TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits

TL;DR

This paper introduces a comprehensive hardware Trojan detection and prevention method applicable during IC testing and operation, using new design techniques and memory technologies to identify and mitigate a wide range of malicious modifications.

Contribution

It presents a novel approach that combines design techniques and memory technologies for effective Trojan detection and prevention across various stages of IC fabrication and operation.

Findings

Detects 99.998% of Trojans without detailed design knowledge

Prevents 99.98% of attacks utilizing design reverse-engineering

Minimal speed impact close to 0%

Abstract

There are increasing concerns about possible malicious modifications of integrated circuits (ICs) used in critical applications. Such attacks are often referred to as hardware Trojans. While many techniques focus on hardware Trojan detection during IC testing, it is still possible for attacks to go undetected. Using a combination of new design techniques and new memory technologies, we present a new approach that detects a wide variety of hardware Trojans during IC testing and also during system operation in the field. Our approach can also prevent a wide variety of attacks during synthesis, place-and-route, and fabrication of ICs. It can be applied to any digital system, and can be tuned for both traditional and split-manufacturing methods. We demonstrate its applicability for both ASICs and FPGAs. Using fabricated test chips with Trojan emulation capabilities and also using simulations, we demonstrate: 1. The area and power costs of our approach can range between 7.4-165% and 0.07-60%, respectively, depending on the design and the attacks targeted; 2. The speed impact can be minimal (close to 0%); 3. Our approach can detect 99.998% of Trojans (emulated using test chips) that do not require detailed knowledge of the design being attacked; 4. Our approach can prevent 99.98% of specific attacks (simulated) that utilize detailed knowledge of the design being attacked (e.g., through reverse-engineering). 5. Our approach never produces any false positives, i.e., it does not report attacks when the IC operates correctly.