Soft-HaT

ACM Transactions on Design Automation of Electronic Systems (TODAES) Pub Date : 2020-06-23 DOI:10.1145/3396521

Md. Mahbub Alam, Adib Nahiyan, Mehdi Sadi, Domenic Forte, M. Tehranipoor

{"title":"Soft-HaT","authors":"Md. Mahbub Alam, Adib Nahiyan, Mehdi Sadi, Domenic Forte, M. Tehranipoor","doi":"10.1145/3396521","DOIUrl":null,"url":null,"abstract":"A hardware Trojan is a malicious modification to an integrated circuit (IC) made by untrusted third-party vendors, fabrication facilities, or rogue designers. Although existing hardware Trojans are designed to be stealthy, they can, in theory, be detected by post-manufacturing and acceptance tests due to their physical connections to IC logic. Manufacturing tests can potentially trigger the Trojan and propagate its payload to an output. Even if the Trojan is not triggered, the physical connections to the IC can enable detection due to additional side-channel activity (e.g., power consumption). In this article, we propose a novel hardware Trojan design, called Soft-HaT, which only becomes physically connected to other IC logic after activation by a software program. Using an electrically programmable fuse (E-fuse), the hardware can be “re-programmed” remotely. We illustrate how Soft-HaT can be used for offensive applications in system-on-chips. Examples of Soft-HaT attacks are demonstrated on an open source system-on-chip (OrpSoC) and implemented in Virtex-7 FPGA to show their efficacy in terms of stealthiness.","PeriodicalId":6933,"journal":{"name":"ACM Transactions on Design Automation of Electronic Systems (TODAES)","volume":"37 1","pages":"1 - 22"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Design Automation of Electronic Systems (TODAES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3396521","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

A hardware Trojan is a malicious modification to an integrated circuit (IC) made by untrusted third-party vendors, fabrication facilities, or rogue designers. Although existing hardware Trojans are designed to be stealthy, they can, in theory, be detected by post-manufacturing and acceptance tests due to their physical connections to IC logic. Manufacturing tests can potentially trigger the Trojan and propagate its payload to an output. Even if the Trojan is not triggered, the physical connections to the IC can enable detection due to additional side-channel activity (e.g., power consumption). In this article, we propose a novel hardware Trojan design, called Soft-HaT, which only becomes physically connected to other IC logic after activation by a software program. Using an electrically programmable fuse (E-fuse), the hardware can be “re-programmed” remotely. We illustrate how Soft-HaT can be used for offensive applications in system-on-chips. Examples of Soft-HaT attacks are demonstrated on an open source system-on-chip (OrpSoC) and implemented in Virtex-7 FPGA to show their efficacy in terms of stealthiness.

查看原文本刊更多论文

硬件木马是由不受信任的第三方供应商、制造设施或流氓设计人员对集成电路(IC)进行的恶意修改。虽然现有的硬件木马被设计成隐形的，但理论上，由于它们与IC逻辑的物理连接，它们可以通过制造后和验收测试被检测到。制造测试可能会触发木马并将其有效载荷传播到输出。即使木马没有被触发，由于额外的侧通道活动(例如，功耗)，与IC的物理连接也可以启用检测。在本文中，我们提出了一种新的硬件木马设计，称为Soft-HaT，它只有在软件程序激活后才与其他IC逻辑物理连接。使用电子可编程保险丝(E-fuse)，硬件可以远程“重新编程”。我们将说明如何将Soft-HaT用于芯片上系统中的攻击性应用程序。在一个开源的片上系统(OrpSoC)上演示了软帽攻击的示例，并在Virtex-7 FPGA中实现，以显示其在隐身性方面的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Design Automation of Electronic Systems (TODAES)

自引率

0.00%

发文量