Trojan Detection using IC Fingerprinting
- 1 May 2007
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 296-310
- https://doi.org/10.1109/sp.2007.36
Abstract
Hardware manufacturers are increasingly outsourcing their IC fabrication work overseas due to their much lower cost structure. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication. We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling to construct a set of fingerprints/or an IC family utilizing side- channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints. We describe the theoretical framework and present preliminary experimental results to show that this approach is viable by presenting results obtained by using power simulations performed on representative circuits with several different Trojan circuitry. These results show that Trojans that are 3-4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques. While scaling our technique to detect even smaller Trojans in complex ICs with tens or hundreds of millions of transistors would require certain modifications to the IC design process, our results provide a starting point to address this important problem.Keywords
This publication has 12 references indexed in Scilit:
- On the Impossibility of Obfuscation with Auxiliary InputPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- The EM Side—Channel(s)Lecture Notes in Computer Science, 2003
- Defect detection using power supply transient signal analysisPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Electromagnetic Analysis: Concrete ResultsLecture Notes in Computer Science, 2001
- ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smart CardsLecture Notes in Computer Science, 2001
- Differential Power AnalysisLecture Notes in Computer Science, 1999
- On the Importance of Checking Cryptographic Protocols for FaultsLecture Notes in Computer Science, 1997
- Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other SystemsLecture Notes in Computer Science, 1996
- An Introduction to Signal Detection and EstimationPublished by Springer Science and Business Media LLC ,1994
- Quiescent power supply current measurement for CMOS IC defect detectionIEEE Transactions on Industrial Electronics, 1989