![Page 1: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/1.jpg)
Formal Verification of Gate-Level Multiple Side ChannelParameters to Detect Hardware Trojans
Imran Abbasi, Faiq Khalid Lodhi, Awais Kamboh and Osman Hasan
System Analysis and Verification (SAVe Lab)National University of Sciences and Technology (NUST)
Islamabad, Pakistan
FTSCS 2016Tokyo, Japan
November 14, 2016
![Page 2: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/2.jpg)
Outline
1 Introduction
2 Proposed Methodology
3 Case Studies
4 Conclusions
Osman Hasan Formal Verification for HT Detection November 14, 2016 2 / 25
![Page 3: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/3.jpg)
Hardware Trojans
Malicious alteration or modification in Integrated Circuits (ICs)
Change the FunctionalityReduce the Reliability (Aging Based Trojan)Disable the chip in future (Time Bomb Trojan)Leak confidential information (Data Ex-filtration Trojan)
Potential Sources of Threat
Third Party Intellectual Property (3PIP) VendorSoC DeveloperFoundry
Osman Hasan Formal Verification for HT Detection November 14, 2016 3 / 25
![Page 4: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/4.jpg)
Hardware Trojans
Malicious alteration or modification in Integrated Circuits (ICs)
Change the FunctionalityReduce the Reliability (Aging Based Trojan)Disable the chip in future (Time Bomb Trojan)Leak confidential information (Data Ex-filtration Trojan)
Potential Sources of Threat
Third Party Intellectual Property (3PIP) VendorSoC DeveloperFoundry
Osman Hasan Formal Verification for HT Detection November 14, 2016 3 / 25
![Page 5: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/5.jpg)
Counterfeit Chips on Rise
Electronic Resellers Association
International (ERAI)
Table: Different types of counterfeited ICs
Ranks Component Type % of Reported Incidents1 Analog IC 25.20%
2 Microprocessor IC 13.40%
3 Memory IC 13.10%
4 Programmable Logic IC 8.30%
5 Transistor 7.60%
Osman Hasan Formal Verification for HT Detection November 14, 2016 4 / 25
![Page 6: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/6.jpg)
Historical IncidentsCounterfeiting Incident in 2011
Reported in IEEE Spectrum
October 2013
Failure of Ice detection Block of P-8A Po-seidon (17th August 2011)
Reason
Time Bomb Trojan due to a ReworkedXillinx FPGA
Investigation
BAE Systems, a UK based defence orga-nization, was responsible for the hardwaredesignSubcontracted Access Electronics, whichwas selling used Xillinx parts as new
Osman Hasan Formal Verification for HT Detection November 14, 2016 5 / 25
![Page 7: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/7.jpg)
Historical IncidentsCounterfeiting Incident in 2011
Reported in IEEE Spectrum
October 2013
Failure of Ice detection Block of P-8A Po-seidon (17th August 2011)
Reason
Time Bomb Trojan due to a ReworkedXillinx FPGA
Investigation
BAE Systems, a UK based defence orga-nization, was responsible for the hardwaredesignSubcontracted Access Electronics, whichwas selling used Xillinx parts as new
Osman Hasan Formal Verification for HT Detection November 14, 2016 5 / 25
![Page 8: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/8.jpg)
Hardware Trojan Detection Techniques
None of these techniques offers a Complete and Accurate Analysis
Osman Hasan Formal Verification for HT Detection November 14, 2016 6 / 25
![Page 9: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/9.jpg)
Hardware Trojan Detection Techniques
None of these techniques offers a Complete and Accurate Analysis
Osman Hasan Formal Verification for HT Detection November 14, 2016 6 / 25
![Page 10: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/10.jpg)
Hardware Trojan Detection Techniques
None of these techniques offers a Complete and Accurate Analysis
Osman Hasan Formal Verification for HT Detection November 14, 2016 6 / 25
![Page 11: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/11.jpg)
Hardware Trojan Detection Techniques
None of these techniques offers a Complete and Accurate Analysis
Osman Hasan Formal Verification for HT Detection November 14, 2016 6 / 25
![Page 12: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/12.jpg)
Hardware Trojan Detection Techniques
None of these techniques offers a Complete and Accurate Analysis
Osman Hasan Formal Verification for HT Detection November 14, 2016 6 / 25
![Page 13: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/13.jpg)
Hardware Trojan Detection Techniques
None of these techniques offers a Complete and Accurate Analysis
Osman Hasan Formal Verification for HT Detection November 14, 2016 6 / 25
![Page 14: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/14.jpg)
Hardware Trojan Detection Techniques
None of these techniques offers a Complete and Accurate Analysis
Osman Hasan Formal Verification for HT Detection November 14, 2016 6 / 25
![Page 15: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/15.jpg)
Hardware Trojan Detection Techniques
None of these techniques offers a Complete and Accurate Analysis
Osman Hasan Formal Verification for HT Detection November 14, 2016 6 / 25
![Page 16: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/16.jpg)
Hardware Trojan Detection Techniques
None of these techniques offers a Complete and Accurate Analysis
Osman Hasan Formal Verification for HT Detection November 14, 2016 6 / 25
![Page 17: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/17.jpg)
Formal Verification for Hardware Trojan DetectionRathmair et. al. (2013) 1
Used the SMV Model Checker to verify the functional properties
Malicious behavior can be detected if the desired properties fail
The counterexamples can be used to identify the intrusions
Threat Model: Untrusted Foundry
Trojan: Logical
Complete Analysis
Cannot detect side channel based Trojans
1Rathmair et. al., “Hardware Trojan detection by Specifying Malicious Circuit Properties”, InConference on Electronics
Information and Emergency Communication (ICEIEC), 2013, pp. 317-320.
