Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
0 0 0 0 0 0 0 0 0 0
Trojan Software Trojan & its types Hardware Trojan Trigger Mechanism Hardware Trojan Actions Classification on the base of location of Trojan Design Phases of Hardware Trojan Prevention Trojan Detection- Destructive & Non-Destructive Way Examples of Hardware Trojan
Trojans
Trojan means playing any trick that causes a target to invite a foe(unknowingly) into a securely protected space.
Trojan
Software Trojans
Hardware
Trojans
Software Trojan
Software Trojan is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage
Hardware Trojan
It a malicious addition or modification to the existing circuit elements that can change the functionality, reduce the reliability, or leak valuable information which can be inserted at any phase of the IC design
activates a Trojan to perform a specific task. Payload: It is responsible for the malicious activity of the trojan.
Once inserted into a system most Hardware Trojans will lie dormant until activated (or triggered) to perform malicious activity.
Trigger Mechanism
Always On
Trigger
Externally Triggered
Internally Triggered
Always ON
0 Trojans that are always-on consists of only the payload
part.
Examples: 0 Leaking data through a circuit based side channel 0 Devices on a wafer are modified to wear out after a certain time period (Reliability based Hardware Trojan)
Externally Triggered
0 External triggers rely on some interaction with the
outside world, distinct from the system that the target device is integrated within 0 embedding a receiver or antenna within a target device 0 On-chip sensors that could monitor the external environment, including sensing temperature, voltages, EMI, humidity, and altitude.
Externally Triggered
0 A trigger may also come from another component that
Internally Triggered
0 Internally triggered Hardware Trojans rely on some
Internally Triggered
Combinational Activation
Sequential Activation
Combinational Activation
0 A Hardware Trojan is activated when certain values
are detected simultaneously at specific internal circuit nodes within a device a trigger state. 0 This type of trigger mechanism can be implemented solely by combinational logic. 0 e.g A specific address on bus triggers the Hardware Trojan
Sequential Activation
0 Sequentially triggered Hardware Trojans rely on a
Modify Specification
Leak Information
Modify Functionality
Denial of Service
Modify Functionalities
0 Add logic
0 Remove logic
0 Bypass Logic 0 Change Content of programmable ROM
Modify Specification
0 Change Target ICs parametric properties
Leak Information
0 Transmit information without knowledge to the user
Denial of Service
0 Trojan that affect service by exhausting scarce
Location
Memory
I/0
Processor
Power Supply
Clock Grid
Design
Fabrication
Prevention
Trojan Detection
Trojan Detection
Destructive Method
Non-Destructive Method
creates local changes in resistance. 0 Change in Resistance causes the change in voltage 0 Digital record of voltage versus scanner position produces LIVA image.
sample of chips in the production line. 0 Destructive methods of validating an IC are extremely expensive with respect to time and cost and technology intensive, with validation of a single IC taking months
Non-Destructive Method
the effect of an inserted Trojan on a measurable physical quantity like: the supply current path delays Amount of heat produced in certain locations
a fingerprint for the IC. 0 The Trojan does not need to be activated in order to be detected.
circuit with just a few logic gates which causes minimal impact on circuit power or delay. Thus it can easily evade sidechannel detection techniques
ICs with the same mask and manufactured in the same unit). 2. Run sufficient I/O tests multiple times on the selected ICs so as to exercise all of their expected circuitry and collect one or more side-channel signals from the ICs during these tests. 3. Use these side-channel signals to build a sidechannel fingerprint for the IC family.
Shadow Register
0 x 0 0 y
0
0 0
0 x 0 0 y
0
0 1
0 000000
0 000001 0 001000 0 001001 0 001100 0 001101 0 010000
0 100000
0 100001 0 101000 0 101001 0 101100 0 101101 0 110000
0 010001
0 011000 0 011001
0 110001
0 111000 0 111001
0 011100
0 011101
0 111100
0 111101
0 x 0 0 y
0
0 1
Build in Test
Ring Oscillator
R01 R02
Examples
Assume a chip receives encrypted commands from an RF channel and stores the value in a register for subsequent decryption
Adversary transmits "code" that causes activation - missile detonates before reaching its target
References
0 TRUSTWORTHY HARDWARE: IDENTIFYING AND CLASSIFYING HARDWARE TROJANS - Ramesh Karri and Jeyavijayan Rajendran, Kurt Rosenfeld, Mohammad
Tehranipoo
0 Hardware Trojan Detection Using Path Delay Fingerprint - Yier Jin, Yiorgos
Makris
0 Detecting Malicious Inclusions in Secure Hardware: Challenges and Solutions - Xiaoxiao Wang, Mohammad Tehranipoor and Jim Plusquellic 0 Trojan Detection using IC Fingerprinting - Dakshi Agrawal, Selcuk Baktr,Deniz
Karakoyunlu, Pankaj Rohatgi, Berk Sunar
0 Hardware Trojan Horse Detection Using Gate-Level Characterization Miodrag Potkonjak, Ani Nahapetian, Michael Nelson, Tammara Massey
0 Design and Analysis of Ring Oscillator based Design-for-Trust technique Jeyavijayan Rajendran, Vinayaka Jyothi, Ozgur Sinanoglu & Ramesh Karri
References
0 Hardware Trojan Detection Solutions and Design-for-Trust Challenges Mohammad Tehranipoor, Hassan Salmani, Xuehui Zhang, Xiaoxiao Wang, Ramesh Karri, Jeyavijayan Rajendran, and Kurt Rosenfeld
0 At-Speed Delay Characterization for IC Authentication and Trojan Horse Detection - Jie Li, John Lach 0 A Survey of Hardware Trojan Taxonomy and Detection - Mohammad Tehranipoor,
Farinaz Koushanfar
Thank You