Evasive Hardware Trojan through Adversarial Power Trace

• URL: http://arxiv.org/abs/2401.02342v1
• Date: Thu, 4 Jan 2024 16:28:15 GMT
• Title: Evasive Hardware Trojan through Adversarial Power Trace
• Authors: Behnam Omidi, Khaled N. Khasawneh, Ihsen Alouani
• Abstract summary: We introduce a HT obfuscation (HTO) approach to allow HTs to bypass detection method. HTO can be implemented with only a single transistor for ASICs and FPGAs. We show that an adaptive attacker can still design evasive HTOs by constraining the design with a spectral noise budget.
• Score: 6.949268510101616
• License: http://creativecommons.org/publicdomain/zero/1.0/
• Abstract: The globalization of the Integrated Circuit (IC) supply chain, driven by time-to-market and cost considerations, has made ICs vulnerable to hardware Trojans (HTs). Against this threat, a promising approach is to use Machine Learning (ML)-based side-channel analysis, which has the advantage of being a non-intrusive method, along with efficiently detecting HTs under golden chip-free settings. In this paper, we question the trustworthiness of ML-based HT detection via side-channel analysis. We introduce a HT obfuscation (HTO) approach to allow HTs to bypass this detection method. Rather than theoretically misleading the model by simulated adversarial traces, a key aspect of our approach is the design and implementation of adversarial noise as part of the circuitry, alongside the HT. We detail HTO methodologies for ASICs and FPGAs, and evaluate our approach using TrustHub benchmark. Interestingly, we found that HTO can be implemented with only a single transistor for ASIC designs to generate adversarial power traces that can fool the defense with 100% efficiency. We also efficiently implemented our approach on a Spartan 6 Xilinx FPGA using 2 different variants: (i) DSP slices-based, and (ii) ring-oscillator-based design. Additionally, we assess the efficiency of countermeasures like spectral domain analysis, and we show that an adaptive attacker can still design evasive HTOs by constraining the design with a spectral noise budget. In addition, while adversarial training (AT) offers higher protection against evasive HTs, AT models suffer from a considerable utility loss, potentially rendering them unsuitable for such security application. We believe this research represents a significant step in understanding and exploiting ML vulnerabilities in a hardware security context, and we make all resources and designs openly available online: https://dev.d18uu4lqwhbmka.amplifyapp.com

Related papers

• Digital Twin-Assisted Federated Learning with Blockchain in Multi-tier Computing Systems [67.14406100332671]
  In Industry 4.0 systems, resource-constrained edge devices engage in frequent data interactions. This paper proposes a digital twin (DT) and federated digital twin (FL) scheme. The efficacy of our proposed cooperative interference-based FL process has been verified through numerical analysis.
  arXiv  Detail & Related papers  (2024-11-04T17:48:02Z)
• Hiding in Plain Sight: Reframing Hardware Trojan Benchmarking as a Hide&Seek Modification [0.0]
  This work focuses on advancing security research in the hardware design space by formally defining the realistic problem of Hardware Trojan (HT) detection. The goal is to model HT detection more closely to the real world, i.e., describing the problem as The Seeker's Dilemma where a detecting agent is unaware of whether circuits are infected by HTs or not.
  arXiv  Detail & Related papers  (2024-10-21T00:45:20Z)
• Physical Layer Deception with Non-Orthogonal Multiplexing [52.11755709248891]
  We propose a novel framework of physical layer deception (PLD) to actively counteract wiretapping attempts. PLD combines PLS with deception technologies to actively counteract wiretapping attempts. We prove the validity of the PLD framework with in-depth analyses and demonstrate its superiority over conventional PLS approaches.
  arXiv  Detail & Related papers  (2024-06-30T16:17:39Z)
• Lazy Layers to Make Fine-Tuned Diffusion Models More Traceable [70.77600345240867]
  A novel arbitrary-in-arbitrary-out (AIAO) strategy makes watermarks resilient to fine-tuning-based removal. Unlike the existing methods of designing a backdoor for the input/output space of diffusion models, in our method, we propose to embed the backdoor into the feature space of sampled subpaths. Our empirical studies on the MS-COCO, AFHQ, LSUN, CUB-200, and DreamBooth datasets confirm the robustness of AIAO.
  arXiv  Detail & Related papers  (2024-05-01T12:03:39Z)
• The Seeker's Dilemma: Realistic Formulation and Benchmarking for Hardware Trojan Detection [0.0]
  This work focuses on advancing security research in the hardware design space by formally defining the realistic problem of Hardware Trojan (HT) detection. The goal is to model HT detection more closely to the real world, i.e., describing the problem as "The Seeker's Dilemma" We create a benchmark that consists of a mixture of HT-free and HT-infected restructured circuits.
  arXiv  Detail & Related papers  (2024-02-27T22:14:01Z)
• Scalable Ensemble-based Detection Method against Adversarial Attacks for speaker verification [73.30974350776636]
  This paper comprehensively compares mainstream purification techniques in a unified framework. We propose an easy-to-follow ensemble approach that integrates advanced purification modules for detection.
  arXiv  Detail & Related papers  (2023-12-14T03:04:05Z)
• DeMiST: Detection and Mitigation of Stealthy Analog Hardware Trojans [0.21301560294088315]
  Capacitance-based Analog Hardware Trojan (AHT) is one of the stealthiest HT that can bypass most existing HT detection techniques. We propose a novel way to detect such capacitance-based AHT in this paper.
  arXiv  Detail & Related papers  (2023-10-06T03:45:41Z)
• Trojan Playground: A Reinforcement Learning Framework for Hardware Trojan Insertion and Detection [0.0]
  Current Hardware Trojan (HT) detection techniques are mostly developed based on a limited set of HT benchmarks. We introduce the first automated Reinforcement Learning (RL) HT insertion and detection framework to address these shortcomings.
  arXiv  Detail & Related papers  (2023-05-16T16:42:07Z)
• FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning [66.56240101249803]
  We study how hardening benign clients can affect the global model (and the malicious clients) We propose a trigger reverse engineering based defense and show that our method can achieve improvement with guarantee robustness. Our results on eight competing SOTA defense methods show the empirical superiority of our method on both single-shot and continuous FL backdoor attacks.
  arXiv  Detail & Related papers  (2022-10-23T22:24:03Z)
• ATTRITION: Attacking Static Hardware Trojan Detection Techniques Using Reinforcement Learning [6.87143729255904]
  We develop an automated, scalable, and practical attack framework, ATTRITION, using reinforcement learning (RL) ATTRITION evades eight detection techniques across two HT detection categories, showcasing its behavior. We demonstrate ATTRITION's ability to evade detection techniques by evaluating designs ranging from the widely-used academic suites to larger designs such as the open-source MIPS and mor1kx processors to AES and a GPS module.
  arXiv  Detail & Related papers  (2022-08-26T23:47:47Z)
• SADet: Learning An Efficient and Accurate Pedestrian Detector [68.66857832440897]
  This paper proposes a series of systematic optimization strategies for the detection pipeline of one-stage detector. It forms a single shot anchor-based detector (SADet) for efficient and accurate pedestrian detection. Though structurally simple, it presents state-of-the-art result and real-time speed of $20$ FPS for VGA-resolution images.
  arXiv  Detail & Related papers  (2020-07-26T12:32:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.