Osman Hasan Formal Verification for HT Detection November 14, 2016 7 / 25
![Page 18: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/18.jpg)
Formal Verification for Hardware Trojan DetectionRathmair et. al. (2013) 1
Used the SMV Model Checker to verify the functional properties
Malicious behavior can be detected if the desired properties fail
The counterexamples can be used to identify the intrusions
Threat Model: Untrusted Foundry
Trojan: Logical
Complete Analysis
Cannot detect side channel based Trojans
1Rathmair et. al., “Hardware Trojan detection by Specifying Malicious Circuit Properties”, InConference on Electronics
Information and Emergency Communication (ICEIEC), 2013, pp. 317-320.
Osman Hasan Formal Verification for HT Detection November 14, 2016 7 / 25
![Page 19: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/19.jpg)
Formal Verification for Hardware Trojan DetectionRathmair et. al. (2013) 1
Used the SMV Model Checker to verify the functional properties
Malicious behavior can be detected if the desired properties fail
The counterexamples can be used to identify the intrusions
Threat Model: Untrusted Foundry
Trojan: Logical
Complete Analysis
Cannot detect side channel based Trojans
1Rathmair et. al., “Hardware Trojan detection by Specifying Malicious Circuit Properties”, InConference on Electronics
Information and Emergency Communication (ICEIEC), 2013, pp. 317-320.
Osman Hasan Formal Verification for HT Detection November 14, 2016 7 / 25
![Page 20: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/20.jpg)
Outline
1 Introduction
2 Proposed Methodology
3 Case Studies
4 Conclusions
Osman Hasan Formal Verification for HT Detection November 14, 2016 8 / 25
![Page 21: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/21.jpg)
Proposed MethodologyTo Cater for Side Channel based Trojans
Osman Hasan Formal Verification for HT Detection November 14, 2016 9 / 25
![Page 22: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/22.jpg)
Proposed MethodologyTo Cater for Side Channel based Trojans
Osman Hasan Formal Verification for HT Detection November 14, 2016 9 / 25
![Page 23: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/23.jpg)
Proposed MethodologyTo Cater for Side Channel based Trojans
Osman Hasan Formal Verification for HT Detection November 14, 2016 9 / 25
![Page 24: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/24.jpg)
Proposed MethodologyTo Cater for Side Channel based Trojans
Osman Hasan Formal Verification for HT Detection November 14, 2016 9 / 25
![Page 25: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/25.jpg)
Proposed MethodologyTo Cater for Side Channel based Trojans
Osman Hasan Formal Verification for HT Detection November 14, 2016 9 / 25
![Page 26: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/26.jpg)
Proposed MethodologyTo Cater for Side Channel based Trojans
Osman Hasan Formal Verification for HT Detection November 14, 2016 9 / 25
![Page 27: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/27.jpg)
Proposed MethodologyTo Cater for Side Channel based Trojans
Osman Hasan Formal Verification for HT Detection November 14, 2016 9 / 25
![Page 28: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/28.jpg)
Proposed MethodologyTo Cater for Side Channel based Trojans
Osman Hasan Formal Verification for HT Detection November 14, 2016 9 / 25
![Page 29: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/29.jpg)
Proposed MethodologyTo Cater for Side Channel based Trojans
Osman Hasan Formal Verification for HT Detection November 14, 2016 9 / 25
![Page 30: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/30.jpg)
Proposed MethodologyGate Level Modeling
Formally model and verify the commonly used gates based on Side Chan-nel parameters
Osman Hasan Formal Verification for HT Detection November 14, 2016 10 / 25
![Page 31: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/31.jpg)
Proposed MethodologyGate Level Modeling
Formally model and verify the commonly used gates based on Side Chan-nel parameters
Osman Hasan Formal Verification for HT Detection November 14, 2016 10 / 25
