Development of comprehensive threat model and detection mechanism for hardware trojan in mixed signal circuit

Abstract

Trustworthiness of Integrated Circuit (IC) due to Hardware Trojan (HT) is now a burning issue in semiconductor industry. Over the last decade extensive research has been carried on different aspects of HT for digital circuits. However, the HT issue remains largely unexplored in the domain of Analog Mixed Signal (AMS)/ RF circuit where it is now an appealing target for the attackers. Increasing popularity of OFDM based wireless cryptographic ICs in modern communication systems makes it a lucrative target for the HT based attacks which could have devastating impact on data security.This thesis presents a comprehensive threat model for Analog Mixed Signal (AMS)/ RF IC. A trigger based analog Trojan isdeveloped and inserted into the AES based OFDM transceiver IC and demonstrated that it is capable of leaking secret encryption key to the attacker by exploiting the Extended Cyclic Prefix (ECP) property of OFDM communication scheme without affecting the legitimate data. The trigger of the HT in transmitter is implemented by modifying the Linear Frequency Shift Register (LFSR) circuitry used for Built-in Self-Test (BIST) purpose.The payload of HT is designed by adding additional 8-point IFFT, 8-point QAM modulator and a modified cyclic prefix addition block in the transmitter to replace some of the ECP bits with Trojan data bits.HT in the receiver is triggered using rare sequence in the input ports.Its payload is designed using the same hardware in the receiver and modified cyclic prefix removal block to extract Trojan data bits from the ECP. The extracted trojan data is then transferredto the attacker using test ports. The detection mechanism developed in this thesis is an on-chip CP validator named SENTRYthat captures the transmitted data and calculates the Cyclic Prefix (CP) from the OFDM data packets which is then compared with a tight tolerance against the embedded CP in OFDM waveforms. From functional simulation it is observed that during dormant stage the HT infested ICs are indistinguishable from the HT free ICs and after triggering the HT requires at least 8 OFDM symbols to leak the secret encryption key.It is also observed thatSENTRY can successfully distinguish between HT free IC and HT infested ICs when the HT is triggered.The current research is compared with those of other researchers and shown that it is ornamented with unique exploit and detection mechanism of the Trojan. In future the proposed design can be fabricated and conducted experiments for further verification of the simulation results.