Hardware Trojan (computing)
Encyclopedia
A hardware Trojan is a malicious modification of the circuitry of an integrated circuit
. A hardware Trojan is completely characterized by its physical representation and its behavior.
The payload of an HTH is the entire activity that the Trojan executes when it is triggered. In general, malicious Trojans try to bypass or disable the security fence of a system: It can leak confidential information by radio emission. HTHs also could disable, derange or destroy the entire chip or components of it.
The size of a Trojan is its physical extension or the number of components it is made of. Because a Trojan can consist of many components, the designer can distribute the parts of a malicious logic on the chip. The additional logic can occupy the chip wherever it is needed to modify, add or remove a function. If the function of the Trojan demands it, on the one hand malicious components can be scattered. This is called loose distribution. On the other hand a Trojan can consist of only few components, so the area is small where the malicious logic occupies the layout of the chip. In contrast this is called tight distribution.
If the adversary spares no effort, then he regenerates the layout, so that the placement of the components of the IC is altered. In rare cases the chip dimension is altered. These changes are structural alterations.
or counter circuit activating the Trojan.
Hardware Trojans can be triggered in different ways. A Trojan can be internally-activated, that means it monitors one or more signals inside the IC
. The malicious circuitry could wait for a count down logic an attacker added to the chip, so that the Trojan awakes after a specific timespan. The opposite is externally-activated. There can be malicious logic inside a chip, that uses an antenna or other sensors the adversary can reach from outside the chip. For example a Trojan could be inside the control system of a cruising missile
. The owner of the missile does not know, that the enemy will be able to switch off the rockets by radio
.
A Trojan which is always-on can be a reduced wire. A chip that is modified in this way produces errors or fails every time the wire is used intensely. Always-on circuits are hard to detect with power traces.
In this context combinational Trojans and sequential Trojans are distinguished. A combinational Trojan monitors internal signals until a specific condition happens. A sequential Trojan is also an internally-activated condition-based circuit, but it monitors the internal signals and searches for sequences not for a specific state or condition like the combinational Trojans do.
(LIVA) or charge induced voltage alteration
(CIVA).
(BIST) or Design-for-test (DFT) is additional functionality within the chip used to verify functionality of the chip. BIST and DFT are implemented as additional circuitry (logic in the chip) to monitor signals, input stimulus, and/or assist in detection of defects. On the one hand these techniques are used to detect manufacturing errors, but could possibly be used to detect unintended (malicious) logic on the chip. Depending upon the purpose of the BIST, it could possibly be used to detect the presence of unintended (malicious) logic, but this would be highly dependant upon the BIST functionality itself. BIST functionality often exists to perform at-speed (high speed) verification where it is not possible to use scan chains or other low-speed DFT capabilities. It is more likely that DFT would be appropriate to recognize unintended logic. A genuine chip generates a familiar signature, but a defect or altered chip displays an unknown signature. Note, the signature can be any number of data outputs from the chip: an entire scan chain or intermediate data result. Most modern chips will fuse or disable (through hardware configuration) the ability for chip to perform BIST or DFT outside of a manufacturing environment; this is important because DFT or BIST could, itself, be used in a subversive attack on the chip.
Integrated circuit
An integrated circuit or monolithic integrated circuit is an electronic circuit manufactured by the patterned diffusion of trace elements into the surface of a thin substrate of semiconductor material...
. A hardware Trojan is completely characterized by its physical representation and its behavior.
The payload of an HTH is the entire activity that the Trojan executes when it is triggered. In general, malicious Trojans try to bypass or disable the security fence of a system: It can leak confidential information by radio emission. HTHs also could disable, derange or destroy the entire chip or components of it.
Background
Today's business is global and for this reason outsourcing tasks is a common method to increase companies revenues. That is why embedded hardware devices are produced abroad. But outsourcing poses a serious threat, especially for government agencies. Typically threatened sectors are the military, finance, power or the political sector. The hardware integrity, i.e. a chip has no modifications in comparison with the original chip design, is not ensured. Everyone that has access to the manufacturing process of a chip can do malicious alterations to the design. The fabrication of integrated circuits that are manufactured in untrustworthy factories is common. An adversary tries to hide the additional components, hence advanced detection techniques are necessary.Characterisation of Hardware Trojans
A HTH can be characterized by its physical representation, activation phase and its action phase.Physical Characteristics
One of this physical Trojan characteristics is the type. The type of a Trojan can be either functional or parametric. A Trojan is functional if the adversary adds or deletes any transistors or gates to the original chip design. The other kind of Trojan, the parametric Trojan, modifies the original circuitry, e.g. thinning of wires, weakening of flip-flops or transistors, subjecting the chip to radiation, or using Focused Ion-Beams (FIB) to reduce the reliability of a chip.The size of a Trojan is its physical extension or the number of components it is made of. Because a Trojan can consist of many components, the designer can distribute the parts of a malicious logic on the chip. The additional logic can occupy the chip wherever it is needed to modify, add or remove a function. If the function of the Trojan demands it, on the one hand malicious components can be scattered. This is called loose distribution. On the other hand a Trojan can consist of only few components, so the area is small where the malicious logic occupies the layout of the chip. In contrast this is called tight distribution.
