可規避邏輯閘層結構與SCOAP特徵檢測之硬體木馬生成框架研究

Chi-Wei Chen; 陳其威

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/85293

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	郭斯彥(Sy-Yen Kuo)
dc.contributor.author	Chi-Wei Chen	en
dc.contributor.author	陳其威	zh_TW
dc.date.accessioned	2023-03-19T22:55:42Z	-
dc.date.copyright	2022-08-02
dc.date.issued	2022
dc.date.submitted	2022-07-29
dc.identifier.citation	References [1] Trust-hub. Available on-line: https://www.trust-hub.org, 2016. [2] J. Cruz et al., ”An automated configurable Trojan insertion framework for dynamic trust benchmarks,” 2018 Design, Automation Test in Europe Conference & Exhibition (DATE), 2018, pp. 1598-1603. [3] H. Salmani, ” COTD: Reference-Free Hardware Trojan Detection and Recovery Based on Controllability and Observability in Gate-Level Netlist,” in IEEE Transactions on Information Forensics and Security, vol. 12, no. 2, pp. 338-350, Feb. 2017. [4] K. Hasegawa et al., ”Trojan-feature extraction at gate-level netlists and its application to hardware-Trojan detection using random forest classifier,” 2017 IEEE International Symposium on Circuits and Systems (ISCAS), 2017, pp. 1-4 [5] K. Hasegawa et al., ”Hardware Trojans classification for gate-level netlists based on machine learning,” 2016 IEEE 22nd International Symposium on On-Line Testing and Robust System Design (IOLTS), 2016, pp. 203-206. [6] H. Salmani et al., ”On design vulnerability analysis and trust benchmarks development”, 2013 IEEE 31st International Conference on Computer Design (ICCD), 2013, pp. 471-474. [7] Black, Paul E. (2 February 2005). ”greedy algorithm”. Dictionary of Algorithms and Data Structures. U.S. National Institute of Standards and Technology (NIST). Retrieved 17 August 2012. [8] L. H. Goldstein and E. L. Thigpen, 'SCOAP: Sandia Controllability/Observability Analysis Program,'17th Design Automation Conference, 1980, pp. 190-146 [9] B. Shakya et al., “Benchmarking of Hardware Trojans and Maliciously Affected Circuits', Journal of Hardware and Systems Security (HaSS), April 2017. [10] Zhixin Pan and Prabhat Mishra, ”Automated Test Generation for Hardware Trojan Detection using Reinforcement Learning”, Proceedings of the 26th Asia and South Pacific Design Automation Conference, 2021 [11] B. Tan and R. Karri, ”Challenges and New Directions for AI and Hardware Security,” 2020 IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS), 2020 [12] Z. Huang, Q. Wang, Y. Chen and X. Jiang, ”A Survey on Machine Learning Against Hardware Trojan Attacks: Recent Advances and Challenges,” in IEEE Access, vol.8, pp. 10796-10826, 2020, doi: 10.1109/ACCESS.2020.2965016. [13] Chakraborty, R.S., Wolff, F., Paul, S., Papachristou, C., Bhunia, S. (2009). MERO:A Statistical Approach for Hardware Trojan Detection. In: Clavier, C., Gaj, K. (eds) Cryptographic Hardware and Embedded Systems - CHES 2009. CHES 2009. Lecture Notes in Computer Science, vol 5747. Springer, Berlin, Heidelberg. [14] R. S. Chakraborty, S. Narasimhan and S. Bhunia, ”Hardware Trojan: Threats and emerging solutions,” 2009 IEEE International High Level Design Validation and Test Workshop, 2009, pp. 166-171, doi: 10.1109/HLDVT.2009.5340158. [15] C. H. Kok et al., ”Net Classification Based on Testability and Netlist Structural Features for Hardware Trojan Detection,” 2019 IEEE 28th Asian Test Symposium (ATS), 2019, pp. 105-1055, doi: 10.1109/ATS47505.2019.00020. [16] M. Priyadharshini and P. Saravanan, ”An Efficient Hardware Trojan Detection Approach adopting Testability based Features,” 2020 IEEE International Test Conference India, 2020, pp. 1-5, doi: 10.1109/ITCIndia49857.2020.9171786. [17] R. Sharma, N. K. Valivati, G. K. Sharma