research-article

A Pragmatic Methodology for Blind Hardware Trojan Insertion in Finalized Layouts

Authors:

Alexander Hepp,

Samuel Pagliarini,

Georg SiglAuthors Info & Claims

ICCAD '22: Proceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design

Article No.: 69, Pages 1 - 9

https://doi.org/10.1145/3508352.3549452

Published: 22 December 2022 Publication History

Abstract

A potential vulnerability for integrated circuits (ICs) is the insertion of hardware trojans (HTs) during manufacturing. Understanding the practicability of such an attack can lead to appropriate measures for mitigating it. In this paper, we demonstrate a pragmatic framework for analyzing HT susceptibility of finalized layouts. Our framework is representative of a fabrication-time attack, where the adversary is assumed to have access only to a layout representation of the circuit. The framework inserts trojans into tapeoutready layouts utilizing an Engineering Change Order (ECO) flow. The attacked security nodes are blindly searched utilizing reverse-engineering techniques. For our experimental investigation, we utilized three crypto-cores (AES-128, SHA-256, and RSA) and a microcontroller (RISC-V) as targets. We explored 96 combinations of triggers, payloads and targets for our framework. Our findings demonstrate that even in high-density designs, the covert insertion of sophisticated trojans is possible. All this while maintaining the original target logic, with minimal impact on power and performance. Furthermore, from our exploration, we conclude that it is too naive to only utilize placement resources as a metric for HT vulnerability. This work highlights that the HT insertion success is a complex function of the placement, routing resources, the position of the attacked nodes, and further design-specific characteristics. As a result, our framework goes beyond just an attack, we present the most advanced analysis tool to assess the vulnerability of HT insertion into finalized layouts.

References

[1]

Alex Baumgarten, Michael Steffen, Matthew Clausman, and Joseph Zambreno. 2011. A case study in hardware Trojan design and implementation. Int. J. Inf. Secur., 10, 1, (Feb. 1, 2011), 1--14.

Digital Library

[2]

S. Bhasin, J. Danger, S. Guilley, X. T. Ngo, and L. Sauvage. 2013. Hardware Trojan Horses in Cryptographic IP Cores. In 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography. (Aug. 2013), 15--29.

Digital Library

[3]

Jonathan Cruz, Pravin Gaikwad, Abhishek Nair, Prabuddha Chakraborty, and Swarup Bhunia. 2022. Automatic Hardware Trojan Insertion using Machine Learning. (2022). https://arxiv.org/abs/2204.08580 arXiv: 2204.08580.

[4]

Jonathan Cruz, Y. Huang, P. Mishra, and S. Bhunia. 2018. An automated configurable Trojan insertion framework for dynamic trust benchmarks. In 2018 Design, Automation Test in Europe Conference Exhibition (DATE). (Mar. 2018), 1598--1603.

[5]

Chris Drake. 2015. PyEDA: Data Structures and Algorithms for Electronic Design Automation. In Proceedings of the 14th Python in Science Conference. Kathryn Huff and James Bergstra, (Eds.), 25--30.

[6]

Michael Gautschi, Pasquale Davide Schiavone, Andreas Traber, Igor Loi, Antonio Pullini, Davide Rossi, Eric Flamand, Frank K. Gürkaynak, and Luca Benini. 2017. Near-Threshold RISC-V Core With DSP Extensions for Scalable IoT End-point Devices. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 25, 10, (Oct. 2017), 2700--2713.

Digital Library

[7]

Ujjwal Guin et al. 2014. Counterfeit integrated circuits: A rising threat in the global semiconductor supply chain. Proceedings of the IEEE, 102, 8, 1207--1228.

[8]

Aric A. Hagberg, Daniel A. Schult, and Pieter J. Swart. 2008. Exploring Network Structure, Dynamics, and Function using NetworkX. In Proc. SciPy '08, 11--15.

[9]

S. K. Haider, C. Jin, M. Ahmad, D. Shila, O. Khan, and M. van Dijk. 2017. Advancing the State-of-the-Art in Hardware Trojans Detection. In IEEE Transactions on Dependable and Secure Computing. Vol. PP, 1--1.

Digital Library

[10]

Kento Hasegawa, Kazuki Yamashita, Seira Hidano, Kazuhide Fukushima, Kazuo Hashimoto, and Nozomu Togawa. 2022. Node-wise Hardware Trojan Detection Based on Graph Learning, (Mar. 15, 2022). Retrieved Apr. 4, 2022 from arXiv: 2112.02213.

