Sei sulla pagina 1di 60

Content

0 0 0 0 0 0 0 0 0 0

Trojan Software Trojan & its types Hardware Trojan Trigger Mechanism Hardware Trojan Actions Classification on the base of location of Trojan Design Phases of Hardware Trojan Prevention Trojan Detection- Destructive & Non-Destructive Way Examples of Hardware Trojan

Trojans

Trojan means playing any trick that causes a target to invite a foe(unknowingly) into a securely protected space.

Trojan

Software Trojans

Hardware

Trojans

Software Trojan

Software Trojan is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage

Types of Software Trojan


0 Remote Access Trojans

0 Data Sending Trojans


0 Destructive Trojans 0 Proxy Trojans 0 FTP Trojans 0 Security software disabler Trojans 0 Denial-of-service attack (DoS) Trojans

Hardware Trojan

It a malicious addition or modification to the existing circuit elements that can change the functionality, reduce the reliability, or leak valuable information which can be inserted at any phase of the IC design

Trojans that are triggered usually requires two parts:


Trigger: It acts like a sensing circuitry, which

activates a Trojan to perform a specific task. Payload: It is responsible for the malicious activity of the trojan.

Once inserted into a system most Hardware Trojans will lie dormant until activated (or triggered) to perform malicious activity.

Trigger Mechanism
Always On
Trigger
Externally Triggered
Internally Triggered

Always ON
0 Trojans that are always-on consists of only the payload

part.

Examples: 0 Leaking data through a circuit based side channel 0 Devices on a wafer are modified to wear out after a certain time period (Reliability based Hardware Trojan)

Externally Triggered
0 External triggers rely on some interaction with the

outside world, distinct from the system that the target device is integrated within 0 embedding a receiver or antenna within a target device 0 On-chip sensors that could monitor the external environment, including sensing temperature, voltages, EMI, humidity, and altitude.

Externally Triggered
0 A trigger may also come from another component that

is externally connected, e.g., a connected memory device

Internally Triggered
0 Internally triggered Hardware Trojans rely on some

specific internal state of the target device being reached

Internally Triggered

Combinational Activation

Sequential Activation

Combinational Activation
0 A Hardware Trojan is activated when certain values

are detected simultaneously at specific internal circuit nodes within a device a trigger state. 0 This type of trigger mechanism can be implemented solely by combinational logic. 0 e.g A specific address on bus triggers the Hardware Trojan

Sequential Activation
0 Sequentially triggered Hardware Trojans rely on a

sequence of events occurring for activation.

Hardware Trojan Actions

Modify Specification

Leak Information

Modify Functionality

Denial of Service

Modify Functionalities
0 Add logic

0 Remove logic
0 Bypass Logic 0 Change Content of programmable ROM

Modify Specification
0 Change Target ICs parametric properties

Clock or timing parameters Power usage

0 Done by directly influencing internsic IC properties

that of wire and transistor geometry

Leak Information
0 Transmit information without knowledge to the user

RF RS232 JTAG interface Optical Thermal Power

Denial of Service
0 Trojan that affect service by exhausting scarce

resources such as bandwidth 0 Disable partial or all power supply to a device

Location

Memory

I/0

Processor

Power Supply

Clock Grid

Specification Testing and Assembling

Design

Fabrication

Prevention

Trojan Detection

Trojan Detection

Destructive Method

Non-Destructive Method

Trojan DetectionDestructive Method


Techniques: 0 Scanning optical microscopy(SOM) 0 Scanning Electron Microscope (SEM) 0 Voltage Contrast imaging(VCI) 0 Light-induced voltage alternation(LIVA) 0 Charge induced Voltage alternation(CIVA)

Light-induced voltage alternation(LIVA)


0 Optical beam generates photocarriers at focal point.

0 Photoconductive effect in integrated circuit (IC)

creates local changes in resistance. 0 Change in Resistance causes the change in voltage 0 Digital record of voltage versus scanner position produces LIVA image.

