CN108062477A - Hardware Trojan horse detection method based on side Multiple Channel Analysis - Google Patents
Hardware Trojan horse detection method based on side Multiple Channel Analysis Download PDFInfo
- Publication number
- CN108062477A CN108062477A CN201711322625.XA CN201711322625A CN108062477A CN 108062477 A CN108062477 A CN 108062477A CN 201711322625 A CN201711322625 A CN 201711322625A CN 108062477 A CN108062477 A CN 108062477A
- Authority
- CN
- China
- Prior art keywords
- detection
- data
- trojan horse
- hardware trojan
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to chip secure fields, and in particular to a kind of hardware Trojan horse detection method based on side Multiple Channel Analysis, including:Establish chip side channel signal acquisition testing platform;To the side channel data collected, dimension-reduction treatment is carried out using based on principal component analytical method, to reduce data volume and extract effective information;Selection detection algorithm analyzes data, draws testing result.The present invention is by building chip side channel signal acquisition platform, selection detection algorithm is detected hardware Trojan horse, hardware Trojan horse detection can be realized according to prompting input relevant parameter in user, data need not be manually imported or knock in the code of detection algorithm, trojan horse detection can be realized, improve detection efficiency and accuracy, simultaneously, it can be achieved that the detection of Many Detection, can also need to be extended algorithm according to user.
Description
Technical field
The invention belongs to the hardware Trojan horse detection fields of chip secure, and in particular to a kind of hardware based on side Multiple Channel Analysis
Trojan detecting method.
Background technology
Electronic technology develops rapidly, and the scale of IC designs is increasing, and complexity is also higher and higher.As semiconductor designs
The division of labor with manufacture further refines, more and more IC enterprises depend on Chevron Research Company (CRC) and manufacturing works, with reduce product into
This.Meanwhile the multiplexing of third party's IP kernel, design and test outsourcing, eda tool such as generally use to bring peace to IC designs at the factors
Full hidden danger causes to be likely to be implanted hardware Trojan horse in the whole life cycle of IC designs.
Belong to a part for the safe chips safety of system for the research of hardware Trojan horse, start late, two Pius XIs
It records and just enters the visual field of people.2007, the first public concept for proposing hardware Trojan horse circuit in IBM research centers, i.e. hardware
Wooden horse refer to hardware chip from R & D design, manufacture to malice circuit in the whole life cycle of packaging and testing implantation or
Ifq circuit is distorted.Hardware Trojan horse is either to ASICs, COTS component, microprocessor, microcontroller, network processes
The hardware modifications of device or DSP etc. or to the modification of firmware, such as FPGA bit streams.Hardware Trojan horse is to realize malicious act
Circuit, it can specifically triggering activation condition under realize destroy sexual function or leakage chip internal secret information.As it can be seen that
Hardware Trojan horse just refers to be present in an independent chip, there may also be in hardware system, eventually by hardware entities
Realize the malice circuit of vicious function.
Since the harmfulness of hardware Trojan horse is huge, the security threat that chip faces has caused the height weight of security fields
Depending on researcher has also carried out substantial amounts of research.But many hardware Trojan horses at this stage detect detection without concise and unified
Platform, many hardware Trojan horse detection methods are required for researcher to knock in the code of detection algorithm manually by manually importing data
It realizes, efficiency is low, poor reliability.
The content of the invention
It is an object of the invention to provide a kind of hardware Trojan horse detection method based on side channel information and expansible,
Developable detection platform and user interface pass through gathered data-data prediction-data analysis-and draw a conclusion four
Step carries out hardware Trojan horse detection.Many algorithms can be achieved in the invention, and user not only can as needed carry out detection algorithm
Selection, can also add algorithm on the basis of the present invention as needed.
The present invention provides a kind of hardware Trojan horse detection method based on side Multiple Channel Analysis, including:
Establishment side channel signal acquisition testing platform;
To the side channel data collected, dimension-reduction treatment is carried out based on principal component analytical method, to reduce data volume and carry
Take effective information;
Detection algorithm is selected to carry out hardware Trojan horse detection, by data analysis, draws testing result.
Further, detection platform includes host computer, detection object, DC power supply and oscillograph, and the detection object is adopted
With FPGA minimum system plates;
DC power supply is connected with the FPGA minimum systems plate, is provided working power for minimum system plate, and is visited for electromagnetism
Head provides amplification power supply;
FPGA minimum system plates communicate with host computer, for downloading program from host computer, so as to which minimum system plate be controlled to transport
Row;
The data of the FPGA minimum system plates collected are converted into digital signal by oscillograph by analog signal, and by number
Signal transmission is stored to host computer.
