host hardware trojans iii ece 525 seminal trojan
play

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method - PowerPoint PPT Presentation

May 27, 2023 •171 likes •543 views

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan Detection using IC Fingerprinting, Symposium on Security and Privacy, 2007, pp. 296 - 310 They use noise

  1. HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, “Trojan Detection using IC Fingerprinting”, Symposium on Security and Privacy, 2007, pp. 296 - 310 They use noise modeling to construct a set of fingerprints for an IC family They measure side-channel signals such as power, temperature, EM profiles Fingerprints are developed using a few ICs ( ChipBased Golden Model ), that are later distructively verified The chips-under-test (CUTs) are verified using statistical tests against the finger- prints They show Trojans 3-4 orders of magnitude smaller than the CUT can be detected using signal processing techniques Problem: The problem of Trojan detection essentially reduces to detecting a Trojan signal hiding in the IC process noise ECE UNM 1 (10/5/17)

  2. HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method They identified several challenges: • Determine a small and non-redundant set of tests that provide sufficient coverage of the IC’s functionality • To determine test patterns that are comprehensive and practical , and which are capable of distinguishing most Trojans from genuine ICs • Destructive verification uses demasking, delayering and layer-by-layer comparison of X-ray scans with the original mask -- expensive but done on only a few ICs Experiments: Goal to determine effectiveness of fingerprinting methodology for detecting Trojans by using power simulations • Experimental design: Cryptographic circuits implementing the Advanced Encryp- tion Standard (AES) and RSA algorithm • Trojans investigated: Trojans triggered by timing/clock counting and Trojans trig- gered by a synchronous/asynchronous comparator • Trojan sizes: range from 10% to 0.01% of the total IC size • Noise modeling: noise introduced by process variations (+/- 2%, 5%, 7.5%) ECE UNM 2 (10/5/17)

  3. HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method Power consumption:   1 2 • • • • • • P = - - - C V DD + Q se V DD f N + I leak V DD   2 N: switching activity Static power, I leak , depends only on the number of gates (not switching activity) Dynamic power is linearly dependent on the clock frequency and switching activity Trojan detection by clock speed manipulation: fast vs slow frequency ECE UNM 3 (10/5/17)

  4. HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method What about hiding a Trojan in the signal measurement noise? They claim measurement noise can be eliminated by averaging Therefore, they claim the problem degenerates to a signal characterization problem The objective is to characterize the process noise and check if the signal for the chip-under-test (CUT) differs from the process noise Trojan detected Trojan not distinguishable Authors propose the use of subspace projection which projects process noise signals from genuine ICs to a subspace where signals from Trojans and genuine ICs differ ECE UNM 4 (10/5/17)

  5. HOST Hardware Trojans III ECE 525 First Path Delay Based Trojan Detection Methods Y. Jin and Y. Makris, “Hardware Trojan Detection using Path Delay Fingerprint”, Workshop on Hardware-Oriented Security and Trust, 2008, pp. 51-57. J. Li and J. Lach, “At-Speed Delay Characterization for IC Authentication and Tro- jan Horse Detection”, Workshop on Hardware-Oriented Security and Trust, 2008, pp. 8-14. These papers present the earliest work on using path delays for HT detection Y. Jin et al. focus on a statistical method used to distinguish between HT anomalies and process variation effects J. Li et al. focus on a high resolution on-chip measurement technique Y. Jin et al. assume assume a high resolution path delay measurements exists, and the test vector generation strategy is based on the TDF model The detection method is based on the GoldenChip-based model ECE UNM 5 (10/5/17)

  6. HOST Hardware Trojans III ECE 525 First Path Delay Based Trojan Detection Methods A multivariate statistical technique is used to extract distinguishing features from the full set of path delays HT-free chips are used to construct the HT-free boundaries, which they refer to as a fingerprint HT are detected by comparing the delay fingerprints measured from the untrusted chips with the boundaries defined by the HT-free fingerprints Data points for Convex hull explicit payload HT of HT-free space Principle component analysis (PCA) is used to extract distinguishing features from a set of 10,432 simulated path delays to reduce the HT-free space to a 3-D structure A statistical technique based on a convex hull characterization of the HT-space is used to define the boundaries for each of the 64 outputs of DES ECE UNM 6 (10/5/17)

