CN105046153A - Hardware trojan horse detection method based on few-state point analysis - Google Patents
Hardware trojan horse detection method based on few-state point analysis Download PDFInfo
- Publication number
- CN105046153A CN105046153A CN201510465280.8A CN201510465280A CN105046153A CN 105046153 A CN105046153 A CN 105046153A CN 201510465280 A CN201510465280 A CN 201510465280A CN 105046153 A CN105046153 A CN 105046153A
- Authority
- CN
- China
- Prior art keywords
- state point
- circuit
- few
- trojan horse
- few state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A hardware trojan horse detection method based on few-state point analysis comprises the steps of: S1: integrating RTL-level suspicious codes to obtain a gate-level net list of a circuit; S2: applying random excitation to the gate-level net list obtained by integration and checking a turn-over rate; if the turn-over rate is 100%, judging that the circuit does not have trojan horse therein; if the turn-over rate does not reach 100%, primarily judging that the circuit possibly has the trojan horse and going to the step S3; and S3: analyzing data of the turn-over rate in details to find out a few-state point which is rarely turned over, if the distribution of the few-state points is relatively discrete, primarily judging that the circuit does not have the trojan horse therein, and if the distribution of the few-state points is relatively concentrated, primarily judging that the circuit possibly has the trojan horse. The hardware trojan horse detection method based on the few-state point analysis has the advantages of easiness for implementation, high recognition efficiency, low detection cost and the like.
Description
Technical field
The present invention is mainly concerned with chip secure detection field, refers in particular to a kind of hardware Trojan horse detection method based on few state point analysis.
Background technology
Integrated circuit (IC) is as the vitals of modern computer and electronic applications, and its complexity is in continuous increase, and as the basis of information industry, its safety and reliability has extremely important meaning.The nineties in last century, because the manufacturing technology of integrated circuit experienced by develop fast, chip design scale increases greatly, and chip complexity sharply increases, and larger wide gap has appearred in the complexity that the ability of designer and chip are needed.In order to make up this wide gap, designer have employed facilitating chip design process to shorten the design cycle.Just there is many IP suppliers in this, specially for third party provides reusable integrated circuit modules.And integrated circuit (IC) design is separated with manufacturing, bring potential safety hazard to chip.
Hardware Trojan horse (hardwaretrojan), refers in chip design, fabrication phase small in good hardware circuit by what maliciously implant.Hardware Trojan horse, as the extremely strong information attack technology of a kind of disguise, has disguised strong, the feature such as destructive power is large, design urban d evelopment is high, protection detection difficulty is large.May implant in (design phase) in incredible IP kernel or domain, also may be implanted by incredible production firm (production phase).And hardware Trojan horse is once be activated, dead switch (KillSwitch) will be adopted to cause system crash, or leaving system backdoor (Backdoor) cause leaking data, finally causes security threat to user.
In recent years, along with the raising of attention rate, hardware Trojan horse detection technique obtains fast development, and in the detection technique of hardware Trojan horse, accuracy of detection is high, become based on the hardware Trojan horse detection technique of power consumption information the focus that academia pays close attention to gradually in the bypass analysis of Be very effective.But be easy at the gatherer process of bypass message the interference being subject to the factors such as noise, and the scale of hardware Trojan horse circuit is usually smaller, and be substantially in " dormancy " state when not being touched, the bypass message opposite chip or even inappreciable therefore produced by it.On the other hand, along with constantly reducing of IC characteristic dimension, noise has reached very important stage to the impact of bypass message, and this is brought severe challenge based in the hardware Trojan horse detection technique of bypass message.
Summary of the invention
The technical problem to be solved in the present invention is just: the technical matters existed for prior art, the invention provides a kind of easy enforcement, recognition efficiency high, detect the little hardware Trojan horse detection method based on few state point analysis of cost.
For solving the problems of the technologies described above, the present invention by the following technical solutions:
Based on a hardware Trojan horse detection method for few state point analysis, the steps include:
S1: carry out comprehensively, obtaining the gate level netlist of circuit to RTL suspect code;
S2: arbitrary excitation is applied to the gate level netlist obtained after comprehensive, then checks upset rate; If upset rate is 100%, so judge in this circuit not containing wooden horse; If upset rate could not reach 100%, so tentatively judge that this circuit may contain wooden horse, enter step S3;
S3: the data of labor upset rate, finds out few state point of relatively less upset; If the distribution of few state point is comparatively discrete, then tentatively judge in this circuit not containing wooden horse; If the distribution of few state point is comparatively concentrated, so tentatively judge may contain wooden horse in this circuit.