Further, detection algorithm is selected, which to carry out hardware Trojan horse detection, to be included:
Hardware Trojan horse detection based on distance and the hardware Trojan horse detection based on machine learning.
Further, the algorithm based on distance includes mahalanobis distance or Euclidean distance.By calculating chip to be measured and template
Chip (determines without wooden horse, and realizes the chip of identical function) distance between data to judge whether contain hardware in chip to be measured
Wooden horse.User can adjust detection sensitivity according to the fabrication error of chip in interaction page.
Further, detection algorithm is selected to carry out hardware Trojan horse detection to further include:Based on decision tree or random forests algorithm
Carry out hardware Trojan horse detection.Both detection methods are, it is necessary to instruct machine learning algorithm model by a certain amount of data
Practice, chip to be measured is sorted out according to trained result, so as to judge whether it contains hardware Trojan horse.
Compared with prior art the beneficial effects of the invention are as follows:By building chip side channel signal acquisition testing platform,
Chip side channel data are obtained, including electromagnetic data and power consumption data.User can be according to prompting input data storage path and phase
Related parameter can carry out the importing of side channel data, and can carry out hardware Trojan horse detection, after the completion of detection, user with selection algorithm
Interface may also display the result figure of this detection and accuracy rate statistics, improve detection efficiency, meanwhile, the present invention provides four kinds
Detection algorithm, user can also as needed be extended algorithm.
Description of the drawings
Fig. 1 is the flow chart of the hardware Trojan horse detection method the present invention is based on side Multiple Channel Analysis;
Fig. 2 is the structure diagram of detection platform in the hardware Trojan horse detection method the present invention is based on side Multiple Channel Analysis;
Fig. 3 is flow chart of the one embodiment of the invention based on distance detection hardware Trojan horse;
Fig. 4 is flow chart of the one embodiment of the invention based on machine learning detection hardware Trojan horse;
Fig. 5 is that the present invention is based on the user interface sectional drawings of distance detection hardware Trojan horse software;
Fig. 6 is the distance of chip to be measured and template chip and without wooden horse chip and template chip in one embodiment of the invention
Distance versus figure;
Fig. 7 is the distribution map of accuracy in detection in one embodiment of the invention;
Fig. 8 is detection structure prompting figure in one embodiment of the invention;
Fig. 9 is the structure chart of decision tree in one embodiment of the invention;
Figure 10 is the classification accuracy relation that the detection based on random forest grader provides in one embodiment of the invention
Butut.
Specific embodiment
The present invention is described in detail for shown each embodiment below in conjunction with the accompanying drawings, but it should explanation, these
Embodiment is not limitation of the present invention, those of ordinary skill in the art according to these embodiment institute work energy, method,
Or equivalent transformation or replacement in structure, all belong to the scope of protection of the present invention within.
As shown in Figure 1, present embodiments provide a kind of hardware Trojan horse detection method based on side channel information, detecting step
Including:Data acquisition-data prediction-data analysis-is drawn a conclusion.It specifically includes:
Chip electromagnetic leakage signal acquisition testing platform is built first, and master then is utilized to the acquired electromagnetic data collected
Constituent analysis (PCA, Principal Component Analysis) method dimensionality reduction (data acquisition and pretreatment), to reduce number
It according to measuring and extracting effective information, can need to make choice detection algorithm according to user, and judge whether contain in chip to be measured
There is hardware Trojan horse (data analysis is drawn a conclusion).
This method is described in detail below.
1st, hardware Trojan horse writes insertion and program is downloaded
Hardware Trojan horse is write using Verilog language, is inserted into the aes algorithm that can normally run, from
And achieve the purpose that reveal key.And emulation testing, the realization of verification algorithm and the reality of hardware Trojan horse function are carried out to program
It is existing.
2nd, operation and data acquisition
Normal aes algorithm code is downloaded in FPGA and is run, gathering FPGA by side channel signal acquisition platform lets out
The power consumption data or electromagnetic data of dew, and stored as template data.
Aes algorithm code inserted with hardware Trojan horse is downloaded in FPGA and is run, utilizes identical method acquisition chip
Side channel data, and store as chip data to be measured.
The acquisition of power consumption data is generally acquired using the detection platform built, and detection platform can be divided into host computer, inspection
Survey four object (FPGA minimum systems version), DC power supply, oscillograph parts.As shown in Figure 2.
Host computer is responsible for downloading code into FPGA minimum system plates, and FPGA minimum systems version can be normal as detection object
Downloaded encrypted code is performed, DC power supply provides working power for minimum system plate, and oscillograph believes the simulation collected
It number is converted to digital signal and is transferred to host computer and store.
