SlideShare a Scribd company logo

Hardware Trojans

Rahul Krishnamurthy
Rahul Krishnamurthy

This is a seminar on hardware trojan that i have given during my M.tech. It follows the latest classification of hardware trojans used in research community. 3 latest hardware trojan detection technique and 2 insertion techniques are presented in slides.

TechnologyBusiness
1 of 40
Classification and Detection of Hardware Trojans Rahul Krishnamurthy(2011VLSI06) ABV-Indian Institute of Information Technology and Management Gwalior, Morena Link Road, Gwalior, Madhya Pradesh, INDIA - 474010. December 17, 2012
Contents Contents 1. Introduction 2. Classification of Hardware Trojans 3. Detection Techniques for Hardware Trojans Detection Using Power Analysis Detection by Delay Fingerprint technique Detection using Ring Oscillator Frequency Mechanism 4. Insertion of Hardware Trojans Insertion Technique Bypassing Delay Fingerprint Technique Insertion Technique Bypassing Ring Oscillator Frequency Mechanism 5. Conclusion
Introduction Introduction A Hardware Trojan is a malicious and deliberately stealthy modification made to an electronic device such as an IC. It can change the chips functionality and thereby undermine trust in the systems using that chip. Figure : A simple Hardware trojan
Hypothesis Hypothesis In the classification of Hardware trojan it has been assumed the attacker has the access to all the stages of the IC design. Attacker has the access to the floorplans, layout, netlist and RTL code.
Classification Classification Figure : Hardware trojan Taxonomy
Classification Insertion Phase Insertion Phase At the following phases the malicious alteration can take place. Specification phase– For example, a Trojan at the specification phase might change the hardwares timing requirements. Design phase–Designer can use third-party IP blocks and standard cells. A standard cell library can be infested with Trojans.
Classification Insertion Phase contd.. Insertion Phase contd.. Fabrication Phase–Subtle mask changes can have serious effects. In an extreme case, an adversary can substitute a different mask set. Testing phase–An adversary can change the test vectors to avoid detection of trojan.
Classification Insertion Phase contd.. Insertion Phase contd.. Assembly phase–Developers assemble the tested chip and other hardware components on a printed circuit board (PCB). An unshielded wire can be used for information leakage and fault injection.
Classification Abstraction Phase Abstraction phase The phase at which the alteration occurs. System level–Trojans might be triggered by the target hardware modules-for example, interchanging the ASCII values of the keyboard inputs. Development environment–An attacker can use CAD tools and scripts to insert Trojans. Software Trojans inserted into these CAD tools can mask the effects of the hardware Trojans. For example, a synthesis tool might not reveal a circuits Trojan components to the user.
Classification Abstraction Phase contd.. Abstraction phase contd.. Register-transfer level–At the RTL, chip developers describe each functional module in terms of registers, signals, and Boolean functions. For example, a Trojan implemented at this level might halve the rounds of a cryptographic algorithm by making a round counter to advance in two steps instead of one.
Classification Abstraction Phase contd.. Abstraction phase contd.. Gate level–A Trojan might be a simple comparator consisting of XOR gates that monitor the chips internal signals. Transistor level– A transistor-level Trojan might be a transistor with low gate width that can cause more delay in the critical path.
Classification Abstraction Phase contd.. Abstraction phase contd.. Physical level This level describes all circuit components and their dimensions and locations, Changing the width of the clock grids metal wires in the chip can cause clock skew.
Classification Activation Mechanism Activation Mechanism Always-on– This class covers Trojans that are implemented by modifying the geometries of the chip such that certain nodes or paths in the chip have a higher susceptibility to failure. Internally triggered–An event that occurs within the target device activates an internally triggered Trojan. Figure : Internally Triggered
Classification Activation Mechanism Activation Mechanism Externally triggered Trojan requires external input to the target module to activate. For example, data coming through external interfaces such as RS-232 can trigger a Trojan.
Classification Effects Effects The effects of Trojans on target hardware or systems can range from subtle disturbances to catastrophic system failures. A trojan can cause an error detection module to accept inputs that should be rejected. A Trojan can downgrade performance by intentionally changing device parameters, such as power and delay. A Trojan might leak a cryptographic algorithms secret key through unused RS-232 ports. Denial-of-service Trojans prevent operation of a function or resource. For example causing the processor to ignore the interrupt from a specific peripheral.
