CN105046153B - Hardware Trojan horse detection method based on few state point analysis - Google Patents
Hardware Trojan horse detection method based on few state point analysis Download PDFInfo
- Publication number
- CN105046153B CN105046153B CN201510465280.8A CN201510465280A CN105046153B CN 105046153 B CN105046153 B CN 105046153B CN 201510465280 A CN201510465280 A CN 201510465280A CN 105046153 B CN105046153 B CN 105046153B
- Authority
- CN
- China
- Prior art keywords
- state point
- circuit
- few state
- overturning
- wooden horse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Abstract
A kind of hardware Trojan horse detection method based on few state point analysis, step are:S1:RTL level suspect code is integrated, obtains the gate level netlist of circuit;S2:Arbitrary excitation is applied to the gate level netlist obtained after synthesis, then checks overturning rate;If overturning rate is 100%, then judges not containing wooden horse in the circuit;If overturning rate could not reach 100%, then tentatively judge that the circuit may contain wooden horse, enter step S3;S3:The data of detailed analysis overturning rate find out few state point of relatively fewer overturning;If the distribution of few state point is more discrete, tentatively judge not containing wooden horse in the circuit;If the distribution of few state point is more concentrated, then tentatively judges that wooden horse may be contained in the circuit.The present invention has many advantages, such as that easily implementation, recognition efficiency are high, detection cost is small.
Description
Technical field
Present invention relates generally to chip secure detection fields, refer in particular to a kind of hardware Trojan horse detection based on few state point analysis
Method.
Background technology
Integrated circuit (IC) is constantly increasing as modern computer and the important component of electronic field, complexity,
As the basis of information industry, its safety and reliability has extremely important meaning.The nineties in last century, because integrated
The manufacturing technology of circuit experienced quick development, and chip design scale greatly increases, and chip complexity increased dramatically so that set
There is larger wide gap in the complexity that the ability of meter personnel is needed with chip.In order to make up this wide gap, designer uses
Facilitating chip design process shortens the design cycle.There have been many IP suppliers for this, and being provided exclusively for third party can answer
Integrated circuit modules.And IC design is detached with manufacturing, and security risk is brought to chip.
Hardware Trojan horse(hardware trojan), refer to the small nothing being maliciously implanted into chip design, fabrication stage
Good hardware circuit.The hardware Trojan horse information attack technology extremely strong as a kind of concealment, with concealment is strong, destructive power is big, sets
Meter implements the features such as requirement is high, protection detection difficulty is big.It may be implanted into (design phase) in incredible IP kernel or domain,
It is also likely to be by incredible production firm(Production phase)Implantation.And hardware Trojan horse is once activated, it will using dead
Switch (Kill Switch) is died to cause system crash or leave system backdoor (Backdoor) to cause leaking data, it is final right
User causes security threat.
In recent years, with the raising of attention rate, hardware Trojan horse detection technique is grown rapidly, in the inspection of hardware Trojan horse
In survey technology, accuracy of detection is high, in effective bypass analysis the hardware Trojan horse detection technique based on power consumption information gradually into
For academia's focus of attention.But the gatherer process in bypass message is highly susceptible to the interference of the factors such as noise, and it is hard
The scale of part wooden horse circuit is usually smaller, and is substantially at " suspend mode " state, therefore the side being generated by it when untouched
It is even inappreciable for the information opposite chip of road.On the other hand, with the continuous diminution of IC characteristic sizes, noise is to side
The influence of road information has had reached very important stage, this gives in the hardware Trojan horse detection technique based on bypass message and brings
Severe challenge.
Invention content
The technical problem to be solved in the present invention is that:For technical problem of the existing technology, the present invention provides one
Kind is easily implemented, recognition efficiency is high, the detection small hardware Trojan horse detection method based on few state point analysis of cost.
