rus
Issue #8/2016
E.Kuznetsov, A.Saurov
Hardware Trojans. Part 2: examples of implementation, methods of insertion and activation
Hardware Trojans. Part 2: examples of implementation, methods of insertion and activation
In the second part of a series of articles devoted to hardware Trojan examples of their implementation and insertion into integrated circuits are given.
Теги: hardware backdoor hardware trojan malicious modification аппаратная закладка аппаратный троян кибербезопасность несанкционированная модификация
Hardware Trojans have only recently come in view of researchers, therefore, there is relatively little published data on their actual implementation, and only a few publications have undertaken an in-depth examination of the effects of their attacks. The following are considering the most interesting approaches to the implementation of hardware Trojans.
Paper [1] gives two of the most common approaches to creating malicious processors. The authors show how the electric circuits of hardware Trojans can be embedded in the processor to carry out such attacks as the theft of passwords, access privileges extension and automatic logins to the system. It presents a common platform to support a wide range of attacks with the possibility of their dynamic update. Two modifications are installed into the central processor to implement a mechanism that provides an attacker access to the protected memory area, and the shadow mode allowing an attacker to perform a silent embedded software. The Paper describes the attack on the login which allows the attacker a complete high level access to the processor. The attack is fulfilled with the help of a malicious modification based on the circuit by using only 1341 gates. For the first time the authors show the way of the implementation of hardware Trojan that can be used as a common programmed platform for the attacks. They show embedding of such a modification on the VHDL level (Hardware Description Language) and IC modelling and synthesis for the platform based on the 3 Leon SPARC 40 MHz processor have been conducted. Detection of this hardware Trojan by analysing the perturbations introduced by it into analogue and digital signals has been considered. In particular, it is noted that the operating system determines the software component of the memory access mechanism and it can detect a signal delay associated with the introduction of a modification. Also paper [1] shows common approaches to ensure the protection against these malicious processors.
In order to study how to embed hardware Trojans annual CSAW (Cyber Security Awareness Week) conferences are held at the Polytechnic Institute of New York University. As part of this conference, competitions between the teams for embedding and searching embedded hardware systems (Embedded System Challenge) are organized. In 2008 the task was given to gain access to the FPGA-based ALPHA cryptographic unit by introducing a set of hardware Trojans, while the device must be tested for validity. The participants of the competition received the source HDL-code and were given one month for development. Two teams won, one of which developed a mechanism for leaks of secret keys via the input-output channel but the other team organized of DoS attack. To synthesize all the projects considered in the competition, the hardware Trojans were embedded at the stage of IC development phase in 90% of cases, 50% of them were activated by the user, and 75% of hardware Trojans were embedded in the input-output circuits [2].
Paper [3] analyses the space of design objectives of hardware Trojans and a scheme of fewer than 50 gates is offered generating power output which can serve as a side channel for clandestine leakage of confidential information. The technology called MOLES (Malicious Off-chip Leakage Enabled by Side-channels) has been implemented in the cryptographic 45 nm IC based on the AES algorithm. The use of the spread-spectrum technique in the development of the MOLES hardware Trojan allowed to carry out reading out a multi-bit data on the basis of power consumption analysis with the sensitivity of below the level of IC own noises that ensure clandestine activity. The authors of paper [3] claim that this technology has the highest secrecy and immunity to most methods of detection of hardware Trojans, such as visual inspection, conducting functional tests and the detection based on the characteristic "dactylographic" IC features. Although the scheme uses a small amount of logic gates, the computational cost for restoring the read data having a low S / N ratio may be critical taking the technology characteristics variability into account. The authors of paper [3] proposed a generalized design methodology and implementation of MOLES-schemes basing on the mathematical apparatus of the theory of detection for the analysis of differential power which is necessary for the extraction of multi-bit keys. The received results are based on modelling the extraction of only short keys (8-bit), which are very far from the real bit keys used. At the same time the authors point out what issues are needed to be solved for practical reliable restoring multi-bit keys basing on an analysis of crypto-processor power consumption.
Paper [4] displays experiments with two simplified hardware Trojans embedded in encryption schemes based on RSA, an algorithm for the analysis of the effects associated with the side channels. The hardware Trojans used a simple counter disabling the IC after a certain threshold value and a comparator comparing the data on the system bus or a register with a fixed value and made changes in the computational process in case of threshold crossing. It is stated that it is rather difficult to detect such hardware Trojans and they can be used for turning off the electrical circuits, information theft, introducing errors, destroying the integrity and security of the entire system into which the "contaminated" IC has been embedded.
