loading page

A Framework for Automated Exploration of Trojan Attack Space in FPGA Netlists
  • +3
  • Jonathan Cruz ,
  • Christopher Posada ,
  • Naren Vikram Raj Masna ,
  • Prabuddha Chakraborty ,
  • Pravin Gaikwad ,
  • Swarup Bhunia
Jonathan Cruz
University of Florida

Corresponding Author:[email protected]

Author Profile
Christopher Posada
Author Profile
Naren Vikram Raj Masna
Author Profile
Prabuddha Chakraborty
Author Profile
Pravin Gaikwad
Author Profile
Swarup Bhunia
Author Profile


Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interactions with potentially untrusted parties outside the traditional scrutiny of a completely in-house development cycle. An untrusted party or software can maliciously alter a hardware intellectual property (IP) block mapped to an FPGA device during various stages of the FPGA life-cycle. Such malicious alterations, also known as hardware Trojan attacks, have garnered significant research into their detection and prevention in the context of application-specific integrated circuit (ASIC) design flow. However, Trojan attacks in FPGAs have not enjoyed this same attention. Designers often rely on mapping ASIC-specific solutions and evaluation benchmarks to the FPGA domain, which leaves much of the FPGA-specific Trojan space uncovered. We note that the distinctive business model as well as the architectural configurations of FPGAs present unique opportunities for Trojan attacks to an adversary. To this end, we introduce a framework to automatically explore the hardware Trojan attack space in FPGA netlists.  It is capable of inserting different types of FPGA-specific Trojans in a netlist enabling rapid exploration of potential Trojan attacks in an FPGA design: soft-template, monolithic, and distributed dark silicon. Soft template Trojans use behavioral templates with random synthesis constraints to increase Trojan structural diversity. Monolithic and distributed dark silicon Trojans use the under-utilized input space (FPGA dark silicon) in FPGA primitives to realize Trojans with effectively zero area and power footprint. Further optimizations are also presented to remove any potential delay impact. We evaluate our framework by generating over 1300 Trojan-inserted benchmarks using each of the introduced FPGA Trojan classes and comparing the impact on utilization, delay, and power.
Oct 2023Published in IEEE Transactions on Computers volume 72 issue 10 on pages 2740-2751. 10.1109/TC.2023.3266592