Trojan DetectionDestructive Method


0 These techniques are ineffective in nanometer domain

0 Hacker is most likely to modify only a small random

sample of chips in the production line. 0 Destructive methods of validating an IC are extremely expensive with respect to time and cost and technology intensive, with validation of a single IC taking months

Non-Destructive Method

Built in TEST Side-Channel Analysis Logical Analysis

Trojan DetectionSide-Channel Analysis


0 The sidechannel analysis based techniques utilize

the effect of an inserted Trojan on a measurable physical quantity like: the supply current path delays Amount of heat produced in certain locations

Trojan DetectionSide-Channel Analysis


0 Such a measured circuit parameter can be referred as

a fingerprint for the IC. 0 The Trojan does not need to be activated in order to be detected.

Trojan DetectionSide-Channel Analysis


0 An intelligent adversary can craft a very small Trojan

circuit with just a few logic gates which causes minimal impact on circuit power or delay. Thus it can easily evade sidechannel detection techniques

Trojan DetectionSide-Channel Analysis


1. Select a few ICs at random from a family of ICs (i.e.,

ICs with the same mask and manufactured in the same unit). 2. Run sufficient I/O tests multiple times on the selected ICs so as to exercise all of their expected circuitry and collect one or more side-channel signals from the ICs during these tests. 3. Use these side-channel signals to build a sidechannel fingerprint for the IC family.

Trojan DetectionSide-Channel Analysis


Destructively test the selected ICs to validate that they are compliant to the original specifications. 5. All other ICs from the same family are nondestructively validated by subjecting them to the same I/O tests and validating that their side-channel signals are consistent with the side-channel fingerprint of the family.
4.

100 MHz Real Circuit(Green)

500 Khz Trojan Circuit (Blue)

Shadow Register

Logic Test Based Approach

0 x 0 0 y

0
0 0

0 x 0 0 y

0
0 1

0 000000
0 000001 0 001000 0 001001 0 001100 0 001101 0 010000

0 100000
0 100001 0 101000 0 101001 0 101100 0 101101 0 110000

0 010001
0 011000 0 011001

0 110001
0 111000 0 111001

0 011100
0 011101

0 111100
0 111101

0 x 0 0 y

0
0 1

Build in Test

Ring Oscillator

R01 R02

Examples

Assume a chip receives encrypted commands from an RF channel and stores the value in a register for subsequent decryption

Adversary transmits "code" that causes activation - missile detonates before reaching its target

Cell Phone Hardware Trojan

References
0 TRUSTWORTHY HARDWARE: IDENTIFYING AND CLASSIFYING HARDWARE TROJANS - Ramesh Karri and Jeyavijayan Rajendran, Kurt Rosenfeld, Mohammad
Tehranipoo

0 Hardware Trojan- Prevention, Detection & countermeasures - Mark


Beaumont, Bradley Hopkins and Tristan Newby

0 Hardware Trojan Detection Using Path Delay Fingerprint - Yier Jin, Yiorgos
Makris

0 Detecting Malicious Inclusions in Secure Hardware: Challenges and Solutions - Xiaoxiao Wang, Mohammad Tehranipoor and Jim Plusquellic 0 Trojan Detection using IC Fingerprinting - Dakshi Agrawal, Selcuk Baktr,Deniz
Karakoyunlu, Pankaj Rohatgi, Berk Sunar

0 Hardware Trojan Horse Detection Using Gate-Level Characterization Miodrag Potkonjak, Ani Nahapetian, Michael Nelson, Tammara Massey

0 Design and Analysis of Ring Oscillator based Design-for-Trust technique Jeyavijayan Rajendran, Vinayaka Jyothi, Ozgur Sinanoglu & Ramesh Karri

References
0 Hardware Trojan Detection Solutions and Design-for-Trust Challenges Mohammad Tehranipoor, Hassan Salmani, Xuehui Zhang, Xiaoxiao Wang, Ramesh Karri, Jeyavijayan Rajendran, and Kurt Rosenfeld

0 At-Speed Delay Characterization for IC Authentication and Trojan Horse Detection - Jie Li, John Lach 0 A Survey of Hardware Trojan Taxonomy and Detection - Mohammad Tehranipoor,
Farinaz Koushanfar

Thank You

Potrebbero piacerti anche