Hardware Trojans Flashcards
(34 cards)
what is a hardware trojan?
A malicious addition or modification to the existing circuit elements
what are 3 effects of HT?
- Change functionality
- Drain resources
- Leak secret info
Specification phase
- Designers map out what requirements of chip (power, timing, etc)
- HTs can change functional specifications
Design phase
- Designers consider functional, logical, timing, and physical constraints
- HT can be in any component in the design
fabrication phase
- When the chip is physically made
- Subtle mask changes can have a serious effect
testing phase
- Great opportunity to test for HT
- Need to make sure that the test vectors are kept secret so that adversary cannot make test vectors that will hide HT
assembly phase
- Chip is combined with other circuitry on PCB
- Every interface where components interact is a place for HT
name the 2 components of HT
trigger and payload
can HT be removed?
not without replacing the hardware of a computer
no-trigger activation
HT is always on
trigger activation
needs either internal or external event in order to active
how long do triggered HTs remain active?
indefinitely, a specific amount of time, or until a specific condition
internal triggers
time-based or event-based events (counter or temperature threshold)
External triggers
based on input from outside the chip
combination trojan
“I need to see these two inputs to activate”
sequential trojan
“I need x, y, and z to happen in order to activate”
Pre-silicon HT detection
non-destructive, cannot detect HT after design phase
Post-Silicon HT detection
functional testing (not accurate) or SC
Failure-based HT detection techniques
Use techniques usually reserved for determining why a chip failed to look for HT. time-consuming and expensive, not meant to be used on every chip
Automatic Test Pattern Generation (ATPG)
HT detection. Fuzzing but for chips ==> automatically create test vectors. Good for HT that modify components, but not good for adding logic (because we don’t know to test for it). not good if we dont know activation criteria
IDDQ
HT detection SC. Every gate leaks power even when in idle state. Measure power in quiescent (idle) state => if extra gate, there will be more power leakage
IDDT
Power side channel via dynamic power
Path delay
- Additional gates and capacitance will cause circuit to take longer to do a computation
- Even if those gates are not directly involved (i.e. not activated yet), if they are connected to other components, they will cause a slight delay
Challenges with path delay
- Can be small increase that is hard to spot
- Hard to get complete code coverage
- Chips are not completely constant in speed
