Timothy Trippel
ABSTRACT
Since the inception of the Integrated Circuit (IC), the size of the transistors used to construct them has continually shrunk. While this advancement significantly improves computing capability, fabrication costs have skyrocketed. As a result, most IC designers must now outsource fabrication. Outsourcing, however, presents a security threat: comprehensive post-fabrication inspection is infeasible given the size of modern ICs, so it is nearly impossible to know if the foundry has altered the original design during fabrication (i.e., inserted a hardware Trojan). Defending against a foundry-side adversary is challenging because—even with as few as two gates—hardware Trojans can completely undermine software security. Researchers have attempted to both detect and prevent foundry-side attacks, but all existing defenses are ineffective against additive Trojans with footprints of a few gates or less.
We present Targeted Tamper-Evident Routing (T-TER), a layout-level defense against untrusted foundries, capable of thwarting the insertion of even the stealthiest hardware Trojans. T-TER is directed and routing-centric: it prevents foundry-side attackers from routing Trojan wires to, or directly adjacent to, security-critical wires by shielding them with guard wires. Unlike shield wires commonly deployed for cross-talk reduction, T-TER guard wires pose an additional technical challenge: they must be tamper-evident in both the digital (deletion attacks) and analog (move and jog attacks) domains. We address this challenge by developing a class of designed-in guard wires that are added to the design specifically to protect security-critical wires. T-TER’s guard wires incur minimal overhead, scale with design complexity, and provide tamper-evidence against attacks. We implement automated tools (on top of commercial CAD tools) for deploying guard wires around targeted nets within an open-source System-on-Chip. Lastly, using an existing IC threat assessment toolchain, we show T-TER defeats even the stealthiest known hardware Trojan, with ≈ 1% overhead.
- Dakshi Agrawal, Selcuk Baktir, Deniz Karakoyunlu, Pankaj Rohatgi, and Berk Sunar. 2007. Trojan Detection using IC fingerprinting. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
Digital Library
- Yousra Alkabani and Farinaz Koushanfar. 2008. Designer’s hardware Trojan horse. In IEEE International Workshop on Hardware-Oriented Security and Trust (HOST).Google Scholar
- Papa-Sidy Ba, Sophie Dupuis, Manikandan Palanichamy, Giorgio Di Natale, Bruno Rouzeyre, 2016. Hardware Trust through Layout Filling: a Hardware Trojan Prevention Technique. In IEEE Computer Society Annual Symposium on VLSI (ISVLSI).Google ScholarCross Ref
- Papa-Sidy Ba, Manikandan Palanichamy, Sophie Dupuis, Marie-Lise Flottes, Giorgio Di Natale, and Bruno Rouzeyre. 2015. Hardware Trojan prevention using layout-level design approach. In European Conference on Circuit Theory and Design (ECCTD).Google ScholarCross Ref
- Halil B Bakoglu. 1990. Circuits, Interconnections, and Packaging for VLSI.Google Scholar
- Josep Balasch, Benedikt Gierlichs, and Ingrid Verbauwhede. 2015. Electromagnetic circuit fingerprints for hardware trojan detection. In IEEE International Symposium on Electromagnetic Compatibility (EMC).Google ScholarCross Ref
- Mark Beaumont, Bradley Hopkins, and Tristan Newby. 2011. Hardware trojans-prevention, detection, countermeasures (a literature review). Technical Report. Defence Science and Technology Organization Edinburgh (Australia).Google Scholar
- Georg T Becker, Francesco Regazzoni, Christof Paar, and Wayne P Burleson. 2013. Stealthy dopant-level hardware trojans. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES).Google ScholarDigital Library
- Duane Boning and Sani Nassif. 2000. Models of process variations in device and interconnect. Design of high performance microprocessor circuits (2000).Google Scholar
- Cadence Design Systems. [n. d.]. Innovus Implementation System. https://www.cadence.com/content/cadence-www/global/en_US/home.html.Google Scholar
- Yongming Cai, Zhiyong Wang, Rajen Dias, and Deepak Goyal. 2010. Electro Optical Terahertz Pulse Reflectometry—an innovative fault isolation tool. In Electronic Components and Technology Conference (ECTC), 2010 Proceedings 60th.Google ScholarCross Ref
