Conclusions and Outlook to the Future
Malicious hardware is not anymore a hypothesized but rather a realistic threat. It is possible to inject a hardware Trojan horse in one of the many stages of the hardware design and fabrication flow. Malevolent actors become more and more sophisticated and improve their capabilities. Applying a process of secure development and rigorous testing at each production stage, such as the one proposed in , can reveal circuit manipulations early enough so as avoid disastrous effects after fabrication. Yet, the possibility of receiving a chip with hidden Trojan functionality cannot be excluded.
Detecting the presence or the operation of a hardware Trojan horse requires an arsenal of tools, methods, and techniques. Each of them may be able to conclude that a given parameter or characteristic of an IC under test is within the acceptable limits of operation. Yet, even then, it is not sufficient so as to ensure the absence of a hardware Trojan inside the tested IC that operates under the radar or that is activated under a specific pattern. This discloses nothing more for the rest of the chips that are on the same production batch but was not feasible to test due to budget and time constraints.
From an attacker point of view, the two major obstacles to overcome for inserting a Trojan relate to the moment of the insertion during the design and fabrication workflow and to the controllability of the Trojan activation while remaining hidden during the various tests of the circuits.
The required infrastructure for testing and the increasing sophistication of the techniques indicate that it may not be possible to collect all resources under the same roof. Rather, a collaborative approach, such as the one pursued in the context of the TRUDEVICE network (http://www.trudevice.com/) may be preferable, where research teams and institutions with different skills and equipment combine forces as to achieve economies of scale, reproducibility of the experiments, and detection techniques using different equipment.
In this context, we presented two novel hardware Trojan works that target cryptographic constructs implemented in hardware. The focus of our contribution is on the use of ring oscillators as an attack and as a defense vector. The first relates to the manipulation of the ring oscillator output when used as a source of entropy for implementing in hardware a true random number generator (TRNG). We showed that it is possible to bypass embedded online testing of conformance and produce output patterns with detectable patterns. Such patterns can be a stepping stone toward launching more complex attacks on cryptographic algorithms. Even the slightest knowledge of key bits produced by a TRNG can be beneficial for an attacker.
The second relates to the use of ring oscillators for detecting the presence of a hardware Trojan. We showed that transient-effect ring oscillators (TERO) can have further uses than those proposed already in the literature as constructs of TRNGs or PUFs: TERO can also be used to detect the presence of a hardware Trojan. Furthermore, we showed that the length of a TERO affects its oscillation frequency and that shorter TEROs exhibit higher frequencies thus, they are more sensitive compared to conventional ROs to the presence of Trojans.
Drawing the experience of the software world, malware is still an unsolved problem after 40 years of existence. It would be unrealistic to expect a solution for the hardware malware immediately. However, we should aim for appropriate proactive and reactive defenses, as well as testing methodologies and practices, such as the one proposed in . These can reduce the risk of hardware Trojan injection in first place and increase our trust on these devices that they operate as specified, without hidden functionality that can harm any part of our society.
Acknowledgements This work was supported in part by the EU COST Action IC1204 Trustworthy Manufacturing and Utilization of Secure Devices (TRUDEVICE), the GSRT Action “KRIPIS” with national (Greece) and EU funds, in the context of the research project “ISRTDI” while P. Kitsos and A.G. Voyiatzis were with the Industrial Systems Institute of the “Athena” Research and Innovation Centerin ICT and Knowledge Technologies, and the COMET K1 program by the Austrian Research Promotion Agency (FFG), while A.G. Voyiatzis was with SBA Research.