Hardware trojan detection technique using frequency characteristic analysis of path delay in application specific integrated circuits
Từ thập niên 2010, Trojan phần
cứng (HT) đã trở thành một vấn đề nghiêm
trọng đối với bảo mật phần cứng, do xu hướng
thuê sản xuất mạch tích hợp (Integrated
Circuit - IC). Khi quá trình chế tạo IC trở nên
phức tạp và tốn kém, ngày càng nhiều nhà sản
xuất chip lựa chọn phương án thuê lại một
phần hoặc toàn bộ thiết kế IC. Xu hướng này
tạo ra lỗ hổng trong bảo mật phần cứng, vì
một công ty không đáng tin cậy có thể thực
hiện các sửa đổi độc hại vào trong mạch
nguyên bản ở giai đoạn thiết kế hoặc chế tạo.
Do đó, đánh giá rủi ro và đề xuất giải pháp
phát hiện HT là một trong những nhiệm vụ
hết sức quan trọng.
Trang 1
Trang 2
Trang 3
Trang 4
Trang 5
Trang 6
Trang 7
Trang 8
Bạn đang xem tài liệu "Hardware trojan detection technique using frequency characteristic analysis of path delay in application specific integrated circuits", để tải tài liệu gốc về máy hãy click vào nút Download ở trên
Tóm tắt nội dung tài liệu: Hardware trojan detection technique using frequency characteristic analysis of path delay in application specific integrated circuits
Journal of Science and Technology on Information Security 36 No 2.CS (10) 2019 Van Phuc Hoang, Thai Ha Tran, Ngoc Tuan Do, Hai Duong Nguyen Abstract— Since the last decade, hardware Trojan (HT) have become a serious problem for hardware security because of outsourcing trends in Integrated Circuit (IC) manufacturing. As the fabrication of IC is becoming very complex and costly, more and more chipmakers outsource their designs or parts of the fabrication process. This trend opens a loophole in hardware security, as an untrusted company could perform malicious modifications to the golden circuit at design or fabrication stages. Therefore, assessing risks and proposing solutions to detect HT are very important tasks. This paper presents a technique for detecting HT using frequency characteristic analysis of path delay. The results show that measuring with the frequency step of 0.016 MHz can detect a HT having the size of 0.2% of the original design. Tóm tắt— Từ thập niên 2010, Trojan phần cứng (HT) đã trở thành một vấn đề nghiêm trọng đối với bảo mật phần cứng, do xu hướng thuê sản xuất mạch tích hợp (Integrated Circuit - IC). Khi quá trình chế tạo IC trở nên phức tạp và tốn kém, ngày càng nhiều nhà sản xuất chip lựa chọn phương án thuê lại một phần hoặc toàn bộ thiết kế IC. Xu hướng này tạo ra lỗ hổng trong bảo mật phần cứng, vì một công ty không đáng tin cậy có thể thực hiện các sửa đổi độc hại vào trong mạch nguyên bản ở giai đoạn thiết kế hoặc chế tạo. Do đó, đánh giá rủi ro và đề xuất giải pháp phát hiện HT là một trong những nhiệm vụ hết sức quan trọng. Bài báo này trình bày một giải pháp phát hiện HT sử dụng phân tích đặc This manuscript is received September 7, 2019. It is commented on October 18, 2019 and is accepted on October 21, 2019 by the first reviewer. It is commented on November 2, 2019 and is accepted on November 6, 2019 by the second reviewer. tính tần số của độ trễ đường truyền tín hiệu. Kết quả cho thấy, thực hiện khảo sát với bước tần số 0,016 MHz có thể phát hiện được HT có kích thước 0,2% so với thiết kế ban đầu. Keywords— Hardware Trojan; path delay, side-channel analysis, hardware security. Từ khóa— Trojan phần cứng, trễ đường truyền, phân tích kênh kề, bảo mật phần cứng. I. INTRODUCTION HT is a malicious module inserted in the Integrated Circuits during design or fabrication processes. An HT consists of two parts by common, namely Trigger and Payload. The Trigger is the condition that HT changes from the inactive state to the active state. Payload executes the HT’s function. Once inserted, HT can perform dangerous tasks such as Denial of Service, extract secret information or change behavior of the circuit... Detection and prevention are two main categories to protect embedded systems from the risk of HT [1, 2]. Prevention consists