skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: ENTT/ENTTR: A Family of Improved Emerging NVM-Based Trojan Triggers and Resets
Hardware Trojans in Integrated Circuits (ICs), that are inserted as hostile modifications in the design phase and/or the fabrication phase, are a security threat since the semiconductor manufacturing process is increasingly becoming globalized. These Trojans are devised to stay hidden during standard structural and functional testing procedures and only activate under pre-determined rare conditions (e.g., after a large number of clock cycles or the assertion of an improbable net). Once triggered, they can deliver malicious payloads (e.g., denial-of-service and information leakage attacks). Current literature identifies a collection of logic Trojans (both trigger circuits and payloads), but minimal research exists on memory Trojans despite their high feasibility. Emerging Non-Volatile Memories (NVMs), such as Resistive RAM (RRAM), have special properties such as non-volatility and gradual drift in bitcell resistance under a pulsing voltage input that make them prime targets to deploy hardware Trojans. In this paper, we present two delay-based and two voltage-based Trojan triggers using emerging NVM (ENTT) by utilizing RRAM’s resistance drift under a pulsing voltage input. Simulations show that ENTTs can be triggered by reading/writing to a specific memory address N times (N could be 2,500–3,500 or a different value for each ENTT design). Since the RRAM is non-volatile, address accesses can be intermittent and therefore stay undetected from system-level techniques that can identify continuous hammering as a possible security threat. We also present three reset techniques to de-activate the triggers. The resulting static/dynamic power overhead and maximum area overhead incurred by the proposed ENTTs are 104.24 μW/0.426 μW and 9.15 μm2, respectively in PTM 65 nm technology. ENTTs are effective against contemporary Trojan detection techniques and system level protocols. We also propose countermeasures to detect ENTT during the test phase and/or prevent fault-injection attacks during deployment.  more » « less
Award ID(s):
1723687 1821766 1814710 1718474
PAR ID:
10330057
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
Frontiers in Nanotechnology
Volume:
4
ISSN:
2673-3013
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, Proceedings GOMACTech)
    One aspect of system security is evaluating a system’s vulnerability to Trojan attack. A hardware Trojan attack can have potentially devastating effects, especially given the increased reliance on integrated circuits within critical systems. A significant amount of research concerns attacks on digital systems, but attacks on AMS and RF systems have recently been of interest as well. A class of Trojans has been proposed that uses undesired alternate modes of operation in nonlinear systems as the Trojan payload. These Trojans are of particular interest because they do not cause deviations from the ideal system performance and cannot be detected until the Trojan is triggered. This work addresses this class of Trojans by listing different payloads, trigger mechanisms, and examples of system architectures vulnerable to attack. 
    more » « less
  2. ; ; (, Journal of Cryptographic Engineering)
    Abstract The threat of (HTs) and their detection is a widely studied field. While the effort for inserting a Trojan into an (ASIC) can be considered relatively high, especially when trusting the chip manufacturer, programmable hardware is vulnerable to Trojan insertion even after the product has been shipped or during usage. At the same time, detecting dormant HTs with small or zero-overhead triggers and payloads on these platforms is still a challenging task, as the Trojan might not get activated during the chip verification using logical testing or physical measurements. In this work, we present a novel Trojan detection approach based on a technique known from (IC) failure analysis, capable of detecting virtually all classes of dormant Trojans. Using (LLSI), we show how supply voltage modulations can awaken inactive Trojans, making them detectable using laser voltage imaging techniques. Therefore, our technique does not require triggering the Trojan. To support our claims, we present three case studies on 28 nm and 20 nm SRAM- and flash-based (FPGAs). We demonstrate how to detect with high confidence small changes in sequential and combinatorial logic as well as in the routing configuration of FPGAs in a non-invasive manner. Finally, we discuss the practical applicability of our approach on dormant analog Trojans in ASICs. 
    more » « less
  3. ; ; (, ACM Transactions on Design Automation of Electronic Systems)
    null (Ed.)
    Due to the globalization of semiconductor manufacturing and test processes, the system-on-a-chip (SoC) designers no longer design the complete SoC and manufacture chips on their own. This outsourcing of the design and manufacturing of Integrated Circuits (ICs) has resulted in several threats, such as overproduction of ICs, sale of out-of-specification/rejected ICs, and piracy of Intellectual Properties (IPs). Logic locking has emerged as a promising defense strategy against these threats. However, various attacks about the extraction of secret keys have undermined the security of logic locking techniques. Over the years, researchers have proposed different techniques to prevent existing attacks. In this article, we propose a novel attack that can break any logic locking techniques that rely on the stored secret key. This proposed TAAL attack is based on implanting a hardware Trojan in the netlist, which leaks the secret key to an adversary once activated. As an untrusted foundry can extract the netlist of a design from the layout/mask information, it is feasible to implement such a hardware Trojan. All three proposed types of TAAL attacks can be used for extracting secret keys. We have introduced the models for both the combinational and sequential hardware Trojans that evade manufacturing tests. An adversary only needs to choose one hardware Trojan out of a large set of all possible Trojans to launch the TAAL attack. 
    more » « less
  4. ; (, Asia and South Pacific Design Automation Conference (ASP-DAC))
    Hardware Trojans are serious threat to security and reliability of computing systems. It is hard to detect these malicious implants using traditional validation methods since an adversary is likely to hide them under rare trigger conditions. While existing statistical test generation methods are promising for Trojan detection, they are not suitable for activating extremely rare trigger conditions in stealthy Trojans. To address the fundamental challenge of activating rare triggers, we propose a new test generation paradigm by mapping trigger activation problem to clique cover problem. The basic idea is to utilize a satisfiability solver to construct a test corresponding to each maximal clique. This paper makes two fundamental contributions: 1) it proves that the trigger activation problem can be mapped to clique cover problem, 2) it proposes an efficient test generation algorithm to activate trigger conditions by repeated maximal clique sampling. Experimental results demonstrate that our approach is scalable and it outperforms state-of-the-art approaches by several orders-of-magnitude in detecting stealthy Trojans. 
    more » « less
  5. ; (, IEEE)
    Globalized outsourcing of integrated circuit manufacturing has introduced potent security threats such as unauthorized overproduction and hardware Trojan insertion. An approach that is used to protect circuit designs from overproduction is logic locking, which introduces key inputs to a digital circuit such that only the correct key will allow the circuit to work properly and all others will cause unintended functionality. On the other hand, the majority of the existing methods to tackle hardware Trojans are in the realm of proactive prevention or static detection, but a more challenging problem, which is the run-time mitigation of the Trojans inserted in a zero-trust design flow, is yet to be solved. In this work, we look through the lens of logic locking with the goal of introducing online reconfigurability into a design and apply the fundamental principles of fault tolerance and state traversal to create an effective mitigation tactic against hardware Trojans. Redundancy is inserted at low-controllable states to create trap states for the attackers, and key inputs are added to select the active path. The strength of our proposed approach lies in its ability to circumvent Trojan payloads transparently at run-time with only a slight overhead, as demonstrated by experiments run on over 40 benchmarks of varying sizes. We also demonstrate viability when combined with secure logic locking methods to provide multi-objective security. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email