  7. HOST Hardware Trojans III ECE 525 First Path Delay Based Trojan Detection Methods J. Li et al. propose a high resolution on-chip path delay measurement technique They extend this work to include a GoldenSim-based HT detection strategy in: D. Rai and J. Lach, “Performance of Delay-Based Trojan Detection Techniques under Parameter Variations”, International Workshop Hardware-Oriented Security and Trust, 2009, pp. 58-65 The measurement technique is based on the Dual-Clock scheme described earlier A set of shadow registers are added to each of the outputs from the combinational components of the design, next to the capture FFs or Destination Register s (a) ECE UNM 7 (10/5/17)

  8. HOST Hardware Trojans III ECE 525 First Path Delay Based Trojan Detection Methods The second clock of the Dual-Clock scheme, CLK2 , is used to drive the clock inputs of the shadow registers, with fine-phase adjusted by the DCM on an FPGA np ∆ tp t path = tCLK 1 – (b) (a) The process of measuring the path delay of the Combination Path begins by setting the phase shift of CLK2 to a small negative value, on order of 10 to 100 ps A 2-vector sequence is applied to the Source Registers using a launch-capture test The Comparator is used to determine if the captured values in the Destination and Shadow register are the same or different The negative phase shift difference between CLK1 and CLK2 is increased until the comparator indicates the values are different ECE UNM 8 (10/5/17)

  9. HOST Hardware Trojans III ECE 525 Chip-Centric Path Delay Based Trojan Detection Method D. Ismari, C. Lamech, S. Bhunia, F. Saqib and J. Plusquellic, “On Detecting Delay Anomalies Introduced by Hardware Trojans”, International Conference on Com- puter-Aided Design, 2016 D. Ismari et al. propose a chip-averaging method that calibrates for both intra-chip and inter-chip process variations and measures path delays using an on-chip TDC The TDC was described earlier The TDC provides approx. 25 ps of timing resolution, is very fast, e.g., no clock strobing or clock sweeping operation is required The method is also classified as Chip-Centric and is based on a golden simulation model The development of the golden model requires only a single nominal simulation to be run for each of the applied 2-vector sequences This significantly reduces the level of effort and time required ECE UNM 9 (10/5/17)

  10. HOST Hardware Trojans III ECE 525 Chip-Centric Path Delay Based Trojan Detection Method Calibration is critical to enabling the single nominal simulation model Chip data processing is geared toward deriving a nominal chip-averaged-delay ( CAD ) value for each path from hardware data This eliminates the need to consider process variation effects in the golden model (b) (c) (a) Chip-averaging leverages a key difference: Random variations average to 0 while HT anomalies introduce systematic dif- ferences that survive the averaging process ECE UNM 10 (10/5/17)

  11. HOST Hardware Trojans III ECE 525 Chip-Centric Path Delay Based Trojan Detection Method DCAD is the difference between the simulation or hardware thermometer code (TC) value from the TDC and hardware-derived CAD values Sim vs. HT-infested chip data Sim vs. HT-free chip data (a) (b) The paths are sorted left-to-right according to the magnitude of the HT delay anom- aly, with the largest DCAD values on the left The red curves represent data collected from paths that include one of the HT shown earlier while the black curves represent data from HT-free paths ECE UNM 11 (10/5/17)

  12. HOST Hardware Trojans III ECE 525 Proposed Trojan Detection Methods "Detecting Trojans Though Leakage Current Analysis Using Multiple Supply Pad IDDQs", Jim Aarestad, Dhruva Acharyya, Reza Rad, and Jim Plusquellic, Transac- tions on Information Forensics and Security, Volume: 5, Issue: 4, 2010, pp. 893-904. The main deficiency with parametric testing approaches is sensitivity Scaling increases manufacturing process variations Larger number of components on a chip decreases the relative magnitude of the electrical signature of each component The challenge of implementing an effective parametric Trojan-detection method is • To design it with enough sensitivity to detect small anomalies introduced by Tro- jans • Building in a mechanism to filter out the natural electrical variations that occur because of manufacturing process variations ECE UNM 12 (10/5/17)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate and malicious change to an IC that adds or removes functionality or reduces reliability The modifications may be designed to leak sensitive

394 views • 23 slides
Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com Cassidian CyberSecurity 2013, July the 8th Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust

1.57k views • 74 slides
HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim Plusquellic Text: The Hardware Trojan War: Attacks, Myths, and Defenses, Chapter 10, J. Plusquellic and F. Saqib, "Detecting Hardware

