Vulnerability Assessment of Controller Designs

  • Farimah Farahmandi
  • Yuanwen Huang
  • Prabhat Mishra


Finite state machines (FSMs) control the functionality of System-on-Chip (SoC) designs. The security and trustworthiness of SoCs can be compromised by exploring the vulnerabilities of their FSMs. Any deviation from the specification of FSMs can endanger the security and trustworthiness of SoCs. This is a critical concern when an FSM is responsible for controlling the usage or propagation of protected information (e.g., secret keys) in a secure component. FSM vulnerabilities may be introduced by a rogue designer or an attacker who inserts hardware Trojans in the FSM implementation. Traditional FSM design flows as well as CAD tools may create unintentional security vulnerabilities in FSM designs (e.g., when a synthesis tool is trying to optimize a gate-level netlist). These vulnerabilities can also be introduced unintentionally by a CAD tool. In this chapter, we present an efficient formal analysis framework based on symbolic algebra to find FSM vulnerabilities. The proposed method tries to find inconsistencies between the specification and FSM implementation through manipulation of respective polynomials. Security properties (such as a safe transition to a protected state) are derived using specification polynomials and verified against implementation polynomials. In case of a failure, the vulnerability is reported. While existing methods can verify legal transitions, the proposed approach tries to solve the important and non-trivial problem of detecting illegal accesses to the design states (e.g., protected states).


  1. 1.
    J. Backer, D. Hély, R. Karri, Secure design-for-debug for systems-on-chip, in IEEE International Test Conference (ITC) (IEEE, Piscataway, 2015), pp. 1–8Google Scholar
  2. 2.
    E. Biham, A. Shamir, Differential fault analysis of secret key cryptosystems, in Annual International Cryptology Conference (Springer, Berlin, 1997), pp. 513–525zbMATHGoogle Scholar
  3. 3.
    E. Brickell, A survey of hardware implementations of RSA, in Advances in CryptologyCRYPTO89 Proceedings (Springer, Berlin, 1990), pp. 368–370Google Scholar
  4. 4.
    D. Cox, J. Little, D. O’shea, in Ideals, Varieties, and Algorithms, vol. 3 (Springer, Berlin, 1992)CrossRefGoogle Scholar
  5. 5.
    C. Dunbar, G. Qu, Designing trusted embedded systems from finite state machines. ACM Trans. Embed. Comput. Syst. (TECS) 13(5s), 153, 2014CrossRefGoogle Scholar
  6. 6.
    F. Farahmandi, Y. Huang, P. Mishra, Trojan localization using symbolic algebra, in Design Automation Conference (ASP-DAC), 2017 22nd Asia and South Pacific (IEEE, Piscataway, 2017), pp. 591–597Google Scholar
  7. 7.
    N. Fern, K.-T.T. Cheng, Detecting hardware trojans in unspecified functionality using mutation testing, in Proceedings of the IEEE/ACM International Conference on Computer-Aided Design (IEEE, Piscataway, 2015), pp. 560–566Google Scholar
  8. 8.
    X. Guo, R.G. Dutta, P. Mishra, Y. Jin, Scalable SoC trust verification using integrated theorem proving and model checking, in IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (IEEE, Piscataway, 2016)Google Scholar
  9. 9.
  10. 10.
    Y. Huang, S. Bhunia, P. Mishra, MERS: statistical test generation for side-channel analysis based trojan detection, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (ACM, New York, 2016), pp. 130–141Google Scholar
  11. 11.
    R. Karri, J. Rajendran, K. Roseland, M. Tehranipoor, Trustworthy hardware: identifying and classifying hardware trojans, in IEEE Computer (IEEE, Piscataway, 2010), pp. 39–46Google Scholar
  12. 12.
    P.C. Kocher, Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems, in Annual International Cryptology Conference (Springer, Berlin, 1996), pp. 104–113zbMATHGoogle Scholar
  13. 13.
    P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Annual International Cryptology Conference (Springer, Berlin, 1999), pp. 388–397zbMATHGoogle Scholar
  14. 14.
    S.C. Ma, P. Franco, E.J. McCluskey, An experimental chip to evaluate test techniques experiment results, in Proceedings, International Test Conference, 1995 (IEEE, Piscataway, 1995), pp. 663–672Google Scholar
  15. 15.
    T. Meade, S. Zhang, Y. Jin, Netlist reverse engineering for high-level functionality reconstruction, in 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC) (IEEE, Piscataway, 2016), pp. 655–660Google Scholar
  16. 16.
    A. Nahiyan, K. Xiao, K. Yang, Y. Jin, D. Forte, M. Tehranipoor, AVFSM: a framework for identifying and mitigating vulnerabilities in FSMS, in Design Automation Conference (DAC), 2016 53nd ACM/EDAC/IEEE (IEEE, Piscataway, 2016), pp. 1–6Google Scholar
  17. 17.
    A. Nahiyan, F. Farahmandi, D. Forte, P. Mishra, M. Tehranipoor, Security-aware FSM Design Flow for Identifying and Mitigating Vulnerabilities to Fault Attacks, in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) (IEEE, Piscataway, 2018)Google Scholar
  18. 18.
  19. 19.
    J. Rajendran, V. Vedula, R. Karri, Detecting malicious modifications of data in third-party intellectual property cores, in Proceedings of the 52nd Annual Design Automation Conference (ACM, New York, 2015), p. 112Google Scholar
  20. 20.
    X. Sun, P. Kalla, F. Enescu, Word-level traversal of finite state machines using algebraic geometry, in 2016 IEEE International High Level Design Validation and Test Workshop (HLDVT) (IEEE, Piscataway, 2016), pp. 142–149CrossRefGoogle Scholar
  21. 21.
    B. Sunar, G. Gaubatz, E. Savas, Sequential circuit design for embedded cryptographic applications resilient to adversarial faults. IEEE Trans. Comput. 57(1), 126–138 (2008)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Z. Wang, M. Karpovsky, Robust fsms for cryptographic devices resilient to strong fault injection attacks, in 2010 IEEE 16th International On-Line Testing Symposium (IEEE, Piscataway, 2010), pp. 240–245Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Farimah Farahmandi
    • 1
  • Yuanwen Huang
    • 2
  • Prabhat Mishra
    • 1
  1. 1.University of FloridaGainesvilleUSA
  2. 2.GoogleMountain ViewUSA

Personalised recommendations