[11]

Alexander Hepp, Johanna Baehr, and Georg Sigl. 2022. Golden Model-Free Hardware Trojan Detection by Classification of Netlist Module Graphs. In 2022 Design, Automation Test in Europe Conference Exhibition (DATE), 1317--1322.

[12]

Alexander Hepp, Tiago Perez, Samuel Pagliarini, and Georg Sigl. 2022. BioHT (Blind Insertion of Hardware Trojans) Tool. https://github.com/Centre-for-Hardware-Security/bio_hardware_trojan.

[13]

Alexander Hepp and Georg Sigl. 2021. Tapeout of a RISC-V crypto chip with hardware trojans: a case-study on trojan design and pre-silicon detectability. In Proceedings of the 18th ACM International Conference on Computing Frontiers. CF '21: Computing Frontiers Conference. (May 11, 2021), 213--220.

Digital Library

[14]

Wei Hu, Armaiti Ardeshiricham, and Ryan Kastner. 2021. Hardware Information Flow Tracking. ACM Comput. Surv., 54, 4, (May 3, 2021), 83:1--83:39.

Digital Library

[15]

Z. Huang, Q. Wang, Y. Chen, and X. Jiang. 2020. A Survey on Machine Learning Against Hardware Trojan Attacks: Recent Advances and Challenges. IEEE Access, 8, 10796--10826.

[16]

R. Karri, J. Rajendran, K. Rosenfeld, and M. Tehranipoor. 2010. Trustworthy Hardware: Identifying and Classifying Hardware Trojans. Computer, 43, 10, (Oct. 2010), 39--46.

Digital Library

[17]

Konstantinos G Liakos, Georgios K Georgakilas, Serafeim Moustakidis, Nicolas Sklavos, and Fotis C Plessas. 2020. Conventional and machine learning approaches as countermeasures against hardware trojan attacks. Microprocessors and Microsystems, 79, 103295.

Digital Library

[18]

Lang Lin, Markus Kasper, Tim Güneysu, Christof Paar, and Wayne Burleson. 2009. Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering. In Cryptographic Hardware and Embedded Systems - CHES 2009. Christophe Clavier and Kris Gaj, (Eds.), 382--395.

Digital Library

[19]

Matthias Ludwig, Ann-Christin Bette, and Bernhard Lippmann. 2021. ViTaL: Verifying Trojan-Free Physical Layouts through Hardware Reverse Engineering. In 2021 IEEE Physical Assurance and Inspection of Electronics (PAINE). 2021 IEEE Physical Assurance and Inspection of Electronics (PAINE). (Nov. 2021), 1--8.

[20]

T. Meade, Y. Jin, M. Tehranipoor, and S. Zhang. 2016. Gate-level netlist reverse engineering for hardware security: Control logic register identification. In 2016 IEEE International Symposium on Circuits and Systems (ISCAS). 2016 IEEE International Symposium on Circuits and Systems (ISCAS), 1334--1337.

Digital Library

[21]

[SW] Travis Meade, Netlist Analysis Toolset (NETA), Mar. 16, 2018. url: https://github.com/jinyier/NetA.

[22]

Travis Meade, Shaojie Zhang, and Yier Jin. 2016. Netlist reverse engineering for high-level functionality reconstruction. In 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC), 655--660.

Digital Library

[23]

Aaron Meurer et al. 2017. SymPy: symbolic computing in Python. PeerJ Computer Science, 3, (Jan. 2017), e103.

[24]

Michael Muehlberghuber, Frank K. Gürkaynak, Thomas Korak, Philipp Dunst, and Michael Hutter. 2013. Red Team vs. Blue Team Hardware Trojan Analysis: Detection of a Hardware Trojan on an Actual ASIC. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP '13) Article 1, 8 pages.

Digital Library

[25]

Daniel Müllner. 2011. Modern hierarchical, agglomerative clustering algorithms. (2011). https://arxiv.org/abs/1109.2378 arXiv: 1109.2378.

[26]

F.N. Najm. 1994. A survey of power estimation techniques in VLSI circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2, 4, (Dec. 1994), 446--455.

Digital Library

[27]

Tiago Perez, Malik Imran, Pablo Vaz, and Samuel Pagliarini. 2021. Side-Channel Trojan Insertion - a Practical Foundry-Side Attack via ECO. In 2021 IEEE International Symposium on Circuits and Systems (ISCAS), 1--5.

