A Framework for Automated Exploration of Trojan Attack Space in FPGA Netlists

Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interact...

Full description

Saved in:

Bibliographic Details
Published in	IEEE transactions on computers Vol. 72; no. 10; pp. 1 - 12
Main Authors	Cruz, Jonathan, Posada, Christopher, Masna, Naren Vikram Raj, Chakraborty, Prabuddha, Gaikwad, Pravin, Bhunia, Swarup
Format	Journal Article
Language	English
Published	New York IEEE 01.10.2023 The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects	Application specific integrated circuits Automated trojan insertion Benchmark testing Benchmarks Circuit design dark silicon Design Field programmable gate arrays FPGA Hardware hardware trojans Logic gates Malware Product development Prototyping Silicon Supply chains Table lookup Trojan horses
Online Access	Get full text

Cover

Loading…

Abstract	Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interactions with potentially untrusted parties outside the traditional scrutiny of a completely in-house development cycle. An untrusted party or software can maliciously alter a hardware intellectual property (IP) block mapped to an FPGA device during various stages of the FPGA life-cycle. Such malicious alterations, also known as hardware Trojan attacks, have garnered significant research into their detection and prevention in the context of application-specific integrated circuit (ASIC) design flow. However, Trojan attacks in FPGAs have not enjoyed this same attention. Designers often rely on mapping ASIC-specific solutions and evaluation benchmarks to the FPGA domain, which leaves much of the FPGA-specific Trojan space uncovered. We note that the distinctive business model as well as the architectural configurations of FPGAs present unique opportunities for Trojan attacks to an adversary. To this end, we introduce a framework to automatically explore the hardware Trojan attack space in FPGA netlists. It is capable of inserting different types of FPGA-specific Trojans in a netlist enabling rapid exploration of potential Trojan attacks in an FPGA design: soft-template, monolithic, and distributed dark silicon. Soft template Trojans use behavioral templates with random synthesis constraints to increase Trojan structural diversity. Monolithic and distributed dark silicon Trojans use the under-utilized input space (FPGA dark silicon) in FPGA primitives to realize Trojans with effectively zero area and power footprint. Further optimizations are also presented to remove any potential delay impact. We then generate over 1300 Trojan-inserted benchmarks using each of the introduced FPGA Trojan classes, and compare their impact on utilization, delay, and power. Finally, we evaluate our Trojans against a machine learning-based Trojan detection to highlight their evasiveness.
AbstractList	Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interactions with potentially untrusted parties outside the traditional scrutiny of a completely in-house development cycle. An untrusted party/software can maliciously alter hardware intellectual property (IP) blocks mapped to an FPGA device during various stages of the FPGA life-cycle. Such malicious alterations, also known as hardware Trojans, have garnered significant research into their detection and prevention in the context of application-specific integrated circuit (ASIC) design flow. However, Trojan attacks in FPGAs have not enjoyed this same attention. Designers often rely on mapping ASIC-specific solutions and benchmarks to the FPGA domain, leaving much of the FPGA-specific Trojan space uncovered. The distinctive business model and architectural configurations of FPGAs also present unique Trojan attack opportunities for adversaries. To this end, we introduce a framework to automatically explore the hardware Trojan attack space in FPGA netlists, which can insert different FPGA-specific Trojans in a netlist enabling rapid exploration of potential Trojan attacks in an FPGA design: soft-template, monolithic and distributed dark silicon. The dark silicon Trojans use the under-utilized input space in FPGA primitives and other optimizations to realize Trojans with effectively zero area, delay, and power footprint. We generate over 1300 Trojan-inserted benchmarks using the introduced FPGA Trojan classes, and compare their impact on utilization, delay, and power and evaluate their stealthiness against Trojan detection. Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interactions with potentially untrusted parties outside the traditional scrutiny of a completely in-house development cycle. An untrusted party or software can maliciously alter a hardware intellectual property (IP) block mapped to an FPGA device during various stages of the FPGA life-cycle. Such malicious alterations, also known as hardware Trojan attacks, have garnered significant research into their detection and prevention in the context of application-specific integrated circuit (ASIC) design flow. However, Trojan attacks in FPGAs have not enjoyed this same attention. Designers often rely on mapping ASIC-specific solutions and evaluation benchmarks to the FPGA domain, which leaves much of the FPGA-specific Trojan space uncovered. We note that the distinctive business model as well as the architectural configurations of FPGAs present unique opportunities for Trojan attacks to an adversary. To this end, we introduce a framework to automatically explore the hardware Trojan attack space in FPGA netlists. It is capable of inserting different types of FPGA-specific Trojans in a netlist enabling rapid exploration of potential Trojan attacks in an FPGA design: soft-template, monolithic, and distributed dark silicon. Soft template Trojans use behavioral templates with random synthesis constraints to increase Trojan structural diversity. Monolithic and distributed dark silicon Trojans use the under-utilized input space (FPGA dark silicon) in FPGA primitives to realize Trojans with effectively zero area and power footprint. Further optimizations are also presented to remove any potential delay impact. We then generate over 1300 Trojan-inserted benchmarks using each of the introduced FPGA Trojan classes, and compare their impact on utilization, delay, and power. Finally, we evaluate our Trojans against a machine learning-based Trojan detection to highlight their evasiveness.
Author	Posada, Christopher Bhunia, Swarup Chakraborty, Prabuddha Cruz, Jonathan Masna, Naren Vikram Raj Gaikwad, Pravin
Author_xml	– sequence: 1 givenname: Jonathan orcidid: 0000-0002-7404-9259 surname: Cruz fullname: Cruz, Jonathan organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA – sequence: 2 givenname: Christopher orcidid: 0000-0002-3371-8655 surname: Posada fullname: Posada, Christopher organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA – sequence: 3 givenname: Naren Vikram Raj orcidid: 0000-0002-7691-5560 surname: Masna fullname: Masna, Naren Vikram Raj organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA – sequence: 4 givenname: Prabuddha orcidid: 0000-0002-5102-4200 surname: Chakraborty fullname: Chakraborty, Prabuddha organization: Department of Electrical, Computer Engineering, University of Maine, Orono, ME, USA – sequence: 5 givenname: Pravin orcidid: 0000-0003-0127-0902 surname: Gaikwad fullname: Gaikwad, Pravin organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA – sequence: 6 givenname: Swarup orcidid: 0000-0001-6082-6961 surname: Bhunia fullname: Bhunia, Swarup organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA
BookMark	eNpNkDtPwzAYRS1UJNrCzMJgiTmtH_VrjKK2IJWHRJgtJ_0ipY842K6Af0-rdmC6y7n3SmeEBp3vAKF7SiaUEjMtiwkjjE84k1IYdoWGVAiVGSPkAA0JoTozfEZu0CjGDSFEMmKG6CXHi-D28O3DFjc-4PyQ_N4lWOP5T7_zwaXWd9g3uAx-4zqcp-TqLf7oXQ247fDifZnjV0i7NqZ4i64bt4twd8kx-lzMy-IpW70tn4t8ldWc05QpZ2pdc9do5dZGCMMpdQYqIdYUZG1AglKOKs0Z0UoQxx2tjASjm6pRquJj9Hje7YP_OkBMduMPoTteWqYlkzPGuD5S0zNVBx9jgMb2od278GspsSdntizsyZm9ODs2Hs6NFgD-0ZRwaTT_A-Z9aAk