In order to solve the above technical problems, the present invention uses following technical scheme:
A kind of hardware Trojan horse detection method based on few state point analysis, step are:
S1:RTL level suspect code is integrated, obtains the gate level netlist of circuit;
S2:Arbitrary excitation is applied to the gate level netlist obtained after synthesis, then checks overturning rate;If overturning rate is
100%, then judge not containing wooden horse in the circuit;If overturning rate could not reach 100%, then tentatively judge that the circuit may
Containing wooden horse, S3 is entered step;
S3:The data of detailed analysis overturning rate find out few state point of relatively fewer overturning;If the distribution of few state point compared with
To be discrete, then tentatively judge not containing wooden horse in the circuit;If the distribution of few state point is more concentrated, then tentatively judges the electricity
Wooden horse may be contained in road.
As a further improvement on the present invention:It is further included on the basis of the step S3:S4:Test and excitation is added to subtract
State point less;Few state point after repeatedly additional excitation is analyzed:Tentatively judge the circuit if more discrete
In do not contain wooden horse;If the distribution of few state point is more concentrated, then judges to contain wooden horse in the circuit.
As a further improvement on the present invention:In above-mentioned steps S2 and step S3, wooden horse is not contained by judging to obtain
Conclusion after, also further confirmed by manual analysis mode.
Compared with prior art, the advantage of the invention is that:
1st, the hardware Trojan horse detection method based on few state point analysis of the invention can whether there is IP on hardware in soft core
Wooden horse is analyzed, and improves the recognition efficiency of hardware Trojan horse.
2nd, the hardware Trojan horse detection method based on few state point analysis of the invention, is that state is lacked in the overturning driven based on overturning rate
Point location analysis method, entire method implementation is simple and practicable, and detection cost is small, and effectively certain types of wooden horse can be carried out
Detection and analysis, it is with strong applicability.
Description of the drawings
Fig. 1 is the flow diagram of the method for the present invention.
Fig. 2 is the overturning rate report schematic diagram that the present invention applies 20 groups of arbitrary excitations in concrete application example.
Fig. 3 is the overturning rate report schematic diagram that the present invention applies 2,000 groups of arbitrary excitations in concrete application example.
Fig. 4 is the overturning rate report schematic diagram that the present invention applies 100,000 groups of arbitrary excitations in concrete application example.
Fig. 5 is present invention signal net1-net8 logical relation schematic diagrames in concrete application example.
Fig. 6 is the schematic diagram of present invention questionable signal logical relation in concrete application example.
Fig. 7 is present invention MOAI22D0BWP12T logic charts in concrete application example.
Specific embodiment
The present invention is described in further details below with reference to Figure of description and specific embodiment.
Few state point in circuit is found, the hardware Trojan horse design method for lacking state point as triggering logic by the use of these has become
One of design method of mainstream.It is often attacked in hardware Trojan horse design implantation process using few state point, so as to increase attack
The probability of success and concealment.And for multiple spot triggering technique, the function logic of hardware Trojan horse can't be in the normal work of circuit
As when be activated, that is to say, that even if some designers wooden horse circuit can be carried out it is special hide, but its function logic
It is few state point that trigger point is bound to entire function logic.Therefore, the present invention is based on above-mentioned principle, by overturning few state
The positioning statistical analysis of point is analyzed to attack hardware Trojan horse.
The present invention applies excitation by being integrated to RTL level suspect code, to comprehensive obtained gate level netlist, according to mould
Intend result and determine few state point, multigroup arbitrary excitation is applied to circuit under test, analyze few state point in circuit under test and it is distributed feelings
Condition is positioned and is analyzed to few state point interrelated logic in source code, searches hardware Trojan horse.
As shown in Figure 1, the hardware Trojan horse detection method based on few state point analysis of the present invention, step are:
S1:RTL level suspect code is integrated, obtains the gate level netlist of circuit;
Target AES circuit RTL level suspect codes are integrated, obtain the gate level netlist of circuit;
S2:Arbitrary excitation is applied to the gate level netlist obtained after synthesis, then checks overturning rate;
If overturning rate is 100%, then may determine that may not contain wooden horse in the circuit.In practical operation, if any
It needs, can also continue to progress manual analysis and be confirmed.
