近年来,由于半导体设计和制造过程的全球化以及第三方知识产权核(Intellectual Property cores,IP cores)的广泛使用,电路越来越容易受到硬件木马的攻击.硬件木马能够使得电路功能故障、泄露机密信息或者导致其他一些灾难性的后果,因此已经引起了许多关键部门的密切关注.大多数已有的硬件木马检测工作需要参考芯片去提供参考信息.然而,获得参考芯片是极其困难的.参考芯片通常是假设通过可信的工厂生产出来或者通过很严苛的逆向工程检测验证为不含木马,两种方式的代价都是极其昂贵的.在一些情景下,参考芯片甚至是不存在的,比如掩膜在工厂被修改过.该文提出了一种自适应优化的二元分类型硬件木马检测方法,消除了对生产后的参考芯片的依赖.在电路设计过程中,通常可以假设通过详尽的硅前检测或者经过严格的设计流程,使得原电路的仿真芯片是不含木马的.该文工作尤其适用于检测在设计之后的步骤中插入的木马,比如工厂生产阶段.首先,将木马检测问题建模为二元分类问题,采用电路设计流程中的仿真信息(瞬时功耗)对算法进行训练.经过训练的算法将会生成一个分类器,该分类器能够在芯片生产后测试时自动识别不含木马的和含木马的电路.有许多代表性的分类算法,该文建模了不同的算法并分析评估了哪个算法更适合木马检测.采用的评估指标包括正确分类率、混淆矩阵和查全率.评估了不同工艺偏差下多种算法的性能,给出了在较高水平的工艺偏差下合适的算法设置.更进一步地,考虑到在电路仿真和实际的硅生产之间可能会产生一定的偏差,从而导致该方法的检测性能在实际检测中有所下降,该文提出了一些优化方法来增强这一技术:(1)分析了各分类算法错误分类的芯片编号,提出了匹配算法对的工作方式,用来提供互补的检测性能;(2)提出了关注于检测错误的算法自适应迭代优化,权重调整是基于该算法在上一轮迭代中的分类错误;(3)由于将含木马的电路判定为不含木马的代价高于将不含木马的电路判定为含木马的代价,该文引入了不同检测判决的代价,提出了代价敏感型检测.在ISCAS89基准电路上进行的验证实验结果表明,所提出的方法能够检测已知的和未知的木马,检测精度和查全率均在90%以上.该方法没有添加额外的电路到原电路设计,因此没有引入硬件开销.%Recently,because of the globalization of the semiconductor design and fabrication process as well as the widely use of third-party intellectual property cores (IP cores),integrated circuits (ICs) are becoming increasingly vulnerable to hardware Trojans (HTs).Hardware Trojan can make the IC malfunction,leak confidential information,or lead to other catastrophic consequences,thus has raised serious concerns from many critical communities.Most of the existing hardware Trojan detection works require golden chips to provide reference signals.However,obtaining a golden chip is extremely difficult.The golden chips are supposed to be either fabricated by a trusted foundry or verified to be Trojan-free through strict reverse engineering.Both methods are prohibitively expensive.In some scenarios,the golden chips even don't exist,e.g.,if the mask is altered at the foundry.This paper proposes an adaptive optimization of two-class classificationbased hardware Trojan detection method which can eliminate the need of fabricated golden chips.In the IC design time,it can be assumed that after thorough pre-silicon detection or under strict design process,the simulated IC of the original design is Trojan-free (golden netlist).This method is particularly suitable for detecting the Trojans which are inserted in the subsequent steps after design,such as the fabrication stage.First,we formulate the hardware Trojan detection problem into a two-class classification problem.Then,we train the classification algorithms using transient power of simulated ICs during IC design flow.The trained algorithms will then form a classifier which can automatically identify fabricated ICs as Trojan-free or Trojan-inserted during test-time.There are many representative types of classification algorithms.We formulate different algorithms and figure out which algorithm is more suitable for HT detection.The metrics accuracy,confusion matrix and recall are used for evaluation.We evaluate the performance of different algorithms against process variations,and present the suitable algorithm settings in the presence of high level of process variations.Moreover,considering there may be a shift which occurs between the IC design simulation and actual silicon fabrication which may cause reduced detection performance during practical post-silicon detection,we also propose several optimized methods to enhance the technique:(1) we analyze the misclassified ICs' numbers of a certain algorithm and present the matched algorithm-pairs to provide complementary detection performance;(2) we propose adaptive iterative optimization of one algorithm by focusing on errors,in which the weightadjusting are based on how successful the algorithm was in the previous iteration;(3) since the cost of misclassification from Trojan-inserted to Trojan-free is larger than the cost of misclassification from Trojan-free to Trojan-inserted,we use a method of altering algorithms to take into account of the costs of making different hardware Trojan detection decisions,called cost-sensitive detection.The experiment results on ISCAS89 benchmark circuits show that,after optimization,the proposed approach can not only detect known Trojans,but also be able to detect various kinds of unknown Trojans with an accuracy and recall of more than 90%.Since we didn't add any extra circuit to the original design,there is no overhead of this approach.
展开▼