- Rajat Subhra Chakraborty, Seetharam Narasimhan, and Swarup Bhunia. 2009. Hardware Trojan: Threats and emerging solutions. In IEEE International High Level Design Validation and Test Workshop (HLDVT). IEEE.Google ScholarCross Ref
- Ming-Kun Chen, Cheng-Chi Tai, and Yu-Jung Huang. 2006. Nondestructive analysis of interconnection in two-die BGA using TDR. IEEE Transactions on Instrumentation and Measurement (2006).Google ScholarCross Ref
- Domenic Forte, Chongxi Bao, and Ankur Srivastava. 2013. Temperature tracking: An innovative run-time approach for hardware Trojan detection. In IEEE/ACM International Conference on Computer-Aided Design (ICCAD).Google ScholarCross Ref
- Leonard A Hayden and Vijai K Tripathi. 1994. Characterization and modeling of multiple line interconnections from time domain measurements. IEEE Transactions on Microwave Theory and Techniques (1994).Google ScholarCross Ref
- Matthew Hicks, Murph Finnicum, Samuel T. King, Milo M. K. Martin, and Jonathan M. Smith. 2010. Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically. In IEEE Symposium on Security and Privacy (S&P).Google ScholarDigital Library
- Matthew Hicks, Cynthia Sturton, Samuel T. King, and Jonathan M. Smith. 2015. SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs. In International Conference on Architectural Support for Programming Languages and Operating Systems(ASPLOS).Google ScholarDigital Library
- Simon Hollis and Simon W Moore. 2006. RasP: an area-efficient, on-chip network. In 2006 International Conference on Computer Design. IEEE, 63–69.Google ScholarCross Ref
- Simon J Hollis. 2009. Pulse generation for on-chip data transmission. In 2009 12th Euromicro Conference on Digital System Design, Architectures, Methods and Tools. IEEE, 303–310.Google ScholarDigital Library
- Yumin Hou, Hu He, Kaveh Shamsi, Yier Jin, Dong Wu, and Huaqiang Wu. 2018. R2D2: Runtime reassurance and detection of A2 trojan. In International Symposium on Hardware Oriented Security and Trust (HOST). IEEE.Google ScholarCross Ref
- Ching-Wen Hsue and Te-Wen Pan. 1997. Reconstruction of nonuniform transmission lines from time-domain reflectometry. IEEE Transactions on Microwave Theory and Techniques (1997).Google Scholar
- Frank Imeson, Ariq Emtenan, Siddharth Garg, and Mahesh Tripunitara. 2013. Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation. In USENIX Security Symposium.Google ScholarDigital Library
- Yier Jin, Nathan Kupp, and Yiorgos Makris. 2010. DFTT: Design for Trojan test. In IEEE International Conference on Electronics, Circuits, and Systems (ICECS).Google ScholarCross Ref
- Yier Jin and Yiorgos Makris. 2008. Hardware Trojan detection using path delay fingerprint. In IEEE International Workshop on Hardware-Oriented Security and Trust (HOST).Google Scholar
- Shane Kelly, Xuehui Zhang, Mohammed Tehranipoor, and Andrew Ferraiuolo. 2015. Detecting hardware trojans using on-chip sensors in an ASIC design. Journal of Electronic Testing 31, 1 (2015), 11–26.Google ScholarDigital Library
- Samuel T. King, Joseph Tucek, Anthony Cozzie, Chris Grier, Weihang Jiang, and Yuanyuan Zhou. 2008. Designing and Implementing Malicious Hardware. In Proceedings of the Usenix Workshop on Large-Scale Exploits and Emergent Threats (LEET).Google ScholarDigital Library
- Angus I Kingon, Jon-Paul Maria, and SK Streiffer. 2000. Alternative dielectrics to silicon dioxide for memory and logic devices. Nature (2000).Google Scholar
- Raghavan Kumar, Philipp Jovanovic, Wayne Burleson, and Ilia Polian. 2014. Parametric trojans for fault-injection attacks on cryptographic hardware. In Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).Google ScholarDigital Library
- Mark Lapedus. 2017. Battling Fab Cycle Times. https://semiengineering.com/battling-fab-cycle-times/.Google Scholar
- Mark Lapedus. 2018. Big Trouble At 3nm. https://semiengineering.com/big-trouble-at-3nm/.Google Scholar
- Mark Lapedus. 2018. GF Puts 7nm On Hold. https://semiengineering.com/gf-puts-7nm-on-hold/.Google Scholar
- Jie Li and John Lach. 2008. At-speed delay characterization for IC authentication and Trojan horse detection. In IEEE International Workshop on Hardware-Oriented Security and Trust (HOST).Google Scholar
