Two Countermeasures Against Hardware Trojans Exploiting Non-Zero Aliasing Probability of BIST

TL;DR

This paper proposes two countermeasures to prevent hardware Trojans that exploit the non-zero aliasing probability in Logic Built-In-Self-Test (LBIST), enhancing hardware security against stealthy attacks.

Contribution

It introduces two novel LBIST modifications: one using key-dependent test patterns and another employing remote test management to thwart Trojan exploitation.

Findings

The key-dependent test pattern method increases attack resistance.

Remote test management diversifies test patterns to prevent Trojan detection.

Both methods effectively mitigate the specific Trojan injection attack.

Abstract

The threat of hardware Trojans has been widely recognized by academia, industry, and government agencies. A Trojan can compromise security of a system in spite of cryptographic protection. The damage caused by a Trojan may not be limited to a business or reputation, but could have a severe impact on public safety, national economy, or national security. An extremely stealthy way of implementing hardware Trojans has been presented by Becker et al. at CHES'2012. Their work have shown that it is possible to inject a Trojan in a random number generator compliant with FIPS 140-2 and NIST SP800-90 standards by exploiting non-zero aliasing probability of Logic Built-In-Self-Test (LBIST). In this paper, we present two methods for modifying LBIST to prevent such an attack. The first method makes test patterns dependent on a configurable key which is programed into a chip after the manufacturing stage. The second method uses a remote test management system which can execute LBIST using a different set of test patterns at each test cycle.