As a further improvement on the present invention: also comprise on the basis of described step S3: S4: add test and excitation to reduce few state point; Few state point after repeatedly adding excitation is analyzed: if comparatively discrete, tentatively judge in this circuit not containing wooden horse; If the distribution of few state point is comparatively concentrated, so judge in this circuit containing wooden horse.
As a further improvement on the present invention: in above-mentioned steps S2 and step S3, after judging to draw the conclusion not containing wooden horse, also confirm further by manual analysis mode.
Compared with prior art, the invention has the advantages that:
Whether 1, the hardware Trojan horse detection method based on few state point analysis of the present invention, can exist hardware Trojan horse analysis in the soft core of IP, improves the recognition efficiency of hardware Trojan horse.
2, the hardware Trojan horse detection method based on few state point analysis of the present invention, be the few state point location analytical approach of upset driven based on upset rate, whole method is implemented simple, detects cost little, effectively can carry out examination and analysb to the wooden horse of particular type, applicability is stronger.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the inventive method.
Fig. 2 is the upset rate report schematic diagram that the present invention applies 20 groups of arbitrary excitations in embody rule example.
Fig. 3 is the upset rate report schematic diagram that the present invention applies 2,000 group of arbitrary excitation in embody rule example.
Fig. 4 is the upset rate report schematic diagram that the present invention applies 100,000 group of arbitrary excitation in embody rule example.
Fig. 5 is the present invention's signal net1-net8 logical relation schematic diagram in embody rule example.
Fig. 6 is the schematic diagram of the present invention's questionable signal logical relation in embody rule example.
Fig. 7 is the present invention's MOAI22D0BWP12T logical diagram in embody rule example.
Embodiment
Below with reference to Figure of description and specific embodiment, the present invention is described in further details.
Find the few state point in circuit, utilize these few state points as hardware Trojan horse method for designing one of method for designing becoming main flow of Trigger Logic.Often use few state point to attack in hardware Trojan horse design implantation process, thus increase success attack probability and disguise.And for multiple spot triggering technique, the function logic of its hardware Trojan horse can't be activated when circuit normally works, even if that is some deviser can carry out special hiding to wooden horse circuit, but the trigger point of its function logic and whole function logic are bound to be few state point.Therefore, the present invention, just based on above-mentioned principle, is analyzed hardware Trojan horse attack by location statistical study upset being lacked to state point.
The present invention is by carrying out comprehensively to RTL suspect code, excitation is applied to the gate level netlist comprehensively obtained, few state point is determined according to analog result, apply to organize arbitrary excitation to circuit under test more, analyze the few state point in circuit under test and its distribution situation, in source code, few state point interrelated logic is positioned and analysis, search hardware Trojan horse.
As shown in Figure 1, the hardware Trojan horse detection method based on few state point analysis of the present invention, the steps include:
S1: carry out comprehensively, obtaining the gate level netlist of circuit to RTL suspect code;
Namely carry out comprehensively, obtaining the gate level netlist of circuit to target AES circuit RTL suspect code;
S2: arbitrary excitation is applied to the gate level netlist obtained after comprehensive, then checks upset rate;
If upset rate is 100%, so can judge may not contain wooden horse in this circuit.When practical operation, if needed, also can proceed manual analysis further to be confirmed.
If upset rate could not reach 100%, so tentatively can judge that this circuit may contain wooden horse, need the analysis carrying out next step; That is, step S3 is entered;
S3: the data of labor upset rate, finds out few state point of relatively less upset; For the few state point found, need to be analyzed its distribution:
If the distribution of few state point is comparatively discrete, then can tentatively judge in this circuit not containing wooden horse.When practical operation, if needed, also can carry out manual analysis further to be confirmed.