Paper [5] describes an example of a hardware Trojan the effect of which leads to the leakage of information from the kernel DES-encryption. The circuit extracts one bit of a 56-bit key in one phase. Exposing one bit in each 64-bit transmission data block, the Trojan provides the information leakage. After accumulating all 56 blocks of an encrypted text the full key is transmitted over the air compromising the encryption. The extracted key is hidden within the allowable range of the amplitude or frequency specified by a variation of the technological process parameters, which ensures compliance with the designed functional IP specifications.
Paper [6] describes a new type of hardware Trojans based on the IC reliability characteristics. This type of Trojan is easily embedded into the technological process and leads to the faster degradation of CMOS IC. It is possible that modifications will not affect the characteristics of the internal circuits but they affect the increase in variability of process parameters, therefore they are identified in the course of technological tests. Such hardware Trojans may be based on the following degradation physical phenomena: the hot electron effect (HCI effect), electrical breakdown of the gate dielectric, the temperature instability effect at a reverse bias in the p-channel MOS transistor (NBTI effect), and the electromigration effect. According to the classification they can be attributed to a permanent type of DoS (Denial of Service) hardware Trojans which lead to a gradual degradation of performance or to the early failures of separate parts of IC.
MECHANISMS
OF ACTIVATION OF TROJANS
As a rule, a hardware Trojan is dormant after embedding into the system until it is activated (started) to perform its malicious function. Activation mechanisms can be diverse in nature, explicit or hidden, incidental, direct, or predetermined, as a result of which a hardware Trojan can change its state and behaviour. Knowledge of these mechanisms is important because the activation process may carry the information that enables to identify and counteract the hardware Trojan. It is necessary to try to activate the hardware Trojans at the stages of IC verification. This is usually carried out during the conformance and functional testing of ICs or space research of project conditions including the status of inputs, outputs and internal logic. Activation of a hardware Trojan during testing can help to identify its presence in the IC. Various mechanisms of activation and their classification are briefly discussed below.
HARDWARE TROJANS
WITH INTERNAL ACTIVATION
Internal activation is based on some specific conditions at which activation of hardware Trojans in the target device takes place. In most cases it is based on the circuits of the sequential or combinational logic.
ACTIVATION BASED
ON THE COMBINATIONAL LOGIC
The hardware Trojan with activation based on the combinational logic is embedded when the so-called flip-flop state is achieved and when certain values (vectors) are found on certain sites of the internal IC schemes. This type of an activation mechanism can be implemented only by using the combinational logic (combinational flip-flop). In their paper [7] the authors give the example of the so-called "single-cycle cheat code", a specific address on the bus, which activates a hardware Trojan. In practice the combinational activation may require a larger set of definite simultaneous states at certain nodes, such as internal registers combined with a specific word on the data bus and a certain word on the address bus. In Paper [8] there is an example in which certain combination sets at IC inputs are used to activate the hardware Trojan. In particular, it may be a certain input set combining the data, control commands, addresses and self-testing commands.
ACTIVATION BASED
ON THE SEQUENTIAL LOGIC
Hardware Trojan with activation on the basis of the sequential logic is embedded with the help of a specific sequence of events. In comparison with the combinational activation, the activation based on the sequential logic has a much larger state space as a flip-flop mechanism in this case can be implemented using finite state automation. It is stated in paper [9] that since finite state automation provides a logical depth, the sequence of events is usually described with the help of unlikely logical values; as a result, it is much more difficult to detect it during testing and verifying IC.
The simplest sequential flip-flop is a synchronous counter circuit which is activated after a certain number of timing loops. In paper [7], these Trojans are called "delayed-action bombs". In paper [9] asynchronous sequence counters are considered in which at certain events increments, for example, an increase in pulse edge at the exit gate, are carried out. These authors offer the use of a hybrid activation mechanism combining synchronous and asynchronous flip-flops.
Paper [9] also considers the so-called sequential cheat codes. For example, the sequence of bytes 0xd, 0xe, 0xc, 0xa, 0xf, 0xb, 0xa, 0xd during eight different timing loops leads to activation of a hardware Trojan. Besides, it is not necessary for the data bytes to come sequentially; they can be separated in time. Thus, the activation of a hardware Trojan is achieved by much more complex sequence of events.
