Hardware Trojans (HTs) are an emerging threat to the integrity of Integrated Circuits (ICs) and their applications. Malicious hardware modification during the manufacture of commercial and consumer devices. It is a serious security problem. Such tampering alters the functional behavior of an integrated circuit (IC), which can have disastrous effects on the safety of critical applications.
Apart from commercial and consumer devices, Hardware Trojans have evolved as a danger to the military weaponry and other sophisticated weapons also in the form of ICs/SoCs used in the complex weapons, and those HTs are most commonly known as Kill Switch. Because the majority of countries rely on foreign armament companies, this threat is growing increasingly prevalent.
Attackers or the controller of the kill switch try to control the operation of ICs by activating HTs, which can have severe consequences such as denial of service, sensitive information leakage, or deactivation of the whole device, etc. The threats of HTs are enormous, but the interest is focused on the use of HTs as a Kill Switch in the military’s complex and sophisticated weaponry, and various ways to avoid HTs have been presented by many engineers during the last years but are those effective we will know.
In this article, we have explained Hardware Trojans and ways to prevent them. We have also highlighted the key problems and major threats connected with this security risk and the research that will be required to solve them in the future.
What are Hardware Trojans?
Hardware Trojan (HTs) are malicious alterations of an integrated circuit’s circuitry. In other terms, a Hardware Trojan is any malicious addition or change to a circuit or system.
Major threats of Hardware Trojans
- Change or control the functioning of an Integrated Circuit (IC) or a System on Chip (SoC), such as the logic value of a security-critical flipflop with significant consequences.
- A Hardware Trojan can help leak sensitive information by propagating internal signals to the output pins, for example. To attackers, these signals can reveal sensitive information.
- Reduce circuit reliability, for example, by adding circuitry capable of producing local temperature hotspots in the IC and, as a result, eventually causing the chip to fail.
- If an HT can work as a Kill Switch, when activated the functionality can be changed, the whole system can be destroyed or disabled.
- Hardware Trojans are persistent, which means that once a system is infected, the danger persists every time the machine is powered on.
- They have the capacity to erode trust in all modern technological systems thus can be introduced as hidden “Front-doors” or “Back doors” that are unwittingly inserted while designing a computer chip, by using a pre-made application-specific integrated circuit (ASIC) semiconductor intellectual property core (IP Core) purchased from an untrustworthy source or inserted internally.
HTs as a Kill Switch in the Military’s Complex and Sophisticated Weapons
Kill Switch in the military weapons means if you have the codes or access you can control any complex weapon remotely that has a kill switch implanted or the trojan chip may automatically be activated in certain conditions or it may automatically activate by itself. For example, you can shut off a fighter jet’s missile-launching electronics or shut off the entire jet electronics.
The scenarios of HTs as a Kill Switch in the military’s complex and sophisticated weapons are cropping up more often. According to a U.S. defense contractor who spoke on condition of anonymity, a European chipmaker recently built microprocessors a kill switch that could be accessed remotely. French defense contractors said to IEEE Spectrum that they have used the chips in military equipment because if in the future the equipment fell into unfriendly hands, the French can disable its circuit remotely.
Smartphones, already incorporate this kind of capability. Apple introduced a remote “kill switch,” in case of a phone stolen a phone’s owner can use to make sure no one else can use his or her lost or stolen phone. If this feature is worth putting in consumer devices, why not it can be embedded in complex weapons.
Ways to prevent HTs
Obfuscation is one type of preventative measure that may be used to avoid stealthy HTs introduction. To induce an efficient HT, an attacker must have a thorough understanding of the IC he is attacking, particularly low controllability and observability nodes. If the defender obfuscates its IC (for example, by using functions that use a key that is unknown to the attacker), an attacker will have a higher chance of inducing benign HTs or HTs that are easily detected by traditional logic testing because they will have a higher chance of triggering during test-time.
Because of their stealthy nature, a vast number of potential instances, and wide diversity in structure and operating mode, traditional design-time verification and post-manufacturing testing cannot be easily expanded to identify hardware Trojans (HTs).
