Securing Integrated Circuits Against Hardware Trojans Using Information Forensics Matthew C. Stamm, Ioannis Savidis, and Baris Taskin Dept. of Electrical and Computer Engineering Drexel University Project Description Integrated circuits (ICs) form the backbone of many electronic devices ranging from smart phones and computers, to the systems that control our banking, energy distribution, and defense infrastructure. The recent emergence of hardware Trojans, or malicious circuits inserted into an IC during the manufacturing process, poses an important new security threat to systems that rely upon ICs. This threat is sufficiently credible that the DARPA TRUST program was established to initiate research efforts to ensure the trustworthiness of ICs used in military systems. While a community has emerged to address hardware oriented security issues, the number and sophistication of problems posed by hardware Trojans far outreach existing security solutions. Furthermore, existing security solutions in Trojan detection do not satisfactorily address several important challenges: ! Advanced Detection: Are traces left by hardware Trojans being optimally exploited, or can more sophisticated models and algorithms improve Trojan detection? ! Identification: Can traces left by hardware Trojans be used to reveal additional key information such as the type of Trojan circuit or its location on an IC? ! Attack Modeling: What are the optimal strategies of an attacker placing a Trojan circuit in an IC and what are the optimal countermeasures? ! Secure Design: Can secure IC design techniques be developed to increase the likelihood that a Trojan circuit will be detected? To address these open questions, we propose creating a new set of hardware Trojan detection techniques inspired by a recently developed field known as information forensics [1]. Information forensic algorithms are designed to authenticate multimedia information, such as potentially falsified images or videos. These techniques detect information manipulation by searching for imperceptible statistical traces, known as fingerprints, left in digital content by editing operations. By detecting these fingerprints, information forensic techniques are capable of identifying falsified images and videos, localizing the falsified image or video regions, and determining which editing operations were used to create the forgery. Table 1 shows the direct correspondence between hardware Trojan detection and information forensics. Table 1: Correspondence between hardware Trojan detection and multimedia forensics Hardware Trojan Detection Concept or Quantity Quantity to Authenticate Integrated circuit Attack Trojan circuit Means of Exposing the Attack Side channel Relationship the Attack Will Correlations between different Disturb power noise sensor readings Uniquely Identifying Trace Trojan circuit-­‐specific changes Attack Will Introduce to the power noise waveform Information Forensic Concept or Quantity Digital image or video Image or video manipulation Forensic fingerprint Correlations between pixel values Unique fingerprint of specific image manipulation In addition to the improved detection techniques developed through traditional information forensics, we will use an emerging theoretical concept from information forensics known as adversarial dynamics [2] to develop previously unexplored hardware Trojan identification, attack modeling, and secure design capabilities. Adversarial dynamics uses mathematical tools from game theory to identify the optimal actions of an attacker attempting to hide a Trojan circuit in an IC, along with the optimal IC design countermeasures. The remainder of this white paper provides more technical details of our proposed research agenda. Technical Approach One of the primary means of exposing hardware Trojans is through the examination of on-­‐
chip side-­‐channels. These side-­‐channels correspond to inadvertent variations in signals, such as the IC’s power supply voltage, that are caused by Trojan circuits. The variations in side-­‐channel signals caused by hardware Trojans are directly analogous to the fingerprints introduced into an image or video by editing. As a result, we will employ the sophisticated statistical models and signal processing algorithms used in information forensics to develop our new hardware Trojan detection techniques. These techniques will draw upon diverse fields such as machine learning, optimization, graph theory, and statistical detection and estimation theories. We will use fluctuations in the voltage level of an IC’s power supply IC, known as the power supply noise, as a side-­‐channel for detecting hardware Trojans. The specific profile of the power supply noise is highly dependent on an IC’s layout and circuit structure. If a hardware Trojan is inserted into an IC, it will alter the circuit structure and increase the load on the power supply grid. This will change the profile of the power supply noise, thereby inadvertently leaving behind traces of the Trojan circuit. Circuit Techniques To Reveal Traces of Hardware Trojans: In order to observe traces left by hardware Trojans in the power supply noise, we propose integrating on-­‐chip voltage sensors directly into an IC. These sensors will allow us to obtain detailed measurements of the power supply noise that our information forensics-­‐based algorithms will leverage. While existing research has proposed detecting hardware Trojans by examining voltage levels measured at different IC power ports [3], these off-­‐chip readings do not capture detailed