Detection Techniques Detection using Power Analysis Detection using Power Analysis The not gate based ring oscillator is used to monitor power. Power supply noise (also known as voltage drop) impacts the delay of gates. 1 f = 2 × n × td Figure : Ring Oscilator
Detection Techniques Detection using Power Analysis Detection using Power Analysis When the voltage drops, the delay of the gates increases. Change in delay impacts the oscillation frequency. For Trojan-inserted ICs, the switching gates in the Trojan would cause small voltage drop on the VDD line and ground bounce on VSS line. Thus, with the same input patterns, the power supply noise affecting the Trojan-free IC and Trojan-inserted IC will differ.
Detection Techniques Detection using Power Analysis Accuracy of single Ring Oscillator Process variations can impact the threshold voltage, channel length, and oxide thickness in circuit gates which, in turn, impacts power supply noise distribution in an IC. These effects may be localized. A single ring oscillator can not distinguish between Trojans and process variations. A ring oscillator placed in one corner of an IC, may not be able to capture noise effects which occur due to a Trojan placed in another corner of the IC.
Detection Techniques Detection using Power Analysis A Network of Ring Oscillators Figure : Ring oscillators distributed in circuit layout
Detection Techniques Detection using Power Analysis A Network of Ring Oscillators One RO is inserted into each grid surrounded by power straps. One multiplexer is used to select a ring oscillator in the network to be enabled during the authentication. Another multiplexer chooses the same ring oscillator to be recorded.
Detection Techniques Detection using Path delay fingerprint Detection using Path delay fingerprint The procedure includes three steps Path delay gathering of nominal chips–Path delay information of sample chips are collected. These chips are then checked whether they are genuine or not using reverse engineering. Fingerprint generation – According to path delays a series of fingerprints are generated. Trojan Detection – All other chips are then operated under same input patterns. Their delay information is then compared to delay fingerprints.
Detection Techniques Detection using Path delay fingerprint Hardware trojan with explicit Payload When the Trojan is triggered, the payload part will alter the value of internal signal. Figure : Explicit Payload This type of Trojan will insert extra delay in some paths passing those signals.
Detection Techniques Detection using Path delay fingerprint Hardware trojan with implicit Payload The implicit payload Trojan does not compromise internal signals but only takes these signals as stimulus of the trigger. The implicit payload may emit radio signals to leak secret information or may destroy the whole chip. Compared to the extra delay inserted by explicit payload Trojan, the added delay here can be smaller and harder to detect. Figure : Implicit Payload
Detection Techniques Detection using Path delay fingerprint Disadvantages It is not effective at detecting small Trojans or implicit Trojans (whose payloads do not connect to the circuit) since the contributions of small Trojans and implicit Trojans to the path delay will be masked by process variations. There are millions of paths in a circuit, it is impossible to obtain 100% test coverage using this technique. Trojans inserted into uncovered paths will not be detected by this technique.
Detection using Ring oscillator frequency Detection using Ring oscillator frequency An attacker can insert malicious gates in non-critical path, such that it does not violate the critical path constraint. Path can be reconfigured into ring oscillators, such that the additional delays caused by trojans can still be measured as changes in ring oscillator’s frequencies.
Detection using Ring oscillator frequency Detection using Ring oscillator frequency Detection using Ring oscillator frequency Figure : C17 embedded with ring oscillators To ensure the detection of an inserted trojan, all the gates must be covered by ring oscillators.
Hardware Trojan Insertion Bypassing Delay fingerprint technique The following trojans were inserted in [ZTT11] Trojan T1 T2 T3 T4 T5 T6 Class DRULP DRULP DRULP DRUPP DRUPP DRTPP Trigger din(1 downto 0) din=4’hf din=4’h8 Reset=1’b0 din( 1 downto 0)=2’b01 timing sequence Payload SP leaked by 7 segement display Secret key leaked by 7 segement display Secret leaked by LD7 in serial 1-stage ring oscillator 3-stage ring osillator clock buffer chain Out of the six trojans, T1,T2,T3 are explicit payload trojans.
