A Framework for Automated Exploration of Trojan Attack Space in FPGA Netlists
Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interact...
Saved in:
Published in | IEEE transactions on computers Vol. 72; no. 10; pp. 1 - 12 |
---|---|
Main Authors | , , , , , |
Format | Journal Article |
Language | English |
Published |
New York
IEEE
01.10.2023
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Abstract | Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interactions with potentially untrusted parties outside the traditional scrutiny of a completely in-house development cycle. An untrusted party or software can maliciously alter a hardware intellectual property (IP) block mapped to an FPGA device during various stages of the FPGA life-cycle. Such malicious alterations, also known as hardware Trojan attacks, have garnered significant research into their detection and prevention in the context of application-specific integrated circuit (ASIC) design flow. However, Trojan attacks in FPGAs have not enjoyed this same attention. Designers often rely on mapping ASIC-specific solutions and evaluation benchmarks to the FPGA domain, which leaves much of the FPGA-specific Trojan space uncovered. We note that the distinctive business model as well as the architectural configurations of FPGAs present unique opportunities for Trojan attacks to an adversary. To this end, we introduce a framework to automatically explore the hardware Trojan attack space in FPGA netlists. It is capable of inserting different types of FPGA-specific Trojans in a netlist enabling rapid exploration of potential Trojan attacks in an FPGA design: soft-template, monolithic, and distributed dark silicon. Soft template Trojans use behavioral templates with random synthesis constraints to increase Trojan structural diversity. Monolithic and distributed dark silicon Trojans use the under-utilized input space (FPGA dark silicon) in FPGA primitives to realize Trojans with effectively zero area and power footprint. Further optimizations are also presented to remove any potential delay impact. We then generate over 1300 Trojan-inserted benchmarks using each of the introduced FPGA Trojan classes, and compare their impact on utilization, delay, and power. Finally, we evaluate our Trojans against a machine learning-based Trojan detection to highlight their evasiveness. |
---|---|
AbstractList | Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interactions with potentially untrusted parties outside the traditional scrutiny of a completely in-house development cycle. An untrusted party/software can maliciously alter hardware intellectual property (IP) blocks mapped to an FPGA device during various stages of the FPGA life-cycle. Such malicious alterations, also known as hardware Trojans, have garnered significant research into their detection and prevention in the context of application-specific integrated circuit (ASIC) design flow. However, Trojan attacks in FPGAs have not enjoyed this same attention. Designers often rely on mapping ASIC-specific solutions and benchmarks to the FPGA domain, leaving much of the FPGA-specific Trojan space uncovered. The distinctive business model and architectural configurations of FPGAs also present unique Trojan attack opportunities for adversaries. To this end, we introduce a framework to automatically explore the hardware Trojan attack space in FPGA netlists, which can insert different FPGA-specific Trojans in a netlist enabling rapid exploration of potential Trojan attacks in an FPGA design: soft-template, monolithic and distributed dark silicon. The dark silicon Trojans use the under-utilized input space in FPGA primitives and other optimizations to realize Trojans with effectively zero area, delay, and power footprint. We generate over 1300 Trojan-inserted benchmarks using the introduced FPGA Trojan classes, and compare their impact on utilization, delay, and power and evaluate their stealthiness against Trojan detection. Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interactions with potentially untrusted parties outside the traditional scrutiny of a completely in-house development cycle. An untrusted party or software can maliciously alter a hardware intellectual property (IP) block mapped to an FPGA device during various stages of the FPGA life-cycle. Such malicious alterations, also known as hardware Trojan attacks, have garnered significant research into their detection and prevention in the context of application-specific integrated circuit (ASIC) design flow. However, Trojan attacks in FPGAs have not enjoyed this same attention. Designers often rely on mapping ASIC-specific solutions and evaluation benchmarks to the FPGA domain, which leaves much of the FPGA-specific Trojan space uncovered. We note that the distinctive business model as well as the architectural configurations of FPGAs present unique opportunities for Trojan attacks to an adversary. To this end, we introduce a framework to automatically explore the hardware Trojan attack space in FPGA netlists. It is capable of inserting different types of FPGA-specific Trojans in a netlist enabling rapid exploration of potential Trojan attacks in an FPGA design: soft-template, monolithic, and distributed dark silicon. Soft template Trojans use behavioral templates with random synthesis constraints to increase Trojan structural diversity. Monolithic and distributed dark silicon Trojans use the under-utilized input space (FPGA dark silicon) in FPGA primitives to realize Trojans with effectively zero area and power footprint. Further optimizations are also presented to remove any potential delay impact. We then generate over 1300 Trojan-inserted benchmarks using each of the introduced FPGA Trojan classes, and compare their impact on utilization, delay, and power. Finally, we evaluate our Trojans against a machine learning-based Trojan detection to highlight their evasiveness. |
Author | Posada, Christopher Bhunia, Swarup Chakraborty, Prabuddha Cruz, Jonathan Masna, Naren Vikram Raj Gaikwad, Pravin |
Author_xml | – sequence: 1 givenname: Jonathan orcidid: 0000-0002-7404-9259 surname: Cruz fullname: Cruz, Jonathan organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA – sequence: 2 givenname: Christopher orcidid: 0000-0002-3371-8655 surname: Posada fullname: Posada, Christopher organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA – sequence: 3 givenname: Naren Vikram Raj orcidid: 0000-0002-7691-5560 surname: Masna fullname: Masna, Naren Vikram Raj organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA – sequence: 4 givenname: Prabuddha orcidid: 0000-0002-5102-4200 surname: Chakraborty fullname: Chakraborty, Prabuddha organization: Department of Electrical, Computer Engineering, University of Maine, Orono, ME, USA – sequence: 5 givenname: Pravin orcidid: 0000-0003-0127-0902 surname: Gaikwad fullname: Gaikwad, Pravin organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA – sequence: 6 givenname: Swarup orcidid: 0000-0001-6082-6961 surname: Bhunia fullname: Bhunia, Swarup organization: Department of Electrical, Computer Engineering, University of Florida, Gainesville, FL, USA |
BookMark | eNpNkDtPwzAYRS1UJNrCzMJgiTmtH_VrjKK2IJWHRJgtJ_0ipY842K6Af0-rdmC6y7n3SmeEBp3vAKF7SiaUEjMtiwkjjE84k1IYdoWGVAiVGSPkAA0JoTozfEZu0CjGDSFEMmKG6CXHi-D28O3DFjc-4PyQ_N4lWOP5T7_zwaXWd9g3uAx-4zqcp-TqLf7oXQ247fDifZnjV0i7NqZ4i64bt4twd8kx-lzMy-IpW70tn4t8ldWc05QpZ2pdc9do5dZGCMMpdQYqIdYUZG1AglKOKs0Z0UoQxx2tjASjm6pRquJj9Hje7YP_OkBMduMPoTteWqYlkzPGuD5S0zNVBx9jgMb2od278GspsSdntizsyZm9ODs2Hs6NFgD-0ZRwaTT_A-Z9aAk |
CODEN | ITCOB4 |
CitedBy_id | crossref_primary_10_3390_info15070395 |
Cites_doi | 10.23919/DATE.2018.8342270 10.1109/ACCESS.2018.2887268 10.1109/TMSCS.2016.2584052 10.1109/TCAD.2022.3178643 10.1109/ACCESS.2019.2901949 10.1109/TCAD.2017.2729340 10.1145/2966986.2967054 10.1109/TEST.2018.8624727 10.1109/ReConFig.2016.7857187 10.1109/HST.2019.8741025 10.1109/LES.2015.2406791 10.1109/ACCESS.2022.3173287 10.1109/TETC.2016.2585046 10.1145/3361147 10.1109/TIFS.2016.2613842 10.1109/DSD.2018.00091 10.1109/TDSC.2018.2812183 10.1109/ISVLSI.2019.00062 10.1109/ACCESS.2020.2965016 10.1109/ISCAS51556.2021.9401143 10.1109/ICCD.2017.95 10.1109/TVLSI.2018.2879878 |
ContentType | Journal Article |
Copyright | Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023 |
Copyright_xml | – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023 |
DBID | 97E RIA RIE AAYXX CITATION 7SC 7SP 8FD JQ2 L7M L~C L~D |
DOI | 10.1109/TC.2023.3266592 |
DatabaseName | IEEE All-Society Periodicals Package (ASPP) 2005-present IEEE All-Society Periodicals Package (ASPP) 1998–Present IEEE Xplore CrossRef Computer and Information Systems Abstracts Electronics & Communications Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
DatabaseTitle | CrossRef Technology Research Database Computer and Information Systems Abstracts – Academic Electronics & Communications Abstracts ProQuest Computer Science Collection Computer and Information Systems Abstracts Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Professional |
DatabaseTitleList | Technology Research Database |
Database_xml | – sequence: 1 dbid: RIE name: IEEE Xplore url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
DeliveryMethod | fulltext_linktorsrc |
Discipline | Engineering Computer Science |
EISSN | 1557-9956 |
EndPage | 12 |
ExternalDocumentID | 10_1109_TC_2023_3266592 10103698 |
Genre | orig-research |
GroupedDBID | --Z -DZ -~X .DC 0R~ 29I 4.4 5GY 6IK 85S 97E AAJGR AASAJ ABQJQ ABVLG ACGFO ACIWK ACNCT AENEX AETEA AKJIK ALMA_UNASSIGNED_HOLDINGS ASUFR ATWAV BEFXN BFFAM BGNUA BKEBE BPEOZ CS3 DU5 EBS EJD HZ~ IEDLZ IFIPE IPLJI JAVBF LAI M43 MS~ O9- OCL P2P PQQKQ RIA RIC RIE RNS RXW TAE TN5 TWZ UHB UPT XZL YZZ .55 3EH 3O- 5VS AAYOK AAYXX ABFSI AETIX AI. AIBXA ALLEH CITATION E.L F20 H~9 IAAWW IBMZZ ICLAB IFJZH MVM RIG RNI RZB UKR VH1 X7M XJT XOL YXB YYQ ZCG 7SC 7SP 8FD JQ2 L7M L~C L~D |
ID | FETCH-LOGICAL-c331t-7a9c8c3af87ad9559311a9eb55d1e6c9e6e77a1783208750a3a1b96e98fbf77b3 |
IEDL.DBID | RIE |
ISSN | 0018-9340 |
IngestDate | Tue Sep 24 21:57:54 EDT 2024 Thu Sep 26 16:18:25 EDT 2024 Wed Jun 26 19:28:14 EDT 2024 |
IsDoiOpenAccess | false |
IsOpenAccess | true |
IsPeerReviewed | true |
IsScholarly | true |
Issue | 10 |
Language | English |
LinkModel | DirectLink |
MergedId | FETCHMERGED-LOGICAL-c331t-7a9c8c3af87ad9559311a9eb55d1e6c9e6e77a1783208750a3a1b96e98fbf77b3 |
ORCID | 0000-0002-7404-9259 0000-0002-3371-8655 0000-0002-7691-5560 0000-0003-0127-0902 0000-0002-5102-4200 0000-0001-6082-6961 |
OpenAccessLink | https://www.techrxiv.org/articles/preprint/A_Framework_for_Automated_Exploration_of_Trojan_Attack_Space_in_FPGA_Netlists/20224140/1/files/36147831.pdf |
PQID | 2862642238 |
PQPubID | 85452 |
PageCount | 12 |
ParticipantIDs | crossref_primary_10_1109_TC_2023_3266592 proquest_journals_2862642238 ieee_primary_10103698 |
PublicationCentury | 2000 |
PublicationDate | 2023-10-01 |
PublicationDateYYYYMMDD | 2023-10-01 |
PublicationDate_xml | – month: 10 year: 2023 text: 2023-10-01 day: 01 |
PublicationDecade | 2020 |
PublicationPlace | New York |
PublicationPlace_xml | – name: New York |
PublicationTitle | IEEE transactions on computers |
PublicationTitleAbbrev | TC |
PublicationYear | 2023 |
Publisher | IEEE The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
Publisher_xml | – name: IEEE – name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
References | ref13 ref12 (ref23) 2022 ref15 ref14 ref11 ref10 ref2 ref17 ref16 ref19 (ref25) 2022 ref18 ref20 (ref24) 2022 ref22 ref21 (ref3) 2022 ref28 ref27 ref8 (ref1) 2022 ref7 ref9 ref4 ref6 (ref26) 2022 ref5 |
References_xml | – ident: ref4 doi: 10.23919/DATE.2018.8342270 – ident: ref17 doi: 10.1109/ACCESS.2018.2887268 – ident: ref22 doi: 10.1109/TMSCS.2016.2584052 – ident: ref19 doi: 10.1109/TCAD.2022.3178643 – year: 2022 ident: ref26 article-title: Yosys open synthesis suite – year: 2022 ident: ref1 article-title: About Intel xeon scalable processors – ident: ref12 doi: 10.1109/ACCESS.2019.2901949 – ident: ref9 doi: 10.1109/TCAD.2017.2729340 – year: 2022 ident: ref3 article-title: Trust-hub benchmarks – ident: ref21 doi: 10.1145/2966986.2967054 – ident: ref16 doi: 10.1109/TEST.2018.8624727 – ident: ref5 doi: 10.1109/ReConFig.2016.7857187 – year: 2022 ident: ref23 article-title: Open cores benchmarks – ident: ref8 doi: 10.1109/HST.2019.8741025 – ident: ref6 doi: 10.1109/LES.2015.2406791 – ident: ref15 doi: 10.1109/ACCESS.2022.3173287 – ident: ref28 doi: 10.1109/TETC.2016.2585046 – ident: ref27 doi: 10.1145/3361147 – ident: ref13 doi: 10.1109/TIFS.2016.2613842 – ident: ref10 doi: 10.1109/DSD.2018.00091 – year: 2022 ident: ref25 article-title: Common evaluation platform – ident: ref11 doi: 10.1109/TDSC.2018.2812183 – year: 2022 ident: ref24 article-title: Vivado design suite user guide: Design analysis and closure techniques (UG906) – ident: ref20 doi: 10.1109/ISVLSI.2019.00062 – ident: ref14 doi: 10.1109/ACCESS.2020.2965016 – ident: ref2 doi: 10.1109/ISCAS51556.2021.9401143 – ident: ref18 doi: 10.1109/ICCD.2017.95 – ident: ref7 doi: 10.1109/TVLSI.2018.2879878 |
SSID | ssj0006209 |
Score | 2.458584 |
Snippet | Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains.... |
SourceID | proquest crossref ieee |
SourceType | Aggregation Database Publisher |
StartPage | 1 |
SubjectTerms | Application specific integrated circuits Automated trojan insertion Benchmark testing Benchmarks Circuit design dark silicon Design Field programmable gate arrays FPGA Hardware hardware trojans Logic gates Malware Product development Prototyping Silicon Supply chains Table lookup Trojan horses |
Title | A Framework for Automated Exploration of Trojan Attack Space in FPGA Netlists |
URI | https://ieeexplore.ieee.org/document/10103698 https://www.proquest.com/docview/2862642238/abstract/ |
Volume | 72 |
hasFullText | 1 |
inHoldings | 1 |
isFullTextHit | |
isPrint | |
link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8QwEB7Ukx58rIrrixw8eGlttm0ex7K4LoKL4AreSppOwAetrN2Lv94kbcUHgrce0hIyr2-ab2YAzlSibSARSaAsvg2SkpugMIYFlHGUpUmTkfEE2Rmb3ifXD-lDV6zua2EQ0ZPPMHSP_i6_rPXS_SqzFk6tw5ViFVZFNGqLtT7dLuv5HNRacJxEXR8fGsmL-Th0U8JDC1XcLeK3EORnqvxyxD66TLZg1u-rJZU8h8umCPX7j5aN_974Nmx2OJNkrWLswApWA9jqZziQzqQHsPGlIeEu3GRk0rO1iIWzJFs2tcW0WJKWrOflSGpD5ov6SVUkaxqln8mdzbyRPFZkcnuVkRk2L1Z73vbgfnI5H0-DbuBCoOOYNgFXUgsdKyO4Kl1ruphSJbFI05Ii0xIZcq4ot17ANcKPVKxoIRlKYQrDeRHvw1pVV3gAxBhFNYu5ZKXNwZgokHG7Pkq1BZACR0M472WQv7Z9NXKfj0Qyn49zJ668E9cQ9tyJflnWHuYQjnuh5Z3hveUjl6ElFvOIwz9eO4J19_WWkHcMa81iiScWWDTFqVeoD1jPyAY |
link.rule.ids | 315,786,790,802,27957,27958,55109 |
linkProvider | IEEE |
linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1Lb9QwEB7R5dD2QOkDdaFQHzj0kjTeJHZ8jFYsC21XlUil3iLHGUulKEHd7IVfz9hJUKFC6i2HiWJ5Xt_En2cAPurEUCLJkkATvg2SWtqgslYEXEhUtU2TmfUE2ZVY3iRfb9Pb4bK6vwuDiJ58hqF79Gf5dWs27lcZeTingKuyLXhJiT5S_XWtP4FXjIwOTj4cJ9HQyYcEz4t56OaEhwRW3DniX0nIT1V5Eop9flnswWpcWU8ruQ83XRWaX_80bXz20l_DqwFpsrw3jX14gc0B7I1THNjg1Aew-6gl4SFc5Wwx8rUYAVqWb7qWUC3WrKfreU2y1rLiof2uG5Z3nTb37BvV3sjuGra4_pyzFXY_yH7WR3Cz-FTMl8EwciEwccy7QGplMhNrm0ldu-Z0MedaYZWmNUdhFAqUUnNJccC1wo90rHmlBKrMVlbKKn4Dk6Zt8BiYtZobEUslaqrCRFahkCQfpYYgZIazKZyNOih_9p01Sl-RRKos5qVTVzmoawpHbkcfifWbOYWTUWnl4HrrcuZqtIRQT_b2P6-dwvayuLosL7-sLt7BjvtST887gUn3sMH3BDO66oM3rt8W38tc |
openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Framework+for+Automated+Exploration+of+Trojan+Attack+Space+in+FPGA+Netlists&rft.jtitle=IEEE+transactions+on+computers&rft.au=Cruz%2C+Jonathan&rft.au=Posada%2C+Christopher&rft.au=Masna%2C+Naren+Vikram+Raj&rft.au=Chakraborty%2C+Prabuddha&rft.date=2023-10-01&rft.issn=0018-9340&rft.eissn=1557-9956&rft.volume=72&rft.issue=10&rft.spage=2740&rft.epage=2751&rft_id=info:doi/10.1109%2FTC.2023.3266592&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TC_2023_3266592 |
thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0018-9340&client=summon |
thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0018-9340&client=summon |
thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0018-9340&client=summon |