基于温度传感器的硬件木马检测方法

针对硬件木马检测的旁路信号分析法中需要黄金模型、受工艺扰动影响大的问题,提出了一种基于温度传感器的硬件木马检测方法。采用抗工艺扰动设计使温度传感器受工艺扰动的影响程度低。将温度传感器植入芯片内部相似结构(存储单元、功能相同的模块等),读取温度传感器的频率信息,通过简单异常值分析法与差值分析法比对相似结构的频率差异,实现了硬件木马的检测。该方法既有效克服了工艺扰动的影响,又不需要黄金模型。温度传感器输出频率在最极端工艺角下的工艺扰动仅为9%。在SMIC 180 nm CMOS工艺下对高级加密标准(AES)电路的木马检测进行了验证,结果验证了该方法的有效性。     

工艺偏差下基于功耗与延时的硬件木马检测有效性分析

首先简述了硬件木马以及现有的硬件木马检测方法,之后考虑了工艺偏差对硬件木马检测的影响;工艺偏差的存在对电路功耗和延时等都会造成一定的影响,从而在一定程度上掩盖了硬件木马电路引起的功耗和延时特征变化.实验中针对AES加密核心S-box电路设计植入了一种基于组合电路的功能型硬件木马电路,并在40 nm工艺下利用HSPICE模拟不同大小硬件木马电路下S-box电路功耗轨迹和延时数据,在不同工艺模式下分析基于功耗与延时检测木马的有效性.结果显示,基于延时的硬件木马检测方法在木马规模较小时更能有效实现硬件木马检测.当木马规模增大时,基于功耗的检测方法的优势更明显,其抗工艺偏差干扰的能力会更强.     

一种面向粗粒度可重构阵列的硬件木马检测算法的设计与实现

硬件木马检测已成为当前芯片安全领域的研究热点,现有检测算法大多面向ASIC电路和FPGA电路,且依赖于未感染硬件木马的黄金芯片,难以适应于由大规模可重构单元组成的粗粒度可重构阵列电路。因此,该文针对粗粒度可重构密码阵列的结构特点,提出基于分区和多变体逻辑指纹的硬件木马检测算法。该算法将电路划分为多个区域,采用逻辑指纹特征作为区域的标识符,通过在时空两个维度上比较分区的多变体逻辑指纹,实现了无黄金芯片的硬件木马检测和诊断。实验结果表明,所提检测算法对硬件木马检测有较高的检测成功率和较低的误判率。     

基于特征提取和SVM的硬件木马检测方法

针对现有基于机器学习的硬件木马检测方法检测率不高的问题,提出了一种基于特征提取和支持向量机(SVM)的硬件木马检测方法。首先在门级网表的节点中提取6个与硬件木马强相关的特征,并将其作为6维特征向量。然后将这些特征向量分为训练集和测试集。最后使用SVM检测木马。将该方法应用于15个Trust-Hub基准电路,实验结果表明,该方法可实现高达93%的平均硬件木马检测率,部分基准电路的硬件木马检测率达到100%。     

一种基于压缩边界Fisher分析的硬件木马检测方法

针对物理环境下旁路分析技术对电路中规模较小的硬件木马检出率低的问题,该文引入边界Fisher分析(MFA)方法,并提出一种基于压缩边界Fisher分析(CMFA)的硬件木马检测方法。通过减小样本的同类近邻样本与该样本以及类中心之间距离和增大类中心的同类近邻样本与异类样本之间距离的方式,构建投影空间,发现原始功耗旁路信号中的差异特征,实现硬件木马检测。AES加密电路中的硬件木马检测实验表明,该方法具有比已有检测方法更高的检测精度,能够检测出占原始电路规模0.04%的硬件木马。     

融入环形振荡器木马特征的无监督硬件木马检测

机器学习用于集成电路硬件木马的检测可以有效提高检测率。无监督学习方法在特征选择上还存在不足,目前研究工作主要集中于有监督学习方法。文章引入环形振荡器木马的新特征,研究基于无监督机器学习的硬件木马检测方法。首先针对待测电路网表,提取每个节点的5维特征值,然后利用局部离群因子(LOF)算法计算各节点的LOF值,筛选出硬件木马节点。对Trust-HUB基准电路的仿真实验结果表明,该方法用于网表级电路硬件木马的检测,与现有基于无监督学习的检测方法相比,TPR(真阳性率)、P(精度)和F(度量)分别提升了16.19%、10.79%和15.56%。针对Trust-HUB基准电路的硬件木马检测的平均TPR、TNR和A,分别达到了58.61%、97.09%和95.60%。     

