Hardware manufacturers are increasingly outsourcing their IC fabrication work overseas due to much lower costs. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication.
As part of this project we are developing techniques to mitigate this problem. In joint work with Prof Berk Sunar's team at WPI, as part of a DARPA seedling project, we recently developed a technique borrowed from side-channel cryptanalysis to detect trojans introduced during IC manufacturing and in the supply chain. Our approach uses noise modeling, to construct a "Fingerpint" for an IC family utilizing side-channel information such as power/temperature/electromagnetic (EM) profiles. These fingerprints can be developed using a few ICs from batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the "Fingerprint".
Our preliminary experiments using power simualtions on representative circuits and trojans indicate that this approach is viable. We are able to detect trojans that are 3-4 orders of magnitude smaller than the main circuit. While scaling our technique to detect even smaller Trojans in IC with tens or hundereds of millions of transistors would require modifications to the IC design, these results provide a starting point to address this important problem.
This work will be presented at the 2007 IEEE Symposium on Security and Privacy . Further details on this work are also available in the IBM Research Report RC24110
Last updated 2 Apr 2007