skip to main content


Title: Design of AI Trojans for Evading Machine Learning-based Detection of Hardware Trojans
The globalized semiconductor supply chain significantly increases the risk of exposing System-on-Chip (SoC) designs to malicious implants, popularly known as hardware Trojans. Traditional simulation-based validation is unsuitable for detection of carefully-crafted hardware Trojans with extremely rare trigger conditions. While machine learning (ML) based Trojan detection approaches are promising due to their scalability as well as detection accuracy, ML-based methods themselves are vulnerable from Trojan attacks. In this paper, we propose a robust backdoor attack on ML-based Trojan detection algorithms to demonstrate this serious vulnerability. The proposed framework is able to design an AI Trojan and implant it inside the ML model that can be triggered by specific inputs. Experimental results demonstrate that the proposed AI Trojans can bypass state-of-the-art defense algorithms. Moreover, our approach provides a fast and cost-effective solution in achieving 100% attack success rate that significantly outperforms state-of-the art approaches based on adversarial attacks.  more » « less
Award ID(s):
1908131
NSF-PAR ID:
10354090
Author(s) / Creator(s):
;
Date Published:
Journal Name:
Design, Automation & Test in Europe Conference & Exhibition (DATE)
Page Range / eLocation ID:
682 to 687
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Due to the globalization of Integrated Circuit supply chain, hardware Trojans and the attacks that can trigger them have become an important security issue. One type of hardware Trojans leverages the “don’t care transitions” in Finite-state Machines (FSMs) of hardware designs. In this article, we present a symbolic approach to detecting don’t care transitions and the hidden Trojans. Our detection approach works at both register-transfer level (RTL) and gate level, does not require a golden design, and works in three stages. In the first stage, it explores the reachable states. In the second stage, it performs an approximate analysis to find the don’t care transitions and any discrepancies in the register values or output lines due to don’t care transitions. The second stage can be used for both predicting don’t care triggered Trojans and for guiding don’t care aware reachability analysis. In the third stage, it performs a state-space exploration from reachable states that have incoming don’t care transitions to explore the Trojan payload and to find behavioral discrepancies with respect to what has been observed in the first stage. We also present a pruning technique based on the reachability of FSM states. We present a methodology that leverages both RTL and gate-level for soundness and efficiency. Specifically, we show that don’t care transitions and Trojans that leverage them must be detected at the gate-level, i.e., after synthesis has been performed, for soundness. However, under specific conditions, Trojan payload exploration can be performed more efficiently at RTL. Additionally, the modular design of our approach also provides a fast Trojan prediction method even at the gate level when the reachable states of the FSM is known a priori . Evaluation of our approach on a set of benchmarks from OpenCores and TrustHub and using gate-level representation generated by two synthesis tools, YOSYS and Synopsis Design Compiler (SDC), shows that our approach is both efficient (up to 10× speedup w.r.t. no pruning) and precise (0% false positives both at RTL and gate-level netlist) in detecting don’t care transitions and the Trojans that leverage them. Additionally, the total analysis time can achieve up to 1.62× (using YOSYS) and 1.92× (using SDC) speedup when synthesis preserves the FSM structure, the foundry is trusted, and the Trojan detection is performed at RTL. 
    more » « less
  2. One aspect of system security is evaluating a system’s vulnerability to Trojan attack. A hardware Trojan attack can have potentially devastating effects, especially given the increased reliance on integrated circuits within critical systems. A significant amount of research concerns attacks on digital systems, but attacks on AMS and RF systems have recently been of interest as well. A class of Trojans has been proposed that uses undesired alternate modes of operation in nonlinear systems as the Trojan payload. These Trojans are of particular interest because they do not cause deviations from the ideal system performance and cannot be detected until the Trojan is triggered. This work addresses this class of Trojans by listing different payloads, trigger mechanisms, and examples of system architectures vulnerable to attack. 
    more » « less
  3. null (Ed.)
    Reliability and trustworthiness are dominant factors in designing System-on-Chips (SoCs) for a variety of applications. Malicious implants, such as hardware Trojans, can lead to undesired information leakage or system malfunction. To ensure trustworthy computing, it is critical to develop efficient Trojan detection techniques. While existing delay-based side-channel analysis is promising, it is not effective due to two fundamental limitations: (i) The difference in path delay between the golden design and Trojan inserted design is negligible compared with environmental noise and process variations. (ii) Existing approaches rely on manually crafted rules for test generation, and require a large number of simulations, making it impractical for industrial designs. In this paper, we propose a novel test generation method using reinforcement learning for delay-based Trojan detection. This paper makes three important contributions. 1) Unlike existing methods that rely on the delay difference of a few gates, our proposed approach utilizes critical path analysis to generate test vectors that can maximize the side-channel sensitivity. 2) To the best of our knowledge, our approach is the first attempt in applying reinforcement learning for efficient test generation to detect Trojans using delay-based analysis. 3) Our experimental results demonstrate that our method can significantly improve both side-channel sensitivity (59% on average) and test generation time (17x on average) compared to state-of-the-art test generation techniques. 
    more » « less
  4. null (Ed.)
    Due to globalized semiconductor supply chain, there is an increasing risk of exposing System-on-Chip (SoC) designs to malicious implants, popularly known as hardware Trojans. Unfortunately, traditional simulation-based validation using millions of test vectors is unsuitable for detecting stealthy Trojans with extremely rare trigger conditions due to exponential input space complexity of modern SoCs. There is a critical need to develop efficient Trojan detection techniques to ensure trustworthy SoCs. While there are promising test generation approaches, they have serious limitations in terms of scalability and detection accuracy. In this paper, we propose a novel logic testing approach for Trojan detection using an effective combination of testability analysis and reinforcement learning. Specifically, this paper makes three important contributions. 1) Unlike existing approaches, we utilize both controllability and observability analysis along with rareness of signals to significantly improve the trigger coverage. 2) Utilization of reinforcement learning considerably reduces the test generation time without sacrificing the test quality. 3) Experimental results demonstrate that our approach can drastically improve both trigger coverage (14.5% on average) and test generation time (6.5 times on average) compared to state-of-the-art techniques. 
    more » « less
  5. Side-channel analysis is widely used for hardware Trojan detection in integrated circuits by analyzing various side-channel signatures, such as timing, power and path delay. Existing delay-based side-channel analysis techniques have two major bottlenecks: (i) they are not suitable in detecting Trojans since the delay difference between the golden design and a Trojan inserted design is negligible, and (ii) they are not effective in creating robust delay signatures due to reliance on random and ATPG based test patterns. In this paper, we propose an efficient test generation technique to detect Trojans using delay-based side channel analysis. This paper makes two important contributions. (1) We propose an automated test generation algorithm to produce test patterns that are likely to activate trigger conditions, and change critical paths. Compared to existing approaches where delay difference is solely based on extra gates from a small Trojan, the change of critical paths by our approach will lead to significant difference in path delay. (2) We propose a fast and efficient reordering technique to maximize the delay deviation between the golden design and Trojan inserted design. Experimental results demonstrate that our approach significantly outperforms state-of-the-art approaches that rely on ATPG or random test patterns for delay-based side-channel analysis. 
    more » « less