A Design Methodology for Stealthy Parametric Trojans and Its Application to Bug Attacks

Samaneh Ghandali; Georg T. Becker; Daniel Holcomb; Christof Paar

doi:10.1007/978-3-662-53140-2_30

CHES 2016: Cryptographic Hardware and Embedded Systems – CHES 2016 pp 625-647 | Cite as

A Design Methodology for Stealthy Parametric Trojans and Its Application to Bug Attacks

Authors
Authors and affiliations

Samaneh GhandaliEmail author
Georg T. Becker
Daniel Holcomb
Christof Paar

Conference paper

First Online: 04 August 2016

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9813)

Abstract

Over the last decade, hardware Trojans have gained increasing attention in academia, industry and by government agencies. In order to design reliable countermeasures, it is crucial to understand how hardware Trojans can be built in practice. This is an area that has received relatively scant treatment in the literature. In this contribution, we examine how particularly stealthy Trojans can be introduced to a given target circuit. The Trojans are triggered by violating the delays of very rare combinational logic paths. These are parametric Trojans, i.e., they do not require any additional logic and are purely based on subtle manipulations on the sub-transistor level to modify the parameters of the transistors. The Trojan insertion is based on a two-phase approach. In the first phase, a SAT-based algorithm identifies rarely sensitized paths in a combinational circuit. In the second phase, a genetic algorithm smartly distributes delays for each gate to minimize the number of faults caused by random vectors.

As a case study, we apply our method to a 32-bit multiplier circuit resulting in a stealthy Trojan multiplier. This Trojan multiplier only computes faulty outputs if specific combinations of input pairs are applied to the circuit. The multiplier can be used to realize bug attacks, introduced by Biham et al. In addition to the bug attacks proposed previously, we extend this concept for the specific fault model of the path delay Trojan multiplier and show how it can be used to attack ECDH key agreement protocols.

Our method is a general approach to path delay faults. It is a versatile tool for designing stealthy Trojans for a given circuit and is not restricted to multipliers and the bug attack.

This is a preview of subscription content, to check access.

Supplementary material

Open image in new window

A Difficulty of Justification and Propagation Tables

Table 3.

Computation of diffj for different gate types. In the case of 2-input gates, we assume without loss of generality that input A is the on-path input and B is the off-path input. The first two columns show the output transition, and the input transition that we are trying to justify for this output transition. Columns 3–6 show the values that the on-path input (A) and off-path input (B) must take in the first and second cycles to justify the desired transition. The final column shows the formula to compute diffj in terms of the controllability of the inputs.

	Output trans	Input trans	A		B		Diffj
	Output trans	Input trans	v(1)	v(2)	v(1)	v(2)	Diffj
X = AND(A,B)	$X\downarrow $	$A\downarrow $	1	0	1	1	$C_1(A) * C_0(A) * C_1^2 (B)$
X = AND(A,B)	$X\uparrow $	$A\uparrow $	0	1	-	1	$C_0(A) * C_1(A) * C_1(B)$
X = OR(A,B)	$X\downarrow $	$A\downarrow $	1	0	-	0	$C_1(A) * C_0(A) * C_0(B)$
X = OR(A,B)	$X\uparrow $	$A\uparrow $	0	1	0	0	$C_0(A) * C_1(A) * C_0^2 (B)$
X = XOR(A,B)	$X\downarrow $	$A\downarrow $	1	0	0	0	$C_1(A) * C_0(A) * C_0^2 (B)$
	$X\downarrow $	$A\uparrow $	0	1	1	1	$C_0(A) * C_1(A) * C_1^2 (B)$
	$X\uparrow $	$A\uparrow $	0	1	0	0	$C_0(A) * C_1(A) * C_0^2 (B)$
	$X\uparrow $	$A\downarrow $	1	0	1	1	$C_1(A) * C_0(A) * C_1^2 (B)$
X = BUFF(A)	$X\downarrow $	$A\downarrow $	1	0	-	-	1
X = BUFF(A)	$X\uparrow $	$A\uparrow $	0	1	-	-	1
X = INV(A)	$X\downarrow $	$A\uparrow $	0	1	-	-	1
X = INV(A)	$X\uparrow $	$A\downarrow $	1	0	-	-	1

Table 4.

Computation of diffp for different gate types. In the case of 2-input gates, we assume without loss of generality that input A is the on-path input and B is the off-path input. The first two columns show the output transition, and the input transition that we are trying to propagate for this on-path input transition. Columns 3–6 show the values that the output (X) and off-path input (B) must take in the first and second cycles to propagate the desired transition. The final column shows the formula to compute diffp in terms of the controllability of the off-path input and observability of output.