To develop the complexity of a sequential flip-flop is not difficult for a developer of hardware Trojans. The only problem associated with increasing complexity is the power consumed by the Trojan and the number of logic gates required for its embedding. In this regard internal sequential activation mechanisms that use physical and analogue effects in ICs have been offered. For example, chip temperature or power consumption monitoring may be included in the flip-flop mechanism of the circuit. Furthermore, Paper [9] gives a specific example of a circuit consisting of capacitance charged through a resistor. The charge and voltage on the capacitance are determined by the surrounding logic activity, which in turn may reflect IC activity. A hardware Trojan starts when the capacitance achieves a certain value of the threshold voltage.
The activating flip-flop can be either digital or analogue. The analogue activation is used to increase the secrecy and complexity of its detection. An intruder can use several types of sequential individual flip-flops to activate various IC Trojans.
Activation based on the sequential logic can include both content- and time-related events. Paper [10] studies such flip-flops when activation of a Trojan comes with certain content data at a specific time. For activating a simple flip-flop, it is shown that the testing time, for which you are likely to activate such a Trojan, is 3 ∙ 1035 years, the likelihood of determining the combination of specific numerical codes entered from the keyboard for a certain period of time is considered.
The authors [10] also proposed a "temperature flip-flop". Its operating principle is as follows. The activity of specific IC sections on a crystal modulates the frequency of the ring oscillator performed on the inverters. The ring oscillator frequency determines the heat release which affects the delay in the other similar ring oscillator. When you reach a certain amount of delay, the activation of the hardware Trojan takes place. Similar mechanisms may be constructed for use as a signal to activate the electromagnetic or radio frequency interference, frequency or power consumption of a logic circuit as well as the time characteristics of the power consumption of certain sections of the IC.
HARDWARE TROJANS
WITH EXTERNAL ACTIVATION
External activation involves an interaction of a hardware Trojan with an external environment that is different from the system in which the Trojan is embedded. The advantages of using external flip-flops for the intruder is that activation is initiated by a source located outside the system and therefore not depending on it. [11] The same paper gives the examples of receivers or external signal antenna embedded in the ‘infected’ device.
The paper [8] discusses the sensors built in chip, they can monitor physical parameters, e.g. temperature, voltage, electromagnetic interference, humidity and altitude. The activation mechanisms with similar sensors on the chip are often referred to as side-channel flip-flops similar to the technology of obtaining the information in electronic devices without producing any direct effect on them [12]. Other external mechanisms of activation of hardware Trojans are based on the direct interaction with the targeted device. Activation may also be initialised by the system’s attached component, such as additional memory.
CONSTANTLY ACTIVE
HARDWARE TROJANS
There are hardware Trojans that are always active, and they cannot be activated or deactivated by a special flip-flop mechanism. There are also hardware Trojans that make subtle changes to the system specification, functionality or synchronization without the need of any flip-flop mechanism. Such permanent Trojans can be illustrated by the example of the hardware Trojan generating data leakage through a side channel that reflects the activity of a specific IС.
Constantly active hardware Trojans can have flip-flop mechanisms that are more subtle. Paper [11] discusses a modification topology in which the individual components or parts of ICs have a greater probability of failure, in other words, you can say that the flip-flop mechanism operates continuously and leads to continuous degradation of operating characteristics of the IC. Paper [6] considers modifications in IP as a result of which it breaks down after a certain period of operation lasting from several months to a year.
Examples of such hardware Trojans include intentional changes in the process leading to a deterioration in the reliability of ICs. The difficulty of detecting them is due to the fact that the modifications made do not affect the change in IC parameters that are within acceptable limits typical for a process. Because these Trojans are always active, they have no side activation effects, such as changes in the noise characteristics of IC, a change in the nature of power consumption and temperature.
FLIP-FLOP ACTIVATION MECHANISM DEVELOPMENT FEATURES
It is quite easy for the developer of a hardware Trojan to create a flip-flop activation mechanism which will be difficult to detect because it can use the huge space of system states in which a Trojan is introduced. This space of states includes all the internal components of logic circuits, the IC inputs and outputs, the IC topology modification, variation of manufacturing processes and the effects of analogue electronics in IC. Hybrid mechanisms combining some or all of the known flip-flop principles make the detection of hardware Trojans increasingly difficult. The general opinion of researchers is that the permanent hardware Trojans are much more difficult to detect than the complex designs of flip-flop mechanisms to prevent accidental activation or activation during testing.
