Conference PaperPDF Available

Trojan Scanner Detecting Hardware Trojans with Rapid SEM Imaging Combined with Image Processing and Machine Learning

Authors:

Abstract and Figures

Hardware Trojans are malicious changes to the design of integrated circuits (ICs) at different stages of the design and fabrication processes. Different approaches have been developed to detect Trojans namely non-destructive (electrical tests like run-time monitoring, functional and structural tests) and destructive (full chip reverse engineering). However, these methods cannot detect all types of Trojans and they suffer from a number of disadvantages such as slow speed of detection and lack of confidence in detecting all types of Trojans. Majority of hardware Trojans implemented in an IC will leave a footprint at the doping (active) layer. In this paper, we introduce a new version of our previously developed “Trojan Scanner” framework for the untrusted foundry threat model, where a trusted GDSII layout (golden layout) is available. Advanced computer vision algorithms in combination with the supervised machine-learning model are used to classify different features of the golden layout and SEM images from an IC under authentication, as a unique descriptor for each type of gates. These descriptors are compared with each other to detect any subtle changes on the active region, which can raise the flag for the existence of a potential hardware Trojan. The descriptors can differentiate variation due to fabrication process, defects, and common SEM image distortions to rule out the possibility of false detection. Our results demonstrate that Trojan Scanner is more reliable than electrical testing and faster than full chip reverse engineering. Trojan Scanner does not rely on the availability of the golden chip to detect Trojans. In addition, it does not rely on the functionality of the circuit rather focuses on the real physical structure to detect malicious changes inserted by the foundry.
Content may be subject to copyright.
A preview of the PDF is not available
... Based on the adversary, there can be different attack models based on the trust assumption with any of these entities [29]. Among them, the threat model of the untrusted foundry has been widely discussed in the hardware security community [29], [30]. ...
... RE process is timeconsuming, error-prone, requires highly skilled engineers, and many die samples are wasted during sample preparation. However, using Trojan Scanner [30], [41], [42], an SoC design house can perform trust validation of the die by using only active (or diffusion) layer SEM images and comparing them with a golden layout (trusted layout) to detect any malicious change. Therefore, it requires lesser time and fewer samples as compared to RE. ...
Preprint
Full-text available
The semiconductor industry is entering a new age in which device scaling and cost reduction will no longer follow the decades-long pattern. Packing more transistors on a monolithic IC at each node becomes more difficult and expensive. Companies in the semiconductor industry are increasingly seeking technological solutions to close the gap and enhance cost-performance while providing more functionality through integration. Putting all of the operations on a single chip (known as a system on a chip, or SoC) presents several issues, including increased prices and greater design complexity. Heterogeneous integration (HI), which uses advanced packaging technology to merge components that might be designed and manufactured independently using the best process technology, is an attractive alternative. However, although the industry is motivated to move towards HI, many design and security challenges must be addressed. This paper presents a three-tier security approach for secure heterogeneous integration by investigating supply chain security risks, threats, and vulnerabilities at the chiplet, interposer, and system-in-package levels. Furthermore, various possible trust validation methods and attack mitigation were proposed for every level of heterogeneous integration. Finally, we shared our vision as a roadmap toward developing security solutions for a secure heterogeneous integration.
... As IC production operations are increasingly outsourced to external foundries to reduce manufacturing costs, there has also been a much larger question of trust between design companies and the foundries, as there is the potential for introducing hardware Trojans during this process [Varshney et al. 2020;Vashistha, M. Rahman, et al. 2018]. These Trojans consist of malicious changes performed on an IC's design and are inserted during manufacturing in order to implement a variety of attacks. ...
... Identification of Cells. For classification task, unlike previous studies [Vashistha, M. Rahman, et al. 2018], We have adopted a Convolutional Neural Network (CNN)-based architecture to classify the extracted cells, which require large amounts of data for training. The training data is developed through imaging (i.e., original data acquisition) and synthetic data generation as mentioned in 4.1. ...
