Abstract
Corruption of data in embedded and medical devices can cause serious harm if not quickly detected. In this paper, we emphasize the part of the attack surface which entails inserting malicious hardware circuitry (Hardware Trojans) during the manufacturing process of a digital microchip. The Hardware Trojan (HT) is composed of a few gates and attempts to modify the functionality of the chip. Such types of extremely small HTs are hard to detect using other conventional offline HT detection methods, such as side-channel analysis and digital systems test techniques. In our approach, however, we focus on an online method for rapidly detecting HTs at runtime by checking for correct functionality of the underlying hardware. We present an architecture that addresses these threats by splitting the design into a two-chip approach where we generate signatures deep in the hardware during data harvesting, and we then check for these signatures during data processing and encryption for transmission. In addition, we take advantage of known physiological relationships between medical data to ensure the integrity of the data that is processed by the hardware. Our experimental results demonstrate the effectiveness of our HT detection architecture and show that not only can we detect such types of attacks but also that we can distinguish these attacks from actual health problems. Our synthesis results show that our architecture minimally impacts performance and area especially in light of the fact that most of our techniques rely on digital logic modules which are already typically present in modern digital chips for test and other purposes.
Similar content being viewed by others
References
Johnson R The Navy bought fake Chinese microchips that could have disarmed U.S. missiles, Business Insider, July 2011. [Online]. Available: http://www.businessinsider.com/navy-chinese-microchips-weapons-could-have-been-shut-off-2011-6 http://www.businessinsider.com/navy-chinese-microchips-weapons-could-have-been-shut-off-2011-6
West J, Kohno T, Lindsay D, Sechman J (2016) WearFit: Security design analysis of a wearable fitness tracker, IEEE Center for Secure Design
Post-market management of cybersecurity in medical devices, Center for Devices and Radiological Health, Food and Drug Administration, U.S. Department of Health and Human Services and Center for Biologics Evaluation and Research, 2016
Wehbe T, Mooney V, Keezer D, Parham NB (2015) A novel approach to detect hardware Trojan attacks on primary data inputs. In: Proceedings of the 10th Workshop on Embedded Systems Security (WESS), pp 2:1–2:10
Wehbe T, Mooney VJ, Javaid AQ, Inan OT (2017) A novel physiological features-assisted architecture for rapidly distinguishing health problems from hardware Trojan attacks and errors in medical devices. In: 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp 106–109
Wehbe T, Mooney VJ, Keezer DC, Inan OT, Javaid AQ (2017) Use of analog signatures for hardware Trojan detection. In: Proceedings of the 14th FPGAworld Conference
Inan OT, Migeotte PF, Park KS, Etemadi M, Tavakolian K, Casanella R, Zanetti J, Tank J, Funtova I, Prisk GK, Rienzo MD (2015) Ballistocardiography and seismocardiography: a review of recent advances. IEEE J Biom Health Inf 19(4):1414– 1427
Tehranipoor M, Koushanfar F (2010) A survey of hardware Trojan taxonomy and detection. IEEE Des Test Comput 27(1):10–25
Bhunia S, Hsiao MS, Banga M, Narasimhan S (2014) Hardware Trojan attacks: threat analysis and countermeasures. Proc IEEE 102(8):1229–1247
Lamech C, Plusquellic J (2012) Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp 75–82
Wei S, Potkonjak M (2013) The undetectable and unprovable hardware Trojan horse. In: 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC), pp 1–2
Wei S, Li K, Koushanfar F, Potkonjak M (2012) Hardware Trojan horse benchmark via optimal creation and placement of malicious circuitry. In: DAC Design Automation Conference, vol 2012, pp 90–95
Wu TF, Ganesan K, Hu YA, Wong HSP, Wong S, Mitra S (2016) TPAD: Hardware Trojan prevention and detection for trusted integrated circuits. IEEE Trans Comput Aided Des Integr Circuits Syst 35 (4):521–534
Francq J, Frick F (2015) Introduction to hardware Trojan detection methods. In: 2015 Design, Automation Test in Europe Conference Exhibition (DATE), pp 770–775