of modifying the original circuit during the conception phase to make a secure design, to assist another detection technique or to create a trusted production chain. On the other hand, detection includes techniques to determine whether or not HT is in the design. Classification of the existing HT detection techniques is shown in Fig.1: Hardware Trojan Detection Technique Using Frequency Characteristic Analysis of Path Delay in Application Specific Integrated Circuits Nghiên cứu Khoa học và Công nghệ trong lĩnh vực An toàn thông tin No 2.CS (10) 2019 37 HT detection techniques Non-Destructive Destructive Test-time Run-Time Logic test Side-Channel Analysis Delay Power Fig.1. HT detection techniques Side-channel analysis (SCA) is considered as one of the most effective technique to detect HT. In these methods, side-channel signals such as power, current, electromagnetic and delay are used for HT detecting. Typically, HT insertion results in the change of physical characteristic of circuits in some parameters. Hence, in SCA methods, these parameters can be used to detect HT by comparing with the golden circuit. The most common parameters used for detecting HT are power and delay. Also, in most of the techniques based on power, HT activation is necessary but it is not necessary when using delay [3]. Various delay-based detection methods are proposed as follows: A fingerprint is generated by measuring the delay and comparing it with a golden circuit fingerprint [4]. This method tries to generate the test vectors covering maximum outputs and uses them to measure the path delays. There is no hardware overhead, however, in complex circuits with a large number of inputs and outputs, measuring all path delays is difficult and takes a lot of time. Also, generating test vectors for all paths is complicated and it may not be able to cover all desired states. In the method using shadow register, some registers are placed beside the circuit registers with the same input as circuit registers and different clocks by different phases and use them to measure delay [5]. Another method is proposed to use path delays to detect HT [6]. In this method, path delays in the k shortest paths are measured and compared to the corresponding path in the golden circuit. Detection probability in this method depends on two factors: the number of measured paths and delay measurement precision. The results show that measuring the delays on 20 paths with an accuracy of 0.01 ns can detect more than 80 % of Trojans. However, the main problem of this method is not flexible because it uses ISE reports (Timing Analyzer tool) to get delay paths [7]. Also, these reports only include information about paths from input to output signals. These above mentioned methods focus on timing characteristics. In this paper, we propose a new approach to detect HT using frequency characteristic analysis of path delay. This ... ) RF_OUT fout = f Fig.5. Algorithm of the proposed program Change_Freq is a subprogram to change the frequency of signal generator, determine the pair of values ( , ) f f . At the previous loop, assuming that the pair values of frequency and its step are ( , ) old oldf f . Choosing Coarse_step or Fine_step process will depend on j - the number of bits is being checked. Then, ( , ) f f is sent to the next subprogram called RF_OUT. In coarse_step process: + if 0 j : step frequency will get previous value: oldf f (2) + if 0 j : the new step value will be less than the old value four times: 4 old f f (3) and oldf f f (4) Journal of Science and Technology on Information Security 40 No 2.CS (10) 2019 - Fine_step process: step frequency will be changed based on bisection method: 2 old f f (5) True j = 1 INIT BEGIN END False Coarse_step f, Δf Fine_step Fig.6. Flowchart of Change_Freq subprogram RF_OUT: this is a program to connect and control parameters on the signal generator. When the connection is successful, the required parameters from the PC will be sent, such