Preprint
Full-text available
Due to the ever-growing demands for electronic chips in different sectors the semiconductor companies have been mandated to offshore their manufacturing processes. This unwanted matter has made security and trustworthiness of their fabricated chips concerning and caused creation of hardware attacks. In this condition, different entities in the semiconductor supply chain can act maliciously and execute an attack on the design computing layers, from devices to systems. Our attack is a hardware Trojan that is inserted during mask generation/fabrication in an untrusted foundry. The Trojan leaves a footprint in the fabricated through addition, deletion, or change of design cells. In order to tackle this problem, we propose Explainable Vision System for Hardware Testing and Assurance (EVHA) in this work that can detect the smallest possible change to a design in a low-cost, accurate, and fast manner. The inputs to this system are Scanning Electron Microscopy (SEM) images acquired from the Integrated Circuits (ICs) under examination. The system output is determination of IC status in terms of having any defect and/or hardware Trojan through addition, deletion, or change in the design cells at the cell-level. This article provides an overview on the design, development, implementation, and analysis of our defense system.
... A comprehensive overview of Trojans in PCBs is provided in [16]. There is a multitude of literature that immerse into other methods of Trojan detection [17,18]. [18] presents a survey of various older methods of detecting Trojans, whereas [17] presents a variety of newer methods, but with a focus on using SEM images to detect Trojans in ICs. ...
... There is a multitude of literature that immerse into other methods of Trojan detection [17,18]. [18] presents a survey of various older methods of detecting Trojans, whereas [17] presents a variety of newer methods, but with a focus on using SEM images to detect Trojans in ICs. As mentioned in [4], ICs are the most frequently counterfeit components but also the most important ones. ...
Conference Paper
Full-text available
In this manuscript, we present our work on Logo classification in PCBs for Hardware assurance purposes. Identifying and classifying logos have important uses for text detection, component authentication and counterfeit detection. Since PCB assurance faces the lack of a representative dataset for classification and detection tasks, we collect different variants of logos from PCBs and present data augmentation techniques to create the necessary data to perform machine learning. In addition to exploring the challenges for image classification tasks in PCBs, we present experiments using Random Forest classifiers, Bag of Visual Words (BoVW) using SIFT and ORB Fully Connected Neural Networks (FCN) and Convolutional Neural Network (CNN) architectures. We present results and also a discussion on the edge cases where our algorithms fail including the potential for future work in PCB logo detection. The code for the algorithms along with the dataset that includes 18 classes of logos with 14000+ images is provided at this link: https://www.trusthub.org/#/data Index Terms—AutoBoM, Logo classification, Data augmentation, Bill of materials, PCB Assurance, Hardware Assurance, Counterfeit avoidance
... Destructive testing can detect circuit abnormalities at fine resolution and regardless of whether they're activated. These methods must decapsulate the chip and then capture high-resolution images of the circuit trace architecture to compare to its expected netlist-level design; if it is even available [5][6][7][8][9][10][11][12]. These methods are time-consuming and destructive, so only a handful of ICs could be tested out of a large population. ...
Article
Full-text available
This paper introduces a novel method of non-destructively detecting incredibly elusive dormant hardware Trojans by selectively capturing hyperspectral backscattering measurements across the physical area of an integrated circuit. We propose a novel approach that pre-filters and actively samples an automatically selected set of the hyperspectral measurement space to significantly reduce measurement time while improving the ability to robustly detect dormant hardware Trojans. We demonstrate that our selective hyperspectral scanning approach can detect dormant hardware Trojans taking up as little as 0.03% of the circuit, which is up to 14 times smaller than prior work.
... A few of these attacks can be in the form of probing [38], inserting a hardware Trojan in the design [27], and analyzing the circuit topology [77,78]. Countermeasures are also developed to partially prevent these attacks [55,57,67,[76][77][78]. ...
Preprint
The outsourcing of the design and manufacturing of integrated circuits has raised severe concerns about the piracy of Intellectual Properties and illegal overproduction. Logic locking has emerged as an obfuscation technique to protect outsourced chip designs, where the circuit netlist is locked and can only be functional once a secure key is programmed. However, Boolean Satisfiability-based attacks have shown to break logic locking, simultaneously motivating researchers to develop more secure countermeasures. In this paper, we present a novel fault injection attack to break any locking technique that relies on a stored secret key, and denote this attack as AFIA, ATPG-guided Fault Injection Attack. The proposed attack is based on sensitizing a key bit to the primary output while injecting faults at a few other key lines that block the propagation of the targeted key bit. AIFA is very effective in determining a key bit as there exists a stuck-at fault pattern that detects a stuck-at 1 (or stuck-at 0) fault at any key line. The average complexity of number of injected faults for AFIA is linear with the key size and requires only |K| test patterns to determine a secret key, K. AFIA requires a fewer number of injected faults to sensitize a bit to the primary output, compared to 2|K|-1 faults for the differential fault analysis attack [26].
