Hardware Trojans in Wireless Cryptographic Integrated Circuits

Abstract

We study the problem of hardware Trojans in wireless cryptographic integrated circuits, wherein the objective is to leak secret information (i.e. the encryption key) through the wireless channel. Using a mixed-signal system-on-chip, consisting of a DES encryption core and a UWB transmitter, we demonstrate the following three key findings of this study: i) Simple malicious modifications to the digital part of a wireless cryptographic chip suffice to leak information without changing the more sensitive analog part. We demonstrate two hardware Trojan examples, which leak the encryption key by manipulating the transmission amplitude or frequency. ii) Such hardware Trojans do not change the functionality of the digital part or the performances of the analog part and their impact on the wireless transmission parameters can be hidden within the fabrication process variations. Hence, neither traditional manufacturing testing nor recently proposed hardware Trojan detection methods will expose them. iii) For the attacker to be able to discern the leaked information from the legitimate signal, effective hardware Trojans must impose some structure to the transmission parameters. While this structure is not known to the defender, advanced statistical analysis of these parameters (i.e. transmission power), may reveal its existence and, thereby, expose the hardware Trojan.