TroLL: Exploiting Structural Similarities between Logic Locking and Hardware Trojans

TL;DR

This paper reveals structural similarities between logic locking and hardware Trojans, introduces TroLL as a new Trojan type based on logic locking, and evaluates detection methods showing current approaches have limited effectiveness.

Contribution

It establishes a connection between logic locking and hardware Trojans, constructs TroLL to evade detection, and assesses detection techniques highlighting their limitations.

Findings

Customized ATPG-based detection approaches perform best but are limited.

Detection efficacy decreases with longer Trojan triggers.

Current detection methods are insufficient for TroLL detection.

Abstract

Logic locking and hardware Trojans are two fields in hardware security that have been mostly developed independently from each other. In this paper, we identify the relationship between these two fields. We find that a common structure that exists in many logic locking techniques has desirable properties of hardware Trojans (HWT). We then construct a novel type of HWT, called Trojans based on Logic Locking (TroLL), in a way that can evade state-of-the-art ATPG-based HWT detection techniques. In an effort to detect TroLL, we propose customization of existing state-of-the-art ATPG-based HWT detection approaches as well as adapting the SAT-based attacks on logic locking to HWT detection. In our experiments, we use random sampling as reference. It is shown that the customized ATPG-based approaches are the best performing but only offer limited improvement over random sampling. Moreover, their efficacy also diminishes as TroLL's triggers become longer (i.e. have more bits specified). We thereby highlight the need to find a scalable HWT detection approach for TroLL.