The protection of the information at the hardware level is a critical challenge faced now- a-days by the IT security industry. Embedded circuits are prone to the adversary's attacks due to the fabrication at the remote places. These attacks may include insertion of malicious chips to disable the electronic circuitry to the usage of the tools that can handle the devices to behave abnormally with some hidden/underlying functionalities e.g, to whip the information like encryption keys and subnet masks etc. In this paper we have overviewed the existing works that have been done to identify the threat associated with hardware embedded systems.
I. Introduction
Embedded systems include smart cards, sensors, cell phones and personal computer. They all need to manipulate, access and communicate the critical information making security a greater concern for their reliable and trustworthy operations. Globalization of the integrated circuitry across many locations has led to the increased security issues and thefts to the embedded systems. The challenges unique to embedded systems require new approaches to security covering all aspects of embedded system design from architecture to implementation [12].
These threats can include stealing the secrets keys for authentication, whipping the information for cloning purposes, deactivating the devices and inserting the malicious chips into the design to disable the electronic functionality at the desired time. Embedded systems have to operate in non-secure environment; it is highly needed to protect the devices against the unauthorized access and activation. International Symposium on Hardware Oriented Security and Trust (HOST) has been started since 2008 to cope up with the emerging requirements of highly secured and trust worthy embedded systems [12]
The desired functionality of an Integrated Circuit (IC) relies on the trustworthiness of the embedded circuitry. The inserted trojans at the design time are difficult to be detected by the traditional post manufacturing testing techniques because of a number of reasons. The trojan can be time triggered or event triggered hence can be non activated at the testing times.
Section II overviews the existing works researchers have done for the protection of attacks in the embedded circuits. Section III gives the analytical overview of the various techniques for detecting trojans, their strengths and weakness. Section IV contains the concluding remarks and future work.
II. Literature Review
The authors in [1] focus on the detection of combinational and sequential trojans in a complex multi-module circuit using logic based testing. They have introduced “On Demand Transparency” for the said detection that requires generating an input condition that generates a specific output which can reflect the presence of trojan when the output is different from the specific signature. The design used least controllable nodes for triggering the trojan and least observable nodes as payload. The proposed methodology makes use of X-Compact compaction scheme to observe the large number of nodes simultaneously. X-Compact is a technique used for compacting the responses efficiently. The output generated upon the application of particular input helps to authenticate the design.
The proposed design in [1] is applied on 8-bit reduced instruction set computer (RISC) CPU and JPEG encoder. RISC chips use simpler instruction sets to achieve higher clock frequencies and process more instructions per clock cycle .The overhead for both the designs have been clearly represented in terms of area, power and delay. Logic simulation has been used to see the effectiveness of proposed method that showed 90% detectability.
The method in [1] is effective and robust for the detection of small trojans in complex circuits. The proposed method in [1] is costly to implement as requires design modifications by the addition of extra input ports. Design changes make the reverse engineering and physical inspection difficult.
In [2] the analysis of the power supply signals has been done for the detection of trojans using parametric testing techniques. The design analyzes the ICs supply current for a trojan circuit and trojan free simulation model. The method involves transformation of values taken from malicious IC into the values taken from genuine Trojan free IC for ensuring the presence of trojan. The method also incorporates minimizing the impact of current ratios for in-depth sensitivity analysis thus differentiating between the anomalies caused by processes and trojans. Calibration technique has been utilized to see the adverse effects of the process variations on trojans. Callibration is used to deal with process variations that occur in the chip's core logic, power grid, and off-chip connection to power ports [2]. A statistical analysis approach has been used to detect the trojans
The method defined in [2] is robust and reliable for the detection of trojans. The efficiency and effectiveness of the technique has been verified by the simulation. This technique is helpful for the trojans which are dormant and non-activated. Dormant are the sleeping trojans that are waiting to be triggered at some future time upon application of some input. Non-activated trojans do not harm the circuitry but reside as mute spectators.
The effectiveness of this technique in [2] for the large microprocessor architecture has not been proved. The proposed technique is not effective for the trojan implementation of more than 4 electronic gates.
The paper [3] addresses two of the most critical threats to the IC industry authentication and trojan detection. The proposed technique for IC authentication and trojan detection overcomes the existing issue of the shorter length signature for IC authentication. Signatures are the unique random number patterns.