CONCLUSION
It becomes easier to introduce and activate hardware Trojans with the increase in the state of states, an increase in parallel computing, complexity of internal wiring and increasing the number of modern IC outputs/inputs. In such circumstances, hardware Trojans can be hidden deep inside the IC design and are very difficult to be detectable. It should be noted that developments designed to prevent the introduction of hardware Trojans at the stage of designing or manufacturing ICs, are still in their infancy. ■
This paper was created with the financial support of the Ministry of Education and Science of the Russian Federation within the framework of the state order 8.527.2016/БЧ.
Paper [1] gives two of the most common approaches to creating malicious processors. The authors show how the electric circuits of hardware Trojans can be embedded in the processor to carry out such attacks as the theft of passwords, access privileges extension and automatic logins to the system. It presents a common platform to support a wide range of attacks with the possibility of their dynamic update. Two modifications are installed into the central processor to implement a mechanism that provides an attacker access to the protected memory area, and the shadow mode allowing an attacker to perform a silent embedded software. The Paper describes the attack on the login which allows the attacker a complete high level access to the processor. The attack is fulfilled with the help of a malicious modification based on the circuit by using only 1341 gates. For the first time the authors show the way of the implementation of hardware Trojan that can be used as a common programmed platform for the attacks. They show embedding of such a modification on the VHDL level (Hardware Description Language) and IC modelling and synthesis for the platform based on the 3 Leon SPARC 40 MHz processor have been conducted. Detection of this hardware Trojan by analysing the perturbations introduced by it into analogue and digital signals has been considered. In particular, it is noted that the operating system determines the software component of the memory access mechanism and it can detect a signal delay associated with the introduction of a modification. Also paper [1] shows common approaches to ensure the protection against these malicious processors.
In order to study how to embed hardware Trojans annual CSAW (Cyber Security Awareness Week) conferences are held at the Polytechnic Institute of New York University. As part of this conference, competitions between the teams for embedding and searching embedded hardware systems (Embedded System Challenge) are organized. In 2008 the task was given to gain access to the FPGA-based ALPHA cryptographic unit by introducing a set of hardware Trojans, while the device must be tested for validity. The participants of the competition received the source HDL-code and were given one month for development. Two teams won, one of which developed a mechanism for leaks of secret keys via the input-output channel but the other team organized of DoS attack. To synthesize all the projects considered in the competition, the hardware Trojans were embedded at the stage of IC development phase in 90% of cases, 50% of them were activated by the user, and 75% of hardware Trojans were embedded in the input-output circuits [2].
Paper [3] analyses the space of design objectives of hardware Trojans and a scheme of fewer than 50 gates is offered generating power output which can serve as a side channel for clandestine leakage of confidential information. The technology called MOLES (Malicious Off-chip Leakage Enabled by Side-channels) has been implemented in the cryptographic 45 nm IC based on the AES algorithm. The use of the spread-spectrum technique in the development of the MOLES hardware Trojan allowed to carry out reading out a multi-bit data on the basis of power consumption analysis with the sensitivity of below the level of IC own noises that ensure clandestine activity. The authors of paper [3] claim that this technology has the highest secrecy and immunity to most methods of detection of hardware Trojans, such as visual inspection, conducting functional tests and the detection based on the characteristic "dactylographic" IC features. Although the scheme uses a small amount of logic gates, the computational cost for restoring the read data having a low S / N ratio may be critical taking the technology characteristics variability into account. The authors of paper [3] proposed a generalized design methodology and implementation of MOLES-schemes basing on the mathematical apparatus of the theory of detection for the analysis of differential power which is necessary for the extraction of multi-bit keys. The received results are based on modelling the extraction of only short keys (8-bit), which are very far from the real bit keys used. At the same time the authors point out what issues are needed to be solved for practical reliable restoring multi-bit keys basing on an analysis of crypto-processor power consumption.
Paper [4] displays experiments with two simplified hardware Trojans embedded in encryption schemes based on RSA, an algorithm for the analysis of the effects associated with the side channels. The hardware Trojans used a simple counter disabling the IC after a certain threshold value and a comparator comparing the data on the system bus or a register with a fixed value and made changes in the computational process in case of threshold crossing. It is stated that it is rather difficult to detect such hardware Trojans and they can be used for turning off the electrical circuits, information theft, introducing errors, destroying the integrity and security of the entire system into which the "contaminated" IC has been embedded.
Paper [5] describes an example of a hardware Trojan the effect of which leads to the leakage of information from the kernel DES-encryption. The circuit extracts one bit of a 56-bit key in one phase. Exposing one bit in each 64-bit transmission data block, the Trojan provides the information leakage. After accumulating all 56 blocks of an encrypted text the full key is transmitted over the air compromising the encryption. The extracted key is hidden within the allowable range of the amplitude or frequency specified by a variation of the technological process parameters, which ensures compliance with the designed functional IP specifications.
