Trojan Detection using IC Fingerprinting

2007 IEEE Symposium on Security and Privacy (SP '07) Pub Date : 2007-05-20 DOI:10.1109/SP.2007.36

D. Agrawal, S. Baktir, Deniz Karakoyunlu, P. Rohatgi, B. Sunar

{"title":"Trojan Detection using IC Fingerprinting","authors":"D. Agrawal, S. Baktir, Deniz Karakoyunlu, P. Rohatgi, B. Sunar","doi":"10.1109/SP.2007.36","DOIUrl":null,"url":null,"abstract":"Hardware manufacturers are increasingly outsourcing their IC fabrication work overseas due to their much lower cost structure. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication. We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling to construct a set of fingerprints/or an IC family utilizing side- channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints. We describe the theoretical framework and present preliminary experimental results to show that this approach is viable by presenting results obtained by using power simulations performed on representative circuits with several different Trojan circuitry. These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques. While scaling our technique to detect even smaller Trojans in complex ICs with tens or hundreds of millions of transistors would require certain modifications to the IC design process, our results provide a starting point to address this important problem.","PeriodicalId":131863,"journal":{"name":"2007 IEEE Symposium on Security and Privacy (SP '07)","volume":"358 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"768","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE Symposium on Security and Privacy (SP '07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2007.36","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 768

Abstract

Hardware manufacturers are increasingly outsourcing their IC fabrication work overseas due to their much lower cost structure. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication. We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling to construct a set of fingerprints/or an IC family utilizing side- channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints. We describe the theoretical framework and present preliminary experimental results to show that this approach is viable by presenting results obtained by using power simulations performed on representative circuits with several different Trojan circuitry. These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques. While scaling our technique to detect even smaller Trojans in complex ICs with tens or hundreds of millions of transistors would require certain modifications to the IC design process, our results provide a starting point to address this important problem.

查看原文本刊更多论文

基于IC指纹的木马检测

硬件制造商越来越多地将他们的IC制造工作外包到海外，因为他们的成本结构要低得多。这对用于关键军事和商业应用的集成电路构成了重大的安全风险。攻击者可以利用这种失控来替代真正的特洛伊木马ic，或者在用于制造的设计或掩模中插入特洛伊木马电路。我们展示了从旁信道密码分析中借鉴的一种技术可以用来缓解这个问题。我们的方法使用噪声建模来构建一组指纹/或利用侧通道信息(如功率，温度和电磁(EM)剖面)的IC系列。指纹集可以使用一批中的几个ic来开发，只有这些ic必须进行侵入性测试，以确保它们都是真实的。使用针对指纹的统计测试来验证其余ic。我们描述了理论框架，并提出了初步的实验结果，通过在几种不同的特洛伊电路的代表性电路上进行功率模拟得到的结果，表明这种方法是可行的。这些结果表明，通过信号处理技术可以检测到比主电路小3-4个数量级的木马。虽然扩展我们的技术以检测具有数千万或数亿晶体管的复杂IC中的更小的木马程序需要对IC设计过程进行某些修改，但我们的结果为解决这一重要问题提供了一个起点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2007 IEEE Symposium on Security and Privacy (SP '07)

自引率

0.00%

发文量