Layout-Only Hardware Trojans: Attack Vectors and a Non-Golden Model
Reverse Engineering-Based Counterstrategy
Abstract
Globally distributed microelectronic supply chains have disrupted trust
in silicon hardware and have drawn academia’s attention toward different
scenarios of malicious circuit modifications, i.e., hardware Trojans.
This dynamic hardware environment, including open-source approaches and
evermore outsourcing, requires constant reassessment of offensive and
defensive aspects. Based on an untrusted foundry model, this work
assesses the concrete technical realizations of layout-only
modifications via design file editing, mask editing, or in-line
alterations. Furthermore, the attack possibility on different modules
within a system on a chip is qualitatively evaluated. Consequently, a
modification is demonstrated on an SRAM-’PUF’ module. To link the attack
point-of-view with a defensive measure, we propose a hardware reverse
engineering-based countermeasure, which is non-reliant on a golden
layout. Through a novel approach relying on inherent polygon properties,
potentially occurring modifications are detected via clustering and a
statistical evaluation of the intra-cluster distributions. Finally, the
approach is demonstrated on samples from 7 nm to 150 nm, for which a
modification detection rate between 95% and 100% is reached for all
evaluated samples.