Design And Detection Of Information Leaking Hardware Trojan Based On Fault Injection

With the growth of the Internet of Things and the wearable devices,users favor lightweight and safe electronic products.Lightweight AES encryption circuits are often integrated into systems to ensure the security of devices.The security of AES algorithm is determined by the safety of the key.So it is of great significance to study the attack and defense of the Hardware Trojan,which is specialized in stealing the key of AES.It is an innovative idea to combine fault injection with Hardware Trojan in the field of encryption security.Now such a Hardware Trojan works with differential fault analysis to crack keys: Once a Hardware Trojan is triggered,the intermediate state bits will flip.Mistakes in the middle of the state over other encryption step gradually spread to the entire cipher.Through calculation and speculation,attackers use correct cipher and wrong cipher with difference model based on fault information to shrink key space mathatically.Finally,they solved the key.This method has a large amount of computation,and the efficiency of encryption algorithm should be improved.In essence,it uses the mathematical characteristics of the encryption algorithm to steal the key.In addition,the existing studies only propose attack schemes.They do not evaluate the ability of such a Hardware Trojan to avoid detection,which cannot fully reflect the danger of Hardware Trojans based on fault injection and the security threats faced by encryption circuits.In this paper,we design a new type of Hardware Trojan,which can produce clock glitch fault.And we attack the circuit with non-differential fault method,which has better attack effect.For the target circuit,a lightweight serial 128bit-AES encryption circuit is designed in this paper.The whole circuit only uses 8 s-boxes for byte substitution.And the hardware resources and average power consumption are only 5.16% and 8.61% of the traditional parallel 128bit-AES encryption circuit,respectively.A hardware Trojan that can inject clock glitch in the specified position of the circuit is designed by combining fault injection technique and transient steady-state effect attack.The glitch period is controllable.Specifically,we analyze the internal structure of 128bit-AES encryption circuit.The possible attack points of the target circuit are selected as the implant nodes of the Hardware Trojan.The trigger structure is designed by partitioning combination logic with malicious reset signal to enhance the concealment.The clock glitch cycle is controlled by adjusting the number of delay units in the load circuit.After the Hardware Trojan is implanted into the target circuit,we make the physical design of the whole circuit.And the function of the Trojan is verified by simulation.That is,after the Trojan is triggered,the clock glitch is injected into the specified clock port of the flipflop.The transient steady-state value,which contains the key information,is output to the ciphertext.At the end of this paper,the Hardware Trojan proposed is detected.According to the conditions of transient steady-state effect attack,Perl is used to analyze the gate-level netlist and check the circuit.The hardware structure that may be attacked by transient steady-state effect in the circuit is detected.Suspicious hardware structures are further screened based on whether they have stable transient steadystate output.If a transient steady-state values can be sampled correctly,they are deemed hazardous.Follow the flipflop clock path of the dangerous structure will find the Hardware Trojan.At the same time,the suspicious hardware structure is repaired,and the path is balanced by increasing the buffer and reducing the depth of the combination logic chain.Then the transient steady-state condition is destroyed,so as to protect the encryption circuit from the transient steady-state effect attack.