At work, power loss signal is can not be measured directly for minimum system plate, due to its operating voltage be it is constant, because
This its power loss signal can be reflected indirectly by electric current, so during acquisition, only need size of current on acquisition chip ground wire i.e.
Can, but since oscillograph can only collection voltages signal, it is therefore desirable to a resistance of connecting on ground wire is converted to current signal
Voltage signal, the voltage signal finally gathered just can indirectly reflect the power consumption track of chip current events.The electricity of chip simultaneously
Magnetic signal is also can not be measured directly, and the electromagnetic signal given off during chip operation is exceptionally weak, it is necessary to utilize tool
The electromagnetic probe for having enlarging function is detected, and electromagnetic probe is the circular coil of N circles, can electromagnetic signal be converted into voltage
Signal, and the voltage signal can be amplified by amplifying circuit, and be transmitted in oscillograph.
3rd, data prediction
More accurate as a result, the sampling precision set may be higher in order to obtain, this results in gathered power consumption data
Data volume is very big, and each data has a points up to ten thousand, and the data used have thousands of, therefore for speed up processing,
Reduce data volume, it is necessary to which the data collected are pre-processed.
Principal component analysis (PCA, Principal Component Analysis) be exactly by data by higher dimensional space with
Covariance is up to principle and is mapped to lower dimensional space, so as to reduce data volume.It can be effective using PCA (principal component analysis)
While data volume is reduced, retain the information of legacy data to greatest extent, while there is certain filter action.
4th, data processing and result judgement
According to the side channel data of new film, we establish two kinds of side channel data models altogether:
Power consumption model:It=I (f, k)+Ipv+Ie+Iht(f,k);
Electromagnetic model:Sght=S (f, r, k)+Spv+Se+Sht(f,r,k);
The side channel signal that wherein I and S is revealed when being worked normally by chip, f are working frequency of chip, and k is in chip
The algorithm of operation, r are the distance apart from chip.IpvWith SpvThe intrinsic noise revealed by chip, IeWith SeFor gathered data when
The noise collected, IhtWith ShtThe side channel data revealed by hardware Trojan horse, and both data are normal chips is not had
Have, we are exactly to judge whether chip to be measured contains hardware Trojan horse by this point difference.
There are many algorithms for the judgement and classification of data, we mainly have studied the hardware Trojan horse detection based on distance,
And the hardware Trojan horse detection based on machine learning.
Hardware Trojan horse detection based on distance, mainly by calculating chip side channel data to be measured and template chip side channel
The distance of data, distance can be mahalanobis distance, Euclidean distance etc., according to template chip data spacing from size judge
Whether chip contains hardware Trojan horse.Shown in its testing principle and flow chart 3.
Hardware Trojan horse detection based on machine learning, mainly by classification of the machine learning model realization to data, and most
Wooden horse chip has been splitted data into eventually and without two class of wooden horse chip.The lead-in portion side channel data first into model, and to this
A little data set correctly mark, and mark may indicate that whether the data contain hardware Trojan horse, and the Data Identification if any wooden horse is
" 1 ", the Data Identification of no wooden horse is " 0 ", and machine learning model is trained using these tool tagged data, so as to
To the model detected for hardware Trojan horse, which can realize testing data accurately classification, schematic diagram and inspection
Flow gauge is as shown in Figure 4.
It should be noted that in the present invention, PCA technologies have been used for data prediction, other dimensionality reductions can also be used
Algorithm replace the data preprocessing method.For data analysis, the present invention provides four kinds of parsers, be respectively Euclidean away from
From, mahalanobis distance, decision tree and random forest, and in other examples, a lot of other algorithms is used equally for data analysis, such as
Neural network algorithm, support vector machines etc..
Hardware Trojan horse detection method provided by the invention based on side channel information, using the method for side Multiple Channel Analysis, profit
Dimension-reduction treatment is carried out to data on the premise of side channel signal integrality is not influenced with the data preprocessing method of PCA, then
It can judge whether chip has been implanted wooden horse by different algorithms, have the following technical effect that:
1) solution framework of the hardware Trojan horse detection based on side channel information is provided, each step in the frame can be into
Row extension.Such as this step of data analysis, user to data can handle using other algorithms according to actual needs etc..
2) data collection architecture is devised, essentially all of side channel information acquisition is using frame provided by the invention
Frame is further designed and extended.
5th, user interface explanation.
5.1 interface purposes
This software is divided into the GUI design environments of Matlab R2014a and counted into, has been packaged into executable file, can
Depart from Matlab operations.The software is mainly used for obtaining side channel data (such as power consumption, electromagnetism of chip to be measured and template chip
Deng) after, it is analyzed using different algorithm offside channel datas, so as to whether judge in chip to be measured containing hardware wood
Horse.
