# SIMCom: Statistical Sniffing of Inter-Module Communications for Run-time   Hardware Trojan Detection

**Authors:** Faiq Khalid, Syed Rafay Hasan, Osman Hasan, Muhammad Shafique

arXiv: 1901.07299 · 2020-05-26

## TL;DR

SIMCom is a run-time detection method for hardware Trojans in SoCs that uses multi-parameter statistical traffic modeling and assertions to identify anomalies without affecting communication protocols.

## Contribution

It introduces a novel multi-parameter statistical approach combined with property assertions for real-time hardware Trojan detection in SoCs.

## Key findings

- Detects all benchmark Trojans with less than 1% area and power overhead.
- Effective in identifying communication anomalies caused by Trojans.
- Applicable to various SoC configurations and modules.

## Abstract

Timely detection of Hardware Trojans (HTs) has become a major challenge for secure integrated circuits. We present a run-time methodology for HT detection that employs a multi-parameter statistical traffic modeling of the communication channel in a given System-on-Chip (SoC), named as SIMCom. The main idea is to model the communication using multiple side-channel information like the Hurst exponent, the standard deviation of the injection distribution, and the hop distribution jointly to accurately identify HT-based online anomalies (that affects the communication without affecting the protocols or control signals). At design time, our methodology employs a "property specification language" to define and embed assertions in the RTL, specifying the correct communication behavior of a given SoC. At run-time, it monitors the anomalies in the communication behavior by checking the execution patterns against these assertions. For illustration, we evaluate SIMCom for three SoCs, i.e., SoC1 ( four single-core MC8051 and UART modules), SoC2 (four single-core MC8051, AES, ethernet, memctrl, BasicRSA, RS232 modules), and SoC3 (four single-core LEON3 connected with each other and AES, ethernet, memctrl, BasicRSA, RS23s modules microcontrollers). The experimental results show that with the combined analysis of multiple statistical parameters, SIMCom is able to detect all the benchmark Trojans (available on trust-hub) with less than 1% area and power overhead.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1901.07299/full.md

## Figures

14 figures with captions in the complete paper: https://tomesphere.com/paper/1901.07299/full.md

## References

58 references — full list in the complete paper: https://tomesphere.com/paper/1901.07299/full.md

---
Source: https://tomesphere.com/paper/1901.07299