Making Dormant Hardware Trojan Detection Using Back-Scattering Side Channels Practical

Abstract

Malicious hardware changes, a.k.a. hardware Trojans (HTs), are an increasingly important concern because the hardware usually provid,es the base layer of security and trust that all software layers depend on. In other words, a hardware Trojan allows an attacker to,redefine the functionality of the processor, such that even completely secure and trusted software, when executed on that processor,, implements the malicious behavior desired by the attacker. The range of malicious behavior enabled by hardware Trojans is nearly in,finite. A typical HT allows the chip to function normally until a specific ?trigger? sequence of instructions, values, or operating,conditions is encountered. Once triggered, the HT?s malicious ?payload? is activated, implementing the altered behavior of the chip,(control flow diversion, privilege escalation, excessive aging, failure, etc.). In a cyber-physical system, such as a vehicle or a w,eapon system, an attacker who knows the ?trigger? input (specific movement pattern, image, color sequence, etc.) can disable the veh,icle/weapon, or even cause it behave catastrophically. Unfortunately, hardware Trojans have already been discovered in actual milita,ry-grade chips, and the problem is getting worse as the supply chain for integrated circuits(chip) becomes more globally distributed,, and each link in the supply chain can be used to insert hardware Trojans into the chip.Detection of Trojans in actual chips would,ideally be done by non-destructive testing, i.e. without destroying the chip that is subjected to testing, and would find even steal,thy Trojans that are still dormant (not triggered yet). Existing non-destructive and chip-modification-free methods typically rely o,n observing the chip?s power consumption, electromagnetic field fluctuation around the chip, etc. Unfortunately, such signals have l,imited bandwidth (i.e. they carry only limited information about on-chip activity), and they are a combination of all activity on th,e chip. Consequently, these methods can achieve good accuracy in detecting already-activated HTs, but stealthy still-dormant HTs typ,ically elude such methods.To overcome these problems, as a result of our ONR grant N00014-19-1-2287, which is expiring prior to the,beginning of this proposed work, we have proposed new non-destructive post-silicon side-channel-based HT detection techniques, which, use a new side channel based on signal back-scattering to avoid the drawbacks of prior side-channel-based approaches. To our knowle,dge, these are the first off-chip side-channel techniques capable of detecting dormant HTs while tolerating variations that exist ac,ross hardware instances.This proposed project will improve the practicality of our non-destructive post-silicon side-channel based H,T detection techniques. Specifically, we will improve the spatial scanning and signal processing aspects of our most advanced techni,ques, which adaptively choosing the set of positions to maximize HTH detection accuracy while minimizing the scanning time. In this,, we will collaborate with BAH, NSWC, and/or any other ONR-suggested organizations on helping bring these methods into practical use.,Approved for Public Release

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 05, 2022

Source ID

N000142212670

Entities

Tags