Hardware Trojan Insertion Bypassing Delay fingerprint technique T1 is triggered when the last two bits of the input din are 2‘b01. The payload is that the secret plain text (SP) will be leaked over the 7-segment display. If din has a low switching probability, then T1, T2, and T3 will be undetected on the silicon.
Hardware Trojan Insertion Bypassing Delay fingerprint technique Trojans T4, T5, and T6 have implicit payloads. Trojan-inserted ICs will age faster than Trojan-free ICs, or will create hot-spots that can damage circuit components. Random functional test vectors could not detect these Trojans because they do not change the circuits original functionality. The trigger of T6 is a timing sequence → 8’h03, 8’h1c, 8’h23, 1 8’h6c, 8’ha3, 8’hfc. The probability of activating T6 is 48 2
Hardware Trojan Insertion Bypassing Delay fingerprint technique Once T6 is activated, a buffer chain with a clock frequency input will be enabled and increase the temperature of the chip quickly. This Trojan, with an implicit payload, has a negligible effect on the path delay. The path delay trojan detection method is not effective for this type of Trojan.
Hardware Trojan Insertion Bypassing the Ring oscillator detection technique The loops in the circuit are identified. If the loops consist an odd number of inverters, then test vectors will be generated to enable each ring oscillator. Test Pattern–A0,B0,C0,TE0,P1=1011
Hardware Trojan Insertion Bypassing the Ring oscillator detection technique After generating the test patterns, two methods were employed in [ZTT11] to evade the detection:Modelling the Ring oscillator frequency(Hard code attack). Redesigning the floorplan.
Hardware Trojan Insertion Hard Code attack The test vectors provide different frequency values for trojan inserted and trojan free IC’s. Figure : RTL code These test vectors are translated into a logic function in the RTL code.
Hardware Trojan Insertion Hard Code attack contd.. The counter value for each ring oscillator in a Trojan-inserted circuit will always be the same as in the Trojan-free circuit With the look-up table, any kind of Trojan could be inserted into the design without being detected.
Hardware Trojan Insertion Redesigning floorplan Ring oscillators frequency is sensitive to both process variations and the location of its components. Figure : Trojan insertion flow
Hardware Trojan Insertion Hardware Trojan Insertion Redesigning floorplan If the ring oscillator’s frequency in the Trojan–inserted design is larger than its frequency in the Trojan–free design, then the components of that ring oscillator will be placed further away from each other. This increases loop delay and decreases oscillator frequency.
Conclusion Conclusion The insertion of hardware trojans is not limited to just the fabrication stage. The trojans can be inserted at any stage of IC design cycle. The delay fingerprint is ineffective to detect implicit payload trojans. The design can be made resilient to hard code attack by observing the counter values at different voltage levels. The embedded ring oscillator network for power analysis has a large area overhead.
References References Y. Jin, N. Kupp, and Y. Makris, Experiences in hardware trojan design and implementation, Hardware-Oriented Security and Trust, 2009. HOST ’09. IEEE International Workshop on, july 2009, pp. 50 –57. Yier Jin and Y. Makris, Hardware trojan detection using path delay fingerprint, Hardware-Oriented Security and Trust, 2008. HOST 2008. IEEE International Workshop on, june 2008, pp. 51 –57. R. Karri, J. Rajendran, K. Rosenfeld, and M. Tehranipoor, Trustworthy hardware: Identifying and classifying hardware trojans, Computer 43 (2010), no. 10, 39 –46. J. Rajendran, V. Jyothi, O. Sinanoglu, and R. Karri, Design and analysis of ring oscillator based design-for-trust technique,
References VLSI Test Symposium (VTS), 2011 IEEE 29th, may 2011, pp. 105 –110. J.A. Roy, F. Koushanfar, and I.L. Markov, Extended abstract: Circuit cad tools as a security threat, Hardware-Oriented Security and Trust, 2008. HOST 2008. IEEE International Workshop on, june 2008, pp. 65 –66. M. Tehranipoor, H. Salmani, Xuehui Zhang, Xiaoxiao Wang, R. Karri, J. Rajendran, and K. Rosenfeld, Trustworthy hardware: Trojan detection and design-for-trust challenges, Computer 44 (2011), no. 7, 66 –74. Xuehui Zhang and M. Tehranipoor, Ron: An on-chip ring oscillator network for hardware trojan detection, Design, Automation Test in Europe Conference Exhibition (DATE), 2011, march 2011, pp. 1 –6.
References Xuehui Zhang, N. Tuzzio, and M. Tehranipoor, Red team: Design of intelligent hardware trojans with known defense schemes, Computer Design (ICCD), 2011 IEEE 29th International Conference on, oct. 2011, pp. 309 –312.

