IP軟核硬件木馬圖譜特征分析檢測方法

倪林; 李霖; 張帥; 童思程; 錢楊

doi:10.11999/JEIT240219

IP軟核硬件木馬圖譜特征分析檢測方法

doi: 10.11999/JEIT240219

倪林^{1, 3},
李霖³,
張帥^{2, 3, ,},
童思程³,
錢楊³

1.
國防科技大學電子科學學院長沙 410073
2.
國防科技大學計算機學院長沙 410073
3.
國防科技大學信息通信學院武漢 430035

詳細信息

作者簡介:
倪林：男，博士生，講師，研究方向為硬件安全、網(wǎng)絡安全等

李霖：男，研究方向為硬件安全等

張帥：男，博士生，講師，研究方向為硬件安全、網(wǎng)絡安全等

童思程：男，研究方向為硬件安全等

錢楊：男，研究方向為硬件安全等

通訊作者:
張帥　zhangshuai16a@nudt.edu.cn

中圖分類號: TN915.08; TP309.1
計量
- 文章訪問數(shù): 152
- HTML全文瀏覽量: 61
- PDF下載量: 22
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2024-03-29
- 修回日期: 2024-09-05
- 網(wǎng)絡出版日期: 2024-09-28
- 刊出日期: 2024-11-01

Graph Features Analysis and Detection Method of IP Soft Core Hardware Trojan

NI Lin^{1, 3},
LI Lin³,
ZHANG Shuai^{2, 3
, ,},
TONG Sicheng³,
QIAN Yang³

1.
College of Electronic Science and Technology, National University of Defense Technology, Changsha 410073, China
2.
College of Computer Science and Technology, National University of Defense Technology, Changsha 410073, China
3.
College of Information and Communication, National University of Defense Technology, Wuhan 430035, China

摘要

摘要: 隨著集成電路技術的飛速發(fā)展，芯片在設計、生產(chǎn)和封裝過程中，很容易被惡意植入硬件木馬邏輯，當前IP軟核的安全檢測方法邏輯復雜、容易錯漏且無法對加密IP軟核進行檢測。該文利用非可控IP軟核與硬件木馬寄存器傳輸級(RTL)代碼灰度圖譜的特征差異，提出一種基于圖譜特征分析的IP軟核硬件木馬檢測方法，通過圖譜轉換和圖譜增強得到標準圖譜，利用紋理特征提取匹配算法實現(xiàn)硬件木馬檢測。實驗使用設計階段被植入7類典型木馬的功能邏輯單元為實驗對象，檢測結果顯示7類典型硬件木馬的檢測正確率均達到了90%以上，圖像增強后特征點匹配成功數(shù)量的平均增長率達到了13.24%，有效提高了硬件木馬檢測的效率。
- IP軟核 /
- 硬件木馬 /
- 灰度圖譜 /
- 紋理特征 /
- 檢測算法
Abstract: With the rapid development of integrated circuit technology, chips are easily implanted with malicious hardware Trojan logic in the process of design, production and packaging. Current security detection methods for IP soft core are logically complex, prone to errors and omissions, and unable to detect encrypted IP soft core. The paper uses the feature differences of non-controllable IP soft core and hardware Trojan Register Transfer Level (RTL) code grayscale map, proposing a hardware Trojan detection method for IP soft cores based on graph feature analysis, through the map conversion and map enhancement to get the standard map, using the texture feature extraction matching algorithm to achieve hardware Trojan detection. The experimental subjects are functional logic units with seven types of typical Trojans implanted during the design phase, and the detection results show that the detection correct rate of seven types of typical hardware Trojans has reached more than 90%, and the average growth rate of the number of successful feature point matches after the image enhancement has reached 13.24%, effectively improving the effectiveness of hardware Trojan detection.
- IP soft core /
- Hardware Trojan /
- Grayscale map /
- Texture feature /
- Detection algorithm

HTML全文

圖 1 IP軟核硬件木馬檢測流程

下載: 全尺寸圖片幻燈片

圖 2 硬件木馬圖譜庫生成流程

下載: 全尺寸圖片幻燈片

圖 3 同一圖像進行圖像增強前后對比

下載: 全尺寸圖片幻燈片

圖 4 硬件木馬圖譜圖像增強前后對比圖

下載: 全尺寸圖片幻燈片

圖 5 成功匹配特征點的圖譜紋理特征檢測

下載: 全尺寸圖片幻燈片

圖 6 圖像增強前后的圖譜特征匹配結果

下載: 全尺寸圖片幻燈片

圖 7 不同分辨率下木馬圖譜特征點總數(shù)

