The First Thorough Side-Channel Hardware Trojan

Maik Ender, Samaneh Ghandali, Amir Moradi, Chris­tof Paar

In­ter­na­tio­nal Con­fe­rence on the Theo­ry and Ap­p­li­ca­ti­ons of Cryp­to­lo­gy and In­for­ma­ti­on Se­cu­ri­ty, ASI­A­CRYPT 2017, Hong Kong, China, De­cem­ber 3 - 7, 2017.


Hardware Trojans have gained high attention in academia, industry and by government agencies. The effective detection mechanisms and countermeasures against such malicious designs are only possible when there is a deep understanding of how hardware Trojans can be built in practice. In this work, we present a mechanism which shows how easily a stealthy hardware Trojan can be inserted in a provably-secure side-channel analysis protected implementation. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage leading to successful key recovery attacks. Such a Trojan does not add or remove any logic (even a single gate) to the design which makes it very hard to detect. In ASIC platforms, it is indeed inserted by subtle manipulations at the sub-transistor level to modify the parameters of a few transistors. The same is applicable on FPGA applications by changing the routing of particular signals, leading to null resource utilization overhead. The underlying concept is based on a secure masked hardware implementation which does not exhibit any detectable leakage. However, by running the device at a particular clock frequency one of the requirements of the underlying masking scheme is not fulfilled anymore, i.e., the Trojan is triggered, and the device's side-channel leakage can be exploited. Although as a case study we show an application of our designed Trojan on an FPGA-based threshold implementation of the PRESENT cipher, our methodology is a general approach and can be applied on any similar circuit.


Tags: masking, PRESENT, Threshold, TI, Trojan