Çetin Kaya Koç
Department of Computer Science
University of California Santa Barbara
Hardware Trojans in Incompletely Specified Digital Systems
Abstract: There is a less studied but extremely stealth class of hardware threat: Hardware Trojans that do not rely on rare triggering conditions to stay hidden, but instead only alter the logic functions of design signals which have unspecified behavior, meaning the Trojan never violates the design specification. While formal models of such threats can be developed for analysis (detection), their impact can be studied under certain realistic scenarios. Existing Trojans generally aim to disrupt normal bus behavior and are often designed for a specific protocol and topology, but there is a general model for creating a covert Trojan communication channel between SoC components. In this channel model, which is applicable to any topology and protocol, one can create circuitry allowing information to flow covertly by altering existing bus signals only when they are unspecified. We give the specifics of this circuitry for AMBA AXI4 to quantify the overhead of the Trojan channel and illustrate the ability of our Trojans to evade a suite of protocol compliance checking assertions from ARM.