Recommended

Hardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam TiwariHardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam Tiwari
OWASP Delhi
 
Hardware trojan detection technique using side channel analysis for hardware ...
Hardware trojan detection technique using side channel analysis for hardware ...Hardware trojan detection technique using side channel analysis for hardware ...
Hardware trojan detection technique using side channel analysis for hardware ...
Ashish Maurya
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
Stefan Fodor
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
Harsh Bhanushali
 
Fingerprint recognition
Fingerprint recognitionFingerprint recognition
Fingerprint recognition
ranjit banshpal
 
Modules and ports in Verilog HDL
Modules and ports in Verilog HDLModules and ports in Verilog HDL
Modules and ports in Verilog HDL
anand hd
 
Trends and challenges in vlsi
Trends and challenges in vlsiTrends and challenges in vlsi
Trends and challenges in vlsi
labishettybhanu
 
Introduction to VLSI Design
Introduction to VLSI DesignIntroduction to VLSI Design
Introduction to VLSI Design
Kalyan Acharjya
 

Recommended

Hardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam TiwariHardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam Tiwari
OWASP Delhi
 
Hardware trojan detection technique using side channel analysis for hardware ...
Hardware trojan detection technique using side channel analysis for hardware ...Hardware trojan detection technique using side channel analysis for hardware ...
Hardware trojan detection technique using side channel analysis for hardware ...
Ashish Maurya
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
Stefan Fodor
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
Harsh Bhanushali
 
Fingerprint recognition
Fingerprint recognitionFingerprint recognition
Fingerprint recognition
ranjit banshpal
 
Modules and ports in Verilog HDL
Modules and ports in Verilog HDLModules and ports in Verilog HDL
Modules and ports in Verilog HDL
anand hd
 
Trends and challenges in vlsi
Trends and challenges in vlsiTrends and challenges in vlsi
Trends and challenges in vlsi
labishettybhanu
 
Introduction to VLSI Design
Introduction to VLSI DesignIntroduction to VLSI Design
Introduction to VLSI Design
Kalyan Acharjya
 
INTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESINTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUES
Trinity Dwarka
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card Security
Prav_Kalyan
 
LFSR
LFSRLFSR
LFSR
CVR college of Engineering
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Fingerprint recognition presentation
Fingerprint recognition presentationFingerprint recognition presentation
Fingerprint recognition presentation
Vivek Kumar
 
Data types in verilog
Data types in verilogData types in verilog
Data types in verilog
Nallapati Anindra
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of Things
Alexandru Radovici
 
Fingerprint scanner
Fingerprint scannerFingerprint scanner
Fingerprint scanner
Ausaf khan
 
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
GeekPwn Keen
 
Palm vein technology ppt
Palm vein technology pptPalm vein technology ppt
Palm vein technology ppt
Dhara k
 
Palm Vein Technology
Palm Vein TechnologyPalm Vein Technology
Palm Vein Technology
sathyakawthar
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
Chetanmalviya8
 
Palm-Vein Technology
Palm-Vein TechnologyPalm-Vein Technology
Palm-Vein Technology
Papun Papun
 
Automatic Test Pattern Generation (Testing of VLSI Design)
Automatic Test Pattern Generation (Testing of VLSI Design)Automatic Test Pattern Generation (Testing of VLSI Design)
Automatic Test Pattern Generation (Testing of VLSI Design)
Usha Mehta
 
An introduction to block chain technology
An introduction to block chain technologyAn introduction to block chain technology
An introduction to block chain technology
yaminisindhurabandar
 
3d password
3d password3d password
3d password
Abinaya Sathya
 
Asic
AsicAsic
Asic
rajeevkr35
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
2019 5 testing and verification of vlsi design_fault_modeling
2019 5 testing and verification of vlsi design_fault_modeling2019 5 testing and verification of vlsi design_fault_modeling
2019 5 testing and verification of vlsi design_fault_modeling
Usha Mehta
 
VLSI Lab manual PDF
VLSI Lab manual PDFVLSI Lab manual PDF
VLSI Lab manual PDF
UR11EC098
 
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
idescitation
 
Detection of Malicious Circuitry Using Transition Probability Based Node Redu...
Detection of Malicious Circuitry Using Transition Probability Based Node Redu...Detection of Malicious Circuitry Using Transition Probability Based Node Redu...
Detection of Malicious Circuitry Using Transition Probability Based Node Redu...
TELKOMNIKA JOURNAL
 

More Related Content

What's hot

Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
GeekPwn Keen
 
Palm vein technology ppt
Palm vein technology pptPalm vein technology ppt
Palm vein technology ppt
Dhara k
 

What's hot (20)

INTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUESINTRUSION DETECTION TECHNIQUES
INTRUSION DETECTION TECHNIQUES
 
Smart Card Security
Smart Card SecuritySmart Card Security
Smart Card Security
 
LFSR
LFSRLFSR
LFSR
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Fingerprint recognition presentation
Fingerprint recognition presentationFingerprint recognition presentation
Fingerprint recognition presentation
 
Data types in verilog
Data types in verilogData types in verilog
Data types in verilog
 
Web servers for the Internet of Things
Web servers for the Internet of ThingsWeb servers for the Internet of Things
Web servers for the Internet of Things
 
Fingerprint scanner
Fingerprint scannerFingerprint scanner
Fingerprint scanner
 
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
Hardware Trojan Attacks on Neural Networks - Joseph Clements - DEF CON 26 CAA...
 