	Output trans	Input trans	X		B		Diffp
	Output trans	Input trans	v(1)	v(2)	v(1)	v(2)	Diffp
X = AND(A,B)	$X\downarrow $	$A\downarrow $	1	0	1	1	$OB_1(X) * OB_0(X) * C_1^2 (B)$
X = AND(A,B)	$X\uparrow $	$A\uparrow $	0	1	-	1	$OB_0(X) * OB_1(X) * C_1(B)$
X = OR(A,B)	$X\downarrow $	$A\downarrow $	1	0	-	0	$OB_1(X) * OB_0(X) * C_0(B)$
X = OR(A,B)	$X\uparrow $	$A\uparrow $	0	1	0	0	$OB_0(X) * OB_1(X) * C_0^2 (B)$
X = XOR(A,B)	$X\downarrow $	$A\downarrow $	1	0	0	0	$OB_1(X) * OB_0(X) * C_0^2 (B)$
	$X\downarrow $	$A\uparrow $	1	0	1	1	$OB_1(X) * OB_0(X) * C_1^2 (B)$
	$X\uparrow $	$A\uparrow $	0	1	0	0	$OB_0(X) * OB_1(X) * C_0^2 (B)$
	$X\uparrow $	$A\downarrow $	0	1	1	1	$OB_0(X) * OB_1(X) * C_1^2 (B)$
X = BUFF(A)	$X\downarrow $	$A\downarrow $	1	0	-	-	$OB_1(X) * OB_0(X)$
X = BUFF(A)	$X\uparrow $	$A\uparrow $	0	1	-	-	$OB_0(X) * OB_1(X)$
X = INV(A)	$X\downarrow $	$A\uparrow $	1	0	-	-	$OB_1(X) * OB_0(X)$
X = INV(A)	$X\uparrow $	$A\downarrow $	0	1	-	-	$OB_0(X) * OB_1(X)$

B Montgomery Ladder

To be able to compute the exact attack complexity the details of the Montgomery Ladder are important to determine how many manipulations are performed in each step. Algorithms 3 and 4 describe the details of the assumed Montgomery Ladder implementation.

Computing the Failure Probability of a Scalar Multiplication. In this subsection we describe how the failure probability of a Montgomery Ladder scalar multiplication with schoolbook multiplication on the Trojan Multiplier can be compute. To compute the probability that the computation fails we fist compute the probability that a computation does not fail. As noted previously, in a 255-bit schoolbook integer multiplications with 32-bit word size, 64 multiplications are performed. From this 64 multiplications, 49 multiplications are the multiplications of two 32-bit numbers, while 6 are 32-bit times 31-bit multiplications and one 31-bit times 31-bit multiplications. We again assume that only 32-bit multiplications can result in a faulty response. In 42 multiplications the second operand is the same as in the previous multiplications and hence the probability that such a multiplication fails is:

$$\begin{aligned} P_{M(a_1,a_b)} \cdot P_{M(a_0|a_1,b_1=b_0)} \end{aligned}$$

For 7 multiplications the failure probability is:

$$\begin{aligned} P_{M(a_1,a_b)} \cdot P_{M(a_0,b_1|a_1,b_1)} \end{aligned}$$

The probability that no failure occurs during one Montgomery Ladder step is therefore:

$$\begin{aligned} (1-P_{M(a_1,a_b)})^{42} \cdot (1-P_{M(a_0,b_1|a_1,b_1)})^7 \end{aligned}$$

A 255-bit scalar multiplication requires 254 Montgomery Ladder steps. Hence the probability that a failure occurs is given by:

$$\begin{aligned} 1-((1-P_{M(a_1,a_b)})^{42} \cdot (1-P_{M(a_0,b_1|a_1,b_1)})^7)^{254} \end{aligned}$$

