A2: Analog Malicious Hardware

@article{Yang2016A2AM,
  title={A2: Analog Malicious Hardware},
  author={Kaiyuan Yang and Matthew Hicks and Qing Dong and Todd M. Austin and Dennis Sylvester},
  journal={2016 IEEE Symposium on Security and Privacy (SP)},
  year={2016},
  pages={18-37}
}
While the move to smaller transistors has been a boon for performance it has dramatically increased the cost to fabricate chips using those smaller transistors. This forces the vast majority of chip design companies to trust a third party -- often overseas -- to fabricate their design. To guard against shipping chips with errors (intentional or otherwise) chip design companies rely on post-fabrication testing. Unfortunately, this type of testing leaves the door open to malicious modifications… 
Exploiting the analog properties of digital circuits for malicious hardware
TLDR
It is shown how a fabrication-time attacker can leverage analog circuits to create a hardware attack that is small and stealthy and eludes activation by a diverse set of benchmarks and evades known defenses.
Defeating Hardware Trojans trough on-chip Software Obfuscation
TLDR
This thesis proposes an on-chip instruction obfuscator aimed at reducing the controllability of malicious elements hidden in the circuit trough software, using a transparent design that requires minimum alterations to a pre-existing processor design and introduces a reasonable area delay overhead.
SWAN: Mitigating Hardware Trojans with Design Ambiguity
TLDR
This work proposes a novel architecture that maps the security-critical portions of a processor design to a one-time programmable, LUT-free fabric, and demonstrates that, by providing the ability to map each critical signal to 6 distinct locations on the chip, it can reduce the chance of attack success by an undetectable trojan by 99%, incurring only a 27% area overhead.
Hardware Trojan Insertion in Finalized Layouts: a Silicon Demonstration
TLDR
This work details, for the first time, how effortlessly a HT can be inserted into a finalized layout by presenting an insertion framework based on the engineering change order flow, and demonstrates the robustness of the SCT against skews in the manufacturing process.
A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components
TLDR
Myst, a practical high-assurance architecture that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components, and shows an exponential increase in backdoor-tolerance as more ICs are added.
Black-Hat High-Level Synthesis: Myth or Reality?
TLDR
The results show that a black-hat HLS tool can be successfully used to maliciously alter electronic circuits to add latency, drain energy, or undermine the security of cryptographic hardware cores.
Optimized ATPG for hardware trojan detection
TLDR
ATPG-binning technique is proposed, using divide-and-conquer strategy, to lessen the search-complexity and then use a SAT-solver to derive a test set and demonstrate the effectiveness and superiority of the proposed method to prior work in terms of Trojan-coverage, size of test set, and CPU-time.
Subtractive Hardware Trojans
TLDR
A Subtractive hardware Trojan is created by removing one wire from the circuit in order to make it generate wrong outputs under special rare input combinations making it stealthier than additive Trojans.
Combating Data Leakage Trojans in Commercial and ASIC Applications With Time-Division Multiplexing and Random Encoding
TLDR
A Time-Division Multiplexed version of the RECORD design process is proposed which reduces area overhead by 63% and power by 56%.
Survey of Recent Developments for Hardware Trojan Detection
TLDR
A practical approach recently developed using the characterization of Electro-Optical Frequency Mapping images of the chip to detect a hardware Trojan by identifying malicious state elements is described.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 43 REFERENCES
Stealthy Dopant-Level Hardware Trojans
TLDR
An extremely stealthy approach for implementing hardware Trojans below the gate level is proposed, and their impact on the security of the target device is evaluated and their detectability and their effects on security are evaluated.
Designing and Implementing Malicious Hardware
TLDR
There is a substantial design space in malicious circuitry; it is shown that an attacker, rather than designing one specific attack, can instead design hardware to support attacks, which allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware.
Silencing Hardware Backdoors
TLDR
This paper presents the first solution for disabling digital, design-level hardware backdoors by scrambling inputs that are supplied to the hardware units at runtime, making it infeasible for malicious components to acquire the information they need to perform malicious actions.
At-speed delay characterization for IC authentication and Trojan Horse detection
  • Jie Li, J. Lach
  • Computer Science
    2008 IEEE International Workshop on Hardware-Oriented Security and Trust
  • 2008
TLDR
This paper discusses how a technique for precisely measuring the combinational delay of an arbitrarily large number of register-to-register paths internal to the functional portion of the IC can be used to provide the desired authentication and design alteration detection.
Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically
TLDR
This paper proposes BlueChip, a defensive strategy that has both a design-time component and a runtime component that is able to prevent all hardware attacks the authors evaluate while incurring a small runtime overhead.
Trojan Side-Channels: Lightweight Hardware Trojans through Side-Channel Engineering
TLDR
Two concepts of very small implementations of Trojan side-channels (TSC) are introduced and evaluated with respect to their feasibility on Xilinx FPGAs and indicate a high resistance to detection by conventional test and inspection methods.
Detecting Hardware Trojans using On-chip Sensors in an ASIC Design
TLDR
This work analyzes the impact of both sequential and combinational Trojans with varied partial activity, area, and location on the proposed on-chip structure and demonstrates that stealthy Trojan can be effectively detected with this technique, even when obfuscated by circuit switching activity and process and environmental variations.
Trojan Detection using IC Fingerprinting
TLDR
These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques and provide a starting point to address this important problem.
Hardware Trojan horse detection using gate-level characterization
TLDR
A technique for recovery of characteristics of gates in terms of leakage current, switching power, and delay is introduced, which utilizes linear programming to solve a system of equations created using nondestructive measurements of power or delays to detect embedded HTHs.
Sequential hardware Trojan: Side-channel aware design and placement
TLDR
It is shown that efficient design and placement of sequential Trojan would incur extremely low side-channel (power, delay) signature and hence, can easily evade both post-silicon validation and DFS approaches.
...
1
2
3
4
5
...