5.2 interface function.
1) side channel data imports
The software can import the data collected according to data storage path input by user, meanwhile, user can root
Data precision and required data volume according to acquisition set the data sampling to be imported points (dimension) and sampling bar number.
2) Data Dimensionality Reduction
PCA dimensionality reductions are carried out to the data after importing, the data volume of processing is reduced, while improves the signal-to-noise ratio of data.
3) detection algorithm selects
Four kinds of detection methods are provided in software, are Euclidean distance respectively, mahalanobis distance, decision tree classifier and random
Forest classified device, user can make choice as needed.
4) accuracy of detection is set
For the accuracy of detection mainly for the detection based on Euclidean distance and mahalanobis distance, this can be neglected in using other methods when
Function.User can need to be adjusted when the detection of above two method is carried out when using the software according to specific experiment, examine
It is higher to survey the smaller then detection sensitivity of precision.
5) testing result is shown
When carrying out the detection based on mahalanobis distance and Euclidean distance, user can as needed to different testing results into
Row display can show the distance Curve of chip to be measured and template chip chamber, the distance of no wooden horse chip and template chip chamber respectively
Curve, comparison diagram (not shown) based on above-mentioned two distance Curves and the result figure after being made the difference to two curves (are not shown
Go out), while the accuracy of this detection can be provided;Can be shown when detected based on decision tree generation decision tree and
The concrete outcome of detection;It can show that decision tree number is distributed with classification accuracy relation when carrying out the detection based on random forest
Figure (not shown) and specific testing result.
5.3 software performance
1) input parameter
The data that user can carry out .txt file types according to the side channel data path of prompting input storage import, and can
It needs to be configured the item number for importing data according to test, i.e. how many energy marks or electromagnetic signal track, general one
.txt file deposits a data, while user can set the points of each data to tie up according to the sampling number of oscillograph
Degree, so as to fulfill the importing of free routing and arbitrary data amount.
2) data processing time
According to the size for importing data volume, the time that data import will be different, and the number of data of importing is more, institute
It is also longer with the time.
The time of progress PCA dimensionality reductions is also related with data volume size, and data are more, and the time used in PCA dimensionality reductions is longer.
Data processing is carried out using various algorithms and shows that the time of result is extremely short, therefore is importing data, carries out PCA drops
After dimension operation, it can conveniently switch different detection algorithms and draw the testing result of respective algorithms quickly.
In conclusion the time of the data processing of the software is concentrated mainly on the data predictions such as data importing and dimensionality reduction
Part, and carry out the later stage data processing and the results show efficiency it is very high.
3) Rapid reset
It after once experiment has been carried out, such as to import different data and detect again, without restarting software, software is provided with fast
Fast reset button can immediately begin to new detection after need to only clicking on.The presence of reset button simultaneously can also avoid losing because of operation
Running software malfunctions caused by by mistake.
5.4 software interface introductions
Hardware Trojan horse inspection software interface is broadly divided into four parts:
1. data prediction part
Mainly complete the functions such as side channel data importing and Data Dimensionality Reduction in the part.It can be according to the side number of channel input by user
It is imported according to file path and filename, and PCA dimensionality reductions is carried out to the data of importing, the data dimension after dimensionality reduction is made to be down to most
It is low, and at least retain the information of initial data 96%.
2. detection algorithm selects and precision setting part
Mainly complete the selection of detection algorithm and the setting of geneva and Euclidean distance accuracy of detection in the part.Wherein examine
Method of determining and calculating includes:Mahalanobis distance, Euclidean distance, decision tree classifier and random forest grader;Geneva and Euclidean distance inspection
The numerical value of survey precision setting is smaller, and detection sensitivity is higher, but accuracy needs user to weigh.
3. processing mode selected section
It is detected mainly for the hardware Trojan horse based on mahalanobis distance and Euclidean distance the part.User can select as needed
The mode of processing data is selected so as to generate required result figure and detection information.Click on the beginning detection button of the part
Last processing carries out data with the selection according to user, and shows result.
4. testing result display portion
Mainly to mahalanobis distance, the handling result of Euclidean distance and random forest grader is patterned top half
It has been shown that, predominantly graph and distribution map.The latter half mainly shows the detection of decision tree classifier and random forest grader
Information, information including classifier training and carries out accuracy of hardware Trojan horse differentiation etc. after being trained.
Attached drawing 5 is seen at the interface of hardware Trojan horse inspection software.