as frequency, state, signal level, and so on. Check_Points: at each frequency, PC sends capture_en command to Board_Under_Test, then receives 128 bits of the desired data. This operation is repeated 20 times. Then, it compares each bit of capture_data with reference data that was tested and stored in the database, if there are more than 10 different values and the process in Change_Freq is Fine_step, the number of checked bits will increment. When m bits are checked, the measurement results are saved to the database that will be used for evaluation. III. STRUCTURE OF DATABASE The block diagram of AES_128 is shown in Fig.7. This is a program that was written for Trojan benchmarks [9] and its architecture is the pipeline. The survey process will evaluate the difference in distance between points in one of the rounds. The selected round is random and can be changed. In this research, the first round is evaluated, so input and output signals are S0 and S1, respectively. AES_128 clk state key 128 128 s0 k0 expand_key_128 a1 Final_round sout 128 + k0 8'h1 k0b k1 a9 k8 8'h1b k8b k9 a10 k9 8'h36 k9b one_round r1 k0b s0 s1 r9 k8b s8 s9 r10 k9b s9 out s1_out 128 Fig.7. Block diagram of 128-bit AES core Msg is selected as the pair of values Msg_0 and Msg_1 corresponding to the output of S1 contains all of bits 0 or all of bits 1 (Table 1). Msg_0 is used to set an initial value for registers and signals inside AES. For ILA_tiny, the Conditions input has a value equal Msg_1. Thus, when changing Msg, the condition in Eq.(1) is satisfied. After two periods of the clock, S1 will contain all of the bits to 1 which is the desired data capture_data. The selected inputs of AES as follows: Key = "00112233445566778899aabbccddeeff" Msg_0= "5aa6044e28ec2d1596cae34557eac82c" Msg_1= "f8a89d615fe23b9a3ca0223df0615106" At each measurement, the corresponding critical values are saved. With a mathematical model, this result is represented in the form of a row vector, each element is the frequency corresponding to each bit of S1. To ensure the statistical properties, the survey process was carried out in N trials. Finally, the data set of measurement results is presented in the form of a matrix with a size of N×128. 0 0.0 0.1 0.127 1.0 1.1 1.1271 N 1.0 N 1.1 N 1.1271 N f f f f f f f f f f f f f (6) where: if : Row vector, its size is 1 128 resulted in i-th trial; Nghiên cứu Khoa học và Công nghệ trong lĩnh vực An toàn thông tin No 2.CS (10) 2019 41 .i jf : Element in row i, column j, it is presented critical frequency corresponding to j- th bit of S1 in the i-th trial. From (6), the HT can be detected based on the pair of values ( , ) j j for each bit, where: Mean value: 0 1 127 μ (7) 1 . 0 1 N j i j i f N (8) Variance: 2 2 2 2 0 1 127 σ (9) 1 2 2 . 0 1 N j i j j i f N (10) TABLE 1. VALUE OF EACH TRANSFORMATION IN ROUND 1 State Use Msg_0 Use Msg_0 Msg (Initial state) 5a 28 96 57 a6 ec ca ea 04 2d e3 c8 4e 15 45 2c f8 5f 3c f0 a8 e2 a0 61 9d 3b 22 51 61 9a 3d 06 Key (Initial round key) 00 44 88 cc 11 55 99 dd 22 66 aa ee 33 77 bb ff 00 44 88 cc 11 55 99 dd 22 66 aa ee 33 77 bb ff S0 (State at start of Round 1) 5a 6c 1e 9b b7 b9 53 37 26 4b 49 26 7d 62 fe d3 f8 1b b4 3c b9 b7 39 bc bf 5d 88 bf 52 ed 86 f9 After SubBytes be 50 72 14 a9 56 ed 9a f7 b3 3b f7 ff aa bb 66 41 af 8d eb 56 a9 12 65 08 4c c4 08 00 55 44 99 After ShiftRows be 50 72 14 56 ed 9a a9 3b f7 f7 b3 66 ff aa bb 41 af 8d eb a9 12 65 56 c4 08 08 4c 99 00 55 44 After MixColumns c0 84 0c c0 39 6c f5 28 34 52 f8 16 78 0f b4 4b 3f 7b f3 3f c6 93 0a d7 cb ad 07 e9 87 f0 4b b4 AddRoundkey c0 84 0c c0 39 6c f5 28 34 52 f8 16 78 0f b4 4b c0 84 0c c0 39 6c f5 28 34 52 f8 16 78 0f b4 4b S1 (State at start of Round 2) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff IV. HT DETECTION RESULTS In order to evaluate the impact of HT in FPGAs, we need to keep the same placement and routing between the golden and HT infected circuits. Hence, the only difference between them is the logic utilized for implementing the HT logic. Chip Planner in Altera Quartus II and Xilinx FPGA Editor in Xilinx ISE/Vivado Suites are two basic tools that can insert HTs without modifying the designed routing. There are four main steps to implement HT with Xilinx FPGA Editor tool [10]: 1) Perform Synthesize, Translate, Map, Place & Route steps for the original circuit. 