用于检测硬件木马延时的线性判别分析算法

针对芯片生产链长、安全性差、可靠性低,导致硬件木马防不胜防的问题,该文提出一种针对旁路信号分析的木马检测方法。首先采集不同电压下电路的延时信号,通过线性判别分析(LDA)分类算法找出延时差异,若延时与干净电路相同,则判定为干净电路,否则判定有木马。然后联合多项式回归算法对木马延时特征进行拟合,基于回归函数建立木马特征库,最终实现硬件木马的准确识别。实验结果表明,提出的LDA联合线性回归(LR)算法可以根据延时特征识别木马电路,其木马检测率优于其他木马检测方法。更有利的是,随着电路规模的增大意味着数据量的增加,这更便于进行数据分析与特征提取,降低了木马检测难度。通过该方法的研究,对未来工艺极限下识别木马电路、提高芯片安全性与可靠性具有重要的指导作用。     

基于区域分割技术的硬件木马检测方法

提出了一种基于区域分割技术的硬件木马检测方法,通过电路设计和检测相结合的方式,在电路内植入能生成多种测试向量的自测试模块,且不同测试向量可使目标区域电路内部节点在工作时具有高、低翻转率的差异,采用区域独立供电网络设计及门控时钟控制区域分时工作等方法,提高由硬件木马产生的侧信道数据在整体电路侧信道数据中所占的比重,使含有硬件木马电路的侧信道数据与正常数据差异明显,从而更易于鉴别隐藏于电路中的硬件木马.仿真测试结果表明,本方法最高可检测出占总体电路规模0.3％的时序逻辑型硬件木马,与传统的硬件木马检测方式相比,明显提高了硬件木马检测的分辨率.     

用于预防硬件木马植入的协同自测功耗检测方法

针对现有内建自认证方法中核心占用率较高时存在冗余门的问题,提出了一种用于预防硬件木马植入的协同自测功耗检测方法。首先选择功能标准单元填满未使用的区域,接着采用路径规划算法对自测电路的标准单元进行分配优化,构建无冗余门的自测电路,然后将剩余的标准单元构成功耗检测电路。最后,对自测电路的输出签名和功耗检测电路的功耗进行检测,判断是否存在硬件木马。实验结果表明,与现有的内建自认证方法相比,该方法应用于具有较高核心占用率的电路后,不仅没有产生冗余门电路,还能有效检测并预防硬件木马的植入。     

基于温度特征分析的硬件木马检测方法

硬件木马是一种在特定条件下使集成电路失效或泄露机密信息等的恶意电路,给现代信息系统带来了严重的安全隐患。该文基于硬件木马在芯片工作之初造成的温度响应特征,提出一种利用芯片温度变化特性并进行比对的硬件木马检测方法。该方法采用环形振荡器作为片内温度特征测量传感器,提取温度变化特征信息,并采用曲线拟合评价指标来评估硬件木马对温度变化特征的影响,通过比对无木马芯片温度响应特征从而完成木马检测。通过对10个不同芯片的检测,结果表明该方法能够对面积消耗32个逻辑单元硬件木马的检测率达到100%,对16个逻辑单元检测概率也能达到90%;同时检测结果表明该方法完成硬件木马检测后,能够对硬件木马的植入位置进行粗定位。     

Golden-Free Hardware Trojan Detection with High Sensitivity Under Process Noise

Malicious modification of integrated circuits in untrusted design house or foundry has emerged as a major security threat. Such modifications, popularly referred to as Hardware Trojans, are difficult to detect during manufacturing test. Sequential hardware Trojans, usually triggered by a sequence of rare events, represent a common and deadly form of Trojans that can be extremely hard to detect using logic testing approaches. Side-channel analysis has emerged as an effective approach for detection of hardware Trojans. However, existing side-channel approaches suffer from increasing process variations, which largely reduce the detection sensitivity and sets a lower limit of the sizes of Trojans detectable. In this paper, we present TeSR, a Temporal Self-Referencing approach that compares the current signature of a chip at two different time windows to isolate the Trojan effect. Since it uses a chip as a reference to itself, the method completely eliminates the effect of process noise and other design marginalities (e.g. capacitive coupling), thus providing high detection sensitivity for Trojans of varying size. Furthermore, unlike most of the existing approaches, TeSR does not require a golden reference chip instance, which may impose a major limitation. Associated test generation, test application, and signature comparison approaches aimed at maximizing Trojan detection sensitivity are also presented. Simulation results for three complex sequential designs and three representative sequential Trojan circuits demonstrate the effectiveness of the approach under large inter- and intra-die process variations. The approach is also validated with current measurement results from several Xilinx Virtex-II FPGA chips.     

