簡易檢索 / 詳目顯示

回結果列表
研究生: 郭蔓萱
Kuo, Man-Hsuan
論文名稱: 處理器中利用時間相關訊號觸發之硬體木馬設計
Time-Related Hardware Trojan Attacks on Processor Cores
指導教授: 李昆忠
Lee, Kuen-Jong
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電機工程學系
Department of Electrical Engineering
論文出版年: 2019
畢業學年度: 107
語文別: 英文
論文頁數: 44
中文關鍵詞: 設計安全硬體木馬實時時鐘RISC-V 處理器
外文關鍵詞: Design security, Hardware Trojan, Real-time clock, RISC-V processor
相關次數: 點閱:87下載:3
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 此篇論文基於對現在系統維持與更新時間之機制的了解,提出兩種使用時間訊息作為觸發條件的硬體木馬設計,一種是基於真實時間觸發之硬體木馬設計,它將在某個特定的真實世界時間攻擊系統。 另一種是基於相對時間觸發之硬體木馬設計,它將在系統啟動後經過一段特定時間段時觸發。 在任何一種情況下,當硬體木馬被觸發時,其攻擊電路將破壞系統或將內部機密資料洩露給攻擊者。另外也提出一種
    能夠在晶片製造後再決定硬體木馬的觸發條件之電路設計,接著把論文提出之具時間性觸發之硬體木馬設計植入一個開源處理器中並以一些方法評估此硬體木馬設計之隱蔽性,並將具時間性觸發之硬體木馬燒錄於開發板(FPGA)中以展示其攻擊效果。最後本論文實驗結果顯示,額外的延遲、面積與功率消耗開銷非常小,此外,在本論文中亦有使用現有之商業驗證工具與特徵提取之硬體木馬檢測技術評估本論文所提出之硬體木馬設計,檢測及分析結果發現以上述方法檢測此論文所提出之硬體木馬設計效果不彰或者需增加額外的安全敘述(Security Assertion)才能夠檢測到該木馬。

    This thesis presents two hardware Trojan designs that employ time information as a trigger condition based on the understanding of the time maintenance and update mechanism
    on a modern system. One is a real-time based Trojan, which will attack a system at some specific real-world time. The other is a relative-time based Trojan, which will be triggered when a specific time passes after the system is powered on. In either case, when a hardware Trojan is triggered, its payload circuit will corrupt the system or leakage internal confidential information to the attackers. In addition, this thesis also presents a hardware design scheme, which allows the trigger condition to be programmed after the chip is manufactured. The proposed time-related hardware Trojans have been inserted into an open-source processor and some of the current Trojan detection methods have been used to evaluate the effectiveness of the time-related hardware Trojans. Moreover, we implement the time-
    related hardware Trojans in the FPGA boards to demonstrate the attack effect. Experimental results show that the extra delay, area and power consumption are very small. In addition, we also use commercial verification tools and Trojan feature extraction detection technology to evaluate the presented hardware Trojans. Analysis results show that the above methods are not effective or additional test assertions are needed to detect the presented Trojan designs.

    TABLE OF CONTENTS CHAPTER 1 INTRODUCTION .................................. 1 CHAPTER 2 BACKGROUND .................................... 4 2.1 CURRENT HAREDWARE TROJAN MODELS ..................... 4 2.1.1 Trust-Hub Benchmarks .............................. 4 2.1.2 DeTrust ........................................... 4 2.1.3 Counter-triggered Trojan Designs .................. 4 2.2 PRE-SILICON TROJAN DETECTION METHODOLOGIES .......... 5 2.2.1 RTL Level Deteciton- Formal-Based Methods ......... 5 2.2.2 Gate Level Detection Methods ...................... 6 2.3 POST-SILICON TROJAN DETECTION METHODOLOGIES ......... 6 2.3.1 Trojan Activation Pattern Generation............... 6 2.3.2 Side-Channel Detection Methods .................... 7 CHAPTER 3 REAL-TIME CLOCK AND WALL CLOCK TIME ........... 8 3.1 REAL-TIME CLOCK MODULES, TIMER MODULE AND WALL-CLOCK TIME ......................................................... 8 3.2 INITIALIZE AND MAINTAIN THE WALL-CLOCK TIME ......... 9 CHAPTER 4 OVERVIEW OF PROPOSED TROJAN DESIGNS .......... 11 4.1 BASIC FUNCTIONS OF PROPOSED TROJAN DESIGNS ......... 11 4.2 PROGRAMMABLE TROJAN SCHEME ......................... 13 CHAPTER 5 PROPOSED TROJAN IN OPEN SOURCE PROCESSOR ..... 14 CHAPTER 6 TIME-RELATED TROJANS ON FPGA ................. 19 6.1 HARDWARE EQUIPMENT AND SOFTWARE .................... 19 6.2 ATTACK SCENARIOS AND TROJAN IMPLEMENTATION ......... 21 CHAPTER 7 SIMULATION AND ANALYSIS RESULTS .............. 23 7.1 AREA AND POWER OVERHEAD ............................ 23 7.2 DELAY OVERHEAD ..................................... 24 7.3 EVALUATE PROPOSED TROJAN DESIGNS BY A SIMULATION BASE METHOD ..................................................25 7.4 COMMERCIAL TOOL ANALYSIS ........................... 27 7.4.1 An Extra Assertion for Detecting Relative -Time Based Trojan A ................................................27 7.4.2 Extra Assertions for Detecting Relative -Time Based Trojan B ............................................... 30 7.4.3 An Extra Assertion for Detecting Real-Time Based Trojan .......... 33 7.5 FEATURE EXTRACTION METHOD ANALYSIS ................. 36 CHAPTER 8 CONCLUSIONS .................................. 39 REFERENCES ..............................................40