5.5 running environment
1) hardware environment
In order to shorten taking for processing data as far as possible, processor should reach Intel Core i3 processors and its more than water
It is flat.
2) software environment
Operating system is Windows 7 and its above version, can be in installation Matlab R2014a and its more than version
The MCR compilers of respective version are run or installed in system.
3) data environment
Should there be the side channel data of template chip (no wooden horse chip) and chip to be measured in the PC machine of running software, and
And preserved with .txt file formats, Data Filename is necessary for following form:Filename+space+number (is used for which is represented
Data) .txt, can be generally configured in host computer gathered data, at the same import every time data file requirement number and
Filename before space must be identical, and should be stored under identical file folder.
5.6 are illustrated using step
To collect and be stored in F:Under 6_8dc files exemplified by the electromagnetic data of chip.Chip uses Altera
Cyclone IV E minimum systems plate is core, downloads standard AES encryption algorithm routine.Wherein template chip (no wooden horse chip)
In this document folder in wmm files, chip data to be measured stores in ymmm files in this document data storage,
Contain hardware Trojan horse in chip to be measured.
Open operation
Software icon HTDT is double-clicked, waits and is loaded into and runs, into software interface.
Import data
According to interface prompt, survey channel data path stored in computer is inputted in the dialog box of interface, including mould
Plate data path, chip path to be measured and filename, and importing data parameters are set, determine the number of data to be imported and
Points per data.
It clicks on and imports data button, pending datas is waited to import and are completed, data volume is bigger, and it is also longer to import the time.It imports into
It after work(, has and imports successful prompt message, and the data dimension before importing can be shown on dimensionality reduction panel, a number in this example
According to data points for 10000, therefore the dimension before dimensionality reduction can be shown as 10000.
Dimensionality reduction
After data import successfully, PCA dimensionality reductions are clicked on, dimensionality reduction can be carried out to data, interface has " just in dimensionality reduction "
Message box is shown.Data volume is bigger, and processing time is longer, and after the success of PCA dimensionality reductions, drop is shown in field that can be after dimensionality reduction
Dimension after dimension, the data after dimensionality reduction can at least retain the 96% of legacy data information.
Select data processing algorithm and accuracy of detection
Selection will carry out the algorithm and accuracy of detection of data processing, and accuracy of detection is carrying out mahalanobis distance detection and Euclidean
It just works during distance detection, accuracy of detection plays the role of as follows when judging:
|D1(n1,m)-D2(n0, m) | > D2(n0,m)×jd×0.01
Wherein D1(n1, m) and to have distance between wooden horse chip data and template chip data, D2(n0, m) and for no wooden horse core
Distance between sheet data and template chip data, jd are the precision set on software interface, are meant expressed by precision, work as D1
And D2It is more than D apart from its difference2A few percent when, just judge n1It is the data for having wooden horse chip, otherwise just judges n1For no wooden horse
The data of chip, the setting of precision can adjust the threshold value for judging whether there is wooden horse in chip, so as to adjust the accuracy of judgement.
User can be configured and be adjusted to precision by input precision or adjustment ticker position.
Selection mahalanobis distance is clicked in this example, precision setting is " 2 ".
1) result figure to be shown is selected
When carrying out mahalanobis distance and Euclidean distance detects, software can show five kinds of result figure (not shown), including:Nothing
The distance map of wooden horse chip and template chip chamber;The distance map of chip to be measured and template chip chamber;The comparison diagram of above-mentioned two figure with
And the difference of the curve of above-mentioned two figure;Testing result distribution map (accuracy in detection) etc..Exemplified by importing 1000 datas, software meeting
Automatically using 1000 of importing without the previous half data of wooden horse chip data (500) as template chip data, latter half data
(500) also only take chip data 500 to be measured in data processing, namely why this as no wooden horse chip data
Abscissa only has the half of number of data in Dependence Results figure.The comparison diagram of no wooden horse chip and chip to be measured can such as be selected.
2) result is shown
After selecting result to be shown, click starts to detect, and software can be according to the algorithm and precision selected by user
Data processing is carried out, and the result of processing is intuitively shown in graph form (as can be by different colours
Curve distinguishes the mahalanobis distance of chip to be measured and template chip and the mahalanobis distance without wooden horse chip Yu template chip, passes through curve
In each point represent every two homologous threads distance average value, such as can be with representing chip to be measured and template chip
First point expression of the curve of mahalanobis distance is the geneva of the first data of chip to be measured and the first data of template chip
The average value of distance).
3) reset
After one-time detection has been carried out, if you need to start to handle another group of survey channel data and obtain testing result,
Reset button is clicked on, is then repeated the above steps
5.7 result judgement
This software provides four kinds of detection methods:Mahalanobis distance, Euclidean distance, decision tree classifier and random forest point
Class device.Wherein mahalanobis distance is similar with the result judgement of Euclidean distance, and user can intuitively be judged according to the curve of generation,
So as to draw the conclusion for whether having wooden horse in chip;And decision tree classifier and random forest grader can give in monitoring information
Go out detection as a result, decision tree classifier can show the decision tree block diagram (as shown in Figure 9) of generation, random forest grader simultaneously
It can show classification accuracy relation distribution map (as shown in Figure 10).
1) judged based on mahalanobis distance and Euclidean distance testing result
User can intuitively be judged according to two figures:
First is the distance (curve 1) of chip to be measured and template chip and the distance without wooden horse chip Yu template chip
(curve 2) comparison diagram, if curve 1 has larger fluctuation and amplitude compared with curve 2, then can be determined that and contain in chip to be measured substantially
There is hardware Trojan horse, as shown in fig. 6, it could be assumed that containing hardware Trojan horse in the chip to be measured that curve represents.
Second distribution map (as shown in Figure 7) for accuracy in detection, the point to decline on " 0 " are represented in chip to be measured
Curve representated by the point is judged as the data of no wooden horse chip, conversely, the point fallen on " 1 " represents the curve representated by the point
It is judged as there are the data of wooden horse chip.The testing result of chip to be measured is largely all fallen on " 1 " as seen from the figure, therefore can determine whether
The chip to be measured contains hardware Trojan horse.
User can also be according to this testing result of prompt acquisition of information and the accuracy of detection.As shown in Figure 8.
2) judged based on decision tree classifier and the testing result based on random forest grader
User should be primarily upon detection information when carrying out the detection based on decision tree classifier and random forest grader
The result information provided in frame.
Can provide total sample in result information, the information and final testing result of training sample and test sample and
Accuracy.In addition the detection based on decision tree classifier can provide the structure chart of decision tree, as shown in figure 9, it should be noted that
What Fig. 9 emphasis to be stated is the example of decision tree, and the number being overlapped in figure has no effect on the understanding of the present invention.
Detection based on random forest grader can provide classification accuracy relation distribution map, be illustrated in fig. 10 shown below.
Those listed above is a series of to be described in detail only for feasibility embodiment of the invention specifically
Bright, they are not to limit the scope of the invention, all equivalent implementations made without departing from skill spirit of the present invention
Or change should all be included in the protection scope of the present invention.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned exemplary embodiment, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Profit requirement rather than above description limit, it is intended that all by what is fallen within the meaning and scope of the equivalent requirements of the claims
Variation is included within the present invention.
Claims (5)
1. a kind of hardware Trojan horse detection method based on side Multiple Channel Analysis, which is characterized in that including:
Establishment side channel data collection detection platform;Wherein, the data of the platform acquisition include chip power-consumption data and electromagnetism
Signal data;
To the acquired electromagnetic data collected, dimension-reduction treatment is carried out using principal component analytical method, to reduce data volume and extract
Effective information;
Detection algorithm is selected to carry out hardware Trojan horse detection, by data analysis, draws testing result.
2. the hardware Trojan horse detection method according to claim 1 based on side Multiple Channel Analysis, which is characterized in that the detection
Platform includes host computer, detection object, DC power supply and oscillograph, and the detection object uses FPGA minimum system plates;
The DC power supply is connected with the FPGA minimum systems plate;
The FPGA minimum systems plate communicates with host computer, for downloading program from host computer;
The oscillograph communicates with the FPGA minimum systems plate and host computer.
3. the hardware Trojan horse detection method according to claim 2 based on side Multiple Channel Analysis, which is characterized in that the selection
Detection algorithm, which carries out hardware Trojan horse detection, to be included:
Hardware Trojan horse detection based on distance and the hardware Trojan horse detection based on machine learning.
4. the hardware Trojan horse detection method according to claim 3 based on side Multiple Channel Analysis, which is characterized in that the distance
For mahalanobis distance or Euclidean distance.