References

1.
Genetic Algorithm. http://www.mathworks.com/discovery/genetic-algorithm.html. Accessed 01 Feb 2016
2.
Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan detection using IC fingerprinting. In: IEEE Symposium on Security and Privacy (SP 2007), pp. 296–310 (2007)Google Scholar
3.
Bao, C., Forte, D., Srivastava, A.: On reverse engineering-based hardware Trojan detection. IEEE Trans. Comput.-Aided Des. Integr. Circ. Syst. 35(1), 49–57 (2016)CrossRefGoogle Scholar
4.
Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware Trojans. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 197–214. Springer, Heidelberg (2013)CrossRefGoogle Scholar
5.
Biham, E., Carmeli, Y., Shamir, A.: Bug attacks. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 221–240. Springer, Heidelberg (2008)CrossRefGoogle Scholar
6.
Biham, E., Carmeli, Y., Shamir, A.: Bug attacks. J. Cryptology 1–31 (2015). http://dx.doi.org/10.1007/s00145-015-9209-1
7.
Brumley, B.B., Barbosa, M., Page, D., Vercauteren, F.: Practical realisation and elimination of an ECC-related software bug attack. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 171–186. Springer, Heidelberg (2012)CrossRefGoogle Scholar
8.
Chakraborty, R.S., Wolff, F., Paul, S., Papachristou, C., Bhunia, S.: MERO: a statistical approach for hardware Trojan detection. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 396–410. Springer, Heidelberg (2009)CrossRefGoogle Scholar
9.
Eggersgl, S., Wille, R., Drechsler, R.: Improved SAT-based ATPG: more constraints, better compaction. In: IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 85–90 (2013)Google Scholar
10.
Ghandali, S., Alizadeh, B., Navabi, Z.: Low power scheduling in high-level synthesis using dual-Vth library. In: 16th International Symposium on Quality Electronic Design (ISQED), pp. 507–511 (2015)Google Scholar
11.
Gupta, P., Kahng, A.B., Sharma, P., Sylvester, D.: Gate-length biasing for runtime-leakage control. IEEE Trans. Comput.-Aided Des. Integr. Circ. Syst. 25(8), 1475–1485 (2006)CrossRefGoogle Scholar
12.
Heragu, K., Agrawal, V., Bushnell, M.: FACTS: fault coverage estimation by test vector sampling. In: Proceedings of IEEE VLSI Test Symposium, pp. 266–271 (1994)Google Scholar
13.
Hicks, M., Finnicum, M., King, S.T., Martin, M.M., Smith, J.M.: Overcoming an untrusted computing base: detecting and removing malicious hardware automatically. In: IEEE Symposium on Security and Privacy (SP 2010), pp. 159–172 (2010)Google Scholar
14.
Karri, R., Rajendran, J., Rosenfeld, K., Tehranipoor, M.: Trustworthy hardware: identifying and classifying hardware Trojans. Computer 10, 39–46 (2010)CrossRefGoogle Scholar
15.
King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. In: Proceedings of the 1st USENIX Workshop on Large-scale Exploits and Emergent Threats (LEET 08), pp. 1–8 (2008)Google Scholar
16.
Kulkarni, S.H., Sylvester, D.M., Blaauw, D.T.: Design-time optimization of post-silicon tuned circuits using adaptive body bias. IEEE Trans. Comput. Aided Des. Integr. Circ. Syst. 27(3), 481–494 (2008)CrossRefGoogle Scholar
17.
Kumar, R., Jovanovic, P., Burleson, W., Polian, I.: Parametric Trojans for fault-injection attacks on cryptographic hardware. In: 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 18–28. IEEE (2014)Google Scholar
18.
Lin, L., Kasper, M., Güneysu, T., Paar, C., Burleson, W.: Trojan side-channels: lightweight hardware Trojans through side-channel engineering. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 382–395. Springer, Heidelberg (2009)CrossRefGoogle Scholar
19.
Rajendran, J., Jyothi, V., Karri, R.: Blue team red team approach to hardware trust assessment. In: IEEE 29th International Conference on Computer Design (ICCD 2011), pp. 285–288, October 2011Google Scholar
20.
Rajendran, J., Jyothi, V., Sinanoglu, O., Karri, R.: Design and analysis of ring oscillator based design-for-trust technique. In: 29th IEEE VLSI Test Symposium (VTS 2011), pp. 105–110 (2011)Google Scholar
21.
Saha, S., Chakraborty, R.S., Nuthakki, S.S., Mukhopadhyay, D.: Improved test pattern generation for hardware Trojan detection using genetic algorithm and Boolean satisfiability. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 577–596. Springer, Heidelberg (2015)CrossRefGoogle Scholar
22.
Sasdrich, P., Güneysu, T.: Implementing Curve25519 for side-channel-protected elliptic curve cryptography. ACM Trans. Reconfigurable Technol. Syst. (TRETS) 9(1), 3 (2015)Google Scholar
23.
Shiyanovskii, Y., Wolff, F., Rajendran, A., Papachristou, C., Weyer, D., Clay, W.: Process reliability based Trojans through NBTI and HCI effects. In: NASA/ESA Conference on Adaptive Hardware and Systems (AHS 2010), pp. 215–222 (2010)Google Scholar
24.
Sugawara, T., Suzuki, D., Fujii, R., Tawa, S., Hori, R., Shiozaki, M., Fujino, T.: Reversing stealthy dopant-level circuits. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 112–126. Springer, Heidelberg (2014)Google Scholar
25.
Tang, X., Zhou, H., Banerjee, P.: Leakage power optimization with dual-Vth library in high-level synthesis. In: 42nd Annual Design Automation Conference (DAC 2005), pp. 202–207 (2005)Google Scholar
26.
Waksman, A., Sethumadhavan, S.: Silencing hardware backdoors. In: IEEE Symposium on Security and Privacy (SP 2011), pp. 49–63 (2011)Google Scholar