    References
    [1] M. Beaumont, B. Hopkins, and T. Newby. (2011). Hardware
    Trojans—Prevention, detection, countermeasures [Online].
    Available: https://apps.dtic.mil/dtic/tr/fulltext
    /u2/a547668.pdf
    [2] S. Adee, "The Hunt For The Kill Switch," IEEE Spectrum,
    vol. 45, no. 5, pp. 34-39, May 2008.
    [3] Defense Science Board Task Force (2005). High performance
    microchip supply [Online]. Available:
    https://www.acq.osd.mil/dsb/reports/2000s/ADA435563.pdf.
    [4] Reuters news agency. (2007). China virus found in Seagate
    drives in Taiwan: report Available:
    https://www.reuters.com/article/us-taiwan-
    trojan/china-virus-found-in-seagate-drives-in-taiwan-
    report-idUSTP20376020071112
    [5] D. Spiegel. (2014, May 17). Cisco slams NSA for
    intercepting packages en route to customers. Available:
    https://thedesk.matthewkeys.net/ 2014/05/cisco-slams-nsa-
    for-intercepting-packages-en-route-to-customers/
    [6] Y. Alkabani and F. Koushanfar, "Extended Abstract:
    Designer’s Hardware Trojan Horse," in Proc. IEEE Int.
    Workshop Hardware-Oriented Security and Trust, 2008, pp.
    82-83.
    [7] R. S. Chakraborty, S. Narasimhan and S. Bhunia, "Hardware
    Trojan: Threats and emerging solutions," in Proc. IEEE
    Int. High Level Design Validation and Test Workshop,
    2009, pp. 166-171.
    [8] R. Karri, J. Rajendran, K. Rosenfeld and M. Tehranipoor,
    "Trustworthy Hardware: Identifying and Classifying
    Hardware Trojans," Computers, vol. 43, no. 10, pp. 39-46,
    Oct. 2010.
    [9] M. Tehranipoor and F. Koushanfar, "A Survey of Hardware
    Trojan Taxonomy and Detection," in IEEE Design & Test of
    Computers, vol. 27, no. 1, pp. 10-25, Jan.-Feb. 2010.
    [10] H. Salmani, M. Tehranipoor, and R. Karri, "On Design
    vulnerability analysis and trust benchmark development",
    in Proc. IEEE Int. Conference on Computer Design, Oct.
    2013, pp471-474.
    [11] S. Bhunia, M. S. Hsiao, M. Banga, and S. Narasimhan,
    "Hardware Trojan Attacks: Threat Analysis and
    Countermeasures," Proceedings of IEEE, vol. 102, no. 8,
    Aug. 2014, pp.1229-1247.
    [12] S. Moein, T. A. Gulliver, F. Gebali and A. Alkandari.,
    "A New Characterization of Hardware Trojans," IEEE
    Access, vol. 4, pp. 2721-2731, 2016.
    [13] N. Fern, S. Kulkarni and K. T. Cheng, "Hardware Trojans
    hidden in RTL don't cares — Automated insertion and
    prevention methodologies," in Proc. IEEE Int. Test
    Conference, 2015, pp. 1-8.
    [14] M. Rathmair, F. Schupfer and C. Krieg, "Applied formal
    methods for hardware Trojan detection," in Proc. IEEE
    Int. Symposium on Circuits and Systems, 2014, pp
    169-172.
    [15] J. Portillo, E. John and S. Narasimhan, "Building trust
    in 3PIP using asset-based security property
    verification," in Proc. IEEE VLSI Test Symposium, 2016,
    pp. 1-6.
    [16] C. Wang, Y. Cai and Q. Zhou, "Automatic Security
    Property Generation for Detecting Information-Leaking
    Hardware Trojans," in Proc. IEEE Int. Conference on
    Computer Design, 2017, pp. 321-328.
    [17] K. Hasegawa, M. Oya, M. Yanagisawa, and N. Togawa,
    "Hardware Trojans classification for gate-level netlists
    based on machine learning," in Proc. IEEE Int.
    Symposium on On-Line Testing and Robust System Design,
    2016, pp. 203-206.
    [18] J. Portillo and E. John, "Enhancing Trojan Detection by
    Finding LTL and Taint Properties in RTL Circuit Designs:
    A Case Study," in Proc. Int. Conference on Computational
    Science and Computational Intelligence, 2017, pp. 80-85.
    [19] A. Waksman, M. Suozzo, and S. Sethumadhavan, "FANCI:
    Identification of stealthy malicious logic using Boolean
    functional Analysis," in Proc. ACM Conference on
    Computer and Communication Security, 2013, pp. 697–708.
