a sensor-assisted self-authentication for hardware trojan detection min li*, azadeh davoodi*,...
TRANSCRIPT
![Page 1: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/1.jpg)
A Sensor-Assisted Self-Authentication for Hardware Trojan Detection
Min Li*, Azadeh Davoodi*,
Mohammad Tehranipoor**
*University of Wisconsin-Madison
**University of Connecticut
WISCAD Electronic Design Automation Lab http://wiscad.ece.wisc.edu
![Page 2: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/2.jpg)
2
Challenges of Hardware Trojan Detection• Challenges:
– lack of observability and controllability after fabrication– complexity
• due to existence of billions of nano-scale components• due to high volume of soft and hard integrated IP cores
– overhead associated with physical inspection of nanometer feature sizes for reverse engineering
• could be intrusive
– difficulty to activate a Trojan– increasing fabrication and environmental variations with
technology scaling
![Page 3: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/3.jpg)
3
Fundamental Challenge• Trojan-free or Golden IC (GIC)
– required in any (generic) IC authentication process• create a reference fingerprint from the transient behavior of GIC and
compare with fingerprint obtained from target IC
– existence and identification of GIC cannot be guaranteed• if inserted in GDSII file, or if the foundry alters the mask to insert a
Trojan, GIC will not exist• if an IC passes a rigorous test, in theory one cannot conclude that it is
a GIC
![Page 4: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/4.jpg)
4
Contributions• A framework to use custom-designed on-chip detection
sensors to alleviate the need on a golden IC by providing a self-authentication
• On-chip “detection sensor”– a compact (small area) representation of a design
• can be designed by searching for common “features” in a design
– shares common sources of uncertainty with the design due to realization on the same chip
• e.g., process and environmental variations
• Assumptions – Trojan may infect the design paths, the detection sensor, or both
– the detection sensor is obfuscated within the design’s layout• i.e., an adversary will not be able to distinguish it
![Page 5: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/5.jpg)
5
Proposed Framework
Design and integration of custom-generated detection
sensorscapturing within-die variability
Design stage
On-chip delay fingerprint of
detection sensors
On-chip delay fingerprint of
arbitrary design paths
PASS?
Alert Trojan
Offline analysis of fingerprint correlation
NO
Post-silicon self-authentication process
![Page 6: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/6.jpg)
6
Design stage
Post-Silicon
detection sensor: a compact
representative of the design
measured on-chip delays of design
paths and of detection sensors
analyze correlation
-- Finds most frequent “layout features” which are design-dependent and technology-sensitive
-- Main Idea: Addition of Trojan disturbs the expected delay correlation between the design and the detection sensor
detect Trojan
![Page 7: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/7.jpg)
7
Design of the Detection Sensor• Steps
– logic design via netlist analysis1. sequence matching
2. feature discovery
– physical design of sensors• layout integration
• delay measurement
![Page 8: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/8.jpg)
8
Design of A Detection Sensor• An optimization framework for finding frequent
sequences in a netlist*– modeled using a graph representation of the design’s netlist– break (all or some portions) of the graph into collection of “similar”
sequences– similar sequences grouped together and represented by one
sensor– given a budget for total area used by the detection sensors, the
goal is to maximize coverage of graph with formed sequences
*Li and Davoodi, “Custom On-Chip Sensors for Post-Silicon Failing Path Isolation in the Presence of Process Variations”, Technical Report, 2011
![Page 9: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/9.jpg)
9
Design of the Detection Sensor• Constraints:
1. sequence constraints• a sequence is made of
consecutive edges
2. similarity constraints• “similar” sequences are
mapped to the same sensor• similarity defined based on
delay correlation in the presence of uncertainties such as process variations
3. area constraint• summation of the areas of
detection sensors are bounded
original netlist extended graph after modification
simplified version for illustration
![Page 10: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/10.jpg)
10
Variation-Aware Delay Modeling
[Agarwal et al, ASPDAC’03]
2 , 2
2 , 5
2 , 6
2 , 3
2 , 4
2 , 7
2 , 8
2 , 9
2 , 1 0
2 , 1 1
2 , 1 2
2 , 1 3
2 , 1 4
2 , 1 5
2 , 1 6
1 , 1
1 , 2
1 , 3
1 , 4
2 , 1
0 , 1
2,1 1,1 0,1a aL L L L r 2,4 1,1 0,1b bL L L L r 2,15 1,4 0,1c cL L L L r
a
c ba
a a La ad s L
b b Lb bd s L
c c Lc cd s L
![Page 11: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/11.jpg)
11
Design of A Detection Sensor• Benefits of the formulation
– flexible definition of similarity between sequences mapped to the same sensor,
• for example similar sequences could be:– structually identical (e.g., same sequence of logic gates)– have the same timing distribution– highly correlated in their timing characteristic– in general can define similarity with respect to sensitivity to technology
parameters
– flexible objective• if edge weights are equal, objective is maximizing netlist coverage• can modify to also ensure spatial coverage from different regions of
the chip
![Page 12: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/12.jpg)
12
Design
Post-Silicon
detection sensor: a compact
representative of the design
measured on-chip delays of design
paths and of detection sensors
analyze correlation