If the adversary spares no effort, then he regenerates the layout, so that the placement of the components of the IC is altered. In rare cases the chip dimension is altered. These changes are structural alterations.
Activation Characteristics
The typical Trojan is condition-based: It is triggered by sensors, internal logic states, a particular input pattern or an internal counter value. Condition-based Trojans are detectable with power traces to some degree when inactive. That is due to the leakage currents generated by the triggerTrigger
-Technology:* Trigger , a mechanism that actuates the firing of firearms* Image trigger, a device used in highspeed cameras* Schmitt trigger, an electronic circuit* Trigger circuit, IBM's name for a flip-flop...
or counter circuit activating the Trojan.
Hardware Trojans can be triggered in different ways. A Trojan can be internally-activated, that means it monitors one or more signals inside the IC
Ic
IC, ic, or i.c. may stand for:In computing and technology:* .ic.gov, a second-level domain name administered by the US Government for members of the intelligence community* Integrated circuit* Initial condition...
. The malicious circuitry could wait for a count down logic an attacker added to the chip, so that the Trojan awakes after a specific timespan. The opposite is externally-activated. There can be malicious logic inside a chip, that uses an antenna or other sensors the adversary can reach from outside the chip. For example a Trojan could be inside the control system of a cruising missile
Missile
Though a missile may be any thrown or launched object, it colloquially almost always refers to a self-propelled guided weapon system.-Etymology:The word missile comes from the Latin verb mittere, meaning "to send"...
. The owner of the missile does not know, that the enemy will be able to switch off the rockets by radio
Radio
Radio is the transmission of signals through free space by modulation of electromagnetic waves with frequencies below those of visible light. Electromagnetic radiation travels by means of oscillating electromagnetic fields that pass through the air and the vacuum of space...
.
A Trojan which is always-on can be a reduced wire. A chip that is modified in this way produces errors or fails every time the wire is used intensely. Always-on circuits are hard to detect with power traces.
In this context combinational Trojans and sequential Trojans are distinguished. A combinational Trojan monitors internal signals until a specific condition happens. A sequential Trojan is also an internally-activated condition-based circuit, but it monitors the internal signals and searches for sequences not for a specific state or condition like the combinational Trojans do.
Action Characteristics
A HTH could modify the chip's function or changes the chip's parametric properties (e.g. provokes a process delay). Confidential information can also be transmitted to the adversary (transmission of key information).Peripheral Device Hardware Trojan Horses
A relatively new threat vector to networks and network endpoints is a HTH appearing as a physical peripheral device that is designed to interact with the network endpoint using the approved peripheral device's communication protocol. For example, a USB keyboard that hides all malicious processing cycles from the target network endpoint to which it is attached by communicating with the target network endpoint using unintended USB channels. Once sensitive data is exfiltrated from the target network endpoint to the HTH, the HTH can process the data and decide what to do with it: store it to memory for later physical retrieval of the HTH or possibly exfiltrate it to the internet wirelessly or using the compromised network endpoint as a pivot.,Potential of Threat
A common Trojan is passive for the most timespan an altered device is in use, but the activation can cause a fatal damage. If a Trojan is activated the functionality can be changed, the device can be destroyed or disabled, it can leak confidential information or tear down the security and safety. Trojans are stealthy, that means the precondition for activation is a very rare event. Traditional testing techniques are not sufficient. A manufacturing fault happens at a random position while malicious changes are well placed to avoid detection.Physical Inspection
First, the molding coat is cut to reveal the circuitry. Then, the engineer repeatedly scans the surface while grinding the layers of the chip. There are several operations to scan the circuitry. Typical visual inspection methods are: scanning optical microscopy (SOM), scanning electron microscopy (SEM), pico-second imaging circuit analysis (PICA), voltage contrast imaging (VCI), light induced voltage alterationLight induced voltage alteration
Light induced voltage alteration is a semiconductor analysis technique that uses a laser or infrared light source to induce voltage changes in a device while scanning the beam of light across its surface...
