旁路信号主成分分析的欧式距离硬件木马检测

针对集成电路中的硬件木马问题,利用旁路信号分析技术,设计了一种基于集成电路芯片的硬件木马检测模型。在对提取出的旁路信号进行主成分分析降维基础上,运用欧式距离分类法进行硬件木马的分类识别和检测。最后运用功耗分析的方法进行了算法有效性验证。     

基于电磁辐射信号分析的芯片硬件木马检测

集成电路芯片在制造过程中可能被嵌入恶意硬件电路,形成硬件木马.提出一种新的利用芯片电磁旁路泄漏信息的硬件木马无损检测方法.对芯片表面进行区域划分,通过随机选优算法生成硬件木马测试向量集;利用基于负熵指标的投影寻踪技术将芯片高维旁路信号投影到低维子空间,在信息损失尽量小的前提下发现原始数据中的分布特征,从而实现芯片旁路信号特征提取与识别.针对示例性高级加密标准(AES-128)木马电路的检测实验表明,该技术可以有效分辨基准芯片与硬件木马测试芯片之间的电磁信号特征差异,实现硬件木马检测.     

基于投影寻踪分析的芯片硬件木马检测

提出一种利用芯片旁路泄漏信息的硬件木马无损检测方法,通过基于绝对信息散度指标的投影寻踪技术,将芯片运行过程中产生的高维旁路信号投影变换到低维子空间,在信息损失尽量小的前提下发现原始数据中的分布特征,从而实现芯片旁路信号特征提取与识别。针对示例性高级加密标准(AES-128)木马电路的检测实验表明,该技术可以有效分辨基准芯片与硬件木马测试芯片之间的旁路信号特征差异,实现硬件木马检测。     

硬件木马综述

集成电路在设计或制造过程中会受到硬件木马的攻击,使芯片与硬件的安全性受到威胁。硬件木马技术逐渐受到重视,已成为当今一个新的研究热点。文章介绍了硬件木马的概念,对三种主要的硬件木马分类方法进行了分析;着重探讨了硬件木马的检测方法。对检测方法存在的问题与面临的挑战进行了分析,指出基于旁路信号分析的硬件木马检测方法是当前最主要的一种检测方法。     

一种基于压缩边界Fisher分析的硬件木马检测方法

针对物理环境下旁路分析技术对电路中规模较小的硬件木马检出率低的问题,该文引入边界Fisher分析(MFA)方法,并提出一种基于压缩边界Fisher分析(CMFA)的硬件木马检测方法。通过减小样本的同类近邻样本与该样本以及类中心之间距离和增大类中心的同类近邻样本与异类样本之间距离的方式,构建投影空间,发现原始功耗旁路信号中的差异特征,实现硬件木马检测。AES加密电路中的硬件木马检测实验表明,该方法具有比已有检测方法更高的检测精度,能够检测出占原始电路规模0.04%的硬件木马。     

芯片级木马检测技术研究综述

集成电路在各个领域都具有极其重要的作用,但是在当今集成电路设计、制造、测试、封装各种环节相分离的产业模式下,用户所使用的芯片可能会被别有用心者植入硬件特洛伊木马电路,这给信息安全领域带来了严重威胁,芯片级硬件木马的检测技术已经成为了芯片安全研究领域的新热点。首先介绍了硬件木马的概念、危害以及分类方式;然后对硬件木马检测技术国内外有影响的研究成果进行了详细的总结和评述,着重阐述了目前比较有效的旁路分析方法,指出基于功耗指纹分析的硬件木马检测技术是当前最有前途的一种检测方法;最后简要总结了硬件木马的主动防御机制。     

用于检测硬件木马延时的线性判别分析算法

针对芯片生产链长、安全性差、可靠性低,导致硬件木马防不胜防的问题,该文提出一种针对旁路信号分析的木马检测方法。首先采集不同电压下电路的延时信号,通过线性判别分析(LDA)分类算法找出延时差异,若延时与干净电路相同,则判定为干净电路,否则判定有木马。然后联合多项式回归算法对木马延时特征进行拟合,基于回归函数建立木马特征库,最终实现硬件木马的准确识别。实验结果表明,提出的LDA联合线性回归(LR)算法可以根据延时特征识别木马电路,其木马检测率优于其他木马检测方法。更有利的是,随着电路规模的增大意味着数据量的增加,这更便于进行数据分析与特征提取,降低了木马检测难度。通过该方法的研究,对未来工艺极限下识别木马电路、提高芯片安全性与可靠性具有重要的指导作用。     

一种基于核最大间距准则的硬件木马检测新方法

在功耗旁路信号统计模型的基础上,提出了一种基于核最大间距准则的硬件木马检测方法及改进的检测方法.将原始功耗旁路信号映射到高维空间,使其具有更高的可分性,然后再投影到低维子空间,从而发现原始数据中的非线性差异特征,实现功耗旁路信号的非线性特征提取与识别.针对AES加密电路中木马电路的检测实验表明,该方法测得超出检测边界的样本数(792)多于Karhunen-Loève变换(400),取得更好的检测效果.     

