Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

A stealthy Hardware Trojan based on a Statistical Fault Attack

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

Integrated Circuits (ICs) are sensible to a wide range of (passive, active, invasive, non-invasive) physical attacks. In this context, Hardware Trojans (HTs), that are malicious modifications of a circuit by an untrusted manufacturer, are one of the most challenging threats to mitigate. HTs aim to alter the functionality of the infected chip in a malicious way, e.g. under specific conditions known by the adversary. Fault attacks are a typical attack vector. However, for a HT to be exploitable by an adversary, it also has to be stealthy. For example, a HT that would directly inject exploitable faults in a block cipher may be spotted by analyzing its functional behavior (i.e. the positions and the distribution of the faulty values appearing). In this paper, we propose a stealthy HT instance leading to successful and hidden Statistical Fault Attacks (SFA). More precisely, the faults are injected when the chip is running under condition for which metastabilty occurs (i.e. with a increased clock frequency), leading to the apparition faults at random positions within the target implementation. In addition, an internal bit is set to a value known only by the adversary, allowing him to perform efficient SFA. Compared to classical SFA, the HT uses its control on the target to circumvent behavioral detection tests. Indeed, it also adds computation errors in the early rounds of the target cipher which are not exploitable via SFA.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Aarestad, J., Acharyya, D., Rad, R. M., Plusquellic, J.: Detecting Trojans through leakage current analysis using multiple supply pad i(ddq) s. IEEE Trans. Inf. Forensics Secur 5 (4), 893–904 (2010). https://doi.org/10.1109/TIFS.2010.2061228

    Article  Google Scholar 

  2. Ali, S., Mukhopadhyay, D., Tunstall, M.: Differential fault analysis of AES: towards reaching its limits. J. Cryptogr. Eng. 3(2), 73–97 (2013). https://doi.org/10.1007/s13389-012-0046-y

    Article  Google Scholar 

  3. Balasch, J., Gierlichs, B., Verbauwhede, I.: Electromagnetic circuit fingerprints for hardware Trojan detection, pp 246–251. https://doi.org/10.1109/ISEMC.2015.7256167(2015)

  4. Beaumont, M. R., Hopkins, B. D., Newby, T.: Hardware Trojans - prevention, detection countermeasures (a literature review) (2011)

  5. Bellizia, D., Bongiovanni, S., Monsurró, P., Scotti, G., Trifiletti, A.: Univariate power analysis attacks exploiting static dissipation of nanometer CMOS VLSI circuits for cryptographic applications. IEEE Trans. Emerging Topics Comput. 5(3), 329–339 (2017). https://doi.org/10.1109/TETC.2016.2563322

    Article  Google Scholar 

  6. Bellizia, D., Bronchain, O., Cassiers, G., Grosso, V., Guo, C., Momin, C., Pereira, O., Peters, T., Standaert, F.: Mode-level vs. implementation-level physical security in symmetric cryptography - A practical guide through the leakage-resistance jungle. In: Micciancio, D., Ristenpart, T. (eds.) Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17-21, 2020, Proceedings, Part I. Lecture Notes in Computer Science. https://doi.org/10.1007/978-3-030-56784-2_13, vol. 12170, pp 369–400. Springer (2020)

  7. Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: CRYPTO (1997)

  8. Boneh, D., DeMillo, R. A., Lipton, R. J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: EUROCRYPT (1997)

  9. Chakraborty, R. S., Narasimhan, S., Bhunia, S.: Hardware Trojan: Threats and emerging solutions. In: IEEE International High Level Design Validation and Test Workshop, HLDVT 2009, San Francisco, CA, USA, 4-6 November 2009. https://doi.org/10.1109/HLDVT.2009.5340158, pp 166–171 (2009)

  10. Clavier, C.: Secret external encodings do not prevent transient fault analysis. In: CHES (2007)

  11. Daemen, J., Rijmen, V.: The block cipher Rijndael. Lecture Notes in computer Science 1820, 277–284 (1998). https://doi.org/10.1007/10721064_26

    Article  Google Scholar 

  12. Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: Sifa: Exploiting ineffective fault inductions on symmetric cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 547–572 (2018)

    Article  Google Scholar 

  13. Dziembowski, S., Faust, S., Standaert, F.: Private circuits III: hardware Trojan-resilience via testing amplification. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016. https://doi.org/10.1145/2976749.2978419, pp 142–153 (2016)

  14. Ender, M., Ghandali, S., Moradi, A., Paar, C.: The first thorough side-channel hardware Trojan. In: ASIACRYPT (1). Lecture Notes in Computer Science, vol. 10624, pp 755–780. Springer (2017)

  15. Fuhr, T., Jaulmes, É., Lomné, V., Thillard, A.: Fault attacks on aes with faulty ciphertexts only. 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 108–118 (2013)

  16. Ghalaty, N. F., Yuce, B., Taha, M. M. I., Schaumont, P.: Differential fault intensity analysis. In: Tria, A., Choi, D. (eds.) 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2014, Busan, South Korea, September 23, 2014. https://doi.org/10.1109/FDTC.2014.15, pp 49–58. IEEE Computer Society (2014)

  17. Ghandali, S., Becker, G.T., Holcomb, D., Paar, C.: A design methodology for stealthy parametric Trojans and its application to bug attacks. In: Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings. https://doi.org/10.1007/978-3-662-53140-2_30, pp 625–647 (2016)

  18. Giraud, C.: DFA on AES. In: Advanced Encryption Standard - AES, 4th International Conference, AES 2004, Bonn, Germany, May 10-12, 2004, Revised Selected and Invited Papers. https://doi.org/10.1007/11506447_4, pp 27–41 (2004)