This proposed technique is based on the delay characterizations and applicable to functional and non-functional parts of the ICs without affecting the timings and functionality. The method focuses on observing the unobservable paths for computation of path delays under process variations and HTH detection. The delay characterization technique used in the proposed method utilizes the concept of negatively skewed shadow registers for at-speed delay variation characterization.
The results of proposed method in [3] revealed that technique is effective for generating longer length signatures as compared to the Physical Un-Clonable Functions (PUFs). The method achieves reliable and consistent results at various temperatures for IC authentication.
The technique is not effective for the detection of the hardware Trojan detection (HTH) but can be used along with the other techniques to achieve better results.
The method for hardware trojan detection using path delays fingerprints along with reduced testing cost have been discussed in [4]. The author has divided the trojans into two categories i-e, Explicit Trojan and Implicit Trojans. Explicit Trojans changes the behavior of the chip (spread of secret information) and cause extra delay. Implicit Trojans when activated can damage the chip or leak the secret information via signal emission. The authors have introduced a testing procedure to gather path delay information from the selected chips. The type of trojan and its position in the design place a vital role in gathering delay fingerprint [4]. Fingerprints are the traces for delay parameter.
The author has made use of Data Encryption Standard (DES) IP core design for the analysis of the trojans under increased process variations. A data set comprising of fingerprints along with chip area has been made. A series of fingerprints have been collected covering every corner of the chip so that delay fingerprint under each pattern for each chip is included. Principal component analysis (PCA) is used to reduce dimensional factors and to reflect the major trends in the data set.
The technique in [4] is successful in detection of explicit payload trojans under high process variations. The method is successful in detection of the small size trojan too. The method is economical in cost to be implemented. One issue with this technique is un-detection of implicit payload Trojans.
The paper [5] introduces “Region based Partitioning” for the detection of trojans to address the issue of the non-detection due to different process variations in different fabrications. Only the partitions with the flip-flop threshold were observed for analysis. Flips flops are circuit elements used to store the state of the circuit. An iterative approach for the regions creation has been used by keeping flip flop threshold number of flip flops in each partition. The switching activity for the selected regions in design is then maximized with a set of vectors. The author used difference in switching activities for trojan layout and trojan free layout as baseline for the detection for trojans, i-e, presence of trojan if the difference is above the process variation. The simulation results clearly showed that trojan appeared in high frequency count within the regions collected from power profile analysis.
The trojans associated with flip flops are easily observable using the technique proposed in [5]. The literature reviewed by the author is very comprehensive and well represented.
The technique is not applicable to the hyperactive circuits where the switching activity is below the process variation. Moreover the technique is not successful when considering high process variations in the leakage current.
In [6] the author discusses the issue of the lying hosts in the peer to peer networks for the detection of the wicked and malicious activities. Lying hosts are the hosts that report false reports about the neighbor peers to the server. Peer-to- peer networks heavily rely on the hosts for the said detection by analyzing and computing the host credibility (based on responses sent by hosts) and previous reputation.
The reputation computations are the major issue due the presence of lying hosts. This issue is resolved by formulating it as minimization problem in linear algebra. Author defined a submission period between the two reports for host reputation for allowing transactions and making it black listed. An algorithm is written for host credibility that says a host is malicious if its reputation value is less than average reputation by certain and absolute threshold.
The proposed algorithm in [6] is not implemented thus its effectiveness cannot be ensured.
In [7] the author focused preserving the Intellectual Property (IP) of the designs as ICs are the potential victim of adversaries for inserting trojan and getting the desired functionality by unethical ways. The paper highlights the security threats to the critical applications associated with the launch of falsely labeled chips. The author introduces design tags method for determining the chips with some hidden functionalities.
The Design tags in the proposed design work as active tags incorporated with the chips. Each tag has a unique code which is to be detected by the sensor. The communication of the design tag with the sensor is based on temperature channels .The data from the sensor is collected and tag detection software correlates the collected data with the database for the provision of further access to the information within the chips.
The proposed technique in [7] is applicable to small and low power circuits which can be added to the chip or IP core designs and detectable using external sensors [7]. This technique is only applicable to digital circuits.
