The threat of hardware Trojans (HTs) and their detection is a widely studied field. While the effort for inserting a Trojan into an application-specific integrated circuit (ASIC) can be considered relatively high, especially when trusting the chip manufacturer, programmable hardware is vulnerable to Trojan insertion even after the product has been shipped or during usage. At the same time, detecting dormant HTs with small or zero-overhead triggers and payloads on these platforms is still a challenging task, as the Trojan might not get activated during the chip verification using logical testing or physical measurements. In this work, we present a novel Trojan detection approach based on a technique known from integrated circuit (IC) failure analysis, capable of detecting virtually all classes of dormant Trojans. Using laser logic state imaging (LLSI), we show how supply voltage modulations can awaken inactive Trojans, making them detectable using laser voltage imaging techniques. Therefore, our technique does not require triggering the Trojan. To support our claims, we present two case studies on 28 nm SRAM- and flash-based field-programmable gate arrays (FPGAs). We demonstrate how to detect with high confidence small changes in sequential and combinatorial logic as well as in the routing configuration of FPGAs in a non-invasive manner. Finally, we discuss the practical applicability of our approach on dormant analog Trojans in ASICs.
翻译:硬金字塔(HT)的威胁及其探测是一个广泛研究的领域。 将特洛伊木马插入一个具体应用集成电路( ASIC) 的努力可以说是相当高的, 特别是在信任芯片制造商的情况下, 可编程的硬件即使在产品发运或使用期间也易被插入Trojan。 同时, 以小型或零顶级触发器和有效载荷探测这些平台上的小或零顶级触发器和有效载荷, 仍然是一项具有挑战性的任务, 因为特洛伊在使用逻辑测试或物理测量来进行芯片核查时可能不会被激活。 在这项工作中, 我们根据综合电路(IC)故障分析所知道的技术, 能够探测几乎所有类型的休眠特洛伊人。 使用激光逻辑成像( LLSI) 我们展示了供应伏调调调调调调调调调调能能如何唤醒不活跃的Trojan。 因此, 我们的技术并不需要触发Trojan。 为了支持我们的要求, 我们提出了两个关于基于本地的特洛伊探测方法的案例研究。 我们展示了28 nSRM- 和闪现的Trographal- prographlan- prographram- glas Laral 将如何在高的定位中, 我们用一个不甚甚高的逻辑阵列式的逻辑阵列中, 展示了我们如何在高的轨道上, 我们用高压式的轨道阵列中, 。
相关内容
微信扫码咨询专知VIP会员