一种面向粗粒度可重构阵列的硬件木马检测算法的设计与实现

硬件木马检测已成为当前芯片安全领域的研究热点,现有检测算法大多面向ASIC电路和FPGA电路,且依赖于未感染硬件木马的黄金芯片,难以适应于由大规模可重构单元组成的粗粒度可重构阵列电路。因此,该文针对粗粒度可重构密码阵列的结构特点,提出基于分区和多变体逻辑指纹的硬件木马检测算法。该算法将电路划分为多个区域,采用逻辑指纹特征作为区域的标识符,通过在时空两个维度上比较分区的多变体逻辑指纹,实现了无黄金芯片的硬件木马检测和诊断。实验结果表明,所提检测算法对硬件木马检测有较高的检测成功率和较低的误判率。     

硬件木马检测与防护

第三方技术服务的普及使得在集成电路（IC）设计制造过程中,芯片可能被恶意植入“硬件木马”,给芯片的安全性带来了极大挑战,由此,如何检测“安全芯片”中是否存在硬件木马,确保芯片的安全性开始受到人们的广泛关注。在简要介绍硬件木马概念及其危害的基础上,分析硬件木马的特点和结构,介绍了当前现有的几种硬件木马检测技术,给出了硬件木马检测技术的科学分类,重点分析了这些检测方法所面临的问题和挑战并提出了相应的改进措施,总结了未来硬件木马防测技术的发展趋势。     

硬件木马检测与防护

第三方技术服务的普及使得在集成电路（IC）设计制造过程中,芯片可能被恶意植入“硬件木马”,给芯片的安全性带来了极大挑战,由此,如何检测“安全芯片”中是否存在硬件木马,确保芯片的安全性开始受到人们的广泛关注.在简要介绍硬件木马概念及其危害的基础上,分析硬件木马的特点和结构,介绍了当前现有的几种硬件木马检测技术,给出了硬件木马检测技术的科学分类,重点分析了这些检测方法所面临的问题和挑战并提出了相应的改进措施,总结了未来硬件木马防测技术的发展趋势.     

基于电路模块自相似性的硬件木马检测方法

由于硬件木马种类的多样性和SoC电路制造过程中不可预测的工艺变化,硬件木马检测变得极具挑战性。现有的旁路信号分析法存在两个缺点,一是需要黄金模型作为参考,二是工艺波动会掩盖部分硬件木马的活动效果。针对上述不足,提出一种利用电路模块结构自相似性的无黄金模型检测方法。通过对32位超前进位加法器的软件仿真实验和对128位AES加密电路的硬件仿真实验,验证了该方法的有效性。实验结果表明,在45 nm工艺尺寸下,对于面积占比较小的硬件木马,该方法的检测成功率可以达到90.0%以上。     

基于温度特征分析的硬件木马检测方法

硬件木马是一种在特定条件下使集成电路失效或泄露机密信息等的恶意电路,给现代信息系统带来了严重的安全隐患。该文基于硬件木马在芯片工作之初造成的温度响应特征,提出一种利用芯片温度变化特性并进行比对的硬件木马检测方法。该方法采用环形振荡器作为片内温度特征测量传感器,提取温度变化特征信息,并采用曲线拟合评价指标来评估硬件木马对温度变化特征的影响,通过比对无木马芯片温度响应特征从而完成木马检测。通过对10个不同芯片的检测,结果表明该方法能够对面积消耗32个逻辑单元硬件木马的检测率达到100%,对16个逻辑单元检测概率也能达到90%;同时检测结果表明该方法完成硬件木马检测后,能够对硬件木马的植入位置进行粗定位。     

Golden-Free Processor Hardware Trojan Detection Using Bit Power Consistency Analysis

Processor is the core chip of modern information system, which is severely threatened by hardware Trojan. Side-channel analysis is the most promising method for hardware Trojan detection. However, most existing detection methods require golden chips as reference, which significantly increases the test cost and complexity. In this paper, we propose a golden-free detection method that exploits the bit power consistency of processor. For the data activated processor hardware Trojan, the power model of processor is modified. Two decomposition methods of power signal are proposed: the differential bit power consistency analysis and the contradictory equations solution. With the proposed method, each bit power can be calculated. The bit consistency based detection algorithms are proposed, the deviation boundaries are obtained by statistical analysis. Experimental measurements were done on field programmable gate array chip with open source 8051 core and hardware Trojans. The results showed that the differences between the two methods were very small. The data activated processor hardware Trojans were detected successfully.     

