Research On Key Technologies Of Hardware Trojan Detection And Design-for-Security In Embedded SoC

With the accelerated development of Internet-of-Thing(IoT)technology,embedded devices,which are ubiquitous in people's daily lives,are connected to each other through network to complete data communication and information processing.And,most embedded devices are developed as system-on-chips(SoCs).However,due to the globally distributed nature of embedded SoC industrial chain,vulnerabilities at any stage of the overall supply chain might become the entry point for adversaries to carry out attacks,which has raised a high attention to the security and trustworthiness of the underlying hardware.Hardware Trojans(HTs)and intellectual property(IP)theft attack are two major security problems facing various security threats that are currently being considered in embedded SoC market.In particular,this fact has also posed serious threats to semiconductor suppliers and end consumers,which may in-clude some critical applications and network infrastructure such as mobile communications,aerospace,medical electronics,military weapons,nuclear reactors,etc.In view of the above situation,it is both urgent and challenging to study the corresponding defense strategies to mitigate the potential security threats caused by the so-called HT attacks and IP theft attacks,and should also be concerned adequately.For the "hot problems" in embedded SoC hardware,this dissertation analyzed and summa-rized the ubiquitous HTs and theft attacks,primarily focusing on the following two aspects to improve the security and trustworthiness of embedded SoC hardware,namely,HT de-tection and Chip/IP theft protection.Specifically,this dissertation was mainly devoted to enhancing the hardware security of embedded SoC from the perspective of IP level and SoC level,and then developed relevant protective strategies.After that,the multi-parameter side-channel information analysis and reconfigurable physically unclonable function(RPUF)are explored respectively to enhance the security of hardware,thereby increasing the threshold of attack success.To sum up,the innovative contributions which have been mainly achieved in this dissertation are described as follows.1.This dissertation proposed a machine learning(ML)-based multi-parameter side-channel analysis(SCA)scheme for HT detection.This scheme was developed depending on the multi-parameter characteristics of circuit and then re-modelled the HT detection problems,thereby solving the limitations of current SCA methods that were only effective for large HT circuits and may not well determine the location of HTs inserted.Simultaneously,in order to further improve the accuracy and sensitivity of the multi-parameter SCA method during the HT detection process,this paper first proposes the sector partition method to divide the circuit under detected into a variety of sub-region.Then,the multi-parameter characteristics of each sector was extracted so as to establish the multi-parameter eigenvector of each sub-region.After that,these feature vectors were incorporated to construct an eigenvector set of the overall circuit under detected.On this basis,a Bayesian classifier was applied to clas-sify the HT infected circuits so as to analyze the possible locations that the HT circuit may be inserted.Finally,extensive simulation experiments were performed on the ISC AS'85 benchmark circuits and performance comparisons with multi-parameter SCA method from the aspects of accuracy,false negative rate and false positive rate was conducted.The ex-perimental results have shown that the proposed method can improve the detection accuracy and approximatively identify the possible locations that the HT circuits may be implanted in.2.In view of the "hot spots" existed in current PPUF designs such as large area overhead and low reliability,etc.,this dissertation first reviewed the RPUF schemes and discussed the positives and negatives.Taking circuit-based RPUF(C-RPUF)designs as research target,an improved configurable ring oscillator(CRO)PUF was presented,which replaced the com-parator with a SR-latch structure,thereby reducing the hardware overhead of conventional CRO PUF designs.Moreover,the improved CRO PUF also extended the key space.In order to verify the effectiveness of the proposed CRO PUF schemes,extensive simulation exper-iments were conducted and the corresponding comparisons were made with conventional CRO PUF in terms of uniqueness,reliability and hardware overhead.And the experiment results shown that the proposed scheme reduced the hardware overhead by about 13.48%and expanded the key space by 1 times.3.This paper presented,for the first time to our knowledge,a PUF-based unified iden-tify authentication framework to generate hardware fingerprint from the perspective of the whole system,especially for SoCs,so as to provide fine-grained protections against theft attacks and overcome the limitations of current solutions.Current technology for handling these problems is to verify the secret,unique keys that were pre-assigned and stored in non-volatile memory(NVM)of each legitimate hardware,thus only the authorized ones can be activated.However,such secret keys may be cloned and the management for them are also difficult and expensive.Moreover,digital signature generation schemes based on PUFs were only effective for simple logic circuit or IP-level authentication,and may not achieve SoC-level authentication well.To this end,our scheme was developed based on a series of single-particle PUF circuits and utilized them to establish a unified hardware fingerprint for embedded hardware,which can correctly identify any replacement of various compo-nents.At the same time,in order to resist the replay attack(RA),a one-way hash function was introduced to recombine and encode each sub-digital signature generated by PUFs to acquire the unique fingerprint for embedded hardware.Finally,extensive simulation exper-iments were conducted to verify its effectiveness.The experimental results illustrated that the proposed solution can uniquely and accurately identify any or all of the illegal thefts to embedded SoCs.4.In order to effectively overcome the problems existing in current work,a distributed security IP cores deployment strategy was presented from the perspective of system security design,which focused on resisting SoC-level HT attacks and improved the security of SoC designs from the architecture layer.The proposed solution is based on a series of security IP cores which are embedded as dedicated on-chip security modules into the SoC design.It can authenticate SoC chips at the running stage and simultaneously protect various security threats against hardware such as IP level and SoC level hardware Trojan attacks in real time.On the other hand,in order to solve the functional differences between different IP cores,this scheme first divided the security IP cores in the SoC.Specifically,each security IP core in a SoC design was allocated to the corresponding tier,that is,for IP-level HT and theft attacks,local security IPs were deployed for security protection;for SoC-level HT and theft threats,global security IPs were assigned to achieve trustworthy validation,so that it can overcome the limitations that the centralized protections was restricted by various security policies.After that,the metadatas of SoC-level abnormal behaviors or events were constructed and incorporated as security primitives to provide protections against IP-level and SoC-level hardware issues.Finally,in order to verify the effectiveness of the proposed security strategy,corresponding simulation experiments were conducted specifically for the SoC-level HTs.The experimental results shown that the proposed scheme could effectively address a variety of security threats for embedded SoCs,especially for SoC-level HT threats,and enhance the security from the aspect of architectural level.