  19. Jin, Y., Kupp, N., Makris, Y.: Experiences in hardware Trojan design and implementation. In: Tehranipoor, M., Plusquellic, J. (eds.) IEEE International Workshop on Hardware-Oriented Security and Trust, HOST 2009, San Francisco, CA, USA, July 27, 2009. Proceedings, pp 50–57 (2009), https://doi.org/10.1109/HST.2009.5224971

  20. Karimi, N., Moos, T., Moradi, A.: Exploring the effect of device aging on static power analysis attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019 (3), 233–256 (2019). https://doi.org/10.13154/tches.v2019.i3.233-256

    Article  Google Scholar 

  21. King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. In: First USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET ’08, San Francisco, CA, USA, April 15, 2008, Proceedings. http://www.usenix.org/events/leet08/tech/full_papers/king/king.pdf (2008)

  22. Li, Y., Sakiyama, K., Gomisawa, S., Fukunaga, T., Takahashi, J., Ohta, K.: Fault sensitivity analysis. In: Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings. https://doi.org/10.1007/978-3-642-15031-9_22, pp 320–334 (2010)

  23. Lin, L., Burleson, W. P., Paar, C.: MOLES: malicious off-chip leakage enabled by side-channels. In: Roychowdhury, J.S. (ed.) 2009 International Conference on Computer-Aided Design, ICCAD 2009, San Jose, CA, USA, November 2-5, 2009. https://doi.org/10.1145/1687399.1687425, pp 117–122. ACM (2009)

  24. Lin, L., Kasper, M., Güneysu, T., Paar, C., Burleson, W.: Trojan side-channels: Lightweight hardware Trojans through side-channel engineering. In: Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings. https://doi.org/10.1007/978-3-642-04138-9_27, pp 382–395 (2009)

  25. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Advances in Cryptology - EUROCRYPT ’93, Workshop on the Theory and Application of of Cryptographic Techniques, Lofthus, Norway, May 23-27, 1993, Proceedings. https://doi.org/10.1007/3-540-48285-7_33, pp 386–397 (1993)

  26. Moos, T.: Static power SCA of sub-100 nm CMOS asics and the insecurity of masking schemes in low-noise environments. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(3), 202–232 (2019). https://doi.org/10.13154/tches.v2019.i3.202-232

    Article  Google Scholar 

  27. Narasimhan, S., Du, D., Chakraborty, R., Paul, S., Wolff, F., Papachristou, C., Roy, K., Bhunia, S.: Multiple-parameter side-channel analysis: A non-invasive hardware Trojan detection approach, pp. 13–18. https://doi.org/10.1109/HST.2010.5513122 (2010)

  28. Ngo, X.T., Exurville, I., Bhasin, S., Danger, J., Guilley, S., Najm, Z., Rigaud, J., Robisson, B.: Hardware Trojan detection by delay and electromagnetic measurements. In: Nebel, W., Atienza, D. (eds.) Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, DATE 2015, Grenoble, France, March 9-13, 2015. http://dl.acm.org/citation.cfm?id=2755931, pp 782–787. ACM (2015)

  29. Piret, G., Quisquater, J.: A differential fault attack technique against SPN structures, with application to the AES and KHAZAD. In: Cryptographic Hardware and Embedded Systems - CHES 2003, 5th International Workshop, Cologne, Germany, September 8-10, 2003, Proceedings. https://doi.org/10.1007/978-3-540-45238-6_7, pp 77–88 (2003)

  30. Robertson, J., Riley, M.: The big hack: How China used a tiny chip to infiltrate U.S. companies. Bloomberg (2018)

  31. Tehranipoor, M., Koushanfar, F.: A survey of hardware Trojan taxonomy and detection. Design and Test of Computers, IEEE 27, 10–25 (2010). https://doi.org/10.1109/MDT.2010.7

    Article  Google Scholar 

  32. Waksman, A., Sethumadhavan, S.: Silencing hardware backdoors. In: IEEE Symposium on Security and Privacy, pp 49–63. IEEE Computer Society (2011)

  33. Wang, X., Tehranipoor, M., Plusquellic, J.: Detecting malicious inclusions in secure hardware: Challenges and solutions. In: IEEE International Workshop on Hardware-Oriented Security and Trust, HOST 2008, Anaheim, CA, USA, June 9, 2008. Proceedings, pp 15–19 (2008), https://doi.org/10.1109/HST.2008.4559039

  34. Xiao, K., Zhang, X., Tehranipoor, M. M.: A clock sweeping technique for detecting hardware Trojans impacting circuits delay. IEEE Design and Test 30, 26–34 (2013)

    Article  Google Scholar 

Download references

Acknowledgments

François-Xavier Standaert is Senior Research Associate of the Belgian Fund for Scientific Research (FNRS-F.R.S.). This work has been funded in part by EU and the Walloon Region through the ERC Project 724725 (SWORD) and the Wallinov TRUSTEYE project.

Author information

Authors and Affiliations

  1. UCLouvain, Louvain-la-Neuve, Belgium

    Charles Momin, Olivier Bronchain & François-Xavier Standaert

Authors
  1. Charles Momin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Olivier Bronchain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Charles Momin.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Momin, C., Bronchain, O. & Standaert, FX. A stealthy Hardware Trojan based on a Statistical Fault Attack. Cryptogr. Commun. 13, 587–600 (2021). https://doi.org/10.1007/s12095-021-00480-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-021-00480-4

Keywords

Mathematics Subject Classification (2010)

Search

Navigation