Palm vein technology ppt
Palm vein technology pptPalm vein technology ppt
Palm vein technology ppt
 
Palm Vein Technology
Palm Vein TechnologyPalm Vein Technology
Palm Vein Technology
 
Keyloggers.ppt
Keyloggers.pptKeyloggers.ppt
Keyloggers.ppt
 
Palm-Vein Technology
Palm-Vein TechnologyPalm-Vein Technology
Palm-Vein Technology
 
Automatic Test Pattern Generation (Testing of VLSI Design)
Automatic Test Pattern Generation (Testing of VLSI Design)Automatic Test Pattern Generation (Testing of VLSI Design)
Automatic Test Pattern Generation (Testing of VLSI Design)
 
An introduction to block chain technology
An introduction to block chain technologyAn introduction to block chain technology
An introduction to block chain technology
 
3d password
3d password3d password
3d password
 
Asic
AsicAsic
Asic
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 
2019 5 testing and verification of vlsi design_fault_modeling
2019 5 testing and verification of vlsi design_fault_modeling2019 5 testing and verification of vlsi design_fault_modeling
2019 5 testing and verification of vlsi design_fault_modeling
 
VLSI Lab manual PDF
VLSI Lab manual PDFVLSI Lab manual PDF
VLSI Lab manual PDF
 

Similar to Hardware Trojans

Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
idescitation
 
Detection of Malicious Circuitry Using Transition Probability Based Node Redu...
Detection of Malicious Circuitry Using Transition Probability Based Node Redu...Detection of Malicious Circuitry Using Transition Probability Based Node Redu...
Detection of Malicious Circuitry Using Transition Probability Based Node Redu...
TELKOMNIKA JOURNAL
 
Scan Segmentation Approach to Magnify Detection Sensitivity for Tiny Hardware...
Scan Segmentation Approach to Magnify Detection Sensitivity for Tiny Hardware...Scan Segmentation Approach to Magnify Detection Sensitivity for Tiny Hardware...
Scan Segmentation Approach to Magnify Detection Sensitivity for Tiny Hardware...
奈良先端大 情報科学研究科
 
Hardware Trojan Identification and Detection
Hardware Trojan Identification and DetectionHardware Trojan Identification and Detection
Hardware Trojan Identification and Detection
ijcisjournal
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...
Thang Nguyen
 
Network border patrol preventing c ongestion collapse(synopsis)
Network border patrol preventing c ongestion collapse(synopsis)Network border patrol preventing c ongestion collapse(synopsis)
Network border patrol preventing c ongestion collapse(synopsis)
Mumbai Academisc
 
Design, Implementation and Security Analysis of Hardware Trojan Threats in FPGA
Design, Implementation and Security Analysis of Hardware Trojan Threats in FPGADesign, Implementation and Security Analysis of Hardware Trojan Threats in FPGA
Design, Implementation and Security Analysis of Hardware Trojan Threats in FPGA
Vivek Venugopalan
 
spy_robot.pptx
spy_robot.pptxspy_robot.pptx
spy_robot.pptx
Ravikumar Ronad
 
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
cscpconf
 

Similar to Hardware Trojans (20)

Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
Breaching of Ring Oscillator Based Trojan Detection and Prevention in Physica...
 
Detection of Malicious Circuitry Using Transition Probability Based Node Redu...
Detection of Malicious Circuitry Using Transition Probability Based Node Redu...Detection of Malicious Circuitry Using Transition Probability Based Node Redu...
Detection of Malicious Circuitry Using Transition Probability Based Node Redu...
 
Remote authentication via biometrics1
Remote authentication via biometrics1Remote authentication via biometrics1
Remote authentication via biometrics1
 
Scan Segmentation Approach to Magnify Detection Sensitivity for Tiny Hardware...
Scan Segmentation Approach to Magnify Detection Sensitivity for Tiny Hardware...Scan Segmentation Approach to Magnify Detection Sensitivity for Tiny Hardware...
Scan Segmentation Approach to Magnify Detection Sensitivity for Tiny Hardware...
 
ROBOTICS - Introduction to Robotics Microcontroller
ROBOTICS - Introduction to Robotics MicrocontrollerROBOTICS - Introduction to Robotics Microcontroller
ROBOTICS - Introduction to Robotics Microcontroller
 
Hardware Trojan Identification and Detection
Hardware Trojan Identification and DetectionHardware Trojan Identification and Detection
Hardware Trojan Identification and Detection
 
J010234960
J010234960J010234960
J010234960
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...
 
Verification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresVerification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP Cores
 
Network border patrol preventing c ongestion collapse(synopsis)
Network border patrol preventing c ongestion collapse(synopsis)Network border patrol preventing c ongestion collapse(synopsis)
Network border patrol preventing c ongestion collapse(synopsis)
 
trojan detection
trojan detectiontrojan detection
trojan detection
 
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
A Robust UART Architecture Based on Recursive Running Sum Filter for Better N...
 
