Trojan Detection using IC Fingerprinting
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Designing and implementing malicious hardware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Evaluation of the Masked Logic Style MDPL on a Prototype Chip
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
At-speed delay characterization for IC authentication and Trojan Horse detection
HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
Hardware Trojan detection using path delay fingerprint
HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Blue team red team approach to hardware trust assessment
ICCD '11 Proceedings of the 2011 IEEE 29th International Conference on Computer Design
Masked dual-rail pre-charge logic: DPA-resistance without routing constraints
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Masked dual-rail precharge logic encounters state-of-the-art power analysis methods
IEEE Transactions on Very Large Scale Integration (VLSI) Systems
Hi-index | 0.00 |
In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like, and how difficult it would be in practice to implement one. In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against "golden chips". We demonstrate the effectiveness of our approach by inserting Trojans into two designs -- a digital post-processing derived from Intel's cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation -- and by exploring their detectability and their effects on security.