(LIVA) or charge induced voltage alteration
Charge Induced Voltage Alteration
Charge induced voltage alteration is a technique which uses a scanning electron microscope to locate open conductors on CMOS integrated circuits...
(CIVA).
Functional Testing
This detection method stimulates the input ports of a chip and monitors the output to detect manufacturing faults. If the logic values of the output do not match the genuine pattern, then a defect or a Trojan could be found.Built-In-Self-Test
Built-in self-testBuilt-in self-test
A built-in self-test or built-in test is a mechanism that permits a machine to test itself. Engineers design BISTs to meet requirements such as:*high reliability*lower repair cycle timesor constraints such as:...
(BIST) or Design-for-test (DFT) is additional functionality within the chip used to verify functionality of the chip. BIST and DFT are implemented as additional circuitry (logic in the chip) to monitor signals, input stimulus, and/or assist in detection of defects. On the one hand these techniques are used to detect manufacturing errors, but could possibly be used to detect unintended (malicious) logic on the chip. Depending upon the purpose of the BIST, it could possibly be used to detect the presence of unintended (malicious) logic, but this would be highly dependant upon the BIST functionality itself. BIST functionality often exists to perform at-speed (high speed) verification where it is not possible to use scan chains or other low-speed DFT capabilities. It is more likely that DFT would be appropriate to recognize unintended logic. A genuine chip generates a familiar signature, but a defect or altered chip displays an unknown signature. Note, the signature can be any number of data outputs from the chip: an entire scan chain or intermediate data result. Most modern chips will fuse or disable (through hardware configuration) the ability for chip to perform BIST or DFT outside of a manufacturing environment; this is important because DFT or BIST could, itself, be used in a subversive attack on the chip.
Side Channel Analyses
Every device that is electrically active emits different signals like magnetic and electric fields. Those signals, that are caused by the electric activity, can be analyzed to gain information about the state and the data which the device processes. Advanced methods to measure this side-effects have been developed and they are very sensitive (side-channel attack). Hence, it is possible to detect tightly coupled Trojans via measurement of this analog signals. The measured values can be used as a signature for the analyzed device. It is also common that a set of measured values is evaluated to avoid measurement errors or other inaccuracies.Literature
- Mainak Banga and Michael S. Hsiao: A Region Based Approach for the Identification of Hardware Trojans, Bradley Department of Electrical and Computer Engineering, Virginia Tech., Host'08, 2008
- A. L. D’Souza and M. Hsiao: Error diagnosis of sequential circuits using region-based model, Proceedings of the IEEE VLSI Design Conference, January, 2001, pp. 103-108.
- C. Fagot, O. Gascuel, P. Girard and C. Landrault: On Calculating Efficient LFSR Seeds for Built-In Self Test, Proc. Of European Test Workshop, 1999, pp 7–14
- G. Hetherington, T. Fryars, N. Tamarapalli, M. Kassab, A. Hassan and J. Rajski: Logic BIST for large industrial designs, real issues and case studies, ITC, 1999, pp. 358-367
- W. T. Cheng, M. Sharma, T. Rinderknecht and C. Hill: Signature Based Diagnosis for Logic BIST, ITC 2006, Oct. 2006, pp. 1-9
- Rajat Subhra Chakraborty, Somnath Paul and Swarup Bhunia: On-Demand Transparency for Improving Hardware Trojan Detectability, Department of Electrical Engineering and Computer Science, Case Western Reserve University, Cleveland, OH, USA
- Yier Jin and Yiorgos Makris: Hardware Trojan Detection Using Path Delay Fingerprint, Department of Electrical Engineering Yale University, New Haven
- Reza Rad, Mohammad Tehranipoor and Jim Plusquellic: Sensitivity Analysis to Hardware Trojans using Power Supply Transient Signals, 1st IEEE International Workshop on Hardware-Oriented Security and Trust (HOST'08), 2008
- Dakshi Agrawal, Selcuk Baktir, Deniz Karakoyunlu, Pankaj Rohatgi and Berk Sunar: Trojan Detection using IC Fingerprinting, IBM T.J. Watson Research Center, Yorktown Heights, Electrical \& Computer Engineering Worcester Polytechnic Institute, Worcester, Massachusetts, Nov 10, 2006
- Xiaoxiao Wang, Mohammad Tehranipoor and Jim Plusquellic: Detecting Malicious Inclusions in Secure Hardware, Challenges and Solutions, 1st IEEE International Workshop on Hardware-Oriented Security and Trust (HOST'08), 2008
- Miron Abramovici and Paul Bradley: Integrated Circuit Security - New Threats and Solutions