[28]

Shahed E. Quadir, Junlin Chen, Domenic Forte, Navid Asadizanjani, Sina Shahbazmohamadi, Lei Wang, John Chandy, and Mark Tehranipoor. 2016. A Survey on Chip to System Reverse Engineering. J. Emerg. Technol. Comput. Syst., 13, 1, Article 6, (Apr. 2016), 6:1--6:34.

Digital Library

[29]

Rachel Selina Rajarathnam, Yibo Lin, Yier Jin, and David Z. Pan. 2020. ReGDS: A Reverse Engineering Framework from GDSII to Gate-level Netlist. In 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 154--163.

[30]

Masoud Rostami, Farinaz Koushanfar, and Ramesh Karri. 2014. A primer on hardware security: Models, methods, and metrics. Proceedings of the IEEE, 102, 8, 1283--1295.

[31]

H. Salmani, M. Tehranipoor, and J. Plusquellic. 2012. A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 20, 1, (Jan. 2012), 112--125.

Digital Library

[32]

Amin Sarihi, Ahmad Patooghy, Peter Jamieson, and Abdel-Hameed A. Badawy. 2022. Hardware Trojan Insertion Using Reinforcement Learning. (2022). arXiv: 2204.04350 [cs.LG].

[33]

Bicky Shakya, Tony He, Hassan Salmani, Domenic Forte, Swarup Bhunia, and Mark Tehranipoor. 2017. Benchmarking of Hardware Trojans and Maliciously Affected Circuits. Journal of Hardware and Systems Security, 1, 1, (Mar. 2017), 85--102.

[34]

Shinya Takamaeda-Yamazaki. 2015. Pyverilog: A Python-Based Hardware Design Processing Toolkit for Verilog HDL. In Applied Reconfigurable Computing (Lecture Notes in Computer Science). Vol. 9040. (Apr. 2015), 451--460.

[35]

Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware trojan taxonomy and detection. IEEE Design and Test of Computers, 27, 1, 10--25.

Digital Library

[36]

Andreas Traber, Florian Zaruba, Sven Stucki, Antonio Pullini, Germain Haugou, Eric Flamand, Frank K. Gürkaynak, and Luca Benini. 2015. PULPino: A small single-core RISC-V SoC. https://github.com/pulp-platform/pulpino.

[37]

T Trippel et al. 2020. ICAS: An Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive Trojans. 2020 IEEE Symposium on Security and Privacy (SP), 1078--1095.

[38]

Nidish Vashistha, Hangwei Lu, Qihang Shi, Damon L. Woodard, Navid Asadizanjani, and Mark Tehranipoor. 2021. Detecting Hardware Trojans using Combined Self Testing and Imaging. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 1--1.

[39]

Xiaoxiao Wang, M. Tehranipoor, and J. Plusquellic. 2008. Detecting malicious inclusions in secure hardware: Challenges and solutions. In Hardware-Oriented Security and Trust, IEEE International Workshop on. (June 2008), 15--19.

Digital Library

[40]

Xinmu Wang, Seetharam Narasimhan, Aswin Krishna, Tatini Mal-Sarkar, and Swarup Bhunia. 2011. Sequential hardware Trojan: Side-channel aware design and placement. In 2011 IEEE 29th International Conference on Computer Design (ICCD). 2011 IEEE 29th International Conference on Computer Design (ICCD). (Oct. 2011), 297--300.

Digital Library

[41]

K. Xiao, D. Forte, Y. Jin, R. Karri, S. Bhunia, and M. Tehranipoor. 2016. Hardware Trojans: Lessons Learned After One Decade of Research. ACM Trans. Des. Autom. Electron. Syst., 22, 1, Article 6, (May 2016), 6:1--6:23.

Digital Library

[42]

Mingfu Xue, Chongyan Gu, Weiqiang Liu, Shichao Yu, and Máire O'Neill. 2020. Ten years of hardware Trojans: a survey from the attacker's perspective. English. IET Computers & Digital Techniques, 14, 6, (Nov. 2020), 231--246, 6, (Nov. 2020).

[43]

S. Yu, W. Liu, and M. O'Neill. 2019. An Improved Automatic Hardware Trojan Generation Platform. In 2019 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). (July 2019), 302--307.