下載: 全尺寸圖片幻燈片

圖 8 硬件木馬圖譜紋理特征匹配檢測結果

下載: 全尺寸圖片幻燈片

圖 9 B19-T100硬件木馬與含PIC16F84-T100樣本的匹配檢測結果

下載: 全尺寸圖片幻燈片

圖 10 B19-T100硬件木馬與含B19-T100樣本的匹配檢測結果

下載: 全尺寸圖片幻燈片

表 1 7種硬件木馬分類原理特點對照表

	插入階段	抽象層次	激活機制	效果	物理特性
B19-T100	設計階段	門級	基于內(nèi)部時間的觸發(fā)	改變功能	緊密、功能性、布局相同
PIC16F84-T100	設計階段	寄存器傳輸級別	內(nèi)部條件觸發(fā)	服務拒絕	功能性
s35932-T100	設計階段	門級	內(nèi)部條件觸發(fā)	改變功能，泄露信息	功能性
AES-T100	設計階段	寄存器傳輸級別	始終激活	泄露信息	功能性
wb_conmax-T100	設計階段	門級	內(nèi)部條件觸發(fā)	改變功能，拒絕服務	功能性
BasicRSA-T100	設計階段	寄存器傳輸級別	外部用戶輸入觸發(fā)	泄露信息	功能性
RS232-T100	設計階段	寄存器傳輸級別	內(nèi)部條件觸發(fā)	拒絕服務	功能性

下載: 導出CSV

表 2 7種木馬圖譜圖像增強前后的圖譜特征提取匹配結果

木馬類型	圖像增強前		圖像增強后
木馬類型	特征點總數(shù)	匹配成功的數(shù)量	特征點總數(shù)	匹配成功的數(shù)量
B19-T100	46	44	50	48
PIC16F84-T100	6	6	6	6
s35932-T100	40	37	41	39
AES-T100	22	22	25	25
wb_conmax-T100	10	7	13	11
BasicRSA-T100	63	49	65	51
RS232-T100	51	30	52	31

下載: 導出CSV

表 3 BasicRSA-T100在寬度為25不同高度下的匹配結果

	25	50	75	100	125	150	175	200
特征點總數(shù)	54	62	62	65	68	68	68	68
匹配成功的數(shù)量	27	37	47	51	61	52	52	52
匹配成功率(%)	50.00	59.68	75.81	78.46	89.71	76.47	76.47	76.47

下載: 導出CSV

表 4 BasicRSA-T100在高度為100不同寬度下的匹配結果

	25	50	75	100	125	150	175	200
特征點總數(shù)	65	60	81	80	80	80	80	80
匹配成功的數(shù)量	51	44	65	67	67	67	67	67
匹配成功率(%)	78.46	73.33	80.25	83.75	83.75	83.75	83.75	83.75

下載: 導出CSV

參考文獻(16)

[1]	楊達明, 黃姣英, 高成. 工藝偏差影響下硬件木馬檢測功率分析方法[J]. 計算機工程與應用, 2018, 54(24): 1–5,45. doi: 10.3778/j.issn.1002-8331.1810-0197. YANG Daming, HUANG Jiaoying, and GAO Cheng. Power analysis method of hardware Trojan detection considering process variation[J]. Computer Engineering and Applications, 2018, 54(24): 1–5,45. doi: 10.3778/j.issn.1002-8331.1810-0197.
[2]	劉志強, 張銘津, 池源, 等. 一種深度學習的硬件木馬檢測算法[J]. 西安電子科技大學學報, 2019, 46(6): 37–45. doi: 10.19665/j.issn1001-2400.2019.06.006. LIU Zhiqiang, ZHANG Mingjin, CHI Yuan, et al. Hardware Trojan detection algorithm based on deep learning[J]. Journal of Xidian University, 2019, 46(6): 37–45. doi: 10.19665/j.issn1001-2400.2019.06.006.
[3]	成祥, 李磊, 程偉. 基于RTL級硬件木馬的檢測方法[J]. 微電子學與計算機, 2017, 34(3): 56–60. doi: 10.19304/j.cnki.issn1000-7180.2017.03.012. CHENG Xiang, LI Lei, and CHENG Wei. A detection method of hardware Trojans based on RTL[J]. Microelectronics & Computer, 2017, 34(3): 56–60. doi: 10.19304/j.cnki.issn1000-7180.2017.03.012.
[4]	SANKAR V and NIRMALA DEVI M. Efficient hardware Trojan detection using generic feature extraction and weighted ensemble method[C]. The ICACIT 2021 on Advanced Computing and Intelligent Technologies, Singapore, Singapore, 2022: 165–181. doi: 10.1007/978-981-16-2164-2_14.
[5]	謝俊, 周慧忠, 厲小燕, 等. 基于旁路分析的集成電路芯片硬件木馬檢測分析[J]. 電子技術與軟件工程, 2022(18): 112–115. XIE Jun, ZHOU Huizhong, LI Xiaoyan, et al. Hardware Trojan detection and analysis of integrated circuit chips based on bypass analysis[J]. Electronic Technology and Software Engineering, 2022(18): 112–115.
[6]	徐皓, 易茂祥, 金禮玉, 等. 電路分區(qū)自比較的硬件木馬檢測方法[J]. 合肥工業(yè)大學學報: 自然科學版, 2022, 45(12): 1630–1636. doi: 10.3969/j.issn.1003-5060.2022.12.007. XU Hao, YI Maoxiang, JIN Liyu, et al. Hardware Trojan detection method based on circuit partition self-comparison[J]. Journal of Hefei University of Technology: Natural Science, 2022, 45(12): 1630–1636. doi: 10.3969/j.issn.1003-5060.2022.12.007.
[7]	趙毅強, 李博文, 馬浩誠, 等. 基于混合特征分析的硬件木馬檢測方法[J]. 華中科技大學學報: 自然科學版, 2021, 49(5): 1–6. doi: 10.13245/j.hust.210501. ZHAO Yiqiang, LI Bowen, MA Haocheng, et al. Hardware Trojan detection method based on combined features analysis[J]. Journal of Huazhong University of Science and Technology: Natural Science Edition, 2021, 49(5): 1–6. doi: 10.13245/j.hust.210501.
[8]	JOSE F, PRIYATHARISHINI M, and NIRMALA DEVI M. Hardware Trojan detection using deep learning-generative adversarial network and stacked auto encoder neural networks[C]. The ICT Analysis and Applications, Singapore, Singapore, 2022: 203–210. doi: 10.1007/978-981-16-5655-2_19.
[9]	李林源, 徐金甫, 嚴迎建, 等. 基于多維特征的門級硬件木馬檢測技術[J]. 計算機工程與應用, 2023, 59(18): 278–284. doi: 10.3778/j.issn.1002-8331.2206-0101. LI Linyuan, XU Jinfu, YAN Yingjian, et al. Hardware Trojan detection for gate-level netlists based on multidimensional features[J]. Computer Engineering and Applications, 2023, 59(18): 278–284. doi: 10.3778/j.issn.1002-8331.2206-0101.
[10]	楊歡, 李海明. MLDet: 基于結構特征和XGBoost的硬件木馬檢測方法[J]. 計算機應用與軟件, 2023, 40(11): 302–307. doi: 10.3969/j.issn.1000-386x.2023.11.045. YANG Huan and LI Haiming. MLDet: Hardware Trojan detection method based on structural features and XGBoost[J]. Computer Applications and Software, 2023, 40(11): 302–307. doi: 10.3969/j.issn.1000-386x.2023.11.045.
[11]	史江義, 溫聰, 劉鴻瑾, 等. 基于圖神經(jīng)網(wǎng)絡的門級硬件木馬檢測方法[J]. 電子與信息學報, 2023, 45(9): 3253–3262. doi: 10.11999/JEIT221201. SHI Jiangyi, WEN Cong, LIU Hongjin, et al. Hardware Trojan detection for gate-level netlists based on graph neural network[J]. Journal of Electronics & Information Technology, 2023, 45(9): 3253–3262. doi: 10.11999/JEIT221201.
[12]	PAN Zhixin and MISHRA P. Hardware Trojan detection using side -channel analysis[M]. PAN Zhixin and MISHRA P. Explainable AI for Cybersecurity. Cham: Springer, 2023: 123–140. doi: 10.1007/978-3-031-46479-9_6.
[13]	JYOTHI V and RAJENDRAN J. Hardware Trojan attacks in FPGA and protection approaches[M]. BHUNIA S and TEHRANIPOOR M. The Hardware Trojan War: Attacks, Myths, and Defenses. Cham: Springer, 2018: 345–368. doi: 10.1007/978-3-319-68511-3_14.
[14]	ABDELLATIF K M, CORNESSE C, FOURNIER J, et al. New partitioning approach for hardware Trojan detection using side-channel measurements[C]. Proceedings of the 12th International Symposium on Applied Reconfigurable Computing, Mangaratiba, Brazil, 2016: 171–182. doi: 10.1007/978-3-319-30481-6_14.
[15]	VINOD G, RAMESH S R, and NIRMALA DEVI M. Simulation based hardware Trojan detection using path delay analysis[M]. RANGANATHAN G, FERNANDO X, and ROCHA á. Inventive Communication and Computational Technologies. Singapore: Springer, 2022: 853–863. doi: 10.1007/978-981-19-4960-9_64.
[16]	NOZAWA K, HASEGAWA K, HIDANO S, et al. Adversarial examples for hardware-Trojan detection at gate-level netlists[C]. Proceedings of the ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT on Computer Security, Luxembourg City, Luxembourg, 2020: 341–359. doi: 10.1007/978-3-030-42048-2_22.