Post-configuration Activation of Hardware Trojans in FPGAs

The battle of developing hardware Trojans and corresponding countermeasures has taken adversaries towards ingenious ways of compromising hardware designs by circumventing even advanced testing and verification methods. Besides conventional methods of inserting Trojans into a design by a malicious entity, the design flow for field-programmable gate arrays (FPGAs) can also be surreptitiously compromised to perform successful attacks that result in malfunctions or information leakages. In this paper, we introduce a mechanism for the post-configuration activation of a Trojan that leverages malicious routing so that the attacker can leave the Trojan circuit in an undetectable dormant state even in the generated and transmitted bitstream. The Trojan is designed, for example, by adding an enable signal that is routed to an unused primary input/output of the FPGA or by attaching the payload via one route to the remaining design, and then that new route is disconnected during place-and-route and only re-connected when the FPGA is being programmed. The trigger can thus only be activated once the circuit is on the device, which leaves the Trojan dormant in all verification and pre-silicon testing steps. This Trojan can therefore currently neither be prevented by conventional testing and verification methods nor by bitstream-level verification techniques. Since our method ensures that the malicious circuitry is only active in the field, the approach works also quite well with triggerless (always-on) Trojans that have a negligible impact on the overall area and power consumption of the circuit and can thus easily escape detection by fingerprinting techniques using side-channel analyses.