CODEN	ITCOB4
CitedBy_id	crossref_primary_10_3390_info15070395
Cites_doi	10.23919/DATE.2018.8342270 10.1109/ACCESS.2018.2887268 10.1109/TMSCS.2016.2584052 10.1109/TCAD.2022.3178643 10.1109/ACCESS.2019.2901949 10.1109/TCAD.2017.2729340 10.1145/2966986.2967054 10.1109/TEST.2018.8624727 10.1109/ReConFig.2016.7857187 10.1109/HST.2019.8741025 10.1109/LES.2015.2406791 10.1109/ACCESS.2022.3173287 10.1109/TETC.2016.2585046 10.1145/3361147 10.1109/TIFS.2016.2613842 10.1109/DSD.2018.00091 10.1109/TDSC.2018.2812183 10.1109/ISVLSI.2019.00062 10.1109/ACCESS.2020.2965016 10.1109/ISCAS51556.2021.9401143 10.1109/ICCD.2017.95 10.1109/TVLSI.2018.2879878
ContentType	Journal Article
Copyright	Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023
Copyright_xml	– notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023
DBID	97E RIA RIE AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D
DOI	10.1109/TC.2023.3266592
DatabaseName	IEEE All-Society Periodicals Package (ASPP) 2005-present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Xplore CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional
DatabaseTitle	CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional
DatabaseTitleList	Technology Research Database
Database_xml	– sequence: 1 dbid: RIE name: IEEE Xplore url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher
DeliveryMethod	fulltext_linktorsrc
Discipline	Engineering Computer Science
EISSN	1557-9956
EndPage	12
ExternalDocumentID	10_1109_TC_2023_3266592 10103698
Genre	orig-research
GroupedDBID	--Z -DZ -~X .DC 0R~ 29I 4.4 5GY 6IK 85S 97E AAJGR AASAJ ABQJQ ABVLG ACGFO ACIWK ACNCT AENEX AETEA AKJIK ALMA_UNASSIGNED_HOLDINGS ASUFR ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 EBS EJD HZ~ IEDLZ IFIPE IPLJI JAVBF LAI M43 MS~ O9- OCL P2P PQQKQ RIA RIC RIE RNS RXW TAE TN5 TWZ UHB UPT XZL YZZ .55 3EH 3O- 5VS AAYOK AAYXX ABFSI AETIX AI. AIBXA ALLEH CITATION E.L F20 H~9 IAAWW IBMZZ ICLAB IFJZH MVM RIG RNI RZB UKR VH1 X7M XJT XOL YXB YYQ ZCG 7SC 7SP 8FD JQ2 L7M L~C L~D
ID	FETCH-LOGICAL-c331t-7a9c8c3af87ad9559311a9eb55d1e6c9e6e77a1783208750a3a1b96e98fbf77b3
IEDL.DBID	RIE
ISSN	0018-9340
IngestDate	Tue Sep 24 21:57:54 EDT 2024 Thu Sep 26 16:18:25 EDT 2024 Wed Jun 26 19:28:14 EDT 2024
IsDoiOpenAccess	false
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Issue	10
Language	English
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-c331t-7a9c8c3af87ad9559311a9eb55d1e6c9e6e77a1783208750a3a1b96e98fbf77b3
ORCID	0000-0002-7404-9259 0000-0002-3371-8655 0000-0002-7691-5560 0000-0003-0127-0902 0000-0002-5102-4200 0000-0001-6082-6961
OpenAccessLink	https://www.techrxiv.org/articles/preprint/A_Framework_for_Automated_Exploration_of_Trojan_Attack_Space_in_FPGA_Netlists/20224140/1/files/36147831.pdf
PQID	2862642238
PQPubID	85452
PageCount	12
ParticipantIDs	crossref_primary_10_1109_TC_2023_3266592 proquest_journals_2862642238 ieee_primary_10103698
PublicationCentury	2000
PublicationDate	2023-10-01
PublicationDateYYYYMMDD	2023-10-01
PublicationDate_xml	– month: 10 year: 2023 text: 2023-10-01 day: 01
PublicationDecade	2020
PublicationPlace	New York
PublicationPlace_xml	– name: New York
PublicationTitle	IEEE transactions on computers
PublicationTitleAbbrev	TC
PublicationYear	2023
Publisher	IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml	– name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References	ref13 ref12 (ref23) 2022 ref15 ref14 ref11 ref10 ref2 ref17 ref16 ref19 (ref25) 2022 ref18 ref20 (ref24) 2022 ref22 ref21 (ref3) 2022 ref28 ref27 ref8 (ref1) 2022 ref7 ref9 ref4 ref6 (ref26) 2022 ref5
References_xml	– ident: ref4 doi: 10.23919/DATE.2018.8342270 – ident: ref17 doi: 10.1109/ACCESS.2018.2887268 – ident: ref22 doi: 10.1109/TMSCS.2016.2584052 – ident: ref19 doi: 10.1109/TCAD.2022.3178643 – year: 2022 ident: ref26 article-title: Yosys open synthesis suite – year: 2022 ident: ref1 article-title: About Intel xeon scalable processors – ident: ref12 doi: 10.1109/ACCESS.2019.2901949 – ident: ref9 doi: 10.1109/TCAD.2017.2729340 – year: 2022 ident: ref3 article-title: Trust-hub benchmarks – ident: ref21 doi: 10.1145/2966986.2967054 – ident: ref16 doi: 10.1109/TEST.2018.8624727 – ident: ref5 doi: 10.1109/ReConFig.2016.7857187 – year: 2022 ident: ref23 article-title: Open cores benchmarks – ident: ref8 doi: 10.1109/HST.2019.8741025 – ident: ref6 doi: 10.1109/LES.2015.2406791 – ident: ref15 doi: 10.1109/ACCESS.2022.3173287 – ident: ref28 doi: 10.1109/TETC.2016.2585046 – ident: ref27 doi: 10.1145/3361147 – ident: ref13 doi: 10.1109/TIFS.2016.2613842 – ident: ref10 doi: 10.1109/DSD.2018.00091 – year: 2022 ident: ref25 article-title: Common evaluation platform – ident: ref11 doi: 10.1109/TDSC.2018.2812183 – year: 2022 ident: ref24 article-title: Vivado design suite user guide: Design analysis and closure techniques (UG906) – ident: ref20 doi: 10.1109/ISVLSI.2019.00062 – ident: ref14 doi: 10.1109/ACCESS.2020.2965016 – ident: ref2 doi: 10.1109/ISCAS51556.2021.9401143 – ident: ref18 doi: 10.1109/ICCD.2017.95 – ident: ref7 doi: 10.1109/TVLSI.2018.2879878
SSID	ssj0006209
Score	2.458584
Snippet	Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains....
SourceID	proquest crossref ieee
SourceType	Aggregation Database Publisher
StartPage	1
SubjectTerms	Application specific integrated circuits Automated trojan insertion Benchmark testing Benchmarks Circuit design dark silicon Design Field programmable gate arrays FPGA Hardware hardware trojans Logic gates Malware Product development Prototyping Silicon Supply chains Table lookup Trojan horses
Title	A Framework for Automated Exploration of Trojan Attack Space in FPGA Netlists
URI	https://ieeexplore.ieee.org/document/10103698 https://www.proquest.com/docview/2862642238/abstract/
Volume	72
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
link	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8QwEB7Ukx58rIrrixw8eGlttm0ex7K4LoKL4AreSppOwAetrN2Lv94kbcUHgrce0hIyr2-ab2YAzlSibSARSaAsvg2SkpugMIYFlHGUpUmTkfEE2Rmb3ifXD-lDV6zua2EQ0ZPPMHSP_i6_rPXS_SqzFk6tw5ViFVZFNGqLtT7dLuv5HNRacJxEXR8fGsmL-Th0U8JDC1XcLeK3EORnqvxyxD66TLZg1u-rJZU8h8umCPX7j5aN_974Nmx2OJNkrWLswApWA9jqZziQzqQHsPGlIeEu3GRk0rO1iIWzJFs2tcW0WJKWrOflSGpD5ov6SVUkaxqln8mdzbyRPFZkcnuVkRk2L1Z73vbgfnI5H0-DbuBCoOOYNgFXUgsdKyO4Kl1ruphSJbFI05Ii0xIZcq4ot17ANcKPVKxoIRlKYQrDeRHvw1pVV3gAxBhFNYu5ZKXNwZgokHG7Pkq1BZACR0M472WQv7Z9NXKfj0Qyn49zJ668E9cQ9tyJflnWHuYQjnuh5Z3hveUjl6ElFvOIwz9eO4J19_WWkHcMa81iiScWWDTFqVeoD1jPyAY
link.rule.ids	315,786,790,802,27957,27958,55109
linkProvider	IEEE
linkToHtml	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1Lb9QwEB7R5dD2QOkDdaFQHzj0kjTeJHZ8jFYsC21XlUil3iLHGUulKEHd7IVfz9hJUKFC6i2HiWJ5Xt_En2cAPurEUCLJkkATvg2SWtqgslYEXEhUtU2TmfUE2ZVY3iRfb9Pb4bK6vwuDiJ58hqF79Gf5dWs27lcZeTingKuyLXhJiT5S_XWtP4FXjIwOTj4cJ9HQyYcEz4t56OaEhwRW3DniX0nIT1V5Eop9flnswWpcWU8ruQ83XRWaX_80bXz20l_DqwFpsrw3jX14gc0B7I1THNjg1Aew-6gl4SFc5Wwx8rUYAVqWb7qWUC3WrKfreU2y1rLiof2uG5Z3nTb37BvV3sjuGra4_pyzFXY_yH7WR3Cz-FTMl8EwciEwccy7QGplMhNrm0ldu-Z0MedaYZWmNUdhFAqUUnNJccC1wo90rHmlBKrMVlbKKn4Dk6Zt8BiYtZobEUslaqrCRFahkCQfpYYgZIazKZyNOih_9p01Sl-RRKos5qVTVzmoawpHbkcfifWbOYWTUWnl4HrrcuZqtIRQT_b2P6-dwvayuLosL7-sLt7BjvtST887gUn3sMH3BDO66oM3rt8W38tc
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Framework+for+Automated+Exploration+of+Trojan+Attack+Space+in+FPGA+Netlists&rft.jtitle=IEEE+transactions+on+computers&rft.au=Cruz%2C+Jonathan&rft.au=Posada%2C+Christopher&rft.au=Masna%2C+Naren+Vikram+Raj&rft.au=Chakraborty%2C+Prabuddha&rft.date=2023-10-01&rft.issn=0018-9340&rft.eissn=1557-9956&rft.volume=72&rft.issue=10&rft.spage=2740&rft.epage=2751&rft_id=info:doi/10.1109%2FTC.2023.3266592&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TC_2023_3266592
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0018-9340&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0018-9340&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0018-9340&client=summon