An efficient multi-parameter approach for FPGA hardware Trojan detection

Abstract

Hardware Trojan (HT) detection in the wild is a challenging endeavor since the inspector cannot have access to “golden chips” or special and trusted test measurements in order to be assisted in his assessment. Apart from detection, a HT analyzer sometimes needs to be able to understand the behavior of a HT, its activation principles and preconditions. In this paper an FPGA based HT detection and analysis methodology is proposed that uses multiple parameter processing in order to detect a HT and analyze its behavior without the presence of “golden” chip or measurements. The methodology introduces a series of scientifically sound stages to be followed in order to refine the HT detection process and proposes the scientific interconnection between these steps that makes this refinement possible. More specifically, in the paper, we propose the appropriate combination of a logic testing method, a run-time method and a side-channel analysis method to structure the proposed methodology and we apply this methodology on a design implemented in an off-the-shelf FPGA board in order to detect a HT and analyze its behavior. The logic testing and side-channel analysis methods are non-invasive. The run-time method is an invasive one where on-chip digital sensors are used to detect unexpected differentiations in the layout of the Integrated Circuit (IC). The side channel analysis method uses power or Electromagnetic emission signals during the cryptography process in order to perform a proposed statistical analysis approach and correlate logically the outcomes of the analysis collected with the previous methods’ results. The proposed approach does not rely on the presence of a “Golden chip” or any trusted known test values for detecting the HT. On the contrary, it proposes a statistical, heuristic, analysis using specific features, to reduce false positive HT detections, to analyze HT activations, find what triggers them and in what point in time that happens. The overall methodology is implemented, showcased and evaluated on an actual FPGA board using actual experiments and results that validate our assumptions. To the best of our knowledge this is the first attempt at combining three different parameter analysis methods for HT detection without using “trusted” measurements or chips on an off-the-shelf FPGA board.