Paper 2017/865

The First Thorough Side-Channel Hardware Trojan

Maik Ender, Samaneh Ghandali, Amir Moradi, and Christof Paar

Abstract

Hardware Trojans have gained high attention in academia, industry and by government agencies. The effective detection mechanisms and countermeasures against such malicious designs are only possible when there is a deep understanding of how hardware Trojans can be built in practice. In this work, we present a mechanism which shows how easily a stealthy hardware Trojan can be inserted in a provably-secure side-channel analysis protected implementation. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage leading to successful key recovery attacks. Such a Trojan does not add or remove any logic (even a single gate) to the design which makes it very hard to detect. In ASIC platforms, it is indeed inserted by subtle manipulations at the sub-transistor level to modify the parameters of a few transistors. The same is applicable on FPGA applications by changing the routing of particular signals, leading to null resource utilization overhead. The underlying concept is based on a secure masked hardware implementation which does not exhibit any detectable leakage. However, by running the device at a particular clock frequency one of the requirements of the underlying masking scheme is not fulfilled anymore, i.e., the Trojan is triggered, and the device's side-channel leakage can be exploited. Although as a case study we show an application of our designed Trojan on an FPGA-based threshold implementation of the PRESENT cipher, our methodology is a general approach and can be applied on any similar circuit.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in ASIACRYPT 2017
Keywords
side-channel analysisthreshold implementationhardware Trojan
Contact author(s)
amir moradi @ rub de
History
2017-09-13: received
Short URL
https://ia.cr/2017/865
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/865,
      author = {Maik Ender and Samaneh Ghandali and Amir Moradi and Christof Paar},
      title = {The First Thorough Side-Channel Hardware Trojan},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/865},
      year = {2017},
      url = {https://eprint.iacr.org/2017/865}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.