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT KharagpurSneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
Sneak Peek into the Future with Prof. Indranil Sengupta, IIT Kharagpur
 
Design, Implementation and Security Analysis of Hardware Trojan Threats in FPGA
Design, Implementation and Security Analysis of Hardware Trojan Threats in FPGADesign, Implementation and Security Analysis of Hardware Trojan Threats in FPGA
Design, Implementation and Security Analysis of Hardware Trojan Threats in FPGA
 
Check shavad
Check shavadCheck shavad
Check shavad
 
Short Range Radar System using Arduino Uno
Short Range Radar System using Arduino UnoShort Range Radar System using Arduino Uno
Short Range Radar System using Arduino Uno
 
spy_robot.pptx
spy_robot.pptxspy_robot.pptx
spy_robot.pptx
 
UNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptxUNIT-2 PPT Data link layer.pptx
UNIT-2 PPT Data link layer.pptx
 
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...
 
Ar03302620266
Ar03302620266Ar03302620266
Ar03302620266
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Hardware Trojans

  • 1. Classification and Detection of Hardware Trojans Rahul Krishnamurthy(2011VLSI06) ABV-Indian Institute of Information Technology and Management Gwalior, Morena Link Road, Gwalior, Madhya Pradesh, INDIA - 474010. December 17, 2012
  • 2. Contents Contents 1. Introduction 2. Classification of Hardware Trojans 3. Detection Techniques for Hardware Trojans Detection Using Power Analysis Detection by Delay Fingerprint technique Detection using Ring Oscillator Frequency Mechanism 4. Insertion of Hardware Trojans Insertion Technique Bypassing Delay Fingerprint Technique Insertion Technique Bypassing Ring Oscillator Frequency Mechanism 5. Conclusion
  • 3. Introduction Introduction A Hardware Trojan is a malicious and deliberately stealthy modification made to an electronic device such as an IC. It can change the chips functionality and thereby undermine trust in the systems using that chip. Figure : A simple Hardware trojan
  • 4. Hypothesis Hypothesis In the classification of Hardware trojan it has been assumed the attacker has the access to all the stages of the IC design. Attacker has the access to the floorplans, layout, netlist and RTL code.
  • 6. Classification Insertion Phase Insertion Phase At the following phases the malicious alteration can take place. Specification phase– For example, a Trojan at the specification phase might change the hardwares timing requirements. Design phase–Designer can use third-party IP blocks and standard cells. A standard cell library can be infested with Trojans.
  • 7. Classification Insertion Phase contd.. Insertion Phase contd.. Fabrication Phase–Subtle mask changes can have serious effects. In an extreme case, an adversary can substitute a different mask set. Testing phase–An adversary can change the test vectors to avoid detection of trojan.
  • 8. Classification Insertion Phase contd.. Insertion Phase contd.. Assembly phase–Developers assemble the tested chip and other hardware components on a printed circuit board (PCB). An unshielded wire can be used for information leakage and fault injection.
  • 9. Classification Abstraction Phase Abstraction phase The phase at which the alteration occurs. System level–Trojans might be triggered by the target hardware modules-for example, interchanging the ASCII values of the keyboard inputs. Development environment–An attacker can use CAD tools and scripts to insert Trojans. Software Trojans inserted into these CAD tools can mask the effects of the hardware Trojans. For example, a synthesis tool might not reveal a circuits Trojan components to the user.
  • 10. Classification Abstraction Phase contd.. Abstraction phase contd.. Register-transfer level–At the RTL, chip developers describe each functional module in terms of registers, signals, and Boolean functions. For example, a Trojan implemented at this level might halve the rounds of a cryptographic algorithm by making a round counter to advance in two steps instead of one.
  • 11. Classification Abstraction Phase contd.. Abstraction phase contd.. Gate level–A Trojan might be a simple comparator consisting of XOR gates that monitor the chips internal signals. Transistor level– A transistor-level Trojan might be a transistor with low gate width that can cause more delay in the critical path.
  • 12. Classification Abstraction Phase contd.. Abstraction phase contd.. Physical level This level describes all circuit components and their dimensions and locations, Changing the width of the clock grids metal wires in the chip can cause clock skew.
  • 13. Classification Activation Mechanism Activation Mechanism Always-on– This class covers Trojans that are implemented by modifying the geometries of the chip such that certain nodes or paths in the chip have a higher susceptibility to failure. Internally triggered–An event that occurs within the target device activates an internally triggered Trojan. Figure : Internally Triggered
  • 14. Classification Activation Mechanism Activation Mechanism Externally triggered Trojan requires external input to the target module to activate. For example, data coming through external interfaces such as RS-232 can trigger a Trojan.
  • 15. Classification Effects Effects The effects of Trojans on target hardware or systems can range from subtle disturbances to catastrophic system failures. A trojan can cause an error detection module to accept inputs that should be rejected. A Trojan can downgrade performance by intentionally changing device parameters, such as power and delay. A Trojan might leak a cryptographic algorithms secret key through unused RS-232 ports. Denial-of-service Trojans prevent operation of a function or resource. For example causing the processor to ignore the interrupt from a specific peripheral.
  • 16. Detection Techniques Detection using Power Analysis Detection using Power Analysis The not gate based ring oscillator is used to monitor power. Power supply noise (also known as voltage drop) impacts the delay of gates. 1 f = 2 × n × td Figure : Ring Oscilator
  • 17. Detection Techniques Detection using Power Analysis Detection using Power Analysis When the voltage drops, the delay of the gates increases. Change in delay impacts the oscillation frequency. For Trojan-inserted ICs, the switching gates in the Trojan would cause small voltage drop on the VDD line and ground bounce on VSS line. Thus, with the same input patterns, the power supply noise affecting the Trojan-free IC and Trojan-inserted IC will differ.
  • 18. Detection Techniques Detection using Power Analysis Accuracy of single Ring Oscillator Process variations can impact the threshold voltage, channel length, and oxide thickness in circuit gates which, in turn, impacts power supply noise distribution in an IC. These effects may be localized. A single ring oscillator can not distinguish between Trojans and process variations. A ring oscillator placed in one corner of an IC, may not be able to capture noise effects which occur due to a Trojan placed in another corner of the IC.
  • 19. Detection Techniques Detection using Power Analysis A Network of Ring Oscillators Figure : Ring oscillators distributed in circuit layout
  • 20. Detection Techniques Detection using Power Analysis A Network of Ring Oscillators One RO is inserted into each grid surrounded by power straps. One multiplexer is used to select a ring oscillator in the network to be enabled during the authentication. Another multiplexer chooses the same ring oscillator to be recorded.
  • 21. Detection Techniques Detection using Path delay fingerprint Detection using Path delay fingerprint The procedure includes three steps Path delay gathering of nominal chips–Path delay information of sample chips are collected. These chips are then checked whether they are genuine or not using reverse engineering. Fingerprint generation – According to path delays a series of fingerprints are generated. Trojan Detection – All other chips are then operated under same input patterns. Their delay information is then compared to delay fingerprints.
  • 22. Detection Techniques Detection using Path delay fingerprint Hardware trojan with explicit Payload When the Trojan is triggered, the payload part will alter the value of internal signal. Figure : Explicit Payload This type of Trojan will insert extra delay in some paths passing those signals.
  • 23. Detection Techniques Detection using Path delay fingerprint Hardware trojan with implicit Payload The implicit payload Trojan does not compromise internal signals but only takes these signals as stimulus of the trigger. The implicit payload may emit radio signals to leak secret information or may destroy the whole chip. Compared to the extra delay inserted by explicit payload Trojan, the added delay here can be smaller and harder to detect. Figure : Implicit Payload
  • 24. Detection Techniques Detection using Path delay fingerprint Disadvantages It is not effective at detecting small Trojans or implicit Trojans (whose payloads do not connect to the circuit) since the contributions of small Trojans and implicit Trojans to the path delay will be masked by process variations. There are millions of paths in a circuit, it is impossible to obtain 100% test coverage using this technique. Trojans inserted into uncovered paths will not be detected by this technique.
  • 25. Detection using Ring oscillator frequency Detection using Ring oscillator frequency An attacker can insert malicious gates in non-critical path, such that it does not violate the critical path constraint. Path can be reconfigured into ring oscillators, such that the additional delays caused by trojans can still be measured as changes in ring oscillator’s frequencies.
  • 26. Detection using Ring oscillator frequency Detection using Ring oscillator frequency Detection using Ring oscillator frequency Figure : C17 embedded with ring oscillators To ensure the detection of an inserted trojan, all the gates must be covered by ring oscillators.