5. the hardware Trojan horse detection method according to claim 4 based on side Multiple Channel Analysis, which is characterized in that the selection
Detection algorithm carries out hardware Trojan horse detection and further includes:Hardware Trojan horse detection is carried out based on decision tree or random forests algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711322625.XA CN108062477A (en) | 2017-12-12 | 2017-12-12 | Hardware Trojan horse detection method based on side Multiple Channel Analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711322625.XA CN108062477A (en) | 2017-12-12 | 2017-12-12 | Hardware Trojan horse detection method based on side Multiple Channel Analysis |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108062477A true CN108062477A (en) | 2018-05-22 |
Family
ID=62138237
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711322625.XA Pending CN108062477A (en) | 2017-12-12 | 2017-12-12 | Hardware Trojan horse detection method based on side Multiple Channel Analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108062477A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108898034A (en) * | 2018-06-27 | 2018-11-27 | 天津大学 | Hardware Trojan horse side channel detection method based on algorithm of dividing and ruling |
| CN109150491A (en) * | 2018-07-10 | 2019-01-04 | 武汉大学 | A kind of Mobile portable formula side channel collecting test equipment and its control method |
| CN109257160A (en) * | 2018-12-05 | 2019-01-22 | 电子科技大学 | A kind of side channel template attack method based on decision tree |
| CN109490735A (en) * | 2018-10-12 | 2019-03-19 | 上海谱幂精密仪器科技有限公司 | It is a kind of for measuring the device and method of electric current and/or voltage |
| CN109557449A (en) * | 2018-10-23 | 2019-04-02 | 中国科学院计算技术研究所 | Based on the difficult integrated circuit detection method and system for surveying Path selection |
| CN110059504A (en) * | 2019-03-01 | 2019-07-26 | 西安电子科技大学 | A kind of hardware Trojan horse detection method and device |
| CN110098916A (en) * | 2019-04-08 | 2019-08-06 | 武汉大学 | A kind of high-order side Multiple Channel Analysis method based on software instruction positioning |
| CN110096880A (en) * | 2019-04-28 | 2019-08-06 | 天津大学 | Hardware Trojan horse localization method based on chip surface scanning |
| CN112084541A (en) * | 2020-08-11 | 2020-12-15 | 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) | Hardware Trojan horse detection method and system, computer equipment and readable storage medium |
| CN112464297A (en) * | 2020-12-17 | 2021-03-09 | 清华大学 | Hardware Trojan horse detection method and device and storage medium |
| CN113553630A (en) * | 2021-06-15 | 2021-10-26 | 西安电子科技大学 | Hardware Trojan horse detection system based on unsupervised learning and information data processing method |
| CN115310144A (en) * | 2022-07-08 | 2022-11-08 | 合肥先端晶体科技有限责任公司 | Hardware Trojan horse detection system and method based on diamond NV color center |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106815532A (en) * | 2015-11-27 | 2017-06-09 | 天津科技大学 | A kind of hardware Trojan horse based on distance measure distribution detects method of discrimination |
| CN106841987A (en) * | 2017-01-25 | 2017-06-13 | 天津大学 | Hardware Trojan horse side channel detection method based on electromagnetism and electric current |
| CN106872876A (en) * | 2017-01-25 | 2017-06-20 | 天津大学 | Based on electromagnetism and the hardware Trojan horse side channel detection method for postponing |
-
2017
- 2017-12-12 CN CN201711322625.XA patent/CN108062477A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106815532A (en) * | 2015-11-27 | 2017-06-09 | 天津科技大学 | A kind of hardware Trojan horse based on distance measure distribution detects method of discrimination |
| CN106841987A (en) * | 2017-01-25 | 2017-06-13 | 天津大学 | Hardware Trojan horse side channel detection method based on electromagnetism and electric current |
| CN106872876A (en) * | 2017-01-25 | 2017-06-20 | 天津大学 | Based on electromagnetism and the hardware Trojan horse side channel detection method for postponing |
Non-Patent Citations (4)
| Title |
|---|
| 杨松: "基于主成分分析的硬件木马检测技术研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 王晓晗 等: "基于核主成分分析的硬件木马检测方法研究", 《计算机测量与控制》 * |
| 苏静 等: "旁路信号主成分分析的欧式距离硬件木马检测", 《微电子学与计算机》 * |
| 赵毅强 等: "基于主成分分析的硬件木马检测方法", 《华中科技大学学报(自然科学版)》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108898034A (en) * | 2018-06-27 | 2018-11-27 | 天津大学 | Hardware Trojan horse side channel detection method based on algorithm of dividing and ruling |
| CN108898034B (en) * | 2018-06-27 | 2021-07-06 | 天津大学 | Hardware Trojan side channel detection method based on divide and conquer algorithm |
| CN109150491A (en) * | 2018-07-10 | 2019-01-04 | 武汉大学 | A kind of Mobile portable formula side channel collecting test equipment and its control method |