2) Extract the Native Circuit Description (NCD) file which contains the logic, placement & routing information of the original circuit as the golden model. 3) Using the FPGA Editor to insert HT in unused LUTs and slices of FPGA with the NCD file, manually or by a script. 4) Generate bit files for both original and HT infected designs with FPGA Editor. LUT_B in_B LUT_A in_1 in_2 net_1 net_2 out_A out_B Round 1 Fig.8. Algorithm of the proposed program With this method, we can ensure that the placement and routing of the original circuit are the same in both golden and HT infected circuit. We explain how to add HT in the third step as follows: Create Trigger component of HT: Randomly select an unused LUT, denoted by LUT_A; Select signals related to Round 1, assume that two selected signals are net_1 and net_2. These nets are routed to in_1 and in_2 of LUT_A; Change the function of LUT_A so that HT is not activated. Create Payload component of HT: Randomly select a used LUT in Round 1, denoted by LUT_B. Note that LUT_B has at least a free pin. Connect out_A to in_B, then changing LUT_B’s function. Journal of Science and Technology on Information Security 42 No 2.CS (10) 2019 In this work, two selected nets are S0[126] và S0[125]. There is only an OR gate in LUT_A. From Table 1, in_B is always “True” when MSG is either Msg_0 or Msg_1. LUT_B’s function is given by: _ ( ) out B f B . (11a) When adding the in_B into LUT_B’pin, its function is modified so that the value of output is not changed. Here, an AND gate is used: _ ( ) _ out B f B AND in B . (11b) TABLE 2. CRITICAL FREQUENCIES OF S1[0:1] (MHz) Trials S1[0] S1[1] Without HT With HT Without HT With HT 1 416.970 417.513 418.438 418.902 2 417.225 417.587 418.311 418.960 3 417.102 417.442 418.444 418.991 4 417.098 417.472 418.183 419.115 5 417.095 418.066 418.433 419.329 6 416.960 417.882 418.492 419.320 7 417.630 418.002 419.035 419.376 8 417.789 417.834 419.068 419.110 9 416.971 417.852 418.265 419.081 10 417.500 417.404 419.107 418.760 j 417.234 417.705 418.577 419.094 j 0.282 0.234 0.334 0.189 TABLE 3. CRITICAL FREQUENCIES OF S1[126:127] Trials S1[126] S1[127] Without HT With HT Without HT With HT 1 356.569 357.119 358.808 359.357 2 356.319 357.097 358.619 359.365 3 357.156 357.100 359.267 359.433 4 356.513 357.150 358.813 359.390 5 356.514 357.482 358.813 359.717 6 356.568 357.409 358.742 359.582 7 357.409 357.381 359.615 359.760 8 357.281 357.378 359.487 359.645 9 357.005 357.474 359.162 359.618 10 356.622 357.059 358.972 359.248 j 356.795 357.264 359.029 359.511 j 0.360 0.164 0.319 0.164 In this research, the Board_Under_Test is Sakura-G board and the signal generator is Rohde&Schwarz SMBV100A [11, 12]. In our implementation, the size of the genuine and infected circuit is 626 and 627 slices, respectively. This information is presented in Xilinx’s reports or the number of slices in FPGA Editor. So, we have an infected circuit with HT of size 0.2% of the original one. Fig.9 is the normal distributions of the critical frequencies corresponding to the benchmark circuits S1[0], S1[1], S1[126] and S1[127]. Fig.9. Distributions of the critical frequencies corresponding to path delays (a) (b) Fig.10. Using frequency charateristic combined with fingerprint In addition, combining fingerprints can be a solution to determine whether or not HT is in the design. Firstly, this method finds the smallest critical frequency. Then, fingerprint is a set of differences between the remaining points and this frequency. We can see that the fingerprints of the two circuits are nearly overlapping (Fig.10a), the difference is more evident with