A potential vulnerability for integrated circuits (ICs) is the insertion of hardware trojans (HTs) during manufacturing. Understanding the practicability of such an attack can lead to appropriate measures for mitigating it. In this paper, we demonstrate a pragmatic framework for analyzing HT susceptibility of finalized layouts. Our framework is representative of a fabrication-time attack, where the adversary is assumed to have access only to a layout representation of the circuit. The framework inserts trojans into tapeout-ready layouts utilizing an Engineering Change Order (ECO) flow. The attacked security nodes are blindly searched utilizing reverse-engineering techniques. For our experimental investigation, we utilized three crypto-cores (AES-128, SHA-256, and RSA) and a microcontroller (RISC-V) as targets. We explored 96 combinations of triggers, payloads and targets for our framework. Our findings demonstrate that even in high-density designs, the covert insertion of sophisticated trojans is possible. All this while maintaining the original target logic, with minimal impact on power and performance. Furthermore, from our exploration, we conclude that it is too naive to only utilize placement resources as a metric for HT vulnerability. This work highlights that the HT insertion success is a complex function of the placement, routing resources, the position of the attacked nodes, and further design-specific characteristics. As a result, our framework goes beyond just an attack, we present the most advanced analysis tool to assess the vulnerability of HT insertion into finalized layouts.
翻译:集成电路(ICs)的潜在脆弱性是:在制造过程中插入硬件阵列(HTs),在制造过程中插入硬件阵列(HTs),了解这种攻击的实用性,可以导致适当的缓解措施。在本文中,我们展示了分析HT对最终布局的易感性的实用框架。我们的框架代表了一场制造-时间攻击,假设对手只能使用电路的布局代表。这个框架利用工程改变命令(ECO)的流程,将特遣车插入可安装的布局中。被攻击的安全节节点被盲目地搜索,使用反向工程技术进行搜索。为了进行实验性调查,我们使用了三种隐性核心(AES-128、SHS-256和RSA)和微控制器(RISC-V)作为目标。我们探索了96个触发器、有效载荷和目标组合的模拟攻击。我们的调查结果表明,即使高密度设计设计,也有可能隐蔽地插入复杂的特遣队。所有这一切都保持原始目标逻辑,同时尽量减少对权力和业绩的影响。此外,我们从我们最复杂的H型的路径特性特性特性特性分析,我们从这一复杂的H型结构的布局的布局的布局图图图图图表只是利用了我们最复杂的H的图图图图图,我们把的图图图图图图的图的图图表的图表的图图图图的图,我们用来去。