Online Checkers to Detect Hardware Trojans in AES Hardware Accelerators

Abstract

Advanced Encryption Standard (AES) is a standard block cipher used widely to encrypt 128-bit data BLOCKS. AES hardware accelerator should be secured and trustable, such that it should not compromise the security of the system of which it is a part. However, such hardware accelerators are often designed and implemented in a distributed manner globally at various stages, from design specification to integrated circuit (IC) chip. Outsourcing various steps in AES chip design leaves a way for the hardware attackers to add any vulnerability to the IC. Thus emerges hardware threats like reverse engineering, intellectual property (IP) Piracy, IC Piracy, IC counterfeiting/cloning, hardware Trojan (HT) insertion, etc. The challenge to the IC manufacturing industry is that there is no unique solution to all these threats. Hence, in this work, we address the most severe and challenging hardware threat: HT. These HTs can be inserted in the design at any stage of the IC design flow, and when they are triggered, they may cause malicious activities like creating functionality change, degrading performance, creating denial-of-service (DoS), or leaking secret information, etc. This may lead to potentially disasters in many critical applications like military, health monitoring systems, Internet of Things (IoT), aircraft, communication systems, etc. Because of this, end-users are losing their trust in the product of globally outsourced IC design industries. HTs on AES chips may leak secret information upon triggering, or they may cause DoS for an authorized request service at the required time. Hence, to regain AES chip end-users' trust, we have proposed “Online Checkers” to detect hardware malware during run-time. These checkers will monitor the signal correlation of one particular node with the neighborhood nodes. Online monitors (a.k.a online checkers) are logic circuits embedded in the IC design to check its performance. These checkers continuously monitor an IC's functional behavior and provide an alarm from possible malfunctions. The results show that the proposed online checkers detected HT with close to 100% detection accuracy, where hardware overhead is minimal compared to existing online monitoring schemes. The proposed scheme has been validated using a detection coverage metric and evaluated on multiple benchmark circuits: ISCAS’85, ISCAS’89, and ITC'99, and finally a prototype AES hardware accelerator.