| CN109150491B (en) * | 2018-07-10 | 2021-11-09 | 武汉大学 | Mobile portable side channel acquisition and test equipment and control method thereof |
| CN109490735A (en) * | 2018-10-12 | 2019-03-19 | 上海谱幂精密仪器科技有限公司 | It is a kind of for measuring the device and method of electric current and/or voltage |
| CN109557449A (en) * | 2018-10-23 | 2019-04-02 | 中国科学院计算技术研究所 | Based on the difficult integrated circuit detection method and system for surveying Path selection |
| CN109257160A (en) * | 2018-12-05 | 2019-01-22 | 电子科技大学 | A kind of side channel template attack method based on decision tree |
| CN109257160B (en) * | 2018-12-05 | 2023-07-04 | 电子科技大学 | Side channel template attack method based on decision tree |
| CN110059504B (en) * | 2019-03-01 | 2021-02-26 | 西安电子科技大学 | Hardware Trojan horse detection method and device |
| CN110059504A (en) * | 2019-03-01 | 2019-07-26 | 西安电子科技大学 | A kind of hardware Trojan horse detection method and device |
| CN110098916B (en) * | 2019-04-08 | 2021-07-20 | 武汉大学 | High-order side channel analysis method based on software instruction positioning |
| CN110098916A (en) * | 2019-04-08 | 2019-08-06 | 武汉大学 | A kind of high-order side Multiple Channel Analysis method based on software instruction positioning |
| CN110096880B (en) * | 2019-04-28 | 2023-04-28 | 天津大学 | Hardware Trojan positioning method based on chip surface scanning |
| CN110096880A (en) * | 2019-04-28 | 2019-08-06 | 天津大学 | Hardware Trojan horse localization method based on chip surface scanning |
| CN112084541A (en) * | 2020-08-11 | 2020-12-15 | 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) | Hardware Trojan horse detection method and system, computer equipment and readable storage medium |
| CN112464297A (en) * | 2020-12-17 | 2021-03-09 | 清华大学 | Hardware Trojan horse detection method and device and storage medium |
| CN112464297B (en) * | 2020-12-17 | 2024-06-04 | 清华大学 | Hardware Trojan detection method, device and storage medium |
| CN113553630B (en) * | 2021-06-15 | 2023-06-23 | 西安电子科技大学 | Hardware Trojan detection system based on unsupervised learning and information data processing method |
| CN113553630A (en) * | 2021-06-15 | 2021-10-26 | 西安电子科技大学 | Hardware Trojan horse detection system based on unsupervised learning and information data processing method |
| CN115310144A (en) * | 2022-07-08 | 2022-11-08 | 合肥先端晶体科技有限责任公司 | Hardware Trojan horse detection system and method based on diamond NV color center |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108062477A (en) | Hardware Trojan horse detection method based on side Multiple Channel Analysis | |
| CN108665297B (en) | Method and device for detecting abnormal access behavior, electronic equipment and storage medium | |
| CN104756106B (en) | Data source in characterize data storage system | |
| CN104182335B (en) | Method for testing software and device | |
| CN109375945A (en) | Firmware version detection method and vulnerability repair rate evaluation method for Internet of things equipment | |
| CN110348441A (en) | VAT invoice recognition methods, device, computer equipment and storage medium | |
| CN103136471A (en) | Method and system for testing malicious Android application programs | |
| CN110414277B (en) | Gate-level hardware Trojan horse detection method based on multi-feature parameters | |
| CN107967485A (en) | Electro-metering equipment fault analysis method and device | |
| CN105205396A (en) | Detecting system for Android malicious code based on deep learning and method thereof | |
| CN103488941A (en) | Hardware Trojan horse detection method and hardware Trojan horse detection system | |
| CN104766015B (en) | A kind of buffer-overflow vulnerability dynamic testing method based on function call | |
| CN110175236A (en) | Training sample generation method, device and computer equipment for text classification | |
| CN106240839A (en) | For analyzing the system and method for flutter test data | |
| CN110489314A (en) | Model method for detecting abnormality, device, computer equipment and storage medium | |
| JP2005513841A5 (en) | ||
| CN105630656B (en) | System robustness analysis method and device based on log model | |
| CN106874760A (en) | A kind of Android malicious code sorting techniques based on hierarchy type SimHash | |
| CN109886016A (en) | For detecting the method, equipment and computer readable storage medium of abnormal data | |
| CN109684834A (en) | A kind of gate leve hardware Trojan horse recognition method based on XGBoost | |
| CN104268289B (en) | The abatement detecting method and device of link URL | |
| CN102324007A (en) | Method for detecting abnormality based on data mining | |
| Frank et al. | Extracting operating modes from building electrical load data | |
| CN108897765A (en) | A kind of batch data introduction method and its system | |
| CN101930401B (en) | Detection object-based software vulnerability model detection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180522 |