and M. Pattanaik, ”A New Hardware Trojan Detection Technique using Class Weighted XGBoost Classifier,” 2020 24th International Symposium on VLSI Design and Test (VDAT), 2020, pp. 1-6, doi: 10.1109/VDAT50263.2020.9190603.47 [18] F. Chen and Q. Liu, ”Single-triggered hardware Trojan identification based on gate-level circuit structural characteristics,” 2017 IEEE International Symposium on Circuits and Systems (ISCAS), 2017, pp. 1-4, doi: 10.1109/ISCAS.2017.8050673. [19] M. Oya, Y. Shi, M. Yanagisawa and N. Togawa, ” A score-based classification method for identifying Hardware-Trojans at gate-level netlists,” 2015 Design, Automation Test in Europe Conference Exhibition (DATE), 2015, pp. 465-470, doi:10.7873/DATE.2015.0352. [20] S. Wei, K. Li, F. Koushanfar and M. Potkonjak, ”Hardware Trojan horse benchmark via optimal creation and placement of malicious circuitry,” DAC Design Automation Conference 2012, 2012, pp. 90-95. [21] Tehranipoor M, Koushanfar F (2013) A survey of hardware trojan taxonomy and detection. IEEE Design Test 99:1–1 [22] R. S. Chakraborty, S. Narasimhan and S. Bhunia, ”Hardware Trojan: Threats and emerging solutions,” 2009 IEEE International High Level Design Validation and Test Workshop, 2009, pp. 166-171, doi: 10.1109/HLDVT.2009.5340158. [23] S. S.Narasimhan, D.Du,“Multiple-parameter side-channel analysis: A noninvasive hardware trojan detection approach,'IEEE International Symposium on Hardware-Oriented Security and Trust, 2010 [24] Y. Shiyanovskii, F. Wolff, A. Rajendran, C. Papachristou, D. Weyer and W. Clay, ”Process reliability based trojans through NBTI and HCI effects,” 2010 NASA/ESA Conference on Adaptive Hardware and Systems, 2010, pp. 215-222 [25] M. He, J. Park, A. Nahiyan, A. Vassilev, Y. Jin and M. Tehranipoor, ”RTL-PSC:Automated Power Side-Channel Leakage Assessment at Register-Transfer Level,”2019 IEEE 37th VLSI Test Symposium (VTS), 2019, pp. 1-6 [26] S. Wei and M. Potkonjak, ”Scalable Hardware Trojan Diagnosis,” in IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 20, no. 6, pp. 1049-1057, June 2012 [27] J. Grason, ”TMEAS, A Testability Measurement Program,” 16th Design Automation Conference, 1979, pp. 156-161, doi: 10.1109/DAC.1979.1600103. [28] Maunder, Colin M., R. G. Bennetts and J. D. Robinson.“CAMELOT: A Computer-Aided Measure for Logic Testability.'(1980). [29] Ratiu, Ion M., Alberto L. Sangiovanni-Vincentelli and Donald O. Pederson. “VICTOR : A Fast VLSI Testability Analysis Program.'ITC (1982). [30] Stavros P Dokouzyannis, John M Kontoleon, ”Comet —A new method for the deterministic test pattern generation in c-circuits”, Microelectronics Reliability, Volume 34, Issue 11, 1994, Pages 1761-1775, ISSN 0026-2714, [31] https://link.springer.com/content/pdf/10.1007%2F0-306-47040-3_6.pdf [32] http://web.eecs.umich.edu/ mazum/F02/lectures/lec8.pdf [33] https:// www.csee.umbc.edu/ cpatel2/ links/ 418/ lectures/ chap6_lect07_testability_measures.pdf [34] http://www.ee.ncu.edu.tw/ jfli/test1/lecture/ch03.pdf [35] S. Bhunia, M. S. Hsiao, M. Banga and S. Narasimhan, ”Hardware Trojan Attacks: Threat Analysis and Countermeasures,” in Proceedings of the IEEE, vol. 102, no. 8,pp. 1229-1247, Aug. 2014, doi: 10.1109/JPROC.2014.2334493. [36] R. S. Chakraborty, S. Narasimhan and S. Bhunia, ”Hardware Trojan: Threats and emerging solutions,” 2009 IEEE International High Level Design Validation and Test Workshop, 2009, pp. 166-171, doi: 10.1109/HLDVT.2009.5340158. [37] Synopsys＇s TetraMAX, http://www.synopsys.com/Tools/Pages/default.aspx [38] K. Hasegawa, M. Yanagisawa and N. Togawa, ”Hardware Trojans classification for gate-level netlists using multi-layer neural networks,” 2017 IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS), 2017, pp. 227-232, doi: 10.1109/IOLTS.2017.8046227. [39] Suthaharan, S. (2016). Support Vector Machine. In: Machine Learning Models and Algorithms for Big Data Classification. Integrated Series in Information Systems, vol 36. Springer, Boston, MA. https://doi.org/10.1007/978-1-4899-7641-3_9 [40] Support Vector Machine Wiki: https:// en.wikipedia.org/ wiki/ Support-vector_machine [41] Random Forest Wiki : https://en.wikipedia.org/wiki/Random_forest [42] Neural network Wiki : https://en.wikipedia.org/wiki/Neural_network [43] Black, Paul E. (2 February 2005). ”greedy algorithm”. Dictionary of Algorithms and Data Structures. U.S. National Institute of Standards and Technology (NIST). Retrieved 17 August 2012. [44] https:// www.edntaiwan.com/ 20210809nt01-a-post-quantum-chip-with-hardware-trojans/
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/85293	-
dc.description.abstract	隨著IC產業的蓬勃發展，積體電路產業的分工也越來越細緻化與國際化，因產業分工越來越明確，使用第三方資源已無可避免，然而，任何來自或經過第三方公司的資源都將是不可信任的，也因此，新型態的硬體安全疑慮大量衍生，而其中硬體木馬獲得主要關注。多數木馬研究學者皆於偵測硬體木馬技術的發展，而疏於木馬產生、插入和攻擊技術，而此將造成偵測技術發展的偏頗，因此，本論文提出一種全新且自動化的木馬產生框架以規避主流的邏輯閘層硬體木馬偵測技術。主流的邏輯閘木馬偵測技術可分為兩種，其一為基於電路邏輯閘結構，其二為基於Sandia Controllability/Observability Analysis Program (SCOAP) 分數，在我們的框架中，我們使用貪婪算法去構成硬體木馬，貪婪算法使的木馬結構與一般電路結構盡量相似，而後，藉由插入特殊結構與一般訊號已達到降低SCOAP分數的目的，實驗結果顯示，相較於一般的隨機方式，我們提出的貪婪方法能提供更好的選擇，此外，在SCOAP分數降低環節插入三條一般訊號後，可以降低68\%的SCOAP分數，最後，我們將產生的硬體木馬結果測試目前最知名以及最新的基於結構以及基於SCOAP分數的偵測器，結果顯示，兩種偵測器均有很高的偽陽性率和偽陰性率以及很低的準確度。	zh_TW
dc.description.abstract	The division of labor in the integrated circuit (IC) industry has become more detailed. Outsourcing IC design or fabrication to third-party vendors is inevitable, which has caused a variety of hardware security issues. With the attention of hardware Trojan, most recent research has focused on detection techniques instead of attack or insertion methods. Existing detection methods for gate level can be classified into two categories: one based on circuit structure features and the other based on the Sandia Controllability/Observability Analysis Program (SCOAP) values. This paper proposes a new hardware Trojan insertion framework that can automatically construct Trojan with low SCOAP values against both structural features-based and SCOAP-based detection techniques. In our framework, we use the greedy algorithm to build a Trojan structure similar to a genuine circuit as much as possible and then reduce SCOAP values by inserting genuine nets. The experimental results demonstrated that our greedy method achieves significant improvements in structure generation than the random method. Moreover, the insertion framework can reduce the average SCOAP values by 68\% after inserting three genuine nets. Finally, we evaluate state-of-the-art detection techniques using hardware Trojan samples generated by our proposed framework, which provides a high False Positive Rate (FPR)/False Negative Rate (FNR) and low accuracy.	en
dc.description.provenance	Made available in DSpace on 2023-03-19T22:55:42Z (GMT). No. of bitstreams: 1 U0001-2207202211400000.pdf: 3735704 bytes, checksum: f835316f15523feb0128705c4a22f667 (MD5) Previous issue date: 2022	en
dc.description.tableofcontents	Contents Page Acknowledgements i 摘要 ii Abstract iii Contents iv List of Figures vi List of Tables viii Denotation ix Chapter 1 Introduction 1 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Contribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Organization of Thesis . . . . . . . . . . . . . . . . . . . . . . . . . 2 Chapter 2 Greedy Algorithm and Testability Measures 5 2.1 Greedy algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Testability Measures . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.1 Controllability and observability . . . . . . . . . . . . . . . . . . . 6 2.2.1.1 Combinational circuit . . . . . . . . . . . . . . . . . . 7 2.2.1.2 Sequential circuit . . . . . . . . . . . . . . . . . . . . 7 Chapter 3 Hardware Trojan 11 3.1 Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.1.1 Combinational Trojans . . . . . . . . . . . . . . . . . . . . . . . . 12 3.1.2 Sequential Trojans . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.2 Taxonomies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2.1 Insertion Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2.2 Abstraction Level . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.2.3 Activation Mechanism . . . . . . . . . . . . . . . . . . . . . . . . 19 3.2.4 Effects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.2.5 Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Chapter 4 Gate-Level Classification Methods 21 4.1 structural feature-based detection . . . . . . . . . . . . . . . . . . . 21 4.1.1 Machine Learning Models . . . . . . . . . . . . . . . . . . . . . . 21 4.1.2 Detection Method . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 4.1.3 Experimental Result . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4.2 SCOAP-based detection . . . . . . . . . . . . . . . . . . . . . . . . 27 4.2.1 COTD[3] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 4.2.1.1 Proposed method . . . . . . . . . . . . . . . . . . . . 30 4.2.1.2 Experimental Result . . . . . . . . . . . . . . . . . . . 30 Chapter 5 Gate-Level Trojan Benchmark Generating Technique 32 Chapter 6 Proposed Method 36 6.1 Phase I: Analyzing the Trojan-free circuit . . . . . . . . . . . . . . . 36 6.2 Phase II: Constructing the hardware Trojan . . . . . . . . . . . . . . 37 6.3 Phase III: Reducing Trojan nets’ SCOAP values . . . . . . . . . . . 38 6.3.1 Insert structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 6.3.1.1 Proof . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 6.3.2 Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Chapter 7 Experimental Result 42 7.1 Experiment Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 7.2 Results and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Chapter 8 Conclusion and Future Works 45 References 46
dc.language.iso	en
dc.subject	SCOAP 降低方法	zh_TW
dc.subject	貪婪算法	zh_TW
dc.subject	硬體安全	zh_TW
dc.subject	硬體木馬	zh_TW
dc.subject	邏輯閘層插入框架	zh_TW
dc.subject	SCOAP reduction	en
dc.subject	Hardware security	en
dc.subject	Hardware Trojan	en
dc.subject	Gate-level insertion framework	en
dc.subject	Greedy algorithm	en
dc.title	可規避邏輯閘層結構與SCOAP特徵檢測之硬體木馬生成框架研究	zh_TW
dc.title	A Hardware Trojan Insertion Framework against Gate-Level Netlist Structural Feature and SCOAP-based Detection	en
dc.type	Thesis
dc.date.schoolyear	110-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	顏嗣鈞(Hsu-chun Yen),雷欽隆(Chin-Laung Lei), 陳英一(Ing-Yi Chen),游家牧(Chia-Mu Yu)
dc.subject.keyword	硬體安全,硬體木馬,邏輯閘層插入框架,SCOAP 降低方法,貪婪算法,	zh_TW
dc.subject.keyword	Hardware security,Hardware Trojan,Gate-level insertion framework,Greedy algorithm,SCOAP reduction,	en
dc.relation.page	50
dc.identifier.doi	10.6342/NTU202201632
dc.rights.note	同意授權(限校園內公開)
dc.date.accepted	2022-07-29
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
dc.date.embargo-lift	2022-08-02	-
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
U0001-2207202211400000.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	3.65 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。