- Jun Jun Lim, Nor Adila Johari, Subhash C Rustagi, and Narain D Arora. 2014. Characterization of Interconnect Process Variation in CMOS Using Electrical Measurements and Field Solver. IEEE Transactions on Electron Devices (2014).Google ScholarCross Ref
- Lang Lin, Markus Kasper, Tim Güneysu, Christof Paar, and Wayne Burleson. 2009. Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering.. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES).Google ScholarDigital Library
- Timothy Linscott, Pete Ehrett, Valeria Bertacco, and Todd Austin. 2018. SWAN: mitigating hardware trojans with design ambiguity. In IEEE/ACM International Conference on Computer-Aided Design (ICCAD). IEEE.Google ScholarDigital Library
- MIT Lincoln Laboratory. [n. d.]. Common Evaluation Platform. https://github.com/mit-ll/CEP.Google Scholar
- Michael Nagel, Alexander Michalski, and Heinrich Kurz. 2011. Contact-free fault location and imaging with on-chip terahertz time-domain reflectometry. Optics Express (2011).Google ScholarCross Ref
- Seetharam Narasimhan, Xinmu Wang, Dongdong Du, Rajat Subhra Chakraborty, and Swarup Bhunia. 2011. TeSR: A robust temporal self-referencing approach for hardware Trojan detection. In IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).Google ScholarCross Ref
- C Odegard and C Lambert. 1999. Comparative TDR analysis as a packaging FA tool. In ISTFA 1999: 25 th International Symposium for Testing and Failure Analysis.Google ScholarCross Ref
- OpenCores.org. [n. d.]. OpenRISC OR1200 Processor. https://github.com/openrisc/or1200.Google Scholar
- Dan L Philen, Ian A White, Jane F Kuhl, and Stephen C Mettler. 1982. Single-mode fiber OTDR: Experiment and theory. IEEE Transactions on Microwave Theory and Techniques (1982).Google Scholar
- Miodrag Potkonjak, Ani Nahapetian, Michael Nelson, and Tammara Massey. 2009. Hardware Trojan horse detection using gate-level characterization. In Proceedings of ACM/IEEE Design Automation Conference (DAC).Google ScholarDigital Library
- Masoud Rostami, Farinaz Koushanfar, Jeyavijayan Rajendran, and Ramesh Karri. 2013. Hardware Security: Threat Models and Metrics. In Proceedings of the International Conference on Computer-Aided Design (ICCD).Google ScholarCross Ref
- Yuriy Shiyanovskii, F Wolff, Aravind Rajendran, C Papachristou, D Weyer, and W Clay. 2010. Process reliability based trojans through NBTI and HCI effects. In NASA/ESA Conference on Adaptive Hardware and Systems (AHS).Google ScholarCross Ref
- D Smolyansky. 2004. Electronic Package Fault Isolation Using TDR. ASM International (2004).Google Scholar
- PI Somlo and DL Hollway. 1969. Microwave Locating Reflectometer. Electronics Letters (1969).Google Scholar
- Ed Sperling. 2018. Design Rule Complexity Rising. https://semiengineering.com/design-rule-complexity-rising/.Google Scholar
- Takeshi Sugawara, Daisuke Suzuki, Ryoichi Fujii, Shigeaki Tawa, Ryohei Hori, Mitsuru Shiozaki, and Takeshi Fujino. 2014. Reversing stealthy dopant-level circuits. In International Workshop on Cryptographic Hardware and Embedded Systems (CHES).Google ScholarDigital Library
- James Sutherland. 1999. As Edge speeds increase, wires become transmission lines. EDN (1999).Google Scholar
- MY Tay, L Cao, M Venkata, L Tran, W Donna, W Qiu, J Alton, PF Taday, and M Lin. 2012. Advanced fault isolation technique using electro-optical terahertz pulse reflectometry. In Physical and Failure Analysis of Integrated Circuits (IPFA), 2012 19th IEEE International Symposium on the.Google ScholarCross Ref
- Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware trojan taxonomy and detection. IEEE Design & Test of Computers 27, 1 (2010).Google ScholarDigital Library
- TeraView. [n. d.]. Electro Optical Terahertz Pulse Reflectometry: The world’s fastest and most accurate fault isolation system.Google Scholar
- Mohit Tiwari, Hassan M.G. Wassel, Bita Mazloom, Shashidhar Mysore, Frederic T. Chong, and Timothy Sherwood. 2009. Complete Information Flow Tracking from the Gates Up. In International Conference on Architectural Support for Programming Languages and Operating Systems(ASPLOS). 109–120.Google ScholarDigital Library