the segment in Fig.10b. Nghiên cứu Khoa học và Công nghệ trong lĩnh vực An toàn thông tin No 2.CS (10) 2019 43 IV. CONCLUSION This paper presented the new technique to detect HT using frequency characteristic analysis of path delay. The preliminary hardware implementation results in the FPGA platform have clarified the feasibility of the proposed method. Similar to other SCA based detection methods, the experiment’s conditions are constant or negligibly changed, such as temperature, the accuracy of frequency, and so on. In future work, we will improve the proposed method to achieve better results with more detail analysis. ACKNOWLEDGMENT This work is funded by the research project under grant number HNQT/TKCG/04.20. REFERENCES [1]. Swarup Bhunia, Mark M. Tehranipoor, “The Hardware Trojan War: Attacks, Myths, and Defenses,” Springer, pp. 15-51, 2018. [2]. Xuan Thuy Ngo, Van Phuc Hoang and Han Le Duc, “Hardware Trojan threat and its countermeasures,” NAFOSTED Conference on Information and Computer Science, pp. 36-51, 2018. [3]. Hao Xue, Saiyu Ren, “Hardware Trojan detection by timing measurement theory and implementation,” Microelectronics Journal, vol. 77, pp. 16-25, 2018. [4]. Jin and Y. Makris, “Hardware Trojan detection using path delay fingerprint,” IEEE Int. Workshop Hardware-Oriented Security and Trust, 2008, pp. 51- 57, IEEE, 2008. [5]. L. Jie, J. Lach, “At-speed delay characterization for IC authentication and Trojan Horse detection,” IEEE Int. Workshop Hardware-Oriented Security and Trust, 2008, pp. 8-14, IEEE, 2008. [6]. A. Amelian and S.E. Borujeni, “A Side-Channel Analysis for Hardware Trojan detection based on Path Delay Measurement,” Journal of Circuits, Systems, and Computers Vol. 27, No. 9, (2018). [7]. Xilinx, “Timing Closure User guide,” UG612 (v13.3) October 19, 2011. [8]. Xilinx, LogiCORE IP ChipScope Pro Integrated Logic Analyzer (ILA) (v1.04a), DS299, June 2011. [9]. Trojan Benchmarks, AES-T1500, https://www.trusthub.org/resource/benchmarks/AES/ AES-T1500.zip. [10]. Xuan Thuy Ngo, Prevention and Detection of Hardware Trojan in Integrated Circuits, PhD Thesis, Telecom ParisTech, 2016. [11]. Sakura-G specification ver 1.0, A-G_Spec_Ver1.0_English.pdf [12]. Rohde&Schwarz, R&S SMBV100A Vector Signal Generator Operating Manual, 2017.Bertoni, G., et al. Sponge functions. in ECRYPT hash workshop. 2007. Citeseer. ABOUT THE AUTHORS PhD. Associate Professor Van Phuc Hoang Workplace: Deputy Head, Department of Microelectronics & Microprocessing, Le Quy Don Technical University. Email: phuchv@lqdtu.edu.vn The education process: Received B.S. degree and M.S. degree from Le Quy Don Technical University. Ph.D. degree in Electronic Engineering from The University of Electro-Communications, Tokyo, Japan in 2012. Research today: Hardware security, Embedded system design for Internet of Things (IoT); Digital VLSI/ASIC design and FPGA-based system hardware design. MSc. Thai Ha Tran Workplace: Le Quy Don Technical University. Email: hathaitran@lqdtu.edu.vn The education process: received B.S. degree and M.Sc. degree from Faculty of Radio & Electronic Engineering, Le Quy Don Technical ................................University. Research today: Micro-electronics and hardware security; Digital Signal processing MSc. Ngoc Tuan Do Workplace: Le Quy Don Technical University. Email: ngoctuansqtt@gmail.com The education process: Received B.S. degree from Telecommunications University and M.S. degree from Le QuyDon ...................................Technical University. Research today: Hardware security and embedded system. PhD. Hai Duong Nguyen Workplace: Le Quy Don Technical University Email:mta.haiduongnguyen@gmail. com The education process: B.S. degree, M.S. degree from Le Quy Don Technical University, and Ph.D. degree from Bauman Moscow State Technical University, Russia. Research today: Embedded system, hardware security and parallel system.
File đính kèm:
- hardware_trojan_detection_technique_using_frequency_characte.pdf