293 views • 6 slides
Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD

Detecting Hardware Trojans: A Tale of Two Techniques Sharad Malik sharad@princeton.edu FMCAD 2015 Hardware Security and Hardware Trojans User apps Each layer trusts all layers below it Kernel Hypervisor More privilege Widely

706 views • 49 slides
Trojan Horse Zion Maxwell and Kaylie Davis The Trojan horse The Greeks had a war against the

Trojan Horse Zion Maxwell and Kaylie Davis The Trojan horse The Greeks had a war against the

Trojan Horse Zion Maxwell and Kaylie Davis The Trojan horse The Greeks had a war against the Trojans for ten years. The Torjan horse So they build the Trojan horse the Greeks Gene The Trojan horse After they built it they put a

392 views • 5 slides
How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag,

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license hardwear.io Den Haag, September 22, 2017 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker Pawel

616 views • 40 slides
Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research

Why We Should Be Worried about Hardware Trojans Janet Lackey under CC license The Summer Research Institute 2018 EPFL, June 18, 2018 Christof Paar Ruhr Universitt Bochum & University of Massachusetts Amherst Acknowledgement Georg Becker

449 views • 40 slides
How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference

How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference

16.05.2017 How to Attack the IoT with Hardware Trojans Janet Lackey under CC license CROSSING Conference Darmstadt, May 16, 2017 Christof Paar Ruhr Universitt Bochum Acknowledgement Georg Becker Pawel Swierczynski Marc Fyrbiak 1

593 views • 20 slides
HOST Statistics ECE 525 Introduction Probability and statistics play very important roles in

HOST Statistics ECE 525 Introduction Probability and statistics play very important roles in

HOST Statistics ECE 525 Introduction Probability and statistics play very important roles in hardware security and trust (in fact, they do in MANY other fields as well) Our focus is on their application to Trojan Detection and Physical

1.03k views • 23 slides
Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L.

ACM/IEEE CODES + ISSS 2017, Seoul, South Korea Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models L. Piccolboni 1,2 , A. Menon 2 , and G. Pravadelli 2 1 Columbia University, New York, NY, USA 2 University of

840 views • 60 slides
Improved Test Pattern Generation for Hardware Trojan Detection using Genetic Algorithm and

Improved Test Pattern Generation for Hardware Trojan Detection using Genetic Algorithm and

Improved Test Pattern Generation for Hardware Trojan Detection using Genetic Algorithm and Boolean Satisfiability Sayandeep Saha , Rajat Subhra Chakraborty Srinivasa Shashank Nuthakki, Anshul and Debdeep Mukhopadhyay Secure Embedded

1.43k views • 131 slides
Tracking and Detecting Trojan Command and Control Servers Ryan Olson FIRST 2008 Outline + What

Tracking and Detecting Trojan Command and Control Servers Ryan Olson FIRST 2008 Outline + What

Tracking and Detecting Trojan Command and Control Servers Ryan Olson FIRST 2008 Outline + What do we Track and Why? + Overview of Information Stealing Trojans How/What they steal Phoning Home Popular Kits + Detecting C&C

378 views • 25 slides
Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North

UNCLASSIFIED Toward threat estimation of system memory Hardware Trojans John Shield, Brad Hopkins, Chris North Redefining R&D Needs for Australian Cyber Security UNSW ACCS at ADFA, November 16 th 2015 1 UNCLASSIFIED The Australian

411 views • 9 slides
Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel

Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel

Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel X. Ngo, Z. Najm, S. Guilley, S. Bhasin, J.-L.Danger PROOFS14, Busan, South Korea Introduction to HTH and its detection Proposed HTH Detection

429 views • 27 slides
Performance of Host Identity Protocol on Performance of Host Identity Protocol on Lightweight

Performance of Host Identity Protocol on Performance of Host Identity Protocol on Lightweight

Performance of Host Identity Protocol on Performance of Host Identity Protocol on Lightweight Hardware Lightweight Hardware Andrey Khurri, Ekaterina Vorobyeva, Andrei Gurtov Helsinki Institute for Information Technology

346 views • 23 slides
Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations

Roberto Guanciale Estonian Winter School Day 02 Formal verification of low-level execution platforms Apps OS Hardware Host 1 Motivations Apps Crypto Service OS Hypervisor/ Separation Kernel Hardware Host 1 Motivations Separation

