Abstract
System-on-Chips (SoCs) are widely used in designing Internet-of-Things (IoT) devices. In order to ensure the security of IoT devices, it is crucial to guarantee the trustworthiness of SoCs. Verifying the trust in SoCs is a major challenge due to their long and globally distributed supply chain. Malicious components can be inserted in different stages of the design cycle. These malicious functionalities work as a backdoor to severely affect the security of the design by giving control of the system to adversaries. The threat creates a critical need for designing new validation approaches that are capable of identifying hidden Trojans. Existing validation techniques cannot efficiently activate and detect Trojans since Trojans are designed to be inactive most of the time and triggered using very rare events. For example, if an adversary wants to hide a Trojan in register-transfer level (RTL) designs, rare branches would be an ideal choice to host Trojans. In this chapter, we introduce a Trojan activation technique that utilizes an effective combination of symbolic simulation as well as concrete execution to identify Trojans that are hidden under rare branches and assignments. The technique is scalable as it considers one path at a time instead of considering the whole design. It uses satisfiability modulo theories (SMT) solvers to solve the path constraints in order to generate a valid test to explore a new path in the design. The exploration continues until all of the rare branches in the design are activated in the search for hidden Trojans.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Opencores website (2017). https://www.opencores.org
TrustHub website (2017). https://www.trust-hub.org
Ahmed, A., Farahmandi, F., Mishra, P.: Directed test generation using concolic testing on RTL models. In: 2018 Design, Automation and Test in Europe Conference and Exhibition (DATE), pp. 1538–1543. IEEE (2018)
Ahmed, A., Mishra, P.: QUEBS: Qualifying event based search in concolic testing for validation of RTL models. In: 2017 IEEE 35th International Conference on Computer Design (ICCD), pp. 185–192. IEEE (2017)
Banga, M., Hsiao, M.S.: Trusted RTL: trojan detection methodology in pre-silicon designs. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 56–59. IEEE (2010)
Biere, A., Cimatti, A., Clarke, E.M., Fujita, M., Zhu, Y.: Symbolic model checking using SAT procedures instead of BDDs. In: Proceedings of the 36th Annual ACM/IEEE Design Automation Conference, pp. 317–320. ACM (1999)
Burnim, J., Sen, K.: Heuristics for scalable dynamic test generation. In: ASE, pp. 443–446 (2008)
Chakraborty, R.S., Narasimhan, S., Bhunia, S.: Hardware trojan: threats and emerging solutions. In: 2009 IEEE International High Level Design Validation and Test Workshop, HLDVT 2009, pp. 166–171. IEEE (2009)
Chakraborty, R.S., Wolff, F., Paul, S., Papachristou, C., Bhunia, S.: Mero: a statistical approach for hardware trojan detection. In: Cryptographic Hardware and Embedded Systems-CHES 2009, pp. 396–410. Springer (2009)
Chandra, S., et al.: Snugglebug: a powerful approach to weakest preconditions. In: SIGPLAN, vol. 44, pp. 363–374 (2009)
Charreteur, F., Gotlieb, A.: Constraint-based test input generation for java bytecode. In: ISSRE, pp. 131–140 (2010)
Chen, M., Mishra, P.: Functional test generation using efficient property clustering and learning techniques. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 29(3), 396–404 (2010)
Chen, M., Mishra, P.: Property learning techniques for efficient generation of directed tests. IEEE Trans. Comput. 60(6), 852–864 (2011)
Chen, M., Qin, X., Koo, H.-M., Mishra, P.: System-Level Validation: High-Level Modeling and Directed Test Generation Techniques. Springer Science & Business Media (2012)
Chen, M., et al.: Automatic RTL test generation from systemC TLM specifications. TECS 11, 38 (2012)
Corno, F., et al.: RT-level ITC’99 benchmarks and first ATPG results. IEEE Des. Test Comput. 17(3), 44–53 (2000)
Cruz, J., Farahmandi, F., Ahmed, A., Mishra, P.: Hardware trojan detection using ATPG and model checking. In: International Conference on VLSI Design (2018)
Dinges, P., Agha, G.: Targeted test input generation using symbolic-concrete backward execution. In: ASE, pp. 31–36 (2014)
Dutertre, B., De Moura, L.: The Yices SMT solver. 2:1–2 (2006). Tool paper. http://yices.csl.sri.com/tool-paper.pdf
Farahmandi, F., Huang, Y., Mishra, P.: Trojan localization using symbolic algebra. In: 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 591–597. IEEE (2017)
Farahmandi, F., Mishra, P.: Automated test generation for debugging arithmetic circuits. In: DATE, pp. 1351–1356 (2016)
Farahmandi, F., Mishra, P.: Automated debugging of arithmetic circuits using incremental gröbner basis reduction. In: 2017 IEEE 35th International Conference on Computer Design (ICCD), pp. 193–200. IEEE (2017)