Golden-Free Hardware Trojan Detection with High Sensitivity Under Process Noise

Malicious modification of integrated circuits in untrusted design house or foundry has emerged as a major security threat. Such modifications, popularly referred to as Hardware Trojans, are difficult to detect during manufacturing test. Sequential hardware Trojans, usually triggered by a sequence of rare events, represent a common and deadly form of Trojans that can be extremely hard to detect using logic testing approaches. Side-channel analysis has emerged as an effective approach for detection of hardware Trojans. However, existing side-channel approaches suffer from increasing process variations, which largely reduce the detection sensitivity and sets a lower limit of the sizes of Trojans detectable. In this paper, we present TeSR, a Temporal Self-Referencing approach that compares the current signature of a chip at two different time windows to isolate the Trojan effect. Since it uses a chip as a reference to itself, the method completely eliminates the effect of process noise and other design marginalities (e.g. capacitive coupling), thus providing high detection sensitivity for Trojans of varying size. Furthermore, unlike most of the existing approaches, TeSR does not require a golden reference chip instance, which may impose a major limitation. Associated test generation, test application, and signature comparison approaches aimed at maximizing Trojan detection sensitivity are also presented. Simulation results for three complex sequential designs and three representative sequential Trojan circuits demonstrate the effectiveness of the approach under large inter- and intra-die process variations. The approach is also validated with current measurement results from several Xilinx Virtex-II FPGA chips.     

Effective usage of redundancy to aid neutralization of hardware Trojans in Integrated Circuits

Hardware Trojans are malicious alterations in Integrated Circuits (ICs) that leak confidential information or disable the entire IC. The detection of these Trojans is performed through logic or side channel based testing. Under sub-nm technologies the detection of Hardware Trojans will face more problems due to process variations. Hence, there is a need to devise countermeasures which do not depend completely on detection. In order to achieve such a countermeasure, we propose to neutralize the effect of Hardware Trojans through redundancy. In this work, we present a Triple Modular Redundancy (TMR) based methodology to neutralize Hardware Trojans. In order to address the inevitable overhead on area, TMR will be implemented only on select paths of the circuit. Using a probabilistic model of a given digital circuit, we have measured the effect of Trojan on different paths of the circuit and found that equally probable output paths are vulnerable to Trojan placement. Therefore for security we propose that TMR should be implemented on the paths that lead to equally probable primary outputs. We have also shown that the detection of Trojans placed on predictable paths can be achieved through logic based testing methods. In order for the adversary to beat the proposed redundancy model, the size of the Trojan has to be larger. We have shown that such implementation can be detected using side channel based testing.     

基于XGBoost的混合模式门级硬件木马检测方法

针对恶意的第三方厂商在电路设计阶段中植入硬件木马的问题,该文提出一种基于XGBoost的混合模式门级硬件木马检测方法。该检测方法将电路的每个线网类型作为节点,采用混合模式3层级的检测方式。首先,基于提取的电路静态特征,利用XGBoost算法实现第1层级的检测。继而,通过分析扫描链的结构特征,对第1层级分离得到的正常电路继续进行第2层级的面向扫描链中存在木马电路的静态检测。最后,在第3层级采用动态检测方法进一步提升检测的准确性。Trust-Hub基准测试集的实测结果表明,该方法与现有的其他检测方法相比具有较优的木马检测率,可达到94.0%的平均真阳率(TPR)和99.3%的平均真阴率(TNR)。     

基于多维结构特征的硬件木马检测技术

硬件木马是第三方知识产权(IP)核的主要安全威胁,现有的安全性分析方法提取的特征过于单一,导致特征分布不够均衡,极易出现较高的误识别率。该文提出了基于有向图的门级网表抽象化建模算法,建立了门级网表的有向图模型,简化了电路分析流程;分析了硬件木马共性特征,基于有向图建立了涵盖扇入单元数、扇入触发器数、扇出触发器数、输入拓扑深度、输出拓扑深度、多路选择器和反相器数量等多维度硬件木马结构特征;提出了基于最近邻不平衡数据分类(SMOTEENN)算法的硬件木马特征扩展算法,有效解决了样本特征集较少的问题,利用支持向量机建立硬件木马检测模型并识别出硬件木马的特征。该文基于Trust_Hub硬件木马库开展方法验证实验,准确率高达97.02%,与现有文献相比真正类率(TPR)提高了13.80%,真负类率(TNR)和分类准确率(ACC)分别提高了0.92%和2.48%,在保证低假阳性率的基础上有效识别硬件木马。