We are only too aware today of the need to be constantly on guard against Trojan code that hackers try to convince us to run on our personal computers. Once loaded, the Trojan has easy access to core system functions that can track keystrokes, allowing hackers to break into online bank accounts and pick up important data for identity theft.
Now, the SoC industry has to face the threat of hardware Trojans. Today's highly disaggregated supply chain opens up numerous doors to hackers looking of a way around the security functions embedded into the personal devices that are becoming ubiquitous in our lives. Research has uncovered a number of scenarios under which Trojans can enter an IC-design project, all the way from the system level down to physical layout. Even a tiny change to the well doping of a standard cell can disrupt the intended behavior of an IC.
Tiny, extremely stealthy Trojans could be used to open up gateways to financial data and DRM-protected content. Some research has shown how it is possible to weaken the security of a cryptoprocessor by reducing the effective entropy of a random-number generator or by providing information on the internal operation of the processor to an attacker through side-channel attacks. Even blackmail could provide an incentive for hackers through the insertion of cells that allow attacks in the form of a denial of service, shutting the device down once a trigger has been activated.
It is unclear whether hardware Trojans have been deployed in production ICs or whether the incentives to do so are sufficiently strong to make it a major risk. However, actions by some publicly funded institutions -- such as the decision by the Semiconductor Research Council (SRC) to create and fund the Trustworthy and Secure Semiconductors and Systems (T3S) Consortium -- indicate that the threat is being taken seriously.
The SRC announced that it would spend $9 million on research over an initial three-year period. In May 2014, SRC convened a workshop to canvas opinions from academia and industry on the direction the countermeasures work should take.
This year's Design Automation Conference (June 1-5, 2014) highlighted some intriguing ways in which countermeasures against Trojans could be developed, such as a competition in which teams of students go up against teams of researchers, both using their skills to deploy and detect hard malware.
A session on June 5 described ways Trojans might evade detection, and how automated techniques could evolve to sniff them out. One such detection technique, entered into the Cyber Security Awareness Week (CSAW) contest organized by NYU Poly, would use RTL analysis to identify malicious blocks that were inserted during design, working out how well each piece of hardware description was connected to core system functions.
Although the FANCI tool, which flags suspicious wires in a design that may be malicious, used in the competition to detect Trojans is not based on formal verification techniques, formal may prove to be part of the mix in production. We already use equivalence checking to look for changes between RTL and gates.
Similar techniques may be applied in the hunt for Trojans. Further research may uncover ways to apply model-based techniques to the problem. With active research underway, it will be an interesting cat-and-mouse game with the hacker community.
Dr. Mike Bartley, founder and CEO of TVS has a PhD in Mathematics from Bristol University, an MSc in Software Engineering and an MBA from the Open University, and over 20 years of experience in software testing and hardware verification. He has built and managed state-of-the-art test and verification teams in a number of companies (including STMicroelectronics, Infineon, and Elixent/Panasonic) who still use the methodologies he established. Since founding TVS he has consulted on multiple verification projects for respected organizations and has had over 20 articles published on the subject of verification and outsourcing.
Contact Dr. Bartley at firstname.lastname@example.org