To learn How to prevent and Detect HTs read these articles:
- Hardware Trojan Attack and Defense Techniques By Aman Gupta
- Hardware Trojan: Threats and Emerging Solutions By Rajat Subhra Chakraborty, Seetharam Narasimhan, and Swarup Bhunia
Research required to solve HTs threat
The main problem is determining whether or not the supplied product has been tampered with. There are no simple or cost-effective techniques to verify a delivered IC since they are extremely interconnected and complicated. Direct IC analysis can only be done destructively, and it is only valid for the chips that have been examined; it cannot ensure the integrity of all chips. As a result, non-destructive testing procedures that may be used on any chip are required. Logic testing or Side-Channel Analysis are used to create these (SCA). Logic testing seeks out an output that deviates from the original design. While this could indicate the presence of an HT, the likelihood of detecting one is highly dependent on the complexity of the trigger.
Side-channels (for example, power usage and electromagnetic radiation) Radiations from an integrated circuit (IC radiations), previously only known in the context of Side-Channel Attacks, disclose information about a circuit’s interiority have been used to develop new technologies. As a result, it has the potential to be employed in HT detection. Although the techniques are highly promising, they do have certain inherent limitations.
- S. Adee. The Hunt for the Kill Switch. In Proc. IEEE Spectrum, volume 45, pages 34–39, 2008.
- S. Skorobogatov and C. Woods. Breakthrough Silicon Scanning Discovers Backdoor in Military Chip. In Proc. Cryptographic Hardware and Embedded Systems − CHES, volume 7428, pages 23–40, 2012.
- J. Kumagai. Chip Detectives. In IEEE Spectrum, Volume 37, pages 43–48, 2000.
- S. Jha and S. K. Jha. Randomization Based Probabilistic Approach to Detect Trojan Circuits. In Proc. IEEE High Assurance Systems Engineering Symposium − HASE, pages 117–124, 2008.
- R. S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, and S. Bhunia. MERO: A Statistical Approach for Hardware Trojan Detection. In Proc. Cryptographic Hardware and Embedded Systems − CHES, volume 5747, pages 396–410, 2009.
- D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar. Trojan Detection using IC Fingerprinting. In Proc. IEEE Symposium on Security and Privacy − SP, pages 296–310, 2007.
- M. Banga and M. S. Hsiao. A Region Based Approach for the Identification of Hardware Trojans. In Proc. IEEE Workshop on HardwareOriented Security and Trust − HOST, pages 40–47, 2008.
- Y. Alkabani and F. Koushanfar. Consistency-based Characterization for IC Trojan Detection. In Proc. IEEE International Conference on Computer-Aided Design − ICCAD, pages 123–127, 2009.
- M. Banga and M. S. Hsiao. A Novel Sustained Vector Technique for the Detection of Hardware Trojans. In Proc. IEEE International Conference on VLSI Design, pages 327–332, 2009.
- M. Potkonjak, A. Nahapetian, M. Nelson, and T. Massey. Hardware Trojan Horse Detection Using Gate-Level Characterization. In Proc. IEEE Design Automation Conference − DAC, pages 688–693, 2009.
- D. Du, S. Narasimhan, R. S. Chakraborty, and S. Bhunia. SelfReferencing: A Scalable Side-Channel Approach for Hardware Trojan Detection. In Proc. Cryptographic Hardware and Embedded Systems − CHES, volume 6225, pages 173–187, 2010.
- S. Narasimhan, D. Du, R. S. Chakraborty, S. Paul, F. Wolff, C. Papachristou, K. Roy, and S. Bhunia. Multiple-Parameter Side-Channel Analysis: A Non-Invasive Hardware Trojan Detection Approach. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 13–18, 2010. H. Salmani, M. Tehranipoor, and J. Plusquellic. A Layout-Aware Approach for Improving Localized Switching to Detect Hardware Trojans in Integrated Circuits. In IEEE International Workshop on Information Forensics and Security − WIFS, pages 1–6, 2010.