... The histogram of oriented gradient (HOG) and support vector machine (SVM) are combined for HT detection [17]. In [18], a "Trojan Scanner" framework is proposed for the untrusted foundry threat model while the trusted golden layout is available. Moreover, deep learning-based techniques attract a lot of attention in the field of IC design and analysis [19][20][21][22]. ...
Article
Full-text available
Verification is one of the core steps in integrated circuits (ICs) manufacturing due to the multifarious defects and malicious hardware Trojans (HTs). In most cases, the effectiveness of the detection relies on the quality of the sample images of ICs. However, the high-precision and noiseless images are hard to capture due to the mechanical precision, manual error and environmental interference. In this paper, an effective approach for processing the low-quality image data of ICs is proposed. Our approach can successfully categorize the partial pictures of multiple objected ICs with low resolution and various noise. The proposed approach extracts the high-frequency texture components (HFTC) of the images and constructs a graph with the correlationship among features. Subsequently, the spectral clustering is conducted for obtaining the final cluster indicators. The low-quality images of ICs can be successfully categorized by the proposed approach, which will provide a data foundation for the following verification tasks. In order to evaluate the effectiveness of the proposed approach, several experiments are conducted in the simulated datasets, which are generated by corrupting the real-world data in different conditions. The clustering results reveal that our approach can achieve the best performance with good stability compared to the baselines.
... This work can be extended by considering the difficulties of a real RE process beyond a simulation of the same. Another related work is the contribution from Vashishta et al. [10]. In their Trojan Scanner, computer vision algorithms for feature extraction are combined with a supervised machine learning model. ...
Preprint
The semiconductor industry is heavily relying on outsourcing of design, fabrication, and testing to third parties. The threat of possibly malicious actors in this ramified supply-chain poses a risk for the integrity of integrated circuits (ICs) and hardware Trojans (HTs) are a heavily discussed topic in academia and the industry. A variety of pre- and post-silicon HT prevention and detection techniques has been suggested in prior works. Hardware reverse engineering has the potential to detect potential modification in physical layouts. Yet, there is no model to qualitatively and quantitatively rate the complex and expensive reverse engineering (RE) process addressing its inherent process aberrations and consequently provide a tool for layout verification. The ViTaL framework introduces a statistical validation technique, based on physical layout verification through RE and considers all potential sources of errors. The golden-model based framework is technology-agnostic, scaleable, and user input is optional. For the first time, results of fine pitch metallization layers of a CMOS 40nm process node IC are presented quantitatively and the limitations and possibilities are discussed.<br
Article
Full-text available
Electronic healthcare technology is widespread around the world and creates massive potential to improve clinical outcomes and transform care delivery. However, there are increasing concerns with respect to the cyber vulnerabilities of medical tools, malicious medical errors, and security attacks on healthcare data and devices. Increased connectivity to existing computer networks has exposed the medical devices/systems and their communicating data to new cybersecurity vulnerabilities. Adversaries leverage the state-of-the-art technologies, in particular artificial intelligence and computer vision-based techniques, in order to launch stronger and more detrimental attacks on the medical targets. The medical domain is an attractive area for cybercrimes for two fundamental reasons: (a) it is rich resource of valuable and sensitive data; and (b) its protection and defensive mechanisms are weak and ineffective. The attacks aim to steal health information from the patients, manipulate the medical information and queries, maliciously change the medical diagnosis, decisions, and prescriptions, etc. A successful attack in the medical domain causes serious damage to the patient’s health and even death. Therefore, cybersecurity is critical to patient safety and every aspect of the medical domain, while it has not been studied sufficiently. To tackle this problem, new human- and computer-based countermeasures are researched and proposed for medical attacks using the most effective software and hardware technologies, such as artificial intelligence and computer vision. This review provides insights to the novel and existing solutions in the literature that mitigate cyber risks, errors, damage, and threats in the medical domain. We have performed a scoping review analyzing the four major elements in this area (in order from a medical perspective): (1) medical errors; (2) security weaknesses of medical devices at software- and hardware-level; (3) artificial intelligence and/or computer vision in medical applications; and (4) cyber attacks and defenses in the medical domain. Meanwhile, artificial intelligence and computer vision are key topics in this review and their usage in all these four elements are discussed. The review outcome delivers the solutions through building and evaluating the connections among these elements in order to serve as a beneficial guideline for medical electronic hardware security.
Article
Full-text available
Research in the field of hardware Trojans has seen significant growth in the past decade. However, standard benchmarks to evaluate hardware Trojans and their detection are lacking. To this end, we have developed a suite of Trojans and ‘trust benchmarks’ (i.e., benchmark circuits with a hardware Trojan inserted in them) that can be used by researchers in the community to compare and contrast various Trojan detection techniques. In this paper, we present a comprehensive vulnerability analysis flow at various levels of abstraction of digital-design, that has been utilized to create these trust benchmarks. Further, we present a detailed evaluation of our benchmarks in terms of metrics such as Trojan detectability, and in the context of different attack models. Finally, we discuss future work such as automatic Trojan insertion into any arbitrary circuit.
Article
Full-text available
The reverse engineering (RE) of electronic chips and systems can be used with honest and dishonest intentions. To inhibit RE for those with dishonest intentions (e.g., piracy and counterfeiting), it is important that the community is aware of the state-of-the-art capabilities available to attackers today. In this article, we will be presenting a survey of RE and anti-RE techniques on the chip, board, and system levels. We also highlight the current challenges and limitations of anti-RE and the research needed to overcome them. This survey should be of interest to both governmental and industrial bodies whose critical systems and intellectual property (IP) require protection from foreign enemies and counterfeiters who possess advanced RE capabilities.
Article
Given the increasing complexity of modern electronics and the cost of fabrication, entities from around the globe have become more heavily involved in all phases of the electronics supply chain. In this environment, hardware Trojans (i.e., malicious modifications or inclusions made by untrusted third parties) pose major security concerns, especially for those integrated circuits (ICs) and systems used in critical applications and cyber infrastructure. While hardware Trojans have been explored significantly in academia over the last decade, there remains room for improvement. In this article, we examine the research on hardware Trojans from the last decade and attempt to capture the lessons learned. A comprehensive adversarial model taxonomy is introduced and used to examine the current state of the art. Then the past countermeasures and publication trends are categorized based on the adversarial model and topic. Through this analysis, we identify what has been covered and the important problems that are underinvestigated. We also identify the most critical lessons for those new to the field and suggest a roadmap for future hardware Trojan research.
Book
This book provides the foundations for understanding hardware security and trust, which have become major concerns for national security over the past decade. Coverage includes security and trust issues in all types of electronic devices and systems such as ASICs, COTS, FPGAs, microprocessors/DSPs, and embedded systems. This serves as an invaluable reference to the state-of-the-art research that is of critical significance to the security of, and trust in, modern society's microelectronic-supported infrastructures. © 2012 Springer Science+Business Media, LLC. All rights reserved.
Article
Noise on scanning electron microscope (SEM) images is studied. Gaussian noise is the most common type of noise in SEM image. We developed a new noise reduction filter based on the Wiener filter. We compared the performance of this new filter namely adaptive noise Wiener (ANW) filter, with four common existing filters as well as average filter, median filter, Gaussian smoothing filter and the Wiener filter. Based on the experiments results the proposed new filter has better performance on different noise variance comparing to the other existing noise removal filters in the experiments. SCANNING 9999:1-16, 2015. © 2015 Wiley Periodicals, Inc. © Wiley Periodicals, Inc.
Article
Histogram equalization is widely used for contrast enhancement in a variety of applications due to its simple function and effectiveness. Examples include medical image processing and radar signal processing. One drawback of the histogram equalization can be found on the fact that the brightness of an image can be changed after the histogram equalization, which is mainly due to the flattening property of the histogram equalization. Thus, it is rarely utilized in consumer electronic products such as TV where preserving original input brightness may necessary in order not to introduce unnecessary visual deterioration. This paper proposes a novel extension of histogram equalization to overcome such drawback of the histogram equalization. The essence of the proposed algorithm is to utilize independent histogram equalizations separately over two subimages obtained by decomposing the input image based on its mean with a constraint that the resulting equalized subimages are bounded by each other around the input mean. It will be shown mathematically that the proposed algorithm preserves the mean brightness of a given image significantly well compared to typical histogram equalization while enhancing the contrast and, thus, provides much natural enhancement that can be utilized in consumer electronic products.