Towards bidirectional LUT-level detection of hardware Trojans

摘要

FPGAs are field-programmable and reconfigurable integrated circuits; consequently, they entail numerous security concerns. For example, malicious functions such as hardware Trojans (HTs), can be inserted into the circuits in both development and deployment stages, as malicious fabrication and modification are possible even after deployment. Therefore, to detect HTs in FPGAs effectively, it is necessary to exploit both netlists available at the development stage and bitstreams available at deployment stage; this is in contrast with existing approaches, which require source code or gate-level netlists. In achieving this, we encounter two major challenges: effectively exploiting FPGA netlists closer to bitstreams for HTs detection and reverse-engineering bitstreams to netlists at an acceptable level. To address these problems, we develop a bidirectional mechanism for detecting HTs in FPGAs at any stage. To the best of our knowledge, this is the first study on bidirectional HT detection in FPGAs. To address the first challenge, we focus on LUT-level netlists; regarding the second challenge, we directly reverse-engineer bitstreams to LUT-level netlists. For HTs detection, we employ features extracted from LUT-level netlists, which can also be derived from reversed bitstreams and used to identify HTs. We design and implement our system for experimental studies. The experiments achieve a TPR of more than 99.3% and an FPR of less than 0.15% for 15 TrustHub benchmarks in forward and backward (reverse) directions for FPGA Virtex-5 devices.