- Timothy Trippel, Kang G. Shin, Kevin B. Bush, and Matthew Hicks. 2020. ICAS: an Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive Trojans. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- Timothy Trippel, Kang G. Shin, Kevin B. Bush, and Matthew Hicks. 2021. Bomberman: Defining and Defeating Hardware Ticking Timebombs at Design-time. In To appear in the IEEE Symposium on Security and Privacy (S&P).Google Scholar
- TSMC. 2019. TSMC Fabrication Schedule — 2019. https://www.mosis.com/db/pubf/fsched?ORG=TSMC.Google Scholar
- Denys Vlasenko. [n. d.]. BusyBox. https://www.busybox.net/.Google Scholar
- Adam Waksman, Matthew Suozzo, and Simha Sethumadhavan. 2013. FANCI: identification of stealthy malicious logic using boolean functional analysis. In Proceedings of the ACM SIGSAC Conference on Computer & Communications Security (CCS).Google ScholarDigital Library
- Huanyu Wang, Qihang Shi, Adib Nahiyan, Domenic Forte, and Mark M Tehranipoor. 2019. A physical design flow against front-side probing attacks by internal shielding. Transactions on Computer-Aided Design of Integrated Circuits and Systems (2019).Google Scholar
- Yujie Wang, Pu Chen, Jiang Hu, and Jeyavijayan JV Rajendran. 2017. Routing perturbation for enhanced security in split manufacturing. In 22nd Asia and South Pacific Design Automation Conference (ASP-DAC). IEEE.Google ScholarDigital Library
- Stephen Williams. [n. d.]. Icarus Verilog. http://iverilog.icarus.com/.Google Scholar
- Francis Wolff, Chris Papachristou, Swarup Bhunia, and Rajat S Chakraborty. 2008. Towards Trojan-free trusted ICs: Problem analysis and detection scheme. In Proceedings of the ACM Conference on Design, Automation and Test in Europe (DATE).Google ScholarDigital Library
- Kan Xiao, Domenic Forte, Yier Jin, Ramesh Karri, Swarup Bhunia, and Mohammad Tehranipoor. 2016. Hardware trojans: Lessons learned after one decade of research. Transactions on Design Automation of Electronic Systems (TODAES) (2016).Google Scholar
- Kan Xiao and Mohammed Tehranipoor. 2013. BISA: Built-in self-authentication for preventing hardware Trojan insertion. In IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).Google ScholarCross Ref
- Kaiyuan Yang, Matthew Hicks, Qing Dong, Todd Austin, and Dennis Sylvester. 2016. A2: Analog malicious hardware. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- Rui Zhang, Natalie Stanley, Christopher Griggs, Andrew Chi, and Cynthia Sturton. 2017. Identifying Security Critical Properties for the Dynamic Verification of a Processor. In International Conference on Architectural Support for Programming Languages and Operating Systems(ASPLOS).Google ScholarDigital Library
- Rui Zhang and Cynthia Sturton. 2020. Transys: Leveraging Common Security Properties Across Hardware Designs. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Xuehui Zhang and Mohammad Tehranipoor. 2011. RON: An on-chip ring oscillator network for hardware Trojan detection. In 2011 Design, Automation & Test in Europe. IEEE, 1–6.Google Scholar
- Boyou Zhou, Ronen Adato, Mahmoud Zangeneh, Tianyu Yang, Aydan Uyar, Bennett Goldberg, Selim Unlu, and Ajay Joshi. 2015. Detecting hardware trojans using backside optical imaging of embedded watermarks. In Proceedings of IEEE Design Automation Conference (DAC).Google ScholarDigital Library
Index Terms
- T-TER: Defeating A2 Trojans with Targeted Tamper-Evident Routing
Recommendations
Tamper Evident Microprocessors
SP '10: Proceedings of the 2010 IEEE Symposium on Security and PrivacyMost security mechanisms proposed to date unquestioningly place trust in microprocessor hardware. This trust, however, is misplaced and dangerous because microprocessors are vulnerable to insider attacks that can catastrophically compromise security, ...
A sensitivity analysis of power signal methods for detecting hardware Trojans under real process and environmental conditions
Trust in reference to integrated circuits addresses the concern that the design and/or fabrication of the integrated circuit (IC) may be purposely altered by an adversary. The insertion of a hardware Trojan involves a deliberate and malicious change to ...
Detecting Trojans through leakage current analysis using multiple supply pad IDDQS
Hardware Trojans have emerged as a new threat to the security and trust of computing systems. Hardware Trojans are deliberate and malicious modifications to the logic function implemented within digital and mixed signal chips. In contrast to software ...
Comments