Visible to the public Novel Design of Hardware Trojan: A Generic Approach for Defeating Testability Based Detection

TitleNovel Design of Hardware Trojan: A Generic Approach for Defeating Testability Based Detection
Publication TypeConference Paper
Year of Publication2020
AuthorsZhang, Ning, Lv, Zhiqiang, Zhang, Yanlin, Li, Haiyang, Zhang, Yixin, Huang, Weiqing
Conference Name2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
Date Publisheddec
Keywordscomposability, Controllability, Hardware, hardware security, hardware trojan, intellectual property, intellectual property security, Observability, policy-based governance, pubcrawl, Resiliency, Stealthy Design., Support vector machines, Timing, Trojan horses
AbstractHardware design, especially the very large scale integration(VLSI) and systems on chip design(SOC), utilizes many codes from third-party intellectual property (IP) providers and former designers. Hardware Trojans (HTs) are easily inserted in this process. Recently researchers have proposed many HTs detection techniques targeting the design codes. State-of-art detections are based on the testability including Controllability and Observability, which are effective to all HTs from TrustHub, and advanced HTs like DeTrust. Meanwhile, testability based detections have advantages in the timing complexity and can be easily integrated into recently industrial verification. Undoubtedly, the adversaries will upgrade their designs accordingly to evade these detection techniques. Designing a variety of complex trojans is a significant way to perfect the existing detection, therefore, we present a novel design of HTs to defeat the testability based detection methods, namely DeTest. Our approach is simple and straight forward, yet it proves to be effective at adding some logic. Without changing HTs malicious function, DeTest decreases controllability and observability values to about 10% of the original, which invalidates distinguishers like clustering and support vector machines (SVM). As shown in our practical attack results, adversaries can easily use DeTest to upgrade their HTs to evade testability based detections. Combined with advanced HTs design techniques like DeTrust, DeTest can evade previous detecions, like UCI, VeriTrust and FANCI. We further discuss how to extend existing solutions to reduce the threat posed by DeTest.
DOI10.1109/TrustCom50675.2020.00034
Citation Keyzhang_novel_2020