Think Smart, Play Dumb: Analyzing Deception in Hardware Trojan Detection
Using Game Theory
Abstract
In recent years, integrated circuits (ICs) have become
significant for various industries and their security has
been given greater priority, specifically in the supply chain.
Budgetary constraints have compelled IC designers to offshore
manufacturing to third-party companies. When the designer gets the
manufactured ICs back, it is imperative to test for potential threats
like hardware trojans (HT). In this paper, a novel multilevel
game-theoretic framework is introduced to analyze the interactions
between a malicious IC manufacturer and the tester. In particular, the
game is formulated as a non-cooperative, zerosum, repeated game using
prospect theory (PT) that captures different players’ rationalities
under uncertainty. The repeated game is separated into a learning stage,
in which the defender
learns about the attacker’s tendencies, and an actual game stage, where
this learning is used. Experiments show great incentive for the attacker
to deceive the defender about their actual rationality by “playing
dumb” in the learning stage (deception). This scenario is captured
using hypergame theory to model the attacker’s view of the game. The
optimal deception rationality of the attacker is analytically derived to
maximize utility gain. For the defender, a first-step deception
mitigation process is proposed to thwart the effects of deception.
Simulation results show that the attacker can profit from the deception
as it can successfully insert HTs in the manufactured ICs without being
detected.
This paper has been accepted for publication in IEEE Cyber
Science Conference 2020