time-­‐varying measurements of the power supply noise. By contrast, the on-­‐chip sensors that we propose integrating into ICs are able to provide detailed temporal information about the power supply noise. Furthermore, they can be placed in critical locations on an IC where hardware Trojans are likely to be hidden. This will allow us to capture minute variations in the power supply noise that off-­‐chip measurements at power ports may not be able to detect. Additionally, we will develop circuit layout strategies to intentionally increase the power supply noise while keeping it below an acceptable level. By intentionally permitting noise in certain regions of an IC, we can monitor the voltage fluctuations caused by local circuits and make traces introduced by Trojan circuits more readily observable. This runs contrary to standard design considerations, which prioritize reducing the power supply noise. By using power supply noise to increase security, we are modifying the general paradigm that noise on the power distribution network negatively impacts the operation of an IC. Hardware Trojan Detection and Identification Using Information Forensics: A central concept in information forensics is that different editing operations introduce their own unique fingerprints into an image or video. By characterizing the fingerprints of each editing operation, a forensic investigator can use these fingerprints to answer two important questions: Has an image or video been modified, and if so, which editing operation was used to modify it? We will extend this concept to the task of identifying the type of Trojan circuit inserted into an IC. Just like image editing operations, Trojan circuits will introduce distinct changes into the waveform shape and statistical characteristics of an IC’s power noise signal. We will use models employed in information forensics to identify these changes and detect the presence of hardware Trojans. Additionally, we will use machine learning techniques to identify features of these changes that are unique to different types of hardware Trojans. This will enable us to build statistical classifiers to determine the type of Trojan circuit that has been inserted into an IC. Hardware Trojans will also alter the statistical relationships between power noise measurements taken by different sensors. The relationships between these sensor readings are similar to the relationships between an image or video’s pixels that information forensic techniques model and exploit. We will use these information forensic models to detect changes in the relationships between different sensor readings and uncover hardware Trojans. Furthermore, since the sensors will be placed throughout an IC, they will capture a spatial profile of the power noise signal. We will use tools from signal processing and graph theory to localize anomalies in this spatial profile and determine the physical location of a hardware Trojan in an IC. We note that the potential ability to both determine the type of Trojan circuit inserted into an IC and the ability to determine its location represent important new capabilities that existing hardware security techniques do not possess. Attack Modeling and Secure IC Design Through Game Theoretic Analysis: The majority of existing research related to hardware Trojans has focused on developing and improving techniques to detect Trojan circuits. While this has led to important advances in hardware security, little research has rigorously examined hardware security from the point of view of an adversary attempting to hide a hardware Trojan in an IC. In order to protect ICs against Trojan circuits inserted by an intelligent adversary, it is critically important to identify their optimal attack strategy, i.e. where are they most likely to hide their Trojan circuit. We will determine an attacker’s optimal placement strategy for their Trojan circuit, along with the optimal security countermeasures, using a new theoretical framework from information forensics known as adversarial dynamics. Adversarial dynamics uses mathematical tools from game theory to analyze the dynamic interplay between an investigator and an adversary attempting to avoid detection [2]. Central to this analysis is a game theoretic concept known as the Nash Equilibrium. By determining the Nash equilibrium in this game theoretic framework, we will identify the specific actions that an adversary will be incentivized to use and not deviate from when hiding a Trojan circuit in an IC. We will also use the Nash equilibrium to determine the optimal actions for security researchers to adopt in response to an intelligent adversary. This will enable us to develop important new design principles and methodologies that will maximize the probability that hardware Trojans will be exposed. References: [1] M. C. Stamm, M. Wu, and K. J. R. Liu, “Information Forensics: An Overview of the First Decade,” IEEE Access, Vol. 1, pp. 167–200, 2013. [2] M. C. Stamm, W. S. Lin, and K. J. R. Liu, “Forensics vs. Anti-­‐Forensics: A Decision And Game Theoretic Framework,” IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Kyoto, Japan, Mar. 2012, pp. 1749–1752, Mar. 2012. [3] R. Rad, J. Plusquellic, and M Tehranipoor, “A Sensitivity Analysis of Power Signal Methods for Detecting Hardware Trojans Under Real Process and Environmental Conditions,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Vol. 18, No. 12, pp. 1735–1744, Dec. 2010. Primary Contact Information: Contact: Ioannis Savidis Email: isavidis@coe.drexel.edu Phone: 215-­‐571-­‐4584