detect Trojan
-- e.g., BIST technology
-- First check BIST is healthy (e.g., by verifying delays of embedded ring oscillators)
![Page 13: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/13.jpg)
13
• Examples– Path-RO [Tehranipoor et al ICCAD08]
• requires inserting measurement circuitry at the pre-silicon stage along the desired representative paths
– Shrinking clock signal [Abraham et al GLSVLSI 2010]
On-Chip Path Delay Measurement
![Page 14: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/14.jpg)
14
Design
Post-Silicon
detection sensor: a compact
representative of the design
measured on-chip delays of design
paths and of detection sensors
analyze correlation
detect Trojan
-- Detection scenarios:• Trojan may be added
to the design, the detection sensor, or both
-- The timing correlation between the design and its detection sensors will be different in the presence of a Trojan
![Page 15: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/15.jpg)
15
Detection Scenarios1. Trojan inserted in the design paths
– actual delay range: obtained from direct path delay measurement considering measurement error
– predicted delay range: computed using actual sensor delay and predicting the remainder of the path using worst/base-case values
Trojan-infected path used for actual delay range
path used for predicted delay range
sensor matched
case-based estimate
sensor
![Page 16: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/16.jpg)
16
Detection Scenarios1. Trojan inserted in the design paths
– underestimation of path delays that are Trojan infected– detects Trojan if predicted delay range does not overlap with the
measured range
sensor
![Page 17: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/17.jpg)
17
Detection Scenarios2. Trojan inserted in the detection sensor
– actual delay range: obtained from direct path delay measurement considering measurement error correct range
– predicted delay range: computed using Trojan-infected sensor delay and predicting the remainder of the path using worst/base-case values
path used for actual delay range
path used for predicted delay range
sensor matched
case-based estimate
sensor
![Page 18: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/18.jpg)
18
Detection Scenarios2. Trojan inserted in the detection sensor
– overestimation of the predicted range of the design paths– correctly detects existence of Trojan if the two ranges don’t
overlap– can identify that detection sensor is infected
sensor
![Page 19: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/19.jpg)
19
Detection Scenarios3. Trojan inserted simultaneously in the design and
detection sensor– actual and predicted ranges both erroneous– depending on how the Trojan impact each one, different cases
can happen
sensor
path used for actual delay range
path used for predicted delay range
![Page 20: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/20.jpg)
20
Detection Scenarios3. Trojan inserted simultaneously in the design and
detection sensor– can only predict that Trojan exists if the predicted and measured
ranges do not overlap, otherwise it doesn’t generate any output
sensor
![Page 21: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/21.jpg)
21
Simulation Setup• Randomly selected a subset of critical design paths from
the ISCAS89 suite• For each considered path
– inserted a Trojan at a random location on the path– sensor area budget is 15%– repeated many times for varying Trojan delays
• 3 to 10% of the delay of the longest path in the circuit (30 different values uniformly selected from the range)
– assumed on-chip measurement error of 3% for measuring the delays of the infected paths
– variation modeling• assumed process variations in channel length and threshold voltage
of transistors according to variation setting for 45nm technology and a 5-level spatial correlation model
• considered 10K scenarios of variations
![Page 22: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/22.jpg)
22
Trojan Inserted in Design
sensor and path information DR (Trojan in design)
Bench |P| %Asensor MR W/O sensors Sensor-assisted
s1423 92 13 1 0.58 0.68
s1488 16 12 1 0.60 0.67
s1494 16 12 1 0.48 0.50
s5378 201 12 0.84 0.62 0.66
s9234 169 10 1 0.69 0.71
s13207 331 12 1 0.67 0.73
s15850 136 15 0.97 0.75 0.85
s35932 1765 13 0.96 0.70 0.73
s38417 1587 12 0.99 0.72 0.77
s38584 1112 14 1 0.64 0.80
MR: fraction of the paths which are matched with at least one sensorDR: detection ratio
![Page 23: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/23.jpg)
23
Trojan Insertion in Detection Sensorsensor and path information DR (Trojan in design)
Bench |P| %Asensor MR W/O sensors Sensor-assisted
s1423 92 13 1 0.03 0.67
s1488 16 12 1 0.04 0.69
s1494 16 12 1 0.04 0.60
s5378 201 12 0.84 0.03 0.58
s9234 169 10 1 0.01 0.75
s13207 331 12 1 0.01 0.77
s15850 136 15 0.97 0.01 0.70
s35932 1765 13 0.96 0.01 0.93
s38417 1587 12 0.99 0.02 0.78
s38584 1112 14 1 0.00 0.97
MR: fraction of the paths which are matched with at least one sensorDR: detection ratio
![Page 24: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/24.jpg)
24
Trojan Detection Rate in s13207
% Trojan delay/delay of longest path
detection rate
![Page 25: A Sensor-Assisted Self-Authentication for Hardware Trojan Detection Min Li*, Azadeh Davoodi*, Mohammad Tehranipoor** * University of Wisconsin-Madison](https://reader035.vdocuments.us/reader035/viewer/2022062518/56649eb35503460f94bbb264/html5/thumbnails/25.jpg)
25
Conclusions• Benefits of the detection framework
– alleviates the need on a GIC– does not output a wrong answer– detection at a finer granularity– faster detection of Trojan– captures both layout-dependency and technology-dependency
• Limitations– spatial correlation modeling– path delay measurement accuracy– layout integration