T-TER: Defeating A2 Trojans with Targeted Tamper-Evident Routing

TL;DR

T-TER introduces a layout-level defense mechanism using tamper-evident guard wires to prevent hardware Trojan insertion by untrusted foundries, effectively protecting security-critical wires with minimal overhead.

Contribution

The paper proposes T-TER, a novel routing-centric method employing tamper-evident guard wires to thwart stealthy hardware Trojans during IC fabrication.

Findings

T-TER effectively prevents Trojan wire routing to security-critical signals.

Guard wires in T-TER are tamper-evident against deletion and modification.

T-TER incurs minimal area and performance overhead.

Abstract

Since the inception of the Integrated Circuit (IC), the size of the transistors used to construct them has continually shrunk. While this advancement significantly improves computing capability, fabrication costs have skyrocketed. As a result, most IC designers must now outsource fabrication. Outsourcing, however, presents a security threat: comprehensive post-fabrication inspection is infeasible given the size of modern ICs, so it is nearly impossible to know if the foundry has altered the original design during fabrication (i.e., inserted a hardware Trojan). Defending against a foundry-side adversary is challenging because---even with as few as two gates---hardware Trojans can completely undermine software security. Researchers have attempted to both detect and prevent foundry-side attacks, but all existing defenses are ineffective against Trojans with footprints of a few gates or less. We present Targeted Tamper-Evident Routing (T-TER), a preventive layout-level defense against untrusted foundries, capable of thwarting the insertion of even the stealthiest hardware Trojans. T-TER is directed and routing-centric: it prevents foundry-side attackers from routing Trojan wires to, or directly adjacent to, security-critical wires by shielding them with guard wires. Unlike shield wires commonly deployed for cross-talk reduction, T-TER guard wires pose an additional technical challenge: they must be tamper-evident in both the digital (deletion attacks) and analog (move and jog attacks) domains. We address this challenge by developing a class of designed-in guard wires, that are added to the design specifically to protect security-critical wires. T-TER's guard wires incur minimal overhead, scale with design complexity, and provide tamper-evidence against attacks.