  • 27. Hardware Trojan Insertion Bypassing Delay fingerprint technique The following trojans were inserted in [ZTT11] Trojan T1 T2 T3 T4 T5 T6 Class DRULP DRULP DRULP DRUPP DRUPP DRTPP Trigger din(1 downto 0) din=4’hf din=4’h8 Reset=1’b0 din( 1 downto 0)=2’b01 timing sequence Payload SP leaked by 7 segement display Secret key leaked by 7 segement display Secret leaked by LD7 in serial 1-stage ring oscillator 3-stage ring osillator clock buffer chain Out of the six trojans, T1,T2,T3 are explicit payload trojans.
  • 28. Hardware Trojan Insertion Bypassing Delay fingerprint technique T1 is triggered when the last two bits of the input din are 2‘b01. The payload is that the secret plain text (SP) will be leaked over the 7-segment display. If din has a low switching probability, then T1, T2, and T3 will be undetected on the silicon.
  • 29. Hardware Trojan Insertion Bypassing Delay fingerprint technique Trojans T4, T5, and T6 have implicit payloads. Trojan-inserted ICs will age faster than Trojan-free ICs, or will create hot-spots that can damage circuit components. Random functional test vectors could not detect these Trojans because they do not change the circuits original functionality. The trigger of T6 is a timing sequence → 8’h03, 8’h1c, 8’h23, 1 8’h6c, 8’ha3, 8’hfc. The probability of activating T6 is 48 2
  • 30. Hardware Trojan Insertion Bypassing Delay fingerprint technique Once T6 is activated, a buffer chain with a clock frequency input will be enabled and increase the temperature of the chip quickly. This Trojan, with an implicit payload, has a negligible effect on the path delay. The path delay trojan detection method is not effective for this type of Trojan.
  • 31. Hardware Trojan Insertion Bypassing the Ring oscillator detection technique The loops in the circuit are identified. If the loops consist an odd number of inverters, then test vectors will be generated to enable each ring oscillator. Test Pattern–A0,B0,C0,TE0,P1=1011
  • 32. Hardware Trojan Insertion Bypassing the Ring oscillator detection technique After generating the test patterns, two methods were employed in [ZTT11] to evade the detection:Modelling the Ring oscillator frequency(Hard code attack). Redesigning the floorplan.
  • 33. Hardware Trojan Insertion Hard Code attack The test vectors provide different frequency values for trojan inserted and trojan free IC’s. Figure : RTL code These test vectors are translated into a logic function in the RTL code.
  • 34. Hardware Trojan Insertion Hard Code attack contd.. The counter value for each ring oscillator in a Trojan-inserted circuit will always be the same as in the Trojan-free circuit With the look-up table, any kind of Trojan could be inserted into the design without being detected.
  • 35. Hardware Trojan Insertion Redesigning floorplan Ring oscillators frequency is sensitive to both process variations and the location of its components. Figure : Trojan insertion flow
  • 36. Hardware Trojan Insertion Hardware Trojan Insertion Redesigning floorplan If the ring oscillator’s frequency in the Trojan–inserted design is larger than its frequency in the Trojan–free design, then the components of that ring oscillator will be placed further away from each other. This increases loop delay and decreases oscillator frequency.
  • 37. Conclusion Conclusion The insertion of hardware trojans is not limited to just the fabrication stage. The trojans can be inserted at any stage of IC design cycle. The delay fingerprint is ineffective to detect implicit payload trojans. The design can be made resilient to hard code attack by observing the counter values at different voltage levels. The embedded ring oscillator network for power analysis has a large area overhead.
  • 38. References References Y. Jin, N. Kupp, and Y. Makris, Experiences in hardware trojan design and implementation, Hardware-Oriented Security and Trust, 2009. HOST ’09. IEEE International Workshop on, july 2009, pp. 50 –57. Yier Jin and Y. Makris, Hardware trojan detection using path delay fingerprint, Hardware-Oriented Security and Trust, 2008. HOST 2008. IEEE International Workshop on, june 2008, pp. 51 –57. R. Karri, J. Rajendran, K. Rosenfeld, and M. Tehranipoor, Trustworthy hardware: Identifying and classifying hardware trojans, Computer 43 (2010), no. 10, 39 –46. J. Rajendran, V. Jyothi, O. Sinanoglu, and R. Karri, Design and analysis of ring oscillator based design-for-trust technique,
  • 39. References VLSI Test Symposium (VTS), 2011 IEEE 29th, may 2011, pp. 105 –110. J.A. Roy, F. Koushanfar, and I.L. Markov, Extended abstract: Circuit cad tools as a security threat, Hardware-Oriented Security and Trust, 2008. HOST 2008. IEEE International Workshop on, june 2008, pp. 65 –66. M. Tehranipoor, H. Salmani, Xuehui Zhang, Xiaoxiao Wang, R. Karri, J. Rajendran, and K. Rosenfeld, Trustworthy hardware: Trojan detection and design-for-trust challenges, Computer 44 (2011), no. 7, 66 –74. Xuehui Zhang and M. Tehranipoor, Ron: An on-chip ring oscillator network for hardware trojan detection, Design, Automation Test in Europe Conference Exhibition (DATE), 2011, march 2011, pp. 1 –6.
  • 40. References Xuehui Zhang, N. Tuzzio, and M. Tehranipoor, Red team: Design of intelligent hardware trojans with known defense schemes, Computer Design (ICCD), 2011 IEEE 29th International Conference on, oct. 2011, pp. 309 –312.