Paper [6] describes a new type of hardware Trojans based on the IC reliability characteristics. This type of Trojan is easily embedded into the technological process and leads to the faster degradation of CMOS IC. It is possible that modifications will not affect the characteristics of the internal circuits but they affect the increase in variability of process parameters, therefore they are identified in the course of technological tests. Such hardware Trojans may be based on the following degradation physical phenomena: the hot electron effect (HCI effect), electrical breakdown of the gate dielectric, the temperature instability effect at a reverse bias in the p-channel MOS transistor (NBTI effect), and the electromigration effect. According to the classification they can be attributed to a permanent type of DoS (Denial of Service) hardware Trojans which lead to a gradual degradation of performance or to the early failures of separate parts of IC.
MECHANISMS
OF ACTIVATION OF TROJANS
As a rule, a hardware Trojan is dormant after embedding into the system until it is activated (started) to perform its malicious function. Activation mechanisms can be diverse in nature, explicit or hidden, incidental, direct, or predetermined, as a result of which a hardware Trojan can change its state and behaviour. Knowledge of these mechanisms is important because the activation process may carry the information that enables to identify and counteract the hardware Trojan. It is necessary to try to activate the hardware Trojans at the stages of IC verification. This is usually carried out during the conformance and functional testing of ICs or space research of project conditions including the status of inputs, outputs and internal logic. Activation of a hardware Trojan during testing can help to identify its presence in the IC. Various mechanisms of activation and their classification are briefly discussed below.
HARDWARE TROJANS
WITH INTERNAL ACTIVATION
Internal activation is based on some specific conditions at which activation of hardware Trojans in the target device takes place. In most cases it is based on the circuits of the sequential or combinational logic.
ACTIVATION BASED
ON THE COMBINATIONAL LOGIC
The hardware Trojan with activation based on the combinational logic is embedded when the so-called flip-flop state is achieved and when certain values (vectors) are found on certain sites of the internal IC schemes. This type of an activation mechanism can be implemented only by using the combinational logic (combinational flip-flop). In their paper [7] the authors give the example of the so-called "single-cycle cheat code", a specific address on the bus, which activates a hardware Trojan. In practice the combinational activation may require a larger set of definite simultaneous states at certain nodes, such as internal registers combined with a specific word on the data bus and a certain word on the address bus. In Paper [8] there is an example in which certain combination sets at IC inputs are used to activate the hardware Trojan. In particular, it may be a certain input set combining the data, control commands, addresses and self-testing commands.
ACTIVATION BASED
ON THE SEQUENTIAL LOGIC
Hardware Trojan with activation on the basis of the sequential logic is embedded with the help of a specific sequence of events. In comparison with the combinational activation, the activation based on the sequential logic has a much larger state space as a flip-flop mechanism in this case can be implemented using finite state automation. It is stated in paper [9] that since finite state automation provides a logical depth, the sequence of events is usually described with the help of unlikely logical values; as a result, it is much more difficult to detect it during testing and verifying IC.
The simplest sequential flip-flop is a synchronous counter circuit which is activated after a certain number of timing loops. In paper [7], these Trojans are called "delayed-action bombs". In paper [9] asynchronous sequence counters are considered in which at certain events increments, for example, an increase in pulse edge at the exit gate, are carried out. These authors offer the use of a hybrid activation mechanism combining synchronous and asynchronous flip-flops.
Paper [9] also considers the so-called sequential cheat codes. For example, the sequence of bytes 0xd, 0xe, 0xc, 0xa, 0xf, 0xb, 0xa, 0xd during eight different timing loops leads to activation of a hardware Trojan. Besides, it is not necessary for the data bytes to come sequentially; they can be separated in time. Thus, the activation of a hardware Trojan is achieved by much more complex sequence of events.
To develop the complexity of a sequential flip-flop is not difficult for a developer of hardware Trojans. The only problem associated with increasing complexity is the power consumed by the Trojan and the number of logic gates required for its embedding. In this regard internal sequential activation mechanisms that use physical and analogue effects in ICs have been offered. For example, chip temperature or power consumption monitoring may be included in the flip-flop mechanism of the circuit. Furthermore, Paper [9] gives a specific example of a circuit consisting of capacitance charged through a resistor. The charge and voltage on the capacitance are determined by the surrounding logic activity, which in turn may reflect IC activity. A hardware Trojan starts when the capacitance achieves a certain value of the threshold voltage.
