designs using design unrolling and Boolean satisfiability, functional differences can be identified for all possible input combinations within a window of time. This technique was tested on multiple Trojan benchmarks and demonstrated effective and accurate detectability.

Process variation poses the greatest obstacle to detecting Trojans in chips. In order to detect Trojans inserted during fabrication, a digital model is created. This model can then be trained using the fabricated chip to account for different parameters, such as process variation. The parameters of the trained model can be used to identify suspicious areas of the chip. Furthermore, this process does not require expensive test equipment, nor does it require a costly golden, trusted chip for comparison.