Paper 2022/1720

Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology Generations

Endres Puschner, Max Planck Institute for Security and Privacy
Thorben Moos, Université catholique de Louvain
Steffen Becker, Ruhr University Bochum, Max Planck Institute for Security and Privacy
Christian Kison, Bundeskriminalamt
Amir Moradi, Ruhr University Bochum
Christof Paar, Max Planck Institute for Security and Privacy
Abstract

Verifying the absence of maliciously inserted Trojans in ICs is a crucial task – especially for security-enabled products. Depending on the concrete threat model, different techniques can be applied for this purpose. Assuming that the original IC layout is benign and free of backdoors, the primary security threats are usually identified as the outsourced manufacturing and transportation. To ensure the absence of Trojans in commissioned chips, one straightforward solution is to compare the received semiconductor devices to the design files that were initially submitted to the foundry. Clearly, conducting such a comparison requires advanced laboratory equipment and qualified experts. Nevertheless, the fundamental techniques to detect Trojans which require evident changes to the silicon layout are nowadays well-understood. Despite this, there is a glaring lack of public case studies describing the process in its entirety while making the underlying datasets publicly available. In this work, we aim to improve upon this state of the art by presenting a public and open hardware Trojan detection case study based on four different digital ICs using a Red Team vs. Blue Team approach. Hereby, the Red Team creates small changes acting as surrogates for inserted Trojans in the layouts of 90 nm, 65 nm, 40 nm, and 28 nm ICs. The quest of the Blue Team is to detect all differences between digital layout and manufactured device by means of a GDSII–vs–SEM-image comparison. Can the Blue Team perform this task efficiently? Our results spark optimism for the Trojan seekers and answer common questions about the efficiency of such techniques for relevant IC sizes. Further, they allow to draw conclusions about the impact of technology scaling on the detection performance.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. IEEE Symposium on Security and Privacy 2023
Keywords
Hardware Trojans Very Large Scale Integration GDSII Integrated Circuits Verification
Contact author(s)
endres puschner @ mpi-sp org
thorben moos @ uclouvain be
steffen becker @ rub de
christian kison @ rub de
amir moradi @ rub de
christof paar @ mpi-sp org
History
2022-12-13: approved
2022-12-12: received
See all versions
Short URL
https://ia.cr/2022/1720
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1720,
      author = {Endres Puschner and Thorben Moos and Steffen Becker and Christian Kison and Amir Moradi and Christof Paar},
      title = {Red Team vs. Blue Team: A Real-World Hardware Trojan Detection Case Study Across Four Modern {CMOS} Technology Generations},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1720},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1720}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.