If the distribution of few state point is comparatively concentrated, so tentatively can judges may contain wooden horse in this circuit, then carry out next step analysis; That is, step S4 is entered;
S4: add test and excitation to reduce few state point; Few state point after repeatedly adding excitation is analyzed:
If comparatively discrete, can tentatively judge in this circuit not containing wooden horse.When practical operation, if needed, also can carry out manual analysis further to be confirmed.
If the distribution of few state point is comparatively concentrated, so tentatively can judging may contain wooden horse in this circuit, needing the few state point to concentrating to confirm.When practical operation, if needed, the mode of manual analysis can be adopted finally to be confirmed.
Illustrate below with reference to an embody rule example of the present invention.
See Fig. 2, for applying the upset rate report of 20 groups of arbitrary excitations.In figure, first is classified as Hit (Full), namely total upset number of times; Second is classified as Hit (Rise), and namely the number of times of 0-1 upset occurs node; 3rd is classified as Hit (Fall), and namely the number of times of 1-0 upset occurs node; 4th row Signal is signal name.According in Fig. 2 reflect the upset rate situation of each signal node, can see and have some signal node not overturn, upset rate cannot reach 100%, but because the upset number of times difference of each signal node is also little, so cannot judge which signal node is for few state point;
See Fig. 3, for applying 2, the upset rate report of 000 group of arbitrary excitation.Due to the few state point in doubtful circuit cannot be judged when applying 20 groups of arbitrary excitations, therefore continue addition inputs excitation.According in Fig. 3 reflect and can see and still have some signal node not overturn, but the upset number of times of each signal node there has been the upset rate situation of each signal node larger difference.Based on this, a preliminary judgement can be carried out to few state point.Such as signal net3, net7, net8, nn9, nn10, data_temp [0]-data_temp [7], these signals have larger difference with other signal on upset number of times, and the position of signal node residing for net1-net8, data_temp [0]-data_temp [7] that these upset number of times are lower is all very concentrated, therefore tentatively above-mentioned signal can be classified as questionable signal;
See Fig. 4, for applying 100, the report of the upset rate of 000 group of arbitrary excitation, owing to applying 2, can only carry out a preliminary judgement to the information of few state point during 000 group of arbitrary excitation, therefore also need to continue addition inputs excitation to make the information of few state point more obvious.According in Fig. 4 reflect and the upset rate situation of each signal node can reflect the information of few state point comparatively clearly.A comparatively clear and definite judgement can be carried out to few state point.Questionable signal net3, net7, net8, nn9, nn10, data_temp [the 0]-data_temp [7] tentatively established, larger difference is there is in these signals clear demonstrating on upset number of times with other signal, therefore above-mentioned signal can be confirmed to be classified as questionable signal, in follow-up experiment, to carry out emphasis detection.Next, manual analysis can be carried out according to actual needs to confirm that whether above-mentioned signal is relevant with hardware Trojan horse.
See Fig. 5, it is signal net1-net8 logical relation schematic diagram.When carrying out manual analysis, first in source code, each questionable signal is located, Fig. 5 is the logical relation between questionable signal net1-net8, mainly using these 16 signals of n1782, n1783, n1784, n1791, n2348, n2427, n2432, n2423, n3958, n3959, n3960, n3962, n3967, n4050, n4051, n4052 as input, utilize four input nand gates and two input nand gates as connection, finally using net8 as output.Continue to follow the trail of questionable signal net8, find that it utilizes phase inverter to be connected with questionable signal nn9.
See Fig. 6, be questionable signal logical relation schematic diagram, continue each questionable signal of location.As shown in Figure 6, find that questionable signal data_temp [0]-data_temp [7] is with the output of signal nn1-nn8 for the d type flip flop of input.Questionable signal nn10 is connected with questionable signal nn9 by d type flip flop.So far all questionable signal have been located complete all, can find, the distribution of these questionable signal is all very concentrated, even if not containing hardware Trojan horse in this circuit, but this circuit is also easy to victim to be utilized, carry out the implantation of hardware Trojan horse, therefore can determine that this circuit also exists potential safety hazard.
See Fig. 7, for MOAI22D0BWP12T logical diagram, continue to follow the trail of each questionable signal, final discovery signal nn1-nn10, data_temp [0]-data_temp [7] utilizes the gate circuit shown in Fig. 7 distorting the output valve of dataout [0]-dataout [7].Conclude that this circuit exists serious safety problem thus, implanted hardware Trojan horse.