- P. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In Advances in Cryptology − CRYPTO, LNCS, volume 1666, pages 388–397, 1999.
- M. Banga and M. S. Hsiao. VITAMIN: Voltage Inversion Technique to Ascertain Malicious Insertions in ICs. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 104–107, 2009.
- Y. Jin and Y. Makris. Hardware Trojan Detection using Path Delay Fingerprint. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 51–57, 2008.
- R. Rad, J. Plusquellic, and M. Tehranipoor. Sensitivity Analysis to Hardware Trojans using Power Supply Transient Signals. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 3– 7, 2008.
- S. Narasimhan, X. Wang, D. Du, R. S. Chakraborty, and S. Bhunia. TeSR: A Robust Temporal Self-Referencing Approach for Hardware Trojan Detection. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 71–74, 2011.
- R. Rad, X. Wang, M. Tehranipoor, and J. Plusquellic. Power Supply Signal Calibration Techniques for Improving Detection Resolution to Hardware Trojans. In Proc. IEEE International Conference on Computer-Aided Design − ICCAD, pages 632–639, 2008.
- R. Rad, J. Plusquellic, and M. Tehranipoor. A Sensitivity Analysis of Power Signal Methods for Detecting Hardware Trojans Under Real Process and Environmental Conditions. In Proc. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, volume 18, pages 1735– 1744, 2010.
- C. Marchand and J. Francq. Low-Level Implementation and SideChannel Detection of Stealthy Hardware Trojans on Field Programmable Gate Arrays. In IET Computers and Digital Techniques, volume 8, pages 246–255, 2014.
- S. Bhasin, J.-L. Danger, S. Guilley, X. T. Ngo, and L. Sauvage. Hardware Trojan Horses in Cryptographic IP Cores. In Proc. IEEE Fault Diagnosis and Tolerance in Cryptography − FDTC, pages 15–29, 2013.
- I. Exurville, J. Fournier, J.-M. Dutertre, B. Robisson, and A. Tria. Practical Measurements of Data Path Delays for IP Authentication and Integrity Verification. In Proc. IEEE International Workshop on Reconfigurable and Communication-Centric Systems-on-Chip − ReCoSoC, pages 1–6, 2013.
- G. Di Natale, S. Dupuis, and B. Rouzeyre. Is Side-Channel Analysis Really Reliable for Detecting Hardware Trojans? In Proc. IEEE Conference on Design of Circuits and Integrated Systems − DCIS, pages 238–242, 2012.
- X. T. Ngo, Z. Najm, S. Guilley, S. Bhasin, and J.-L. Danger. Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel. In Proc. Security Proofs for Embedded Systems − PROOFS, 2014.
- S. Dupuis, G. Di Natale, M.-L. Flottes, and B. Rouzeyre. Identification of Hardware Trojans Triggering Signals. In Proc. Workshop on Trustworthy Manufacturing and Utilization of Secure Devices − TRUDEVICE, 2013.
- S. Dupuis, P.-S. Ba, G. Di Natale, M.-L. Flottes, and B. Rouzeyre. A Novel Hardware Logic Encryption Technique for thwarting Illegal Overproduction and Hardware Trojans. In Proc. IEEE International On-Line Testing Symposium − IOLTS, pages 49–54, 2014.
- H. Salmani, M. Tehranipoor, and J. Plusquellic. A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time. In Proc. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, volume 20, pages 112–125, 2012.
- X. T. Ngo, S. Guilley, S. Bhasin, J.-L. Danger, and Z. Najm. Encoding the State of Integrated Circuits: A Proactive and Reactive Protection against Hardware Trojans Horses. In Proc. ACM Workshop on Embedded Systems Security − WESS, 2014.
This Article was Published On: 30 July, 2021 And Last Modified On: 21 September, 2021
Please Like and Share this Article with your friends and family because sharing is caring. You can also follow us on social media platforms where we share more fascinating and unrevealed stories and posts. Thanks! for reading.