Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing

Bora Bilgic; Sule Ozev

doi:10.23919/DATE54114.2022.9774705

Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing

Bora Bilgic, Sule Ozev

Engineering, Ira A. Fulton Schools of (IAFSE)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Involvement of many parties in the production of integrated circuits (ICs) makes the process more vulnerable to tampering. Consequently, IC security has become an important challenge to tackle. One of the threat models in hardware security domain is the insertion of unwanted and malicious hardware components, known as Hardware Trojans (HTs). A malicious attacker can insert a small modification into the functional circuit that can cause havoc in the field. To make the Trojan circuit stealthy, trigger circuits are typically used. The purpose of the trigger circuit is to hide the Trojan activity during post-production testing, and to randomize activation conditions, thereby making it very difficult to diagnose even after failures. Trigger mechanisms for Trojans typically delay and randomize the outcome based on a subset of internal digital signals. While there are many different ways of implementing the trigger mechanisms, charge based mechanisms have gained popularity due to their small size. In this paper, we propose a scheme to ensure that the trigger mechanisms are activated during production testing even if the conditions specified by the malicious attacker are not met. By disabling the mechanism that makes the Trojan stealthy, any of the parametric techniques can be used to detect Trojans at production time. The proposed technique relies on supply pulsing, where an increased potential difference between the gate and bulk of the active transistor in the output stage generates an alternate charge path for an otherwise unreachable capacitor and bypasses the input conditions to the trigger mechanism. SPICE simulations show that our method works well even for the smallest Trojan trigger mechanisms.

Original language	English (US)
Title of host publication	Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022
Editors	Cristiana Bolchini, Ingrid Verbauwhede, Ioana Vatajelu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	993-998
Number of pages	6
ISBN (Electronic)	9783981926361
DOIs	https://doi.org/10.23919/DATE54114.2022.9774705
State	Published - 2022
Event	2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022 - Virtual, Online, Belgium Duration: Mar 14 2022 → Mar 23 2022

Publication series

Name	Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022

Conference

Conference	2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022
Country/Territory	Belgium
City	Virtual, Online
Period	3/14/22 → 3/23/22

Keywords

analog
capacitor
charge
detection
domain
security
Trojan

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Hardware and Architecture
Software
Safety, Risk, Reliability and Quality
Control and Optimization

Access to Document

10.23919/DATE54114.2022.9774705

Cite this

Bilgic, B., & Ozev, S. (2022). Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing. In C. Bolchini, I. Verbauwhede, & I. Vatajelu (Eds.), Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022 (pp. 993-998). (Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/DATE54114.2022.9774705

Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing. / Bilgic, Bora; Ozev, Sule.
Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022. ed. / Cristiana Bolchini; Ingrid Verbauwhede; Ioana Vatajelu. Institute of Electrical and Electronics Engineers Inc., 2022. p. 993-998 (Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Bilgic, B & Ozev, S 2022, Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing. in C Bolchini, I Verbauwhede & I Vatajelu (eds), Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022. Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022, Institute of Electrical and Electronics Engineers Inc., pp. 993-998, 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022, Virtual, Online, Belgium, 3/14/22. https://doi.org/10.23919/DATE54114.2022.9774705

Bilgic B, Ozev S. Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing. In Bolchini C, Verbauwhede I, Vatajelu I, editors, Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022. Institute of Electrical and Electronics Engineers Inc. 2022. p. 993-998. (Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022). doi: 10.23919/DATE54114.2022.9774705

Bilgic, Bora ; Ozev, Sule. / Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing. Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022. editor / Cristiana Bolchini ; Ingrid Verbauwhede ; Ioana Vatajelu. Institute of Electrical and Electronics Engineers Inc., 2022. pp. 993-998 (Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022).

@inproceedings{87a7f8460874457fb86779cb13e29193,

title = "Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing",

abstract = "Involvement of many parties in the production of integrated circuits (ICs) makes the process more vulnerable to tampering. Consequently, IC security has become an important challenge to tackle. One of the threat models in hardware security domain is the insertion of unwanted and malicious hardware components, known as Hardware Trojans (HTs). A malicious attacker can insert a small modification into the functional circuit that can cause havoc in the field. To make the Trojan circuit stealthy, trigger circuits are typically used. The purpose of the trigger circuit is to hide the Trojan activity during post-production testing, and to randomize activation conditions, thereby making it very difficult to diagnose even after failures. Trigger mechanisms for Trojans typically delay and randomize the outcome based on a subset of internal digital signals. While there are many different ways of implementing the trigger mechanisms, charge based mechanisms have gained popularity due to their small size. In this paper, we propose a scheme to ensure that the trigger mechanisms are activated during production testing even if the conditions specified by the malicious attacker are not met. By disabling the mechanism that makes the Trojan stealthy, any of the parametric techniques can be used to detect Trojans at production time. The proposed technique relies on supply pulsing, where an increased potential difference between the gate and bulk of the active transistor in the output stage generates an alternate charge path for an otherwise unreachable capacitor and bypasses the input conditions to the trigger mechanism. SPICE simulations show that our method works well even for the smallest Trojan trigger mechanisms.",

