We discuss a new type of a structural hardware Trojan, which does not attack the target circuit itself but tries to mute the internal hardening scheme instead. By implementing this type of hardware Trojan, we argue that most of the currently proposed hardware Trojan prevention methods are far from adequate, assuming that attackers are patient, smart and have basic knowledge of the hardening structure. As demonstrated through our work for the CSAW Embedded System Challenge hosted by NYU-Poly in 2010, attackers can easily construct test patterns to “reverse-engineer” the hardening scheme from the Register Transfer Level (RTL) description. A simple look-up table can then invalidate the hardening scheme, even if it is as sophisticated as the Ring Oscillator (RO)-based Trojan prevention method used in this competition. Hence, our conjecture is that any single-scheme Trojan prevention method is insufficient to keep hardware Trojans out of the door and only a combination of several methods is a plausible solution.
展开▼