Below be only the preferred embodiment of the present invention, protection scope of the present invention be not only confined to above-described embodiment, all technical schemes belonged under thinking of the present invention all belong to protection scope of the present invention.It should be pointed out that for those skilled in the art, some improvements and modifications without departing from the principles of the present invention, should be considered as protection scope of the present invention.
Claims (3)
1. based on a hardware Trojan horse detection method for few state point analysis, it is characterized in that, step is:
S1: carry out comprehensively, obtaining the gate level netlist of circuit to RTL suspect code;
S2: arbitrary excitation is applied to the gate level netlist obtained after comprehensive, then checks upset rate; If upset rate is 100%, so judge in this circuit not containing wooden horse; If upset rate could not reach 100%, so tentatively judge that this circuit may contain wooden horse, enter step S3;
S3: the data of labor upset rate, finds out few state point of relatively less upset; If the distribution of few state point is comparatively discrete, then tentatively judge in this circuit not containing wooden horse; If the distribution of few state point is comparatively concentrated, so tentatively judge may contain wooden horse in this circuit.
2. the hardware Trojan horse detection method based on few state point analysis according to claim 1, is characterized in that, the basis of described step S3 also comprises: S4: add test and excitation to reduce few state point; Few state point after repeatedly adding excitation is analyzed: if comparatively discrete, tentatively judge in this circuit not containing wooden horse; If the distribution of few state point is comparatively concentrated, so judge in this circuit containing wooden horse.
3. the hardware Trojan horse detection method based on few state point analysis according to claim 1 and 2, is characterized in that, in above-mentioned steps S2 and step S3, after judging to draw the conclusion not containing wooden horse, also confirms further by manual analysis mode.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510465280.8A CN105046153B (en) | 2015-07-31 | 2015-07-31 | Hardware Trojan horse detection method based on few state point analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510465280.8A CN105046153B (en) | 2015-07-31 | 2015-07-31 | Hardware Trojan horse detection method based on few state point analysis |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105046153A true CN105046153A (en) | 2015-11-11 |
CN105046153B CN105046153B (en) | 2018-06-15 |
Family
ID=54452690
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510465280.8A Active CN105046153B (en) | 2015-07-31 | 2015-07-31 | Hardware Trojan horse detection method based on few state point analysis |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105046153B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106778263A (en) * | 2016-11-15 | 2017-05-31 | 天津大学 | Effectively improve the method that hardware Trojan horse activates probability |
CN107480561A (en) * | 2017-07-21 | 2017-12-15 | 天津大学 | Hardware Trojan horse detection method based on few state node traverses |
CN109284637A (en) * | 2018-08-28 | 2019-01-29 | 西安电子科技大学 | A kind of integrated circuit and its encryption method of logic-based encryption |
WO2019026078A1 (en) * | 2017-08-02 | 2019-02-07 | Enigmatos Ltd. | System and processes for detecting malicious hardware |
CN109492337A (en) * | 2018-12-17 | 2019-03-19 | 北京计算机技术及应用研究所 | A kind of information flow tracing model generation method of programmable logic device |
CN109960879A (en) * | 2019-03-25 | 2019-07-02 | 福州大学 | A kind of system level chip Security Design Methods based on insincere IP kernel |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100031353A1 (en) * | 2008-02-04 | 2010-02-04 | Microsoft Corporation | Malware Detection Using Code Analysis and Behavior Monitoring |
CN104215895A (en) * | 2014-09-02 | 2014-12-17 | 工业和信息化部电子第五研究所 | Hardware Trojan horse detection method and hardware Trojan horse detection system based on test vectors |
-
2015
- 2015-07-31 CN CN201510465280.8A patent/CN105046153B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100031353A1 (en) * | 2008-02-04 | 2010-02-04 | Microsoft Corporation | Malware Detection Using Code Analysis and Behavior Monitoring |