If overturning rate could not reach 100%, then can tentatively judge that the circuit may contain wooden horse, need to carry out down
The analysis of one step;That is, enter step S3;
S3:The data of detailed analysis overturning rate find out few state point of relatively fewer overturning;For the few state found
Point needs to analyze its distribution:
If the distribution of few state point is more discrete, can tentatively judge not containing wooden horse in the circuit.In practical operation
When, confirmed if it is desired, can also further carry out manual analysis.
If the distribution of few state point is more concentrated, then can tentatively judge that wooden horse may be contained in the circuit, then carry out
The analysis of next step;That is, enter step S4;
S4:Test and excitation is added to reduce few state point;Few state point after repeatedly additional excitation is analyzed:
It can tentatively judge not containing wooden horse in the circuit if more discrete.In practical operation, if it is desired, also
Manual analysis can further be carried out to be confirmed.
If the distribution of few state point is more concentrated, then can tentatively be judged that wooden horse may be contained in the circuit, be needed pair
The few state point concentrated is confirmed.In practical operation, if it is desired, the mode that manual analysis may be used finally is subject to really
Recognize.
Illustrate below with reference to a concrete application example of the invention.
Referring to Fig. 2, to apply the overturning rate report of 20 groups of arbitrary excitations.First is classified as Hit (Full) in figure, i.e., total turns over
Turn number;Second is classified as Hit (Rise), i.e. the number of 0-1 overturnings occurs for node;Third is classified as Hit (Fall), i.e. node occurs
The number of 1-0 overturnings;4th row Signal is signal name.It, can according to the overturning rate situation for reflecting each signal node in Fig. 2
There are some signal nodes not overturn to see, overturning rate is unable to reach 100%, but because the overturning of each signal node
Number difference is simultaneously little, so can not judge which signal node is few state point;
Referring to Fig. 3, to apply the overturning rate report of 2,000 group of arbitrary excitation.It can not during due to applying 20 groups of arbitrary excitations
Judge few state point in doubtful circuit, therefore continue addition inputs excitation.Reflect turning over for each signal node in foundation Fig. 3
Rate of rotation situation, it can be seen that still there are some signal nodes not overturn, but the overturning number of each signal node is
There is larger difference.Based on this, it is already possible to carry out a preliminary judgement to few state point.Such as signal net3, net7,
Net8, nn9, nn10, data_temp [0]-data_temp [7], these signals overturning number on other signals have compared with
Big difference, and signal node such as net1-net8, data_temp [0]-data_temp [7] that these overturning numbers are relatively low
Location is all concentrated very much, therefore can above-mentioned signal tentatively be classified as questionable signal;
Referring to Fig. 4, to apply the overturning rate report of 100,000 group of arbitrary excitation, during due to applying 2,000 group of arbitrary excitation
A preliminary judgement can only be carried out to the information of few state point, therefore also need to continue addition inputs excitation so that the information of few state point
It becomes apparent.According to the overturning rate situation for reflecting each signal node in Fig. 4, it is already possible to more clearly reflect few state
The information of point.A more specific judgement can be carried out to few state point.Tentatively established questionable signal net3, net7,
Net8, nn9, nn10, data_temp [0]-data_temp [7], these signals have clearly been shown on overturning number and it
Its signal is there are larger difference, thus it is confirmed that above-mentioned signal is classified as questionable signal, weight is carried out in subsequent experiment
Point detection.Next, manual analysis can be carried out according to actual needs to confirm whether above-mentioned signal is related with hardware Trojan horse.
It is signal net1-net8 logical relation schematic diagrames referring to Fig. 5.When carrying out manual analysis, first in source code
Position each questionable signal, logical relations of the Fig. 5 between questionable signal net1-net8, mainly by n1782, n1783,
n1784、n1791、n2348、n2427、n2432、n2423、n3958、n3959、n3960、n3962、n3967、n4050、
This 16 signals of n4051, n4052 are as input, by the use of four input nand gates and two input nand gates as connecting, finally with
Net8 is as output.Continue to track questionable signal net8, it is found that it is connected using phase inverter with questionable signal nn9.
Referring to Fig. 6, it is questionable signal logical relation schematic diagram, continues to position each questionable signal.As shown in fig. 6, it finds
Questionable signal data_temp [0]-data_temp [7] is the output using signal nn1-nn8 as the d type flip flop of input.It is suspicious
Signal nn10 is connected by d type flip flop with questionable signal nn9.So far all questionable signals, which have all positioned, finishes, it is found that
The distribution of these questionable signals is all concentrated very much, even if not containing hardware Trojan horse in the circuit, but this circuit is also easy to
It is utilized by attacker, carries out the implantation of hardware Trojan horse, thus may determine that there is security risks for the circuit.
Referring to Fig. 7, it is MOAI22D0BWP12T logic charts, continues to track each questionable signal, finally found that signal nn1-
Nn10, data_temp [0]-data_temp [7] is using gate circuit shown in Fig. 7 to dataout [0]-dataout [7]
Output valve distorted.It follows that this circuit has been implanted hardware Trojan horse there are serious safety problem.
The above is only the preferred embodiment of the present invention, protection scope of the present invention is not limited merely to above-described embodiment,
All technical solutions belonged under thinking of the present invention all belong to the scope of protection of the present invention.It should be pointed out that for the art
For those of ordinary skill, several improvements and modifications without departing from the principles of the present invention should be regarded as the protection of the present invention
Range.
Claims (3)
1. a kind of hardware Trojan horse detection method based on few state point analysis, which is characterized in that step is:
S1:RTL level suspect code is integrated, obtains the gate level netlist of circuit;
S2:Arbitrary excitation is applied to the gate level netlist obtained after synthesis, then checks overturning rate;If overturning rate is 100%, that
Judge not containing wooden horse in the circuit;If overturning rate could not reach 100%, then tentatively judge that the circuit may contain wood
Horse enters step S3;
S3:The data of detailed analysis overturning rate find out few state point of relatively fewer overturning;If the distribution of few state point more from
It dissipates, then tentatively judges not containing wooden horse in the circuit;If the distribution of few state point is more concentrated, then is tentatively judged in the circuit
Wooden horse may be contained;
It is described discrete and it is described be concentrated through positioning output signal, discrete sum aggregate is determined by the position of the positioning
Middle feature.
2. the hardware Trojan horse detection method according to claim 1 based on few state point analysis, which is characterized in that in the step
It is further included on the basis of rapid S3:S4:Test and excitation is added to reduce few state point;Few state point after repeatedly additional excitation is distributed
It is analyzed:Tentatively judge not containing wooden horse in the circuit if more discrete;If the distribution of few state point is more concentrated, that
Judge to contain wooden horse in the circuit.
3. the hardware Trojan horse detection method according to claim 1 or 2 based on few state point analysis, which is characterized in that upper
It states in step S2 and step S3, by judging after obtaining the conclusion for not containing wooden horse, also further passes through manual analysis mode
Confirmed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510465280.8A CN105046153B (en) | 2015-07-31 | 2015-07-31 | Hardware Trojan horse detection method based on few state point analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510465280.8A CN105046153B (en) | 2015-07-31 | 2015-07-31 | Hardware Trojan horse detection method based on few state point analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105046153A CN105046153A (en) | 2015-11-11 |
| CN105046153B true CN105046153B (en) | 2018-06-15 |
Family
ID=54452690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510465280.8A Active CN105046153B (en) | 2015-07-31 | 2015-07-31 | Hardware Trojan horse detection method based on few state point analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105046153B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778263A (en) * | 2016-11-15 | 2017-05-31 | 天津大学 | Effectively improve the method that hardware Trojan horse activates probability |
