Cryptology ePrint Archive: Report 2016/600
A Design Methodology for Stealthy Parametric Trojans and Its Application to Bug Attacks
Samaneh Ghandali; Georg T. Becker; Daniel Holcomb; Christof Paar
Abstract: Over the last decade, hardware Trojans have gained increasing
attention in academia, industry and by government agencies. In
order to design reliable countermeasures, it is crucial to understand how
hardware Trojans can be built in practice. This is an area that has received
relatively scant treatment in the literature. In this contribution,
we examine how particularly stealthy Trojans can be introduced to a
given target circuit. The Trojans are triggered by violating the delays of
very rare combinational logic paths. These are parametric Trojans, i.e.,
they do not require any additional logic and are purely based on subtle
manipulations on the sub-transistor level to modify the parameters of the
transistors. The Trojan insertion is based on a two-phase approach. In
the rst phase, a SAT-based algorithm identies rarely sensitized paths in
a combinational circuit. In the second phase, a genetic algorithm smartly
distributes delays for each gate to minimize the number of faults caused
by random vectors.
As a case study, we apply our method to a 32-bit multiplier circuit
resulting in a stealthy Trojan multiplier. This Trojan multiplier only
computes faulty outputs if specic combinations of input pairs are applied
to the circuit. The multiplier can be used to realize bug attacks, introduced by Biham et al. In addition to the bug attacks proposed previously, we extend this concept for the specic fault model of the path delay Trojan multiplier and show how it can be used to attack ECDH key agreement protocols.
Our method is a general approach to path delay faults. It is a versatile
tool for designing stealthy Trojans for a given circuit and is not restricted to multipliers and the bug attack.
Category / Keywords:
Original Publication (in the same form): IACR-CHES-2016
Date: received 7 Jun 2016
Contact author: samaneh at umass edu, Georg Becker@ruhr-uni-bochum de, holcomb@engin umass edu, Christof Paar@rub de
Available format(s): PDF | BibTeX Citation
Version: 20160607:202739 (All versions of this report)
Short URL: ia.cr/2016/600
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]