    [20] M. Oya, Y. Shi, M. Yanagisawa, and N. Togawa, "A score-
    based classification method for identifying Hardware-
    Trojans at gate-level netlists," in Proc. Design,
    Automation & Test in Europe Conference & Exhibition,
    2015, pp. 465-470.
    [21] S. Yao et al., "FASTrust: Feature analysis for third-
    party IP trust verification," in Proc. IEEE Int. Test
    Conference, 2015, pp. 1-10.
    [22] F. Wolff, C. Papachristou, S. Bhunia, and R. S.
    Chakraborty., "Towards Trojan-Free Trusted ICs: Problem
    Analysis and Detection Scheme," in Proc. Design,
    Automation and Test in Europe, 2008, pp. 1362-1365.
    [23] H. Salmani, M. Tehranipoor, and J. Plusquellic, "A Novel
    Technique for Improving Hardware Trojan Detection and
    Reducing Trojan Activation Time," IEEE Transactions on
    VLSI Systems, vol. 20, no. 1, pp. 112-125, Jan. 2012.
    [24] B. Zhou et al., "Cost-efficient Acceleration of Hardware
    Trojan Detection Through Fan-Out Cone Analysis and
    Weighted Random Pattern Technique," IEEE Transactions on
    Computer-Aided Design of Integrated Circuits and
    Systems, vol. 35, no. 5, pp. 792-805, May 2016.
    [25] D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi and B.
    Sunar, "Trojan Detection using IC Fingerprinting," in
    Proc. IEEE Symposium on Security and Privacy, 2007, pp.
    296-310.
    [26] Xue Mingfu, Hu Aiqun, and Li Guyue, "Detecting Hardware
    Trojan through heuristic partition and activity driven
    test pattern generation," in Proc. Communications
    Security Conference, 2014, pp. 1-6.
    [27] M. Rithesh, G. Harish, B. V. B. Ram, and S. Yellampalli,
    "Detection and analysis of hardware trojan using scan
    chain method," in Proc. Int. Symposium on VLSI Design
    and Test, 2015, pp. 1-6.
    [28] F. S. Hossain, T. Yoneda, and M. Inoue, "An effective
    scan segmentation approach to detect hardware Trojan in
    integrated circuits," in Proc. IEEE Int. WIE Conference
    on Electrical and Computer Engineering, 2015, pp. 78-81.
    [29] B. Shakya et al., “Benchmarking of Hardware Trojans and
    Maliciously Affected Circuits”, Journal of Hardware and
    Systems Security, pp. 1–18, April 2017.
    [30] M. Tehranipoor. (2018). Trust-hub Available:
    https://www.trust- hub.org/home
    [31] J. Zhang, F. Yuan, and Q. Xu, “DeTrust: Defeating
    hardware trust verification with stealthy implicitly-
    triggered hardware Trojans,” in Proc. ACM Conference
    Computer Communications Security, Scottsdale, 2014, pp.
    153–166.
    [32] Y. Jin, N. Kupp and Y. Makris, "Experiences in Hardware
    Trojan design and implementation," in Proc. IEEE Int.
    Workshop on Hardware-Oriented Security and Trust, 2009,
    pp. 50-57.
    [33] H. Liu, H. Luo, and L. Wang, "Design of hardware trojan
    horse based on counter," in Proc. IEEE Int. Conference
    on Quality, Reliability, Risk, Maintenance, and Safety
    Engineering, 2011, pp. 1007-1009.
    [34] D. Lampret. (2001). Available: http://www.opencores.org
    /cores/rtc
    [35] Syntacore. (2018). Available: https://github.com
    /syntacore/scr1
    [36] Cadence, Inc., Security Path Verification App User
    Guide, Version 2017.06.
    [37] Cadence, Inc., JasperGold Platform and Formal Property
    Verification App User Guide, Version 2018.04.
    [38] Xilinx, Inc., ZedBoard Hardware User’s Guide, Version
    2014.01.
    [39] Xilinx, Inc., ZCU102 Evaluation Board User Guide,
    Version 2019.06.
    [40] Cadence, Inc., Jasper Formal Scoreboard, Version
    2017.09.
    [41] W. Hu, B. Mao, J. Oberg, and R. Kastner, "Detecting
    Hardware Trojans with Gate-Level Information-Flow
    Tracking," IEEE Computer, vol. 49, no. 8, pp. 44-52, 2016.

    下載圖示 校內:2024-01-01公開
    校外:2024-01-01公開
    QR CODE