![Page 32: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/32.jpg)
Proposed MethodologyGate Level Modeling
Formally model and verify the commonly used gates based on Side Chan-nel parameters
Osman Hasan Formal Verification for HT Detection November 14, 2016 10 / 25
![Page 33: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/33.jpg)
Proposed MethodologyGate Level Modeling (Switching Power)
Switching Power
Pswitching = αCtotalVss2f (1)
Where:αi = SwitchingActivityFactorf = OperatingFrequencyVss = OperatingVoltage
Ctotal = Cdiffusion + Cload
Cdiffusion =(OpMOS × fanout ×WRpMOS ×
WminP × CdminP
)+(OnMOS × fanout ×
WRnMOS ×WminN × CdminN
)Cload =
∑pi=1 CgatepMOSi +
∑nj=1 CgatenMOSi
CgatepMOS = fanout ×WRpMOS × CgminP
CgatenMOS = fanout ×WRnMOS × CgminN
OpMOS and OnMOS are the Number
of internal pMOS and nMOS
connected at the output,
respectively
Osman Hasan Formal Verification for HT Detection November 14, 2016 11 / 25
![Page 34: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/34.jpg)
Proposed MethodologyGate Level Modeling (Switching Power)
Switching Power
Pswitching = αCtotalVss2f (1)
Where:αi = SwitchingActivityFactorf = OperatingFrequencyVss = OperatingVoltage
Ctotal = Cdiffusion + Cload
Cdiffusion =(OpMOS × fanout ×WRpMOS ×
WminP × CdminP
)+(OnMOS × fanout ×
WRnMOS ×WminN × CdminN
)Cload =
∑pi=1 CgatepMOSi +
∑nj=1 CgatenMOSi
CgatepMOS = fanout ×WRpMOS × CgminP
CgatenMOS = fanout ×WRnMOS × CgminN
OpMOS and OnMOS are the Number
of internal pMOS and nMOS
connected at the output,
respectivelyOsman Hasan Formal Verification for HT Detection November 14, 2016 11 / 25
![Page 35: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/35.jpg)
Proposed MethodologySwitching Power LTL Properties
Maximum Power
G(powermax >= (gate1.pwr + gate2.pwr +...+ gaten.pwr))
Minimum Power
G(powermin <= (gate1.pwr + gate2.pwr +...+ gaten.pwr))
The maximum and minimum bounds for the power consumption arecomputed by considering the maximum and minimum fanout of thegates allowed by the technology and the worst and best case delays ofthe gates, respectively
Osman Hasan Formal Verification for HT Detection November 14, 2016 12 / 25
![Page 36: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/36.jpg)
Proposed MethodologyGate Level Modeling (Path Delay)
Switching Power
tdelay = ln 2 × τelmore (2)
Where:τelmore =
∑i RisCi
Input Output Elmore Delay00 1 (2 × Rp × Ctotal ) / (Fanout × WRpMOS × WminP )
01 1 (Rn × Ctotal ) / (Fanout × WRnMOS × WminN )
10 1 (Rn × (Ctotal + CstackN)) / (Fanout × WRnMOS × WminN )
11 0 (Rn × Ctotal ) / (Fanout × WRnMOS × WminN )
Osman Hasan Formal Verification for HT Detection November 14, 2016 13 / 25
![Page 37: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/37.jpg)
Proposed MethodologyPath Delay LTL Properties
LTL properties to validate the delays for every path in the circuit have tobe specified
Maximum Delay for path i
G(del.(pathi)max >= ((gate1(i).del + gate2(i).del +...+
gatek(i).del))
Minimum Delay for path i
G(del.(pathi)min <= ((gate1(i).del + gate2(i).del +...+
gatek(i).del))
Osman Hasan Formal Verification for HT Detection November 14, 2016 14 / 25
![Page 38: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/38.jpg)
Proposed MethodologyGate Modeling
NAND GateMODULE nand2i(a, b, Pa 0, Pa 1, Pb 0, Pb 1, fan out,
freq, Cgmin p, Cgmin n, vdd, Wmin, Cdmin p, Cdmin n,
Csmin p, Csmin n, Rn, Rp, Cg1, Cg2, Cg3, Cg4)
DEFINE
out := !(a & b);
pout 0 := Pa 1 * Pb 1;
pout 1 := 1 - (Pa 1 * Pb 1);
alpha := pout 0 * pout 1;
ASSIGN
init(pwr dyn) := 0;
next(pwr dyn) := alpha * cap total * vdd * vdd * freq;
init(delay) := 0;
next(delay) := case
!a & b : case
fan out = 4 : 0.69 * (Rp * cap total / (4 * Wp));
fan out = 3 : 0.69 * (Rp * cap total / (3 * Wp));
fan out = 2 : 0.69 * (Rp * cap total / (2 * Wp));
TRUE : 0.69 * (Rp * cap total / (1 * Wp));
esac;
Osman Hasan Formal Verification for HT Detection November 14, 2016 15 / 25
![Page 39: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/39.jpg)
Proposed MethodologyHardware Intrusions
Intrude the Gate Level Models with Side Channel based Trojans to gener-ate the counterexamples
Power Based Trojans
Path Delay Based Trojans