CN104215895A (en) * | 2014-09-02 | 2014-12-17 | 工业和信息化部电子第五研究所 | Hardware Trojan horse detection method and hardware Trojan horse detection system based on test vectors |
Non-Patent Citations (2)
Title |
---|
吴志凯等: "一种基于少态触发的硬件木马设计与实现", 《第十八届计算机工程与工艺年会暨第四届微处理器技术论坛论文集》 * |
房磊: "基于门级网表的硬件木马检测技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106778263A (en) * | 2016-11-15 | 2017-05-31 | 天津大学 | Effectively improve the method that hardware Trojan horse activates probability |
CN107480561A (en) * | 2017-07-21 | 2017-12-15 | 天津大学 | Hardware Trojan horse detection method based on few state node traverses |
CN107480561B (en) * | 2017-07-21 | 2023-08-04 | 天津大学 | Hardware Trojan horse detection method based on few-state node traversal |
WO2019026078A1 (en) * | 2017-08-02 | 2019-02-07 | Enigmatos Ltd. | System and processes for detecting malicious hardware |
US11068590B2 (en) | 2017-08-02 | 2021-07-20 | Enigmatos Ltd. | System and processes for detecting malicious hardware |
CN109284637A (en) * | 2018-08-28 | 2019-01-29 | 西安电子科技大学 | A kind of integrated circuit and its encryption method of logic-based encryption |
CN109284637B (en) * | 2018-08-28 | 2020-10-30 | 西安电子科技大学 | Integrated circuit based on logic encryption and encryption method thereof |
CN109492337A (en) * | 2018-12-17 | 2019-03-19 | 北京计算机技术及应用研究所 | A kind of information flow tracing model generation method of programmable logic device |
CN109492337B (en) * | 2018-12-17 | 2023-02-03 | 北京计算机技术及应用研究所 | Information flow tracking model generation method of programmable logic device |
CN109960879A (en) * | 2019-03-25 | 2019-07-02 | 福州大学 | A kind of system level chip Security Design Methods based on insincere IP kernel |
Also Published As
Publication number | Publication date |
---|---|
CN105046153B (en) | 2018-06-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105046153A (en) | Hardware trojan horse detection method based on few-state point analysis | |
CN104215895B (en) | Hardware Trojan horse detection method and hardware Trojan horse detection system based on test vectors | |
CN104239616B (en) | The method for designing of integrated circuit and hardware Trojan horse detection method | |
Yu et al. | Secure FPGA circuits using controlled placement and routing | |
Yasaei et al. | Gnn4tj: Graph neural networks for hardware trojan detection at register transfer level | |
CN102854454B (en) | Method for shortening verification time of hardware Trojan in integrated circuit test | |
CN107480561B (en) | Hardware Trojan horse detection method based on few-state node traversal | |
CN107656839A (en) | Research on Integrated Circuit Security is assessed and detection method | |
Li et al. | A novel hardware Trojan detection based on BP neural network | |
CN104950248B (en) | The circuit safety design for Measurability method and the detection method to hardware Trojan horse of accelerating hardware wooden horse triggering | |
US20080178132A1 (en) | Computer program product for design verification using sequential and combinational transformations | |
Yasaei et al. | Hardware trojan detection using graph neural networks | |
Papadimitriou et al. | A multiple fault injection methodology based on cone partitioning towards RTL modeling of laser attacks | |
CN104215894A (en) | Integrated circuit hardware Trojan horse detection method and system | |
CN107590313A (en) | Optimal inspection vector generation method based on genetic algorithm and analysis of variance | |
CN104101828A (en) | Hardware-Trojan-resisting circuit design method based on activation probability analysis | |
Lu et al. | Gramsdet: Hardware trojan detection based on recurrent neural network | |
Chen et al. | Single-triggered hardware Trojan identification based on gate-level circuit structural characteristics | |
CN107783877A (en) | The test vector generating method that hardware Trojan horse based on analysis of variance effectively activates | |
Meade et al. | Neta: when ip fails, secrets leak | |
CN116383815A (en) | Automatic hardware Trojan detection method based on graphic neural network | |
CN116401171A (en) | Test case library generation method, system, equipment and medium | |
Cornell et al. | Combinational hardware Trojan detection using logic implications | |
Shen et al. | Minimizing counterexample with unit core extraction and incremental SAT | |
Saran et al. | A region based fingerprinting for hardware Trojan detection and diagnosis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |