Trojan Detection using IC Fingerprinting
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Guided test generation for isolation and detection of embedded trojans in ics
Proceedings of the 18th ACM Great Lakes symposium on VLSI
Designing and implementing malicious hardware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
The influence of variables on Boolean functions
SFCS '88 Proceedings of the 29th Annual Symposium on Foundations of Computer Science
At-speed delay characterization for IC authentication and Trojan Horse detection
HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
A region based approach for the identification of hardware Trojans
HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
New design strategy for improving hardware Trojan detection and reducing Trojan activation time
HST '09 Proceedings of the 2009 IEEE International Workshop on Hardware-Oriented Security and Trust
Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Tamper Evident Microprocessors
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Proceedings of the 38th annual international symposium on Computer architecture
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Defeating UCI: Building Stealthy and Malicious Hardware
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
IEEE Spectrum
Stealth assessment of hardware Trojans in a microcontroller
ICCD '12 Proceedings of the 2012 IEEE 30th International Conference on Computer Design (ICCD 2012)
Provably complete hardware trojan detection using test point insertion
Proceedings of the International Conference on Computer-Aided Design
| Hi-index | 0.00 |
Hardware design today bears similarities to software design. Often vendors buy and integrate code acquired from third-party organizations into their designs, especially in embedded/system-on-chip designs. Currently, there is no way to determine if third-party designs have built-in backdoors that can compromise security after deployment. The key observation we use to approach this problem is that hardware backdoors incorporate logic that is nearly-unused, i.e. stealthy. The wires used in stealthy backdoor circuits almost never influence the outputs of those circuits. Typically, they do so only when triggered using external inputs from an attacker. In this paper, we present FANCI, a tool that flags suspicious wires, in a design, which have the potential to be malicious. FANCI uses scalable, approximate, boolean functional analysis to detect these wires. Our examination of the TrustHub hardware backdoor benchmark suite shows that FANCI is able to flag all suspicious paths in the benchmarks that are associated with backdoors. Unlike prior work in the area, FANCI is not hindered by incomplete test suite coverage and thus is able to operate in practice without false negatives. Furthermore, FANCI reports low false positive rates: less than 1% of wires are reported as suspicious in most cases. All TrustHub designs were analyzed in a day or less. We also analyze a backdoor-free out-of-order microprocessor core to demonstrate applicability beyond benchmarks.