Copyright information

Authors and Affiliations

Samaneh Ghandali
- 1
Email author
Georg T. Becker
- 2
Daniel Holcomb
- 1
Christof Paar
- 1
- 2

1.University of Massachusetts AmherstAmherstUSA
2.Horst Görtz Institut for IT-SecurityRuhr-Universität BochumBochumGermany

	Output trans	Input trans	A		B		Diffj
	Output trans	Input trans	v(1)	v(2)	v(1)	v(2)	Diffj
X = AND(A,B)	\(X\downarrow \)	\(A\downarrow \)	1	0	1	1	\(C_1(A) * C_0(A) * C_1^2 (B)\)
X = AND(A,B)	\(X\uparrow \)	\(A\uparrow \)	0	1	-	1	\(C_0(A) * C_1(A) * C_1(B)\)
X = OR(A,B)	\(X\downarrow \)	\(A\downarrow \)	1	0	-	0	\(C_1(A) * C_0(A) * C_0(B)\)
X = OR(A,B)	\(X\uparrow \)	\(A\uparrow \)	0	1	0	0	\(C_0(A) * C_1(A) * C_0^2 (B)\)
X = XOR(A,B)	\(X\downarrow \)	\(A\downarrow \)	1	0	0	0	\(C_1(A) * C_0(A) * C_0^2 (B)\)
	\(X\downarrow \)	\(A\uparrow \)	0	1	1	1	\(C_0(A) * C_1(A) * C_1^2 (B)\)
	\(X\uparrow \)	\(A\uparrow \)	0	1	0	0	\(C_0(A) * C_1(A) * C_0^2 (B)\)
	\(X\uparrow \)	\(A\downarrow \)	1	0	1	1	\(C_1(A) * C_0(A) * C_1^2 (B)\)
X = BUFF(A)	\(X\downarrow \)	\(A\downarrow \)	1	0	-	-	1
X = BUFF(A)	\(X\uparrow \)	\(A\uparrow \)	0	1	-	-	1
X = INV(A)	\(X\downarrow \)	\(A\uparrow \)	0	1	-	-	1
X = INV(A)	\(X\uparrow \)	\(A\downarrow \)	1	0	-	-	1

	Output trans	Input trans	X		B		Diffp
	Output trans	Input trans	v(1)	v(2)	v(1)	v(2)	Diffp
X = AND(A,B)	\(X\downarrow \)	\(A\downarrow \)	1	0	1	1	\(OB_1(X) * OB_0(X) * C_1^2 (B)\)
X = AND(A,B)	\(X\uparrow \)	\(A\uparrow \)	0	1	-	1	\(OB_0(X) * OB_1(X) * C_1(B)\)
X = OR(A,B)	\(X\downarrow \)	\(A\downarrow \)	1	0	-	0	\(OB_1(X) * OB_0(X) * C_0(B)\)
X = OR(A,B)	\(X\uparrow \)	\(A\uparrow \)	0	1	0	0	\(OB_0(X) * OB_1(X) * C_0^2 (B)\)
X = XOR(A,B)	\(X\downarrow \)	\(A\downarrow \)	1	0	0	0	\(OB_1(X) * OB_0(X) * C_0^2 (B)\)
	\(X\downarrow \)	\(A\uparrow \)	1	0	1	1	\(OB_1(X) * OB_0(X) * C_1^2 (B)\)
	\(X\uparrow \)	\(A\uparrow \)	0	1	0	0	\(OB_0(X) * OB_1(X) * C_0^2 (B)\)
	\(X\uparrow \)	\(A\downarrow \)	0	1	1	1	\(OB_0(X) * OB_1(X) * C_1^2 (B)\)
X = BUFF(A)	\(X\downarrow \)	\(A\downarrow \)	1	0	-	-	\(OB_1(X) * OB_0(X)\)
X = BUFF(A)	\(X\uparrow \)	\(A\uparrow \)	0	1	-	-	\(OB_0(X) * OB_1(X)\)
X = INV(A)	\(X\downarrow \)	\(A\uparrow \)	1	0	-	-	\(OB_1(X) * OB_0(X)\)
X = INV(A)	\(X\uparrow \)	\(A\downarrow \)	0	1	-	-	\(OB_0(X) * OB_1(X)\)

A Design Methodology for Stealthy Parametric Trojans and Its Application to Bug Attacks

Abstract

Supplementary material

References

Copyright information

Authors and Affiliations

Personalised recommendations

Cite paper