Post-configuration Activation of Hardware Trojans in FPGAs
Q.A. Ahmed, T. Wiersema, M. Platzner, Journal of Hardware and Systems Security 8 (2024) 79–93.
Download
Es wurde kein Volltext hochgeladen. Nur Publikationsnachweis!
Artikel
| Veröffentlicht
| Englisch
Autor*in
Ahmed, Qazi Arbab ;
Wiersema, Tobias;
Platzner, Marco
Abstract
The battle of developing hardware Trojans and corresponding countermeasures has taken adversaries towards ingenious ways of compromising hardware designs by circumventing even advanced testing and verification methods. Besides conventional methods of inserting Trojans into a design by a malicious entity, the design flow for field-programmable gate arrays (FPGAs) can also be surreptitiously compromised to perform successful attacks that result in malfunctions or information leakages. In this paper, we introduce a mechanism for the post-configuration activation of a Trojan that leverages malicious routing so that the attacker can leave the Trojan circuit in an undetectable dormant state even in the generated and transmitted bitstream. The Trojan is designed, for example, by adding an enable signal that is routed to an unused primary input/output of the FPGA or by attaching the payload via one route to the remaining design, and then that new route is disconnected during place-and-route and only re-connected when the FPGA is being programmed. The trigger can thus only be activated once the circuit is on the device, which leaves the Trojan dormant in all verification and pre-silicon testing steps. This Trojan can therefore currently neither be prevented by conventional testing and verification methods nor by bitstream-level verification techniques. Since our method ensures that the malicious circuitry is only active in the field, the approach works also quite well with triggerless (always-on) Trojans that have a negligible impact on the overall area and power consumption of the circuit and can thus easily escape detection by fingerprinting techniques using side-channel analyses.
Erscheinungsjahr
Zeitschriftentitel
Journal of Hardware and Systems Security
Band
8
Zeitschriftennummer
2
Seite
79-93
ISSN
eISSN
FH-PUB-ID
Zitieren
Ahmed, Qazi Arbab ; Wiersema, Tobias ; Platzner, Marco: Post-configuration Activation of Hardware Trojans in FPGAs. In: Journal of Hardware and Systems Security Bd. 8, Springer Science and Business Media LLC (2024), Nr. 2, S. 79–93
Ahmed QA, Wiersema T, Platzner M. Post-configuration Activation of Hardware Trojans in FPGAs. Journal of Hardware and Systems Security. 2024;8(2):79-93. doi:10.1007/s41635-024-00147-5
Ahmed, Q. A., Wiersema, T., & Platzner, M. (2024). Post-configuration Activation of Hardware Trojans in FPGAs. Journal of Hardware and Systems Security, 8(2), 79–93. https://doi.org/10.1007/s41635-024-00147-5
@article{Ahmed_Wiersema_Platzner_2024, title={Post-configuration Activation of Hardware Trojans in FPGAs}, volume={8}, DOI={10.1007/s41635-024-00147-5}, number={2}, journal={Journal of Hardware and Systems Security}, publisher={Springer Science and Business Media LLC}, author={Ahmed, Qazi Arbab and Wiersema, Tobias and Platzner, Marco}, year={2024}, pages={79–93} }
Ahmed, Qazi Arbab, Tobias Wiersema, and Marco Platzner. “Post-Configuration Activation of Hardware Trojans in FPGAs.” Journal of Hardware and Systems Security 8, no. 2 (2024): 79–93. https://doi.org/10.1007/s41635-024-00147-5.
Q. A. Ahmed, T. Wiersema, and M. Platzner, “Post-configuration Activation of Hardware Trojans in FPGAs,” Journal of Hardware and Systems Security, vol. 8, no. 2, pp. 79–93, 2024.
Ahmed, Qazi Arbab, et al. “Post-Configuration Activation of Hardware Trojans in FPGAs.” Journal of Hardware and Systems Security, vol. 8, no. 2, Springer Science and Business Media LLC, 2024, pp. 79–93, doi:10.1007/s41635-024-00147-5.