Paper 2017/783

HAL — The Missing Piece of the Puzzle for Hardware Reverse Engineering, Trojan Detection and Insertion

Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Matthias Wilhelm, Tobias Weidlich, Russell Tessier, and Christof Paar

Abstract

Hardware manipulations pose a serious threat to numerous systems, ranging from a myriad of smart-X devices to military systems. In many attack scenarios an adversary merely has access to the low-level, potentially obfuscated gate-level netlist. In general, the attacker possesses minimal information and faces the costly and time-consuming task of reverse engineering the design to identify security-critical circuitry, followed by the insertion of a meaningful hardware Trojan. These challenges have been considered only in passing by the research community. The contribution of this work is threefold: First, we present HAL, a comprehensive reverse engineering and manipulation framework for gate-level netlists. HAL allows automating defensive design analysis (e.g., including arbitrary Trojan detection algorithms with minimal effort) as well as offensive reverse engineering and targeted logic insertion. Second, we present a novel static analysis Trojan detection technique ANGEL which considerably reduces the false-positive detection rate of the detection technique FANCI. Furthermore, we demonstrate that ANGEL is capable of automatically detecting Trojans obfuscated with DeTrust. Third, we demonstrate how a malicious party can semi-automatically inject hardware Trojans into third-party designs. We present reverse engineering algorithms to disarm and trick cryptographic self-tests, and subtly leak cryptographic keys without any a priori knowledge of the design’s internal workings.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Major revision. IEEE Transactions on Dependable and Secure Computing 2018
Keywords
Hardware Reverse EngineeringHardware TrojansHardware Trojan Detection
Contact author(s)
sebastian wallat @ rub de
History
2018-03-01: revised
2017-08-18: received
See all versions
Short URL
https://ia.cr/2017/783
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/783,
      author = {Marc Fyrbiak and Sebastian Wallat and Pawel Swierczynski and Max Hoffmann and Sebastian Hoppach and Matthias Wilhelm and Tobias Weidlich and Russell Tessier and Christof Paar},
      title = {HAL — The Missing Piece of the Puzzle for Hardware Reverse Engineering, Trojan Detection and Insertion},
      howpublished = {Cryptology ePrint Archive, Paper 2017/783},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/783}},
      url = {https://eprint.iacr.org/2017/783}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.