The thermal channel use for the communication in [7] imposes a limitation on data rate thus making it suitable for security tags only.
In [8] the author focuses on the activation and authentication of the ICs to prohibit unauthorized access to the functionality of the IC. The author proposes one time activation and every time power up authentication to provide security against the attacks intended to steal the passwords and keys for desired functionality. This paper evaluates various implementation techniques for the IC activation and authentication and then proposes a method to overcome stated issues using asymmetric cryptographic techniques.
The method makes use of manufacturing variability (MV) to generate unique authentication and activation patterns based on power and delay parameters of side channel. The method incorporates generating a signature based on some user input and non-functional characteristics of ICs. This signature is compared against the value stored in a storage block that enables the locking mechanism to activate the IC. The signature is encrypted with public key hardwired in the chip and sent to the recipient that will extract the signature and users are authenticated.
The method in [8] is implemented on 256-bit ecliptic curve cryptography (ECC) logic and it successfully encrypted the keys. ECC algorithms support the creation and exchange of digital signatures (keys) for authentication. The metrics for evaluation of the technique is not performance based rather it lies in the successful completion of encryption. The paper has successfully overviewed the implementations against the various sorts of attacks.
The robustness of the proposed design in [8] has not been tested and verified.
Paper [9] discusses three issues of Trusted Computation Group (TCG) for trusted computing in the mobile devices. TCG is the authorized body for launching the security specifications for trusted platform Module (TPM) or Mobile Trust Module (MTM). TCG specifications identify the security features but it is also mandatory to address performance the cost issues associated with the semiconductor devices.
TCG in [9] specifies three ways of implementing the MTM/TPM. The first solution is the implementation of the TPM as a discrete chip on the motherboard. This implementation increases the cost, weight and size of the devices. It is prone to adversary's attack if accessed physically. The solution 1 is costly to implement in terms of silicon area. The second solution is to implement the TPM as System On Chip (SOC) by overcoming the issues in the solution 1. The third solution is the Software implementation of the MTM by combining the security features and functionality into the core processor. As per TCG specifications there must be shielded locations and protected capabilities of MTM for providing security features. Shielded locations are the specialized and protected areas for data processing (e.g authentication and authorization keys). Protected capabilities are the executable commands to access the shielded areas. The author also raises the need for selecting the cryptographic algorithm instead of RSA and SHA-1. ECC is preferred over RSA due to efficient implementations and low memory and bandwidth requirements for mobile devices. The last issue author raised in the current TCG specifications is the lack of the algorithm agility. This can be introduced by the addition of the hash functions and signature for a cost effective and flexible implementation of the algorithms for mobile computation.
The authors in [9] have raised issues in the TCG specifications for providing the security features that are not supported by any implementations.
The authors in [10] focus on identifying the expected and probable inclusions in hardware for the efficient and effective trojan detection schemes. They categorized the trojans based on the physical, activation and action characteristics. Physical characteristics include type, size, distribution and structure parameters. Type refers to trojans based on addition of electronic gates (functional trojans) or modification of existing wires/logic (parametric trojans). Size is accountable for the numbers of components that have been compromised in either way addition or deletion. Distribution refers to the topological area where the trojans are spread.
The authors in [10] have defined a framework metric for evaluating the various trojan detection schemes (side channel signal analysis, failure analysis based techniques and automatic test pattern generation technique). The metric evaluates the trojan detection methods based on trojan taxonomy, method complexity and effectiveness against non-activated trojans.
The proposed taxonomy and evaluation metrics in [10] is very comprehensive and easy to understand. Evaluation metric covers all the aspects of security for embedded systems. The effectiveness of the detection schemes with respect to proposed taxonomy have not been verified by any implementations
III. Comparison Table
Paper#
Problem Statement
Strength
Weakness
1
Detection of Combinational and Sequential trojans.
Effective for the detection of the small trojans based on logic based testing.
i-Does not tell any guidelines for the detection of the larger trojans.
ii-No emphasis on the cost reduction of the design.
2To overcome the issues of logic based testing by using power analysis for trojan detection.
Effective for the detection of the hidden trojans using Parametric techniques
The technique is limited to the trojan size comprising of maximum 4 gates.
