Hardware Trojans in wireless cryptographic ICs: silicon demonstration & detection method evaluation

Authors:
Yu Liu;Yier Jin;Yiorgos Makris
Affiliations:
The University of Texas at Dallas;University of Central Florida;The University of Texas at Dallas
Venue:
Proceedings of the International Conference on Computer-Aided Design
Year:
2013

Citing 11
Cited 0

Trojan Detection using IC Fingerprinting

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Power supply signal calibration techniques for improving detection resolution to hardware Trojans

Proceedings of the 2008 IEEE/ACM International Conference on Computer-Aided Design
Sensitivity analysis to hardware Trojans using power supply transient signals

HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
Hardware Trojan detection using path delay fingerprint

HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
Hardware Trojans in Wireless Cryptographic ICs

IEEE Design & Test
Self-referencing: a scalable side-channel approach for hardware Trojan detection

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Trustworthy Hardware: Identifying and Classifying Hardware Trojans

Computer
REBEL and TDC: two embedded test structures for on-chip measurements of within-die path delay variations

Proceedings of the International Conference on Computer-Aided Design
A Unified Framework for Multimodal Submodular Integrated Circuits Trojan Detection

IEEE Transactions on Information Forensics and Security
The Hunt For The Kill Switch

IEEE Spectrum
High-sensitivity hardware trojan detection using multimodal characterization

Proceedings of the Conference on Design, Automation and Test in Europe

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a silicon implementation of a hardware Trojan, which is capable of leaking the secret key of a wireless cryptographic integrated circuit (IC) consisting of an Advanced Encryption Standard (AES) core and an Ultra-Wide-Band (UWB) transmitter. With its impact carefully hidden in the transmission specification margins allowed for process variations, this hardware Trojan cannot be detected by production testing methods of either the digital or the analog part of the IC and does not violate the transmission protocol or any system-level specifications. Nevertheless, the informed adversary, who knows what to look for in the transmission power waveform, is capable of retrieving the 128-bit AES key, which is leaked with every 128-bit ciphertext block sent by the UWB transmitter. Using silicon measurements from 40 chips fabricated in TSMC's 0.35μm technology, we also assess the effectiveness of a side channel-based statistical analysis method in detecting this hardware Trojan.