Farahmandi, F., Mishra, P.: FSM anomaly detection using formal analysis. In: 2017 IEEE 35th International Conference on Computer Design (ICCD), pp. 313–320. IEEE (2017)
Godefroid, P., et al.: DART: directed automated random testing. In: ACM SIGPLAN Notices, vol. 40, pp. 213–223 (2005)
Guo, X., Dutta, R.G., Jin, Y., Farahmandi, F., Mishra, P.: Pre-silicon security verification and validation: a formal perspective. In: Proceedings of the 52nd Annual Design Automation Conference, p. 145. ACM (2015)
Hicks, M., Finnicum, M., King, S.T., Martin, M.M., Smith, J.M.: Overcoming an untrusted computing base: detecting and removing malicious hardware automatically. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 159–172. IEEE (2010)
Hu, W., et al.: Detecting hardware trojans with gate-level information-flow tracking. Computer 44–52 (2016)
Koo, H.-M., Mishra, P.: Functional test generation using design and property decomposition techniques. ACM Trans. Embed. Comput. Syst. (TECS) 8(4), 32 (2009)
Li, Y., et al.: Steering symbolic execution to less traveled paths. In: ACM SIGPLAN Notices, vol. 48, pp. 19–32 (2013)
Liu, L., Vasudevan, S.: STAR: generating input vectors for design validation by static analysis of RTL. In: HLDVT, pp. 32–37 (2009)
Liu, L., Vasudevan, S.: Efficient validation input generation in RTL by hybridized source code analysis. In: DATE, pp. 1–6 (2011)
Liu, L., et al.: Scaling input stimulus generation through hybrid static and dynamic analysis of RTL. TODAES 20, 4 (2014)
Lyu, Y., Qin, X., Chen, M., Mishra, P.: Directed test generation for validation of cache coherence protocols. IEEE Trans. Comput. Aided Des. Integr, Circuits Syst (2018)
Mishra, P., Dutt, N.: Specification-driven directed test generation for validation of pipelined processors. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 13(3), 42 (2008)
Mukherjee, R., et al.: Hardware verification using software analyzers. In: ISVLSI, pp. 7–12 (2015)
Park, S., et al.: Carfast: achieving higher statement coverage faster. In: FSE, p. 35 (2012)
Pnueli, A.: The temporal semantics of concurrent programs. Theor. Comput. Sci. 13(1), 45–60 (1981)
Qin, X., Mishra, P.: Directed test generation for validation of multicore architectures. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 17(3), 24 (2012)
Qin, X., Mishra, P.: Scalable test generation by interleaving concrete and symbolic execution. In: VLSID, pp. 104–109 (2014)
Rajendran, J., Vedula, V., Karri, R.: Detecting malicious modifications of data in third-party intellectual property cores. In: Proceedings of the 52nd Annual Design Automation Conference, p. 112. ACM (2015)
Salmani, H., et al.: On design vulnerability analysis and trust benchmarks development. In: ICCD, pp. 471–474 (2013)
Sen, K., Agha, G.: CUTE and jCUTE: concolic unit testing and explicit path model-checking tools. In: CAV, pp. 419–423 (2006)
Sen, K., et al.: CUTE: a concolic unit testing engine for C. In: ACM SIGSOFT Software Engineering Notes, vol. 30, pp. 263–272 (2005)
Seo, H., Kim, S.: How we get there: a context-guided search strategy in concolic testing. In: FSE, pp. 413–424 (2014)
Sturton, C., Hicks, M., Wagner, D., King, S.T.: Defeating UCI: building stealthy and malicious hardware. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 64–77. IEEE (2011)
Tehranipoor, M., Koushanfar, F.: A survey of hardware trojan taxonomy and detection. IEEE Des. Test Comput. 27(1) (2010)
Waksman, A., Suozzo, M., Sethumadhavan, S.: Fanci: identification of stealthy malicious logic using boolean functional analysis. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 697–708. ACM (2013)
Williams, S.: Icarus Verilog (2006). http://iverilog.icarus.com/
Zhang, J., Yuan, F., Wei, L., Liu, Y., Xu, Q.: Veritrust: verification for hardware trust. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 34(7), 1148–1161 (2015)
Zhang, J., Yuan, F., Xu, Q.: Detrust: defeating hardware trust verification with stealthy implicitly-triggered hardware trojans. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 153–166. ACM (2014)
Zhang, X., Tehranipoor, M.: Case study: detecting hardware trojans in third-party digital IP cores. In: 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 67–70. IEEE (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ahmed, A., Farahmandi, F., Iskander, Y., Mishra, P. (2019). Security and Trust Verification of IoT SoCs. In: Chakraborty, R., Mathew, J., Vasilakos, A. (eds) Security and Fault Tolerance in Internet of Things. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-02807-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-02807-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02806-0
Online ISBN: 978-3-030-02807-7
eBook Packages: EngineeringEngineering (R0)