The Hardware Trojan War by Swarup Bhunia & Mark M. Tehranipoor

Author:Swarup Bhunia & Mark M. Tehranipoor
Language: eng
Format: epub
Publisher: Springer International Publishing, Cham

Unlike arithmetic circuits which can be defined with one general specification polynomial, a general IP can be represented by a set of polynomials extracting from the golden IP. The golden netlist (specification) is partitioned into several regions, and each region is converted to a polynomial. The output of each region is either input of a flip-flop (clock, enable, reset, etc.) or one of the primary outputs. The inputs of a region are either from primary inputs or inputs/outputs of flip-flops. Then, corresponding equations (based on Fig. 8.9) of gates inside a region are combined to construct one polynomial representing the functionality of the region. Similarly, the implementation polynomials are driven by modeling every gate except flip-flops from the untrusted design as a polynomial.

To detect a Trojan, each polynomial f spec i from set is reduced over a subset of polynomials from set to check membership of every polynomial f spec i in ideal I constructed from polynomials from set (). The process continues until f spec i is reduced either to zero polynomial or a remainder polynomial which contains primary inputs as well as flip-flop’s inputs/outputs. The non-zero remainder indicates that implementation does not correctly implement the functionality of f spec i and that part of the implementation is suspicious. Note that, based on Gröbner basis theory, when the remainder is zero for a specific region, the region is safe. In other words, it is not possible for a smart attacker to insert malicious gates in a way that the remainder becomes zero. By using this approach, a set of malicious regions is identified. Suppose the adversary inserts some extra flip-flops as part of Trojans. These buggy flip-flops do not have any correspondence in the specification. In other words, there is no f spec i which describes their inputs’ functionality. Therefore, the corresponding region in the implementation is also considered as a suspicious region. However, scan-chain flip-flops can easily be detected and removed from suspicious candidates because of their structures. To identify the gates that most likely are responsible for the malicious activity, gates which are contributing to the construction of safe regions (regions which have zero remainders) are removed from suspicious regions. This technique reduces the number of suspicious gates. Figure 8.12 shows the pruning procedure of suspicious gates.

Fig. 8.12Potential Trojan gates are equal to: Gates suspicious = (Gates faulty − Gates safe) ∪ Gates unused

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.