Towards enhancing trustworthiness of wireless integrated circuits, this project investigates the problem of hardware Trojans in the analog/RF domain. Hardware Trojans are maliciously-intended modifications to fabricated integrated circuits, making them capable of additional functionality which is unknown to the designer and user, but which can be exploited by the perpetrator after chip deployment to sabotage or incapacitate it, or to steal sensitive information. The motivation for this research is two-fold: First, partly because of design outsourcing and migration of fabrication to low-cost areas across the globe, and partly because of increased reliance on external intellectual property and design automation software, the integrated circuit supply chain is now considered far more vulnerable to such malicious modifications than ever before. Second, wireless integrated circuits constitute an indispensable part of modern electronic systems and their ability to communicate data (possibly encrypted) over public channels makes them a prime attack candidate. To address this problem, this project focuses on (i) delineating the threat and potential impact of hardware Trojans in wireless cryptographic ICs, (ii) elucidating the shortcomings of existing test methods in exposing them, (iii) developing preventive countermeasures for obfuscating the chip design and complicating the development of hardware Trojans, and (iv) devising efficient hardware Trojan detection methods based on statistical analysis and machine learning. The anticipated impact of this research lies in the attainment of a better understanding of the hardware Trojan threat and in the development of appropriate remedies, thus enabling secure deployment of wireless integrated circuits and fostering technology trustworthiness.
Outcomes Report: Malicious modifications introduced in a manufactured integrated circuit (IC), which can be exploited by a knowledgeable adversary to cause erroneous results, steal sensitive data, or even incapacitate a chip, constitute a serious contemporary threat to the security and trustworthiness of electronics. Especially for ICs used in wireless networks, which have become an inseparable part of most electronic systems, the threat of such hardware Trojans is quite severe. Since such ICs receive and transmit information over public channels, an attacker does not need to obtain physical access to their nodes, making them particularly vulnerable to malicious attacks. Moreover, most modern wireless ICs employ some form of encryption to protect the privacy of the information that is communicated over a public channel. Interestingly, while this provides the user with an –often misleading– sense of security, it also entices attackers, who know that valuable secret information is stored on these devices. Motivated by the above observations, this project focused on studying the problem of hardware Trojans in wireless cryptographic ICs. Specifically, as shown in Figure 1, using actual measurements from custom-designed and fabricated chips, this project sought to delineate the threat of hardware Trojans in wireless cryptographic ICs, elucidate the shortcomings of existing test methods in exposing them, develop preventive countermeasures that will obfuscate the chip design and will complicate the development of hardware Trojans, and devise efficient hardware Trojan detection methods based on statistical analysis and machine learning. Intellectual Merit: The key findings of this project summarized below: Attack complexity: Minor modifications to a wireless cryptographic chip suffice to leak secret information without violating any digital, analog, or system-level design specifications. Hardware Trojans can easily leverage the tolerance margins allowed for process variations to hide additional information in a wireless transmission. Detection difficulty: Evading detection by traditional manufacturing test methods is trivial, as such methods are geared towards testing known functionality. In contrast, by hiding in the process variations margins, the impact of hardware Trojans appears perfectly legitimate to the unsuspecting user. Possible Solution: Despite the fact that hardware Trojans can be hidden within the process variation margins, statistical side-channel fingerprinting methods are very powerful in exposing their presence. The underlying reason is that for the attacker to be able to discern the leaked data, it needs to be systematically encoded, resulting in statistical structure which fingerprinting methods can detect. These findings were corroborated through a Trojan-free and two Trojan-infested versions of a wireless cryptographic IC, integrating an AES core and a UWB transmitter, shown in Figure 2, 40 copies of which were fabricated and tested. This was the first silicon demonstration of the threat that hardware Trojans impose on wireless cryptographic ICs and the effectiveness of side-channel fingerprinting methods in thwarting such attacks, as further depicted in Figure 3. Broader Impact: This project contributed to a better understanding of the risks that hardware Trojans impose on wireless networks and to the development of remedies, thereby enabling secure deployment in a broad range of applications and fostering technology trustworthiness. As part of the educational and outreach activities of this project, one post-doctoral research associate, and two Ph.D. students were trained, all three of whom have become faculty members in various universities (Dr. Ke Huang - San Diego State University, Dr. Michail Maniatakos - New York University in Abu Dhabi, Dr. Yier Jin - University of Central Florida). The aforementioned two Ph.D. students were also the winners of the 2011 Embedded Systems Challenge of the NYU Cyber-Security Awareness Week (CSAW). A third graduate student (Mr. Yu Liu) who is still pursuing the Ph.D. degree has also been trained through this project. In addition, two undergraduate students (Mr. Eric Love, now a Ph.D. student at UC Berkeley, and Ms. Usuma Thet, still an undergraduate at UT Dallas) participated through REU supplements. Two journal and six conference papers were published, three of which included an undergraduate student as a co-author, and several more are currently in review. Finally, a graduate-level course on "Trusted and Secure Integrated Circuits and Systems" was introduced in the curriculum of Electrical Engineering at The University of Texas at Dallas and several invited lectures and tutorials were delivered at various academic and research institutions, as well as professional meetings. This project advanced the state of the art in understanding the vulnerabilities of wireless cryptographic ICs to hardware Trojans, identifying the shortcomings of existing test methods in revealing existence of hardware Trojans, and developing/evaluating statistical methods for detecting them. Findings were corroborated through a Trojan-free and two Trojan-infested versions of a wireless cryptographic IC, integrating an AES core and a UWB transmitter, which were fabricated and tested.