3Effective IC authentication and trojan detection.
i-Effective technique for IC authentication by overcoming the issues of PUFs
ii-No Design changes are required
Not effective for the detection of the trojans.
4
Trojan detection using delay parameter of side channel analysis.
Effective for the detection of Explicit trojans based on delay parameters.
The technique fails to effectively detect the presence of Implicit trojans.
5
Improved Trojan detection under process variations.
Effective for the detection of the trojans using area partitioning based on flips flops(mostly accountable for trojans presence).
The technique is not effective for isolating the hyperactive circuit areas.
6
Detection of trojan in peer-to-peer networks.
Effective for calculating the host credibility
The proposed algorithm is not implemented.
7
The trustworthiness on the chips due to presence of false labeled chip and its detection.
Small and low power design to be implemented.
No emphasis on increasing the data rates.
8
To restrict un-authorized access and activation.
The activation via successful key encryption.
i-Performance factors have been ignored.
ii-Robustness of the technique is not verified.
9
The issues in the TCG specifications for trusted mobile computing.
An effective overview of the issues with security specifications for Mobile devices due to restricted constraints.
Issues identified are not implemented.
10
Challenges for detecting malicious inclusions in hardware
Defined Trojans taxonomy
The effectiveness of the detection techniques against the defined metrics have not been verified by any implementation
IV. Conclusion
The security of embedded systems is of great concern towards trustworthy and reliable operations of the devices. This paper overview various authentication, authorization and detection techniques and explicitly states the strengths and the weaknesses of the suggested solutions. Side channel Analysis, logic based testing and parametric based testing are some how effective for the detection of the trojans but still compromises performance, design overhead and cost of the circuits in some of the way. Future work in this domain may include the authentication/activation and detection of the trojans with the trade off between cost, performance and design overheads.
References
[1]. R. S. Chakraborty, S. Paul and S. Bhnia, “On Demand Transparency for Improving Hardware Trojan Detectability” IEEE International Conference on Hardware Oriented Security and Trust, June 2008
[2]. R. Rad, J. Plusquellic, M. Tehranipoor “Sensitivity Analysis to Harware Trojans Using Power Supply Transient Signals” IEEE International Conference on Hardware Oriented Security and Trust, June 2008
[3]. J. Lie, J. Lach Charles L Brown “At Speed Delay Characterization for IC Authentication and Trojan Horse Detection” IEEE International Conference on Hardware Oriented Security and Trust, June 2008
[4]. Y. Jin, Y. Makris “Hardware Trojan Detection Using Path Delay Fingerprint” IEEE International Conference on Hardware Oriented Security and Trust, June 2008
[5]. M. Banga , M. S. Hsiao “A region Base Approach for the identification of Hardware Trojans” IEEE International Conference on Hardware Oriented Security and Trust, June 2008
[6]. X. Jin, S.H.G. Chan, W.P.K.Yiu Y.Xiong, Q.Zhang “Detecting Malicious Hosts in the Presence of Lying hosts In Peer-to-Peer Streaming” IEEE International Conference on Hardware Oriented Security and Trust, June 2008
[7]. T. Kean, D. McLaren and C. Marsh “Verifying the Authenticity of Chip Designs with the Design Tag System” IEEE International Conference on Hardware Oriented Security and Trust, June 2008
[8]. J. Huang, J. Lach “IC activation and user Authentication for Security Sensitive System” IEEE International Conference on Hardware Oriented Security and Trust, June 2008
[9]. J. GroBschadl, T. Vejda and D. Page “Reassessing the TCG Specifications for Trusted Computing in Mbobile and Embedded Systems” IEEE International Conference on Hardware Oriented Security and Trust, June 2008
[10]. X. Wang, M. Tehranipoor and J. Plusqellic “Detecting Malicious Inclusions in Secure Hardware: Challenges and Solutions”
[11]. S. Ravi, A. Raghunathan, P. Kocher, S. Hattangayy “Security in embedded systems: Design Challenges”
[12]. http://www.engr.uconn.edu/HOST/
[13]. http://en.wikipedia.org/wiki/Integrated_circuit_design
[14]. http://en.wikipedia.org/wiki/Embedded_system
[15]. http://www.dsp-fpga.com/articles/id/?3870
[16]. http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-janansky-waite-harware_trojans.pdf