| CN107480561B (en) * | 2017-07-21 | 2023-08-04 | 天津大学 | Hardware Trojan horse detection method based on few-state node traversal |
| US11036853B2 (en) | 2017-08-02 | 2021-06-15 | Enigmatos Ltd. | System and method for preventing malicious CAN bus attacks |
| CN109284637B (en) * | 2018-08-28 | 2020-10-30 | 西安电子科技大学 | Integrated circuit based on logic encryption and encryption method thereof |
| CN109492337B (en) * | 2018-12-17 | 2023-02-03 | 北京计算机技术及应用研究所 | Information flow tracking model generation method of programmable logic device |
| CN109960879B (en) * | 2019-03-25 | 2022-05-10 | 福州大学 | System-level chip security design method based on untrusted IP core |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104215895A (en) * | 2014-09-02 | 2014-12-17 | 工业和信息化部电子第五研究所 | Hardware Trojan horse detection method and hardware Trojan horse detection system based on test vectors |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100031353A1 (en) * | 2008-02-04 | 2010-02-04 | Microsoft Corporation | Malware Detection Using Code Analysis and Behavior Monitoring |
-
2015
- 2015-07-31 CN CN201510465280.8A patent/CN105046153B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104215895A (en) * | 2014-09-02 | 2014-12-17 | 工业和信息化部电子第五研究所 | Hardware Trojan horse detection method and hardware Trojan horse detection system based on test vectors |
Non-Patent Citations (2)
| Title |
|---|
| 一种基于少态触发的硬件木马设计与实现;吴志凯等;《第十八届计算机工程与工艺年会暨第四届微处理器技术论坛论文集》;20140731;第264-269页 * |
| 基于门级网表的硬件木马检测技术研究;房磊;《中国优秀硕士学位论文全文数据库信息科技辑》;20140917;正文第14-30页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105046153A (en) | 2015-11-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105046153B (en) | Hardware Trojan horse detection method based on few state point analysis | |
| El Massad et al. | Reverse engineering camouflaged sequential circuits without scan access | |
| CN104215895B (en) | Hardware Trojan horse detection method and hardware Trojan horse detection system based on test vectors | |
| CN102854454B (en) | Method for shortening verification time of hardware Trojan in integrated circuit test | |
| CN104950246B (en) | Hardware Trojan horse detection method and system based on delay | |
| CN104950248B (en) | The circuit safety design for Measurability method and the detection method to hardware Trojan horse of accelerating hardware wooden horse triggering | |
| CN104101828B (en) | Anti- hardware Trojan horse circuit design method based on activation probability analysis | |
| Roshanisefat et al. | SAT-hard cyclic logic obfuscation for protecting the IP in the manufacturing supply chain | |
| Papadimitriou et al. | A multiple fault injection methodology based on cone partitioning towards RTL modeling of laser attacks | |
| CN107590313A (en) | Optimal inspection vector generation method based on genetic algorithm and analysis of variance | |
| Chakraborty et al. | SAIL: Analyzing structural artifacts of logic locking using machine learning | |
| CN110851846B (en) | Logic encryption method based on circuit key node | |
| CN107783877A (en) | The test vector generating method that hardware Trojan horse based on analysis of variance effectively activates | |
| Chen et al. | Single-triggered hardware Trojan identification based on gate-level circuit structural characteristics | |
| Li et al. | A XGBoost based hybrid detection scheme for gate-level hardware Trojan | |
| CN108959980A (en) | The public key means of defence and public key guard system of safety chip | |
| CN107622214B (en) | Ant colony-based hardware Trojan horse optimization test vector generation method | |
| Brunner et al. | Toward a human-readable state machine extraction | |
| Cornell et al. | Combinational hardware Trojan detection using logic implications | |
| Ananiadis et al. | On the development of a new countermeasure based on a laser attack RTL fault model | |
| CN103200184B (en) | A kind of mobile terminal safety assessment method | |
| Mellor et al. | Attacks on logic locking obfuscation techniques | |
| CN107478978A (en) | Hardware Trojan horse optimal inspection vector generation method based on population | |
| CN109711204A (en) | Hardware Trojan horse detection method based on path delay fingerprint | |
| CN104849648B (en) | A kind of test vector generating method for improving wooden horse activity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |