Professional Documents
Culture Documents
Cairo University
ORIGINAL ARTICLE
a
Computer Engineering, Engineering & Technology Collage, AASTMT, Cairo, Egypt
b
Computer & Systems Engineering, Faculty of Engineering, Ain Shams University, Cairo, Egypt
A R T I C L E I N F O A B S T R A C T
Article history: The problem of hardware Trojans is becoming more serious especially with the widespread of
Received 16 September 2013 fabless design houses and design reuse. Hardware Trojans can be embedded on chip during
Received in revised form 27 manufacturing or in third party intellectual property cores (IPs) during the design process.
November 2013 Recent research is performed to detect Trojans embedded at manufacturing time by comparing
Accepted 28 November 2013 the suspected chip with a golden chip that is fully trusted. However, Trojan detection in third
Available online 6 December 2013 party IP cores is more challenging than other logic modules especially that there is no golden
chip. This paper proposes a new methodology to detect/prevent hardware Trojans in third party
Keywords: IP cores. The method works by gradually building trust in suspected IP cores by comparing the
Trojan outputs of different untrusted implementations of the same IP core. Simulation results show
Third party IP that our method achieves higher probability of Trojan detection over a naive implementation
Attacker of simple voting on the output of different IP cores. In addition, experimental results show that
Chips the proposed method requires less hardware overhead when compared with a simple voting
technique achieving the same degree of security.
ª 2013 Production and hosting by Elsevier B.V. on behalf of Cairo University.
Input 1
MUX 2 physical inspection is very sophisticated and costs a lot. Tro-
S1 D
Output jans are activated under rare conditions so normal function
Input 2 testing is not sufficient to detect them.
S2 It is mandatory to provide methods that resolve the trust
AND
Trigger issues among fabrication facilities, designers, and end users.
C ENB 0 Designers need to assure that their designs are not altered
while maintaining fabrication facilities technology secrets and
Fig. 1 ‘‘SAZ’’ hardware Trojan.
third party IP core design properties.
Voting vb2
b3
Circuit
for b2
b2 Yes 1 Output of bit x
IP 2 b1 No
b0
Voting vb1
Circuit
for b1 0 Output of bit x x=x+1 Yes
b3
b2 Voting
IP 3 b1 Circuit
vb0
for b0
b0
End No x<n
Fig. 3 Voting circuit.
Start
x=0
Count Weights of IPs that
generate One
Get bit x from each IPs
Count Weights of IPs that
generate Zero
Weight of Ones
Count number of Ones
Yes > No
Count number of Zeros
Weight of Zeros
Num. of Ones
1 Output of bit x Yes > No
Num. of Zeros
Increment IP Weight
by one for any bit =1 Divide IP Weight by Increment IP Weight
0 Output of bit x
2 for any bit = 1 by one for any bit =0
Yes
Divide IP Weight
by 2 for any bit = 0
x=x+1 x<n
No
End
weighted IP core bit. Each IP core initial weight counter is zero Simulation
as explained in Eq. (4). After each cycle, voting algorithm cal-
culates sum of weights for each IP cores resulting logical one A lightweight Java simulator application is developed from
and sum of weights for each IP cores resulting logical zero. scratch using Java Programming Language to simulate trigger-
Then it compares both sums as explained in Eqs. (5) and (6). ing Trojans in odd number of IP cores, do both majority vot-
The higher sum will be considered the correct result bit and ing techniques on the output and generate needed statistics.
the voted output, and the lower sum is the infected IP cores Input for simulation process is 4 values:
bit. Weight counters are increased by one for all IP cores which
produce the same result as clear bit as explained in Eq. (7), and 1. Trojan Trigger Probability Array (TTP): it is a fraction
the weight counters of disagreeing result IP cores are divided number less than 1 to represent the Trojan trigger probabil-
by 2 (right shifted) as explained in Eq. (8). It is done to simplify ity in each IP core.
voting circuit hardware implementation. This technique pro- 2. Number of IPs (Nips): It is a positive odd number to repre-
duces supreme results especially when using a minimum num- sent how many IP cores will be used in our simulation.
ber of IP cores. 3. IP Word Length (WL): it is positive number to represent
Wjinitial ¼ 0 ð4Þ the word length for the used IP cores.
X 4. Total number of Samples (Ns): it is a positive integer num-
Wj½b ¼ 0 ¼ Wbx ð5Þ ber to represent the total number of simulation samples.
b¼0
2. Probability of detection (PD) = number of detected Tro- PDw: Probability of detection for weighted voting.
jans (Ndt)/number of generated Trojans (Ngt) as explained Pfps: Probability of false positives for simple voting.
in Eq. (10). Pfpw: Probability of false positives for weighted voting.
PD ¼ Ndt=Ngt ð10Þ Pfns: Probability of false negatives for simple voting.
Pfnw: Probability of false negatives for weighted voting.
3. Number of false positives (Nfps): It occurs if the reported
IP core has no Trojan. Table 2 shows that weighted voting is showing a better
4. Number of false negatives (Nfpn): It occurs if there is no security performance than simple voting especially if there is
reported Trojan (alarm) while the final output is infected. higher trust in the used IP cores. It is also noticed that
5. Probability of successful attacks (PS) = number infected weighted voting is producing minimal false negatives than sim-
results (Ntr)/number of generated alarms (Na) as explained ple voting. Regarding false positives, both of them are almost
in Eq. (11). producing the same results.
PS ¼ Ntr=Na ð11Þ
Experiment (2)
Three main experiments have been achieved to measure the Rfp ¼ Pfps=Pfpw ð13Þ
effectiveness of our proposed voting techniques and measure
the hardware overheads: Rfn ¼ Pfns=Pfnw ð14Þ
Experiment (1)
Experiment (3)
AES IP core: This core represents an advanced encryption ICs. In: Proceedings of the 18th ACM Great Lakes symposium
standard (AES) core with 128 bits key. It supports 128 bits on VLSI, GLSVLSI ’08; 2008. p. 363–6.
plain text port. [8] Banga M, Hsiao M. A novel sustained vector technique for
the detection of hardware Trojans. In: Proceedings of the
22nd international conference on VLSI design; 2009. p. 327–
32.
Conclusions [9] Banga M, Hsiao M. Vitamin: voltage inversion technique to
ascertain malicious insertions in ICs. In: Proceedings of the
We have showed the methodology that aims to dynamically IEEE international workshop on hardware-oriented security
protect from hardware Trojans embedded in third party IP and trust, HST ’09; 2009. p. 104–7.
cores during regular operation. The method operates at run- [10] Du D, Narasimhan S, Chakraborty R, Bhunia S. Self-
referencing: a scalable side-channel approach for hardware
time instead of the traditional test-time techniques. Also, we
Trojan detection. In: Proceedings of the 12th international
aim to protect from Trojans without the availability of golden
conference on cryptographic hardware and embedded systems,
reference IP core. We presented both simple and weighted CHES’10; 2010. p. 173–87.
majority voting among different implementations of the same [11] Jin Y, Makris Y. Hardware Trojan detection using path delay
IP core from different vendors. In contrast to simple voting, fingerprint. In: Proceedings of the IEEE international workshop
weighted voting gives a higher voting weight to more trusted on hardware-oriented security and trust; 2008. p. 51–7.
IP cores. Initial trust levels in the IP cores are initially set by [12] Koushanfar F, Mirhoseini A, Alkabani Y. A unified sub-
the user; however, they are automatically fine-tuned at run modular framework for multimodal IC Trojan detection. In:
time. Proceedings of the 12th international conference on information
We studied security performance and the hardware imple- hiding, IH’10; 2010. p. 17–32.
[13] Potkonjak M, Nahapetian A, Nelson M, Massey T. Hardware
mentation overhead of both voting methods. Experimental re-
Trojan horse detection using gate-level characterization. In:
sults showed that the weighted voting method using three IP
Proceedings of the 46th annual design automation conference,
cores variants are almost equivalent to the simple voting using DAC ’09; 2009. p. 688–93.
nine IP cores variants. This justified the lower hardware over- [14] Alkabani Y, Koushanfar F. Consistency-based characterization
head of the weighted voting method despite the higher com- for IC Trojan detection. In: Proceedings of the 2009
plexity of the weighted voting circuit over simple voting. international conference on computer-aided design, ICCAD
’09; 2009. p. 123–7.
Conflict of interest [15] Rad R, Plusquellic J, Tehranipoor M. A sensitivity analysis of
power signal methods for detecting hardware Trojans under real
process and environmental conditions. In: IEEE trans very large
The authors have declared no conflict of interest. scale integr syst, vol. 20; 2010. p. 1735–44.
[16] Rajendran J, Jyothi V, Sinanoglu O, Karri R. Design and
References analysis of ring oscillator based design-for-trust technique.
In: 2011 IEEE 29th VLSI test symposium (VTS); 2011. p.
[1] Waksman A, Sethumadhavan S. Silencing hardware backdoors. 105–10.
In: Proceedings of the 2011 IEEE symposium on security and [17] Salmani H, Tehranipoor M, Plusquellic J. New design strategy
privacy, SP ’11. IEEE Computer Society; 2011. p. 49–63. for improving hardware Trojan detection and reducing Trojan
[2] Tehranipoor M, Koushanfar F. A survey of hardware Trojan activation time. In: Proceedings of the IEEE international
taxonomy and detection. In: IEEE des test, vol. 27; 2010. p. 10– workshop on hardware-oriented security and trust, HOST ’09;
25. 2009. p. 66–73.
[3] Beaumont M, Hopkins B, Newby T. Hardware Trojans– [18] Zhang X, Tehranipoor M. Case study: detecting hardware
prevention, detection, countermeasures. DSTO, defense science Trojans in third-party digital IP cores. In: 2011 IEEE
and technology organization, PO Box 1500, Edinburgh, South international symposium on hardware-oriented security and
Australia 5111, Australia, 2011. trust (HOST); 2011. p. 67–70.
[4] Tehranipoor M, Salmani H, Zhang X, Wang X, Karri R, [19] McIntyre D, Wolff F, Papachristou C, Bhunia S. Dynamic
Rajendran J, et al. Trustworthy hardware: Trojan detection and evaluation of hardware trust. In: IEEE international symposium
design for-trust challenges. Computer 2011;44(7):66–74. on hardware-oriented security and trust; 2009. p. 108–11.
[5] Wang X, Salmani H, Tehranipoor M, Plusquellic J. Hardware [20] Baumgarten A, Tyagi A, Zambreno J. Preventing IC piracy
Trojan detection and isolation using current integration and using reconfigurable logic barriers. In: IEEE des test, vol. 27(1);
localized current analysis. In: Proceedings of the IEEE 2010. p. 66–75.
international symposium on defect and fault tolerance of VLSI [21] Newgard B, Hoffman C. Using multiple processors in a single
systems; 2008. p. 87–95. reconfigurable fabric for high-assurance applications. In: HOST.
[6] Wei S, Potkonjak M. Scalable hardware Trojan diagnosis. IEEE IEEE Computer Society; 2010. p. 25–9.
transactions on very large scale integration (VLSI) systems, (99); [22] Beaumont M, Hopkins B, Newby T. Safer path: security
2011. p. 1–9. architecture using fragmented execution and replication for
[7] Banga M, Chandrasekar M, Fang L, Hsiao M. Guided test protection against Trojaned hardware. In: DATE. IEEE; 2012.
generation for isolation and detection of embedded Trojans in p. 1000–5.