The activating flip-flop can be either digital or analogue. The analogue activation is used to increase the secrecy and complexity of its detection. An intruder can use several types of sequential individual flip-flops to activate various IC Trojans.
Activation based on the sequential logic can include both content- and time-related events. Paper [10] studies such flip-flops when activation of a Trojan comes with certain content data at a specific time. For activating a simple flip-flop, it is shown that the testing time, for which you are likely to activate such a Trojan, is 3 ∙ 1035 years, the likelihood of determining the combination of specific numerical codes entered from the keyboard for a certain period of time is considered.
The authors [10] also proposed a "temperature flip-flop". Its operating principle is as follows. The activity of specific IC sections on a crystal modulates the frequency of the ring oscillator performed on the inverters. The ring oscillator frequency determines the heat release which affects the delay in the other similar ring oscillator. When you reach a certain amount of delay, the activation of the hardware Trojan takes place. Similar mechanisms may be constructed for use as a signal to activate the electromagnetic or radio frequency interference, frequency or power consumption of a logic circuit as well as the time characteristics of the power consumption of certain sections of the IC.
HARDWARE TROJANS
WITH EXTERNAL ACTIVATION
External activation involves an interaction of a hardware Trojan with an external environment that is different from the system in which the Trojan is embedded. The advantages of using external flip-flops for the intruder is that activation is initiated by a source located outside the system and therefore not depending on it. [11] The same paper gives the examples of receivers or external signal antenna embedded in the ‘infected’ device.
The paper [8] discusses the sensors built in chip, they can monitor physical parameters, e.g. temperature, voltage, electromagnetic interference, humidity and altitude. The activation mechanisms with similar sensors on the chip are often referred to as side-channel flip-flops similar to the technology of obtaining the information in electronic devices without producing any direct effect on them [12]. Other external mechanisms of activation of hardware Trojans are based on the direct interaction with the targeted device. Activation may also be initialised by the system’s attached component, such as additional memory.
CONSTANTLY ACTIVE
HARDWARE TROJANS
There are hardware Trojans that are always active, and they cannot be activated or deactivated by a special flip-flop mechanism. There are also hardware Trojans that make subtle changes to the system specification, functionality or synchronization without the need of any flip-flop mechanism. Such permanent Trojans can be illustrated by the example of the hardware Trojan generating data leakage through a side channel that reflects the activity of a specific IС.
Constantly active hardware Trojans can have flip-flop mechanisms that are more subtle. Paper [11] discusses a modification topology in which the individual components or parts of ICs have a greater probability of failure, in other words, you can say that the flip-flop mechanism operates continuously and leads to continuous degradation of operating characteristics of the IC. Paper [6] considers modifications in IP as a result of which it breaks down after a certain period of operation lasting from several months to a year.
Examples of such hardware Trojans include intentional changes in the process leading to a deterioration in the reliability of ICs. The difficulty of detecting them is due to the fact that the modifications made do not affect the change in IC parameters that are within acceptable limits typical for a process. Because these Trojans are always active, they have no side activation effects, such as changes in the noise characteristics of IC, a change in the nature of power consumption and temperature.
FLIP-FLOP ACTIVATION MECHANISM DEVELOPMENT FEATURES
It is quite easy for the developer of a hardware Trojan to create a flip-flop activation mechanism which will be difficult to detect because it can use the huge space of system states in which a Trojan is introduced. This space of states includes all the internal components of logic circuits, the IC inputs and outputs, the IC topology modification, variation of manufacturing processes and the effects of analogue electronics in IC. Hybrid mechanisms combining some or all of the known flip-flop principles make the detection of hardware Trojans increasingly difficult. The general opinion of researchers is that the permanent hardware Trojans are much more difficult to detect than the complex designs of flip-flop mechanisms to prevent accidental activation or activation during testing.
CONCLUSION
It becomes easier to introduce and activate hardware Trojans with the increase in the state of states, an increase in parallel computing, complexity of internal wiring and increasing the number of modern IC outputs/inputs. In such circumstances, hardware Trojans can be hidden deep inside the IC design and are very difficult to be detectable. It should be noted that developments designed to prevent the introduction of hardware Trojans at the stage of designing or manufacturing ICs, are still in their infancy. ■
This paper was created with the financial support of the Ministry of Education and Science of the Russian Federation within the framework of the state order 8.527.2016/БЧ.
Readers feedback