keywords = "analog, capacitor, charge, detection, domain, security, Trojan",

author = "Bora Bilgic and Sule Ozev",

note = "Funding Information: This work is supported by the National Science Foundation with Grant Number CCF-1617562. Publisher Copyright: {\textcopyright} 2022 EDAA.; 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022 ; Conference date: 14-03-2022 Through 23-03-2022",

year = "2022",

doi = "10.23919/DATE54114.2022.9774705",

language = "English (US)",

series = "Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "993--998",

editor = "Cristiana Bolchini and Ingrid Verbauwhede and Ioana Vatajelu",

booktitle = "Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022",

}

TY - GEN

T1 - Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing

AU - Bilgic, Bora

AU - Ozev, Sule

PY - 2022

Y1 - 2022

N2 - Involvement of many parties in the production of integrated circuits (ICs) makes the process more vulnerable to tampering. Consequently, IC security has become an important challenge to tackle. One of the threat models in hardware security domain is the insertion of unwanted and malicious hardware components, known as Hardware Trojans (HTs). A malicious attacker can insert a small modification into the functional circuit that can cause havoc in the field. To make the Trojan circuit stealthy, trigger circuits are typically used. The purpose of the trigger circuit is to hide the Trojan activity during post-production testing, and to randomize activation conditions, thereby making it very difficult to diagnose even after failures. Trigger mechanisms for Trojans typically delay and randomize the outcome based on a subset of internal digital signals. While there are many different ways of implementing the trigger mechanisms, charge based mechanisms have gained popularity due to their small size. In this paper, we propose a scheme to ensure that the trigger mechanisms are activated during production testing even if the conditions specified by the malicious attacker are not met. By disabling the mechanism that makes the Trojan stealthy, any of the parametric techniques can be used to detect Trojans at production time. The proposed technique relies on supply pulsing, where an increased potential difference between the gate and bulk of the active transistor in the output stage generates an alternate charge path for an otherwise unreachable capacitor and bypasses the input conditions to the trigger mechanism. SPICE simulations show that our method works well even for the smallest Trojan trigger mechanisms.

AB - Involvement of many parties in the production of integrated circuits (ICs) makes the process more vulnerable to tampering. Consequently, IC security has become an important challenge to tackle. One of the threat models in hardware security domain is the insertion of unwanted and malicious hardware components, known as Hardware Trojans (HTs). A malicious attacker can insert a small modification into the functional circuit that can cause havoc in the field. To make the Trojan circuit stealthy, trigger circuits are typically used. The purpose of the trigger circuit is to hide the Trojan activity during post-production testing, and to randomize activation conditions, thereby making it very difficult to diagnose even after failures. Trigger mechanisms for Trojans typically delay and randomize the outcome based on a subset of internal digital signals. While there are many different ways of implementing the trigger mechanisms, charge based mechanisms have gained popularity due to their small size. In this paper, we propose a scheme to ensure that the trigger mechanisms are activated during production testing even if the conditions specified by the malicious attacker are not met. By disabling the mechanism that makes the Trojan stealthy, any of the parametric techniques can be used to detect Trojans at production time. The proposed technique relies on supply pulsing, where an increased potential difference between the gate and bulk of the active transistor in the output stage generates an alternate charge path for an otherwise unreachable capacitor and bypasses the input conditions to the trigger mechanism. SPICE simulations show that our method works well even for the smallest Trojan trigger mechanisms.

KW - analog

KW - capacitor

KW - charge

KW - detection

KW - domain

KW - security

KW - Trojan

UR - http://www.scopus.com/inward/record.url?scp=85130782161&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85130782161&partnerID=8YFLogxK

U2 - 10.23919/DATE54114.2022.9774705

DO - 10.23919/DATE54114.2022.9774705

M3 - Conference contribution

AN - SCOPUS:85130782161

T3 - Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022

SP - 993

EP - 998

BT - Proceedings of the 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022

A2 - Bolchini, Cristiana

A2 - Verbauwhede, Ingrid

A2 - Vatajelu, Ioana

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022

Y2 - 14 March 2022 through 23 March 2022

ER -

Guaranteed Activation of Capacitive Trojan Triggers During Post Production Test via Supply Pulsing

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this