Abstract
A hardware trojan (HT) is produced through the malicious tampering of an integrated circuit design. Depending on its placement and purpose, an HT may cause data leakage or corruption, computational errors, reduced system performance, and temporary or permanent denial-of-service through the disabling or destruction of the chip. The varied geographic locales involved in designing, fabricating, and testing a design allow an attacker ample opportunity to insert an HT. In this paper we propose a method to enable the remote activation of HT, via a covert temperature channel, across a network. Through experimentation, our activation method is shown to be feasible on modern computers. In addition, its design is tolerant of process variation to ensure that it can be reliably fabricated. The design was validated using industry standard STMicroelectronics 65 nm technology and shown to be undetectable against present detection techniques. We discuss the major challenges associated with such HT and future research needs to address them.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
CPU usage limiter for Linux (2015). https://github.com/opsengine/cpulimit
Abramovici, M., Bradley, P.: Integrated circuit security: new threats and solutions. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, pp. 55. ACM (2009)
Agarwal, K., Nassif, S.: Characterizing process variation in nanometer CMOS. In: 44th ACM/IEEE Design Automation Conference, DAC 2007, pp. 396–399. IEEE (2007)
Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., Sunar, B.: Trojan detection using IC fingerprinting. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 296–310. IEEE (2007)
Banga, M., Chandrasekar, M., Fang, L., Hsiao, M.S.: Guided test generation for isolation and detection of embedded trojans in ICs. In: Proceedings of the 18th ACM Great Lakes symposium on VLSI, pp. 363–366. ACM (2008)
Barroso, L.A., Clidaras, J., Hölzle, U.: The datacenter as a computer: An introduction to the design of warehouse-scale machines. Synthesis Lectures on Computer Architecture 8(3), 1–154 (2013)
Benik, A., Ventures, B.: The sorry state of server utilization and the impending post-hypervisor era (2013). https://gigaom.com/2013/11/30/the-sorry-state-of-server-utilization-and-the-impending-post-hypervisor-era/
Bernstein, K., Frank, D.J., Gattiker, A.E., Haensch, W., Ji, B.L., Nassif, S.R., Nowak, E.J., Pearson, D.J., Rohrer, N.J.: High-performance CMOS variability in the 65-nm regime and beyond. IBM Journal of Research and Development 50(4.5), 433–449 (2006)
Chakraborty, R.S., Narasimhan, S., Bhunia, S.: Hardware trojan: threats and emerging solutions. In: IEEE International High Level Design Validation and Test Workshop, HLDVT 2009, pp. 166–171. IEEE (2009)
Chang, M.H., Liu, C.P., Huang, H.P.: Chip implementation with combined temperature sensor and reference devices based on DZTC principle. Electronics Letters 46(13), 919–921 (2010)
Chen, Z., Guo, X., Nagesh, R., Reddy, A., Gora, M., Maiti, A.: Hardware trojan designs on BASYS FPGA board. Embedded system challenge contest in cyber security awareness week-CSAW (2008)
Garg, R., Khatri, S.P.: A variation tolerant circuit design approach using parallel gates
He, L., Kahng, A., Tam, K.H., Xiong, J.: Simultaneous buffer insertion and wire sizing considering systematic CMP variation and random leff variation. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 26(5), 845–857 (2007)
Jin, Y., Makris, Y.: Hardware trojan detection using path delay fingerprint. In: IEEE International Workshop on Hardware-Oriented Security and Trust, HOST 2008, pp. 51–57. IEEE (2008)
Kash, J.A., Tsang, J.C., Knebel, D.R.: Method and apparatus for reverse engineering integrated circuits by monitoring optical emission (December 17, 2002), US Patent 6,496,022
Kiamilev, F., Hoover, R., Delvecchio, R., Waite, N., Janansky, S., McGee, R., Lange, C., Stamat, M.: Demonstration of hardware trojans. DEFCON, 16 (2008)
Lin, L., Burleson, W., Paar, C.: Moles: malicious off-chip leakage enabled by side-channels. In: Proceedings of the 2009 International Conference on Computer-Aided Design, pp. 117–122. ACM (2009)
Liu, H.: A measurement study of server utilization in public clouds. In: Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing, DASC 2011, pp. 435–442. IEEE Computer Society, Washington, DC (2011). http://dx.doi.org/10.1109/DASC.2011.87
Orshansky, M., Nassif, S., Boning, D.: Design for manufacturability and statistical design: a constructive approach. Springer Science & Business Media (2007)
Segura, J., Rossello, J., Morra, J., Sigg, H.: A variable threshold voltage inverter for CMOS programmable logic circuits. IEEE Journal of Solid-State Circuits 33(8), 1262–1265 (1998)
Tan, M.T., Chang, J.S., Tong, Y.C.: A process-and temperature-independent inverter-comparator for pulse width modulation applications. Analog Integrated Circuits and Signal Processing 27(1–2), 95–107 (2001)
Tehranipoor, M., Wang, C.: Introduction to Hardware Security and Trust. SpringerLink: Bücher. Springer (2011). https://books.google.com/books?id=bNiw9448FeIC
Tehranipoor, M., Koushanfar, F.: A survey of hardware trojan taxonomy and detection (2010)
Tehranipoor, M., Salmani, H., Zhang, X., Wang, X., Karri, R., Rajendran, J., Rosenfeld, K.: Trustworthy hardware: Trojan detection and design-for-trust challenges. Computer 7, 66–74 (2010)
Instruments, T.: LM35 Precision Centigrade Temperature Sensors. datasheet (2015)
Tschanz, J., Bowman, K., De, V.: Variation-tolerant circuits: circuit solutions and techniques. In: Proceedings of the 42nd Annual Design Automation Conference, pp. 762–763. ACM (2005)
Wang, R.L., Yu, C.W., Yu, C., Liu, T.H., Yeh, C.M., Lin, C.F., Tsai, H.H., Juang, Y.Z.: Temperature sensor using BJT-MOSFET pair. Electronics Letters 48(9), 503–504 (2012)
Wang, X., Salmani, H., Tehranipoor, M., Plusquellic, J.: Hardware trojan detection and isolation using current integration and localized current analysis. In: IEEE International Symposium on Defect and Fault Tolerance of VLSI Systems, DFTVS 2008, pp. 87–95. IEEE (2008)
Zander, S., Branch, P., Armitage, G.: Capacity of temperature-based covert channels. Communications Letters, IEEE 15(1), 82–84 (2011)
Zhao, W., Liu, F., Agarwal, K., Acharyya, D., Nassif, S.R., Nowka, K.J., Cao, Y.: Rigorous extraction of process variations for 65-nm CMOS design. IEEE Transactions on Semiconductor Manufacturing 22(1), 196–203 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Dash, P., Perkins, C., Gerdes, R.M. (2015). Remote Activation of Hardware Trojans via a Covert Temperature Channel. In: Thuraisingham, B., Wang, X., Yegneswaran, V. (eds) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 164. Springer, Cham. https://doi.org/10.1007/978-3-319-28865-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-28865-9_16
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-28864-2
Online ISBN: 978-3-319-28865-9
eBook Packages: Computer ScienceComputer Science (R0)