850 views • 63 slides
CAN BLOCKCHAIN SOLVE THE HOLD-UP PROBLEM? RICHARD HOLDEN AND ANUP MALANI UNSW AND UNIVERSITY OF

CAN BLOCKCHAIN SOLVE THE HOLD-UP PROBLEM? RICHARD HOLDEN AND ANUP MALANI UNSW AND UNIVERSITY OF

CAN BLOCKCHAIN SOLVE THE HOLD-UP PROBLEM? RICHARD HOLDEN AND ANUP MALANI UNSW AND UNIVERSITY OF CHICAGO OVERVIEW 1. Holdup is an important problem in contracts. Reduces gains from trade, output. Alters firm boundaries. 2. Contract

423 views • 24 slides
DAT USEDAT SRI MDC: Prof. David Quesada with students at SRI Summer School, Miami Dade College

DAT USEDAT SRI MDC: Prof. David Quesada with students at SRI Summer School, Miami Dade College

DAT USEDAT SRI MDC: Prof. David Quesada with students at SRI Summer School, Miami Dade College (MDC), FL, USA. USEDAT SRI MDC: Prof. David Quesada with student and poster details at SRI, Miami Dade College (MDC), FL, USA. USEDAT ICN NSF-CREST: Prof.

315 views • 31 slides
Reflections on the Evolution of the Internet Kees Neggers ANET Guest lecture 7 September 2020

Reflections on the Evolution of the Internet Kees Neggers ANET Guest lecture 7 September 2020

Reflections on the Evolution of the Internet Kees Neggers ANET Guest lecture 7 September 2020 The Internet: A Wonderful Accident Designed as a network for researchers in the 60s and 70s By accident evolved in an essential

461 views • 18 slides
Firm Growth, European Industry Dynamics and Domestic Business Cycles Harald Oberhofer

Firm Growth, European Industry Dynamics and Domestic Business Cycles Harald Oberhofer

Firm Growth, European Industry Dynamics and Domestic Business Cycles Harald Oberhofer University of Salzburg 4. FIW Research Conference International Economics Firm Growth, European Industry Dynamics and Domestic Business Cycles Introduction

172 views • 14 slides
15-16/08/2009 Nicola Galesi 46 History Resolution is a proof system for DNF formulas or a

15-16/08/2009 Nicola Galesi 46 History Resolution is a proof system for DNF formulas or a

15-16/08/2009 Nicola Galesi 46 History Resolution is a proof system for DNF formulas or a refutational Systems for CNF formulas It was introduced by Blake in 1937 and then became important by a work Davis-Putnam and Robinson in the 60s in the

769 views • 75 slides
Time-delay differential equations in machine learning Lyudmila Grigoryeva 1 , Julie Henriques 2 ,

Time-delay differential equations in machine learning Lyudmila Grigoryeva 1 , Julie Henriques 2 ,

Time-delay differential equations in machine learning Lyudmila Grigoryeva 1 , Julie Henriques 2 , Laurent Larger 2 , Juan-Pablo Ortega 3 , 4 1 Universit at Konstanz, Germany 2 Universit e Bourgogne Franche-Comt e, France 3 Centre National

684 views • 54 slides
Q2 2009 CONFERENCE CALL C O R P O R A T E P A R T I C I P A N T S Caution Regarding

Q2 2009 CONFERENCE CALL C O R P O R A T E P A R T I C I P A N T S Caution Regarding

Q2 2009 CONFERENCE CALL C O R P O R A T E P A R T I C I P A N T S Caution Regarding Forward-Looking Statements Viki Lazaris Bank of Montreals public communications often include written or oral forward-looking statements. Statements of BMO

393 views • 22 slides
PERFORMANCE MANAGEMENT SYSTEMS CHAPTER VI PAY FOR PERFORMANCE PERFORMANCE MANAGEMENT SYSTEMS

PERFORMANCE MANAGEMENT SYSTEMS CHAPTER VI PAY FOR PERFORMANCE PERFORMANCE MANAGEMENT SYSTEMS

PERFORMANCE MANAGEMENT SYSTEMS CHAPTER VI PAY FOR PERFORMANCE PERFORMANCE MANAGEMENT SYSTEMS CHAPTER VI PAY FOR PERFORMANCE Objectives: 1. Explain different types of non-traditional pay systems. 2. Understand concept of gain sharing.

395 views • 26 slides

More recommend