a testing methodology for hardwarejbalasch/slides/trudevice15_slides.p… · 2 o hint = holistic...

1

A Testing Methodology for Hardware Trojan Detection

Driss Aboulkassimi[2], Josep Balasch[1], David Cambon, [2] Florentin Demetrescu[3], Jacques J.A. Fournier[2], Julien Francq[3], Benedikt Gierlichs[1], Dave Singelée[1] and Ingrid Verbauwhede[1]

[1] KU Leuven ESAT/COSIC (BE) [2] CEA Tech Region, DPACA/LSAS (FR) [3] Airbus Defence & Space CyberSecurity (FR)

TRUDEVICE 2015, 13 March 2015

Grenoble (France)

Holistic Approaches for Integrity of ICT-systems

2

o HINT = Holistic Approaches for Integrity of ICT-Systems

o Project Number: 317930

o Project Website: www.hint-project.eu

o Project start: October 1, 2012

o Project duration: 3 years

o Total Costs: € 5.103.893

o EC-Contribution: € 3.350.000

o Project is co-financed by the European Commission under Seventh Framework Programme

HINT Project – Overview (I)

13 March 2015 TRUDEVICE 2015

http://www.hint-project.eu/http://www.hint-project.eu/http://www.hint-project.eu/

3

o Motivation: ensure authenticity and integrity of hardware components in modern ICT systems

HINT Project – Overview (II)


Integrity Test

Side Channel Measurements

01000111…

PUF

Counterfeit ?

Trojan ?

Certified

4

HINT Project – Overview (III)


WP4 –

Integration,

Prototyping,

Validation

WP5 – Security

Evaluation

WP1 – User

Requirements

and System

Architecture

WP2 – Robust

Energy-Optimized

Nano Structures for

Integrity-Anchors

WP3 – Holistic

Integrity Checking

for Components in

ICT Systems

WP6 – Project Management and Dissemination

5

o Hardware Trojan (HT): Malicious modification of an Integrated Circuit during design flow

o Issue first raised by US Department of Defense

Outsourcing of IC fabrication questions trust in the final chip

o Very rich HT taxonomy

Insertion phase, infection level, effect, activation, location, ...

Hardware Trojans – What, How and Why ?


Trigger

Payload

activation

“sensing circuitry”

internal

external

“malicious activity”

information leaks

DoS

...

6

o Fingerprinting side-channel characteristics

Learning phase: characterization of Golden circuit

Matching phase: comparison with Device under Test

o Realistic measurement scenario, no simulations

Target platform: FPGA Xilinx Spartan-6 LX75 (Sakura-G)

Side-channel: power consumption

o Golden circuit

AES-128 implementation

o HT Infected circuit

Many variants tested

This presentation: externally triggered, no payload !

Our HT Detection Approach


7

o Insertion after PAR

Xilinx Native Circuit Description

o Externally triggered

16-bit activation sequence

Only 2 slices

Close to occupied slices

HT Infected Circuit


Golden circuit Infected circuit (slices)

Infected circuit (slices - zoom)

8

Golden circuit: signal routings


9

HT Infected circuit: signal routings


HT slices

10

o Welch’s two tailed T-test Test the null hypothesis that the means of 2 populations are equal

Robust, reliable, and with low computation effort

Quantify confidence in the result

o In our particular test scenario Populations are sets of power measurements

• set0 (Golden model), set1 (DuT)

Main idea:

• DuT = Golden model, populations should have same means

• DuT ≠ Golden model, populations should have different means

T-test Distinguisher


with µ: sample mean of the population

σ: sample variance of the population

N: elements in the population

11

Single board / Single Measurement Setup

10,000 measurements per design

3 MHz clock, 1.25 GS/s

20,000 samples/ measurement

Population of power traces with random inputs

Experimental Results (I)


CONTROL FPGA

CRYPTO FPGA (AES)

SAKURA-G PC OSCILLOSCOPE

30 dB Amp. 48 MHz LPF

measurement

point J3

12

How does a measurement look like?


input key

input_pt

output_ct

quantized

power

measurement

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

50

100

150

200

250

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

0

50

100

150

200

250

13

o Perfectly contained within ± 4.5 99.999% confidence

Golden vs. Golden


0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

50

100

150

200

250

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

-10

-5

0

5

10

14

o Environmental variations result in offset

Golden vs. Golden’


0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

50

100

150

200

250

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

-10

-5

0

5

10

15

o HT activity visible during transmission of input operands

Golden vs. HT Infected


0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

50

100

150

200

250

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

-30

-20

-10

0

10

20

30

16

Golden vs. Other HT infected


0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

50

100

150

200

250

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

-10

-5

0

5

10

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

50

100

150

200

250

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

-150

-100

-50

0

50

100

150

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

50

100

150

200

250

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2

x 104

-10

-5

0

5

10

17

o First results towards evaluating the suitability of t-test for HT detection

o Real measurements, not simulations

o Ideal measurement conditions (1 board, 1 setup):

Good, stable results

But need to deal with environmental variations

o Non-ideal conditions (more boards, more setups):

Need to re-define decision thresholds

Currently under investigation in HINT

Conclusions


18

Questions ?

Thanks for your attention !


a testing methodology for hardwarejbalasch/slides/trudevice15_slides.p… · 2 o hint = holistic...

Documents