Moein S, Subramnian J, Gulliver TA, Gebali F, El-Kharashi MW (2015) Classification of hardware Trojan detection techniques, in 10th Int’l Conf. on Computer Engineering Systems (ICCES), pp 357–362
Gbade-Alabi A, Keezer D, Mooney V, Poschmann AY, Stöttinger M., Divekar K (2014) A signature based architecture for Trojan detection. In: Proceedings of the 9th Workshop on Embedded Systems Security (WESS), pp 3:1–3:10
Sullivan D, Biggers J, Zhu G, Zhang S, Jin Y (2014) FIGHT-metric: Functional identification of gate-level hardware trustworthiness. In: 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC), pp 1–4
Abramovici M, Breuer M, Friedman A (1990) Digital systems testing and testable design. IEEE Press, Piscataway
Richard E, Chan ADC (2010) Design of a gel-less two-electrode ECG monitor. In: Int’l Workshop on Medical Measurements and Applications, pp 92–96
Prisk GK, Verhaeghe S, Padeken D, Hamacher H, Paiva M (2001) Three-dimensional ballistocardiography and respiratory motion in sustained microgravity. Aviat Space Environ Med 72:1067–1074
Etemadi M, Inan OT, Giovangrandi L, Kovacs GTA (2011) Rapid assessment of cardiac contractility on a home bathroom scale. IEEE Trans Inf Technol Biomed 15(6):864–869
Wahby RS, Howald M, Garg S, Shelat A, Walfish M Verifiable ASICs. In: 2016 IEEE Symposium on Security and Privacy (SP), pp 759–778, vol 2016
Imeson F, Emtenan A, Garg S, Tripunitara MV (2013) Securing computer hardware using 3D integrated circuit (IC) technology and split manufacturing for obfuscation. In: Proc. of the 22nd USENIX Conf. on Security (SEC), USENIX Association, pp 495–510
Bogdanov A, Knudsen LR, Leander G, Paar C, Poschmann A, Robshaw MJB, Seurin Y, Vikkelsoe C (2007) PRESENT: an ultra-lightweight block cipher. Springer, pp 450–466
Maes R, Van Herrewege A, Verbauwhede I (2012) PUFKY: A fully functional PUF-based cryptographic key generator. In: Prouff E, Schaumont P (eds) Cryptographic hardware and embedded systems – CHES 2012. Springer, Berlin, pp 302– 319
Javaid AQ, Fesmire NF, Weitnauer MA, Inan OT (2015) Towards robust estimation of systolic time intervals using head-to-foot and dorso-ventral components of sternal acceleration signals. In: 2015 IEEE 12th international conference on wearable and implantable body sensor networks (BSN), pp 1–5
Ashouri H, Inan OT (2016) Improving the accuracy of proximal timing detection from ballistocardiogram signals using a high bandwidth force plate. In: 2016 IEEE-EMBS international conference on biomedical and health informatics (BHI), pp 553–556
Coughlin RF, Villanucci RS (1990) Introductory operational amplifiers and linear ICs: theory and experimentation. Harlow. Pearson Education Limited, United Kingdom
Wiens AD, Etemadi M, Roy S, Klein L, Inan OT (2015) Toward continuous, noninvasive assessment of ventricular function and hemodynamics: Wearable ballistocardiography. IEEE J Biom Health Inf 19(4):1435–1442
Jordanov VT, Hall DL (2002) Digital peak detector with noise threshold. In: IEEE Nuclear Science Symp. Conf. Record, vol 1, pp 140–142
Schlant RC, Adolph R, DiMarco J, Dreifus L, Dunn M, Fisch C et al (1992) Guidelines for electrocardiography. A report of the American college of cardiology/American Heart Association Task Force on assessment of diagnostic and therapeutic cardiovascular procedures. J Am Coll Cardiol 19(3):473–481
Yu MD, Devadas S (2010) Secure and robust error correction for physical unclonable functions. IEEE Des Test Comput 27(1):48–65
NCSU 45nm FreePDKTM process design kit. Electronic Design Automation, North Carolina State University. [Online]. Available: http://www.eda.ncsu.edu/wiki/FreePDK
Syed AH Performance of different multipliers in the DesignWare building block IP, DesignWare Technical Bulletin, Synopsys Inc
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The human subjects measurements were approved by the Georgia Tech Institutional Review Board, and subjects provided written informed consent.
Rights and permissions
About this article
Cite this article
Wehbe, T., Mooney, V.J., Inan, O.T. et al. Securing Medical Devices Against Hardware Trojan Attacks Through Analog-, Digital-, and Physiological-Based Signatures. J Hardw Syst Secur 2, 251–265 (2018). https://doi.org/10.1007/s41635-018-0040-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-018-0040-7