Cited By

Talukdar JVyas AChakrabarty K(2025)Detection of Voltage Droop-Induced Timing Fault Attacks Due to Hardware TrojansIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.341839544:1(280-293)Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1109/TCAD.2024.3418395
Pagliarini SAikata AImran MSinha Roy SQuek TGao DZhou JCardenas A(2024)REPQC: Reverse Engineering and Backdooring Hardware Accelerators for Post-quantum CryptographyProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657016(533-547)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657016
Sarihi APatooghy AJamieson PBadawy A(2024)Trojan playground: a reinforcement learning framework for hardware Trojan insertion and detectionThe Journal of Supercomputing10.1007/s11227-024-05963-880:10(14295-14329)Online publication date: 18-Mar-2024
https://dl.acm.org/doi/10.1007/s11227-024-05963-8
Show More Cited By

Index Terms

A Pragmatic Methodology for Blind Hardware Trojan Insertion in Finalized Layouts
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Malicious design modifications
    2. Hardware reverse engineering

Recommendations

T-TER: Defeating A2 Trojans with Targeted Tamper-Evident Routing
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security

Since the inception of the Integrated Circuit (IC), the size of the transistors used to construct them has continually shrunk. While this advancement significantly improves computing capability, fabrication costs have skyrocketed. As a result, most IC ...
Hardware Trojan Insertion in Finalized Layouts: From Methodology to a Silicon Demonstration
Owning a high-end semiconductor foundry is a luxury very few companies can afford. Thus, fabless design companies outsource integrated circuit fabrication to third parties. Within foundries, rogue elements may gain access to the customer’s layout ...
Remote dynamic partial reconfiguration

The advent of the Internet of Things has motivated the use of Field Programmable Gate Array(FPGA) devices with Dynamic Partial Reconfiguration(DPR) capabilities for dynamic non-invasive modifications to circuits implemented on the FPGA. In particular, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICCAD '22: Proceedings of the 41st IEEE/ACM International Conference on Computer-Aided Design

October 2022

1467 pages

ISBN:9781450392174

DOI:10.1145/3508352

Conference Chair:
Tulika Mitra
National University of Singapore
,
Program Chairs:
Evangeline Young
The Chinese University of Hong Kong
,
Jinjun Xiong
University at Buffalo (UB)

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGDA: ACM Special Interest Group on Design Automation

In-Cooperation

IEEE-EDS: Electronic Devices Society
IEEE CAS
IEEE CEDA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 December 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

European Union's Horizon 2020 research and innovation programme
European Social Fund

Conference

ICCAD '22

Sponsor:

SIGDA

ICCAD '22: IEEE/ACM International Conference on Computer-Aided Design

October 30 - November 3, 2022

California, San Diego

Acceptance Rates

Overall Acceptance Rate 457 of 1,762 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
183
Total Downloads

Downloads (Last 12 months)69
Downloads (Last 6 weeks)5

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Talukdar JVyas AChakrabarty K(2025)Detection of Voltage Droop-Induced Timing Fault Attacks Due to Hardware TrojansIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.341839544:1(280-293)Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1109/TCAD.2024.3418395
Pagliarini SAikata AImran MSinha Roy SQuek TGao DZhou JCardenas A(2024)REPQC: Reverse Engineering and Backdooring Hardware Accelerators for Post-quantum CryptographyProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3657016(533-547)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3657016
Sarihi APatooghy AJamieson PBadawy A(2024)Trojan playground: a reinforcement learning framework for hardware Trojan insertion and detectionThe Journal of Supercomputing10.1007/s11227-024-05963-880:10(14295-14329)Online publication date: 18-Mar-2024
https://dl.acm.org/doi/10.1007/s11227-024-05963-8
Eslami MKnechtel JSinanoglu OKarri RPagliarini SChinnery DHui-Ru Jiang I(2023)Benchmarking Advanced Security Closure of Physical LayoutsProceedings of the 2023 International Symposium on Physical Design10.1145/3569052.3578924(256-264)Online publication date: 26-Mar-2023
https://dl.acm.org/doi/10.1145/3569052.3578924
Perez TPagliarini S(2023)Hardware Trojan Insertion in Finalized Layouts: From Methodology to a Silicon DemonstrationIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.322384642:7(2094-2107)Online publication date: 1-Jul-2023
https://dl.acm.org/doi/10.1109/TCAD.2022.3223846
Saravanan VCharrwi MSaeed S(2023)Revisiting Trojan Insertion Techniques for Post-Silicon Trojan Detection Evaluation2023 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI59464.2023.10238669(1-6)Online publication date: 20-Jun-2023
https://doi.org/10.1109/ISVLSI59464.2023.10238669

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten