Detecting Hardware Trojans in PCBs Using Side Channel Loopbacks

Malicious modifications to printed circuit boards (PCBs) are known as hardware Trojans. These may arise when malafide third parties alter PCBs premanufacturing or postmanufacturing and are a concern in safety-critical applications, such as industrial control systems. In this research, we examine how...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on very large scale integration (VLSI) systems Vol. 30; no. 7; pp. 926 - 937
Main Authors Pearce, Hammond, Surabhi, Virinchi Roy, Krishnamurthy, Prashanth, Trujillo, Joshua, Karri, Ramesh, Khorrami, Farshad
Format Journal Article
LanguageEnglish
Published New York IEEE 01.07.2022
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Anomaly detection
Circuit boards
Control systems
ENGINEERING
Fuzzing
golden-free
Hardware
Industrial electronics
machine learning (ML)
Magnetic signals
Magnetometers
Malware
MATHEMATICS AND COMPUTING
printed circuit board (PCB)
Printed circuits
Programmable logic controllers
Protocols
Relays
Safety critical
Sensors
Sockets
Test stands
timing loopback
Trojan detection
Trojan horses
Online AccessGet full text

Cover

More Information
Summary:Malicious modifications to printed circuit boards (PCBs) are known as hardware Trojans. These may arise when malafide third parties alter PCBs premanufacturing or postmanufacturing and are a concern in safety-critical applications, such as industrial control systems. In this research, we examine how data-driven detection can be utilized to detect such Trojans at run-time. We develop a flexible and reconfigurable PCB test bed derived from the popular open-source programmable logic controller (PLC) platform "OpenPLC." We then develop a Trojan detection framework, which utilizes and analyzes multimodal side channels (e.g., timing, magnetic signals, power, and hardware performance counters). We consider defender-configurable input/output (I/O) loopback test, comparison with design-document baselines, and magnetometer-aided monitoring of system behavior under defender-chosen excitations. Our approach can extend to golden-free environments. Golden (known-good) versions of the PCBs are assumed not available, but design information, datasheets, and component-level data are available. We demonstrate the efficacy of our approach on a range of Trojans instantiated in the test bed.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
NA0002839
NSC-614-4221
USDOE National Nuclear Security Administration (NNSA)
ISSN:1063-8210
1557-9999
DOI:10.1109/TVLSI.2022.3171174