Security Against Hardware Trojan Attacks Using Key-Based Design Obfuscation

Malicious modification of hardware in untrusted fabrication facilities, referred to as hardware Trojan, has emerged as a major security concern. Comprehensive detection of these Trojans during post-manufacturing test has been shown to be extremely difficult. Hence, it is important to develop design techniques that provide effective countermeasures against hardware Trojans by either preventing Trojan attacks or facilitating detection during test. Obfuscation is a technique that is conventionally employed to prevent piracy of software and hardware intellectual property (IP). In this work, we propose a novel application of key-based circuit structure and functionality obfuscation to achieve protection against hardware Trojans triggered by rare internal circuit conditions. The proposed obfuscation scheme is based on judicious modification of the state transition function, which creates two distinct functional modes: normal and obfuscated. A circuit transitions from the obfuscated to the normal mode only upon application of a specific input sequence, which defines the key. We show that it provides security against Trojan attacks in two ways: (1) it makes some inserted Trojans benign, i.e. they become effective only in the obfuscated mode; and (2) it prevents an adversary from exploiting the true rare events in a circuit to insert hard-to-detect Trojans. The proposed design methodology can thus achieve simultaneous protection from hardware Trojans and hardware IP piracy. Besides protecting ICs against Trojan attacks in foundry, we show that it can also protect against malicious modifications by untrusted computer-aided design (CAD) tools in both SoC and FPGA design flows. Simulation results for a set of benchmark circuits show that the scheme is capable of achieving high levels of security against Trojan attacks at modest area, power and delay overhead.     

SVM算法在硬件木马旁路分析检测中的应用

集成电路(ICs)面临着硬件木马(HTs)造成的严峻威胁。传统的旁路检测手段中黄金模型不易获得,且隐秘的木马可以利用固硬件联合操作将恶意行为隐藏在常规的芯片运行中,更难以检测。针对这种情况,该文提出利用机器学习支持向量机(SVM)算法从系统操作层次对旁路分析检测方法进行改进。使用现场可编程门阵列(FPGA)验证的实验结果表明,存在黄金模型时,有监督SVM可得到86.8%的训练及测试综合的平均检测准确率,进一步采用分组和归一化去离群点方法可将检测率提升4%。若黄金模型无法获得,则可使用半监督SVM方法进行检测,平均检测率为52.9%～79.5%。与现有同类方法相比,验证了SVM算法在指令级木马检测中的有效性,明确了分类学习条件与检测性能的关系。     

基于探索式分区和测试向量生成的硬件木马检测方法

本文提出基于分区和最优测试向量生成的硬件木马检测方法.首先,采用基于扫描细胞分布的分区算法将电路划分为多个区域.然后,提出测试向量重组算法,对各区域依据其自身结构生成近似最优的测试向量.最后,进行分区激活和功耗分析以检测木马,并采用信号校正技术消减制造变异和噪声的影响.优点是成倍提高了检测精度,克服了制造变异的影响,解决了面对大电路的扩展性问题,并可以定位木马.在基准电路上的验证实验表明检测性能有较大的提升.     

基于XGBoost的混合模式门级硬件木马检测方法

针对恶意的第三方厂商在电路设计阶段中植入硬件木马的问题,该文提出一种基于XGBoost的混合模式门级硬件木马检测方法。该检测方法将电路的每个线网类型作为节点,采用混合模式3层级的检测方式。首先,基于提取的电路静态特征,利用XGBoost算法实现第1层级的检测。继而,通过分析扫描链的结构特征,对第1层级分离得到的正常电路继续进行第2层级的面向扫描链中存在木马电路的静态检测。最后,在第3层级采用动态检测方法进一步提升检测的准确性。Trust-Hub基准测试集的实测结果表明,该方法与现有的其他检测方法相比具有较优的木马检测率,可达到94.0%的平均真阳率(TPR)和99.3%的平均真阴率(TNR)。     

Effective usage of redundancy to aid neutralization of hardware Trojans in Integrated Circuits

Hardware Trojans are malicious alterations in Integrated Circuits (ICs) that leak confidential information or disable the entire IC. The detection of these Trojans is performed through logic or side channel based testing. Under sub-nm technologies the detection of Hardware Trojans will face more problems due to process variations. Hence, there is a need to devise countermeasures which do not depend completely on detection. In order to achieve such a countermeasure, we propose to neutralize the effect of Hardware Trojans through redundancy. In this work, we present a Triple Modular Redundancy (TMR) based methodology to neutralize Hardware Trojans. In order to address the inevitable overhead on area, TMR will be implemented only on select paths of the circuit. Using a probabilistic model of a given digital circuit, we have measured the effect of Trojan on different paths of the circuit and found that equally probable output paths are vulnerable to Trojan placement. Therefore for security we propose that TMR should be implemented on the paths that lead to equally probable primary outputs. We have also shown that the detection of Trojans placed on predictable paths can be achieved through logic based testing methods. In order for the adversary to beat the proposed redundancy model, the size of the Trojan has to be larger. We have shown that such implementation can be detected using side channel based testing.