Hardware Trojan Horse (HTH)

Hardware Trojan horses (HTHs) are the malicious altering of hardware specification or implementation in such a way that its functionality is altered under a set of conditions defined by the attacker. There are numerous HTHs sources including non-trusted foundries, synthesis tools and libraries, testing and verification tools, and configuration scripts. HTH attacks can greatly comprise security and privacy of hardware users either directly or through interaction with pertinent systems and application software or with data. However, while there has been a huge research and development effort for detecting software Trojan horses, surprisingly, HTHs are rarely addressed. HTH detection is a particularly difficult task in modern and pending deep submicron technologies due to intrinsic manufacturing variability.

Since semiconductor manufacturing demands a large capital investment, the role of contract foundries has dramatically grown, increasing exposure to theft of masks, attacks by insertion of malicious circuitry, and unauthorized excess fabrication. The development of hardware security techniques is exceptionally difficult due to reasons that include limited controllability and observability, large size and complexity (the latest Intel processor has 2.06 billion transistors), variety of components, unavoidable design bugs, possibility of attacks by non-physically connected circuitry, many potential attack sources (e.g. hardware IP providers, CAD tools, and foundries), potentially sophisticated and well-funded attackers (foundries and foreign governments), and manufacturing variability that makes each Integrated Circuit coming from the same design unique.

There are several broad types of malicious hardware attacks that we consider. The first is gate resizing, where the attacker intentionally changes the sizing factors of one or more gates in such a way that the circuit passes all standard timing test, but its timing for a certain inputs is incorrect or its switching or leakage power are globally or locally increased drastically. Note that many other gate sizing attacks can be envisioned, including one where the sizes of the gates are altered in such a way that the calculation of internal signals is facilitated through altered timing or switching power. In the second type of attack, the adversary adds one or more gates so that the functionality of the design is altered. It is important to observe that the gates can be added so that no timing path between primary inputs and flip-flops (FFs) and primary outputs and FFs is altered. However, leakage power is always altered because even if the attacker gates the added circuitry, the gating requires an additional gate. Our HTH detection approach is generic in a sense that it can easily be retargeted to other circuit components, such as interconnect by considering more comprehensive timing and/or power models.

Here we present specific HTH, in an attempt to describe the nature of HTH attacks in general. A simple, yet powerful HTH attack is presented in Figure 1, which shows how ghost circuitry can be activated in a cell phone when specific inputs or data are detected at specific memory locations. The unshaded portion of the circuit represents the HTH circuitry when it is activated by a HTH caller ID number. Upon activation, the attacker bitstream (ABS) is activated and the initial cell phone design is corrupted. In this example, HTHs will either cause the cell phones to malfunction or cause confidential information to be leaked. Important information can be disclosed after activation of the HTH. The exploited phone can automatically dial a hidden spy third party when certain numbers are dialed. Ghost circuitry (HTH) may be difficult to identify by traditional timing/power analysis techniques. To avoid timing analysis-based detection, an attacker only needs to ensure that no path delays between the inputs to flip-flops (FFs) or between the outputs to FFs are increased. Also, the switching power can remain stable until the trigger of the attacker’s caller ID activates the HTH.

Figure 1. Example of a cell phone HTH