Benchmark Intrusions are available on https://www.trust-hub.org/
Osman Hasan Formal Verification for HT Detection November 14, 2016 16 / 25
![Page 40: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/40.jpg)
Proposed MethodologyHardware Intrusions
Intrude the Gate Level Models with Side Channel based Trojans to gener-ate the counterexamples
Power Based Trojans Path Delay Based Trojans
Benchmark Intrusions are available on https://www.trust-hub.org/
Osman Hasan Formal Verification for HT Detection November 14, 2016 16 / 25
![Page 41: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/41.jpg)
Proposed MethodologyHardware Intrusions
Intrude the Gate Level Models with Side Channel based Trojans to gener-ate the counterexamples
Power Based Trojans Path Delay Based Trojans
Benchmark Intrusions are available on https://www.trust-hub.org/
Osman Hasan Formal Verification for HT Detection November 14, 2016 16 / 25
![Page 42: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/42.jpg)
Proposed MethodologyHardware Intrusions
The counterexamples can be used to identify the malicious behavior
Power Analysis
Divide the IC into distinct re-gionsVerify of power properties forindividual regionsIsolate the Trojan-free andTrojan-inserted regions
Timing Analysis
Verify the delay property foreach pathIdentify the Intruded path onproperty failure
Osman Hasan Formal Verification for HT Detection November 14, 2016 17 / 25
![Page 43: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/43.jpg)
Proposed MethodologyHardware Intrusions
The counterexamples can be used to identify the malicious behavior
Power Analysis
Divide the IC into distinct re-gions
Verify of power properties forindividual regionsIsolate the Trojan-free andTrojan-inserted regions
Timing Analysis
Verify the delay property foreach pathIdentify the Intruded path onproperty failure
Osman Hasan Formal Verification for HT Detection November 14, 2016 17 / 25
![Page 44: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/44.jpg)
Proposed MethodologyHardware Intrusions
The counterexamples can be used to identify the malicious behavior
Power Analysis
Divide the IC into distinct re-gionsVerify of power properties forindividual regions
Isolate the Trojan-free andTrojan-inserted regions
Timing Analysis
Verify the delay property foreach pathIdentify the Intruded path onproperty failure
Osman Hasan Formal Verification for HT Detection November 14, 2016 17 / 25
![Page 45: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/45.jpg)
Proposed MethodologyHardware Intrusions
The counterexamples can be used to identify the malicious behavior
Power Analysis
Divide the IC into distinct re-gionsVerify of power properties forindividual regionsIsolate the Trojan-free andTrojan-inserted regions
Timing Analysis
Verify the delay property foreach pathIdentify the Intruded path onproperty failure
Osman Hasan Formal Verification for HT Detection November 14, 2016 17 / 25
![Page 46: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/46.jpg)
Proposed MethodologyHardware Intrusions
The counterexamples can be used to identify the malicious behavior
Power Analysis
Divide the IC into distinct re-gionsVerify of power properties forindividual regionsIsolate the Trojan-free andTrojan-inserted regions
Timing Analysis
Verify the delay property foreach path
Identify the Intruded path onproperty failure
Osman Hasan Formal Verification for HT Detection November 14, 2016 17 / 25
![Page 47: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/47.jpg)
Proposed MethodologyHardware Intrusions
The counterexamples can be used to identify the malicious behavior
Power Analysis
Divide the IC into distinct re-gionsVerify of power properties forindividual regionsIsolate the Trojan-free andTrojan-inserted regions
Timing Analysis
Verify the delay property foreach path
Identify the Intruded path onproperty failure
Osman Hasan Formal Verification for HT Detection November 14, 2016 17 / 25
![Page 48: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/48.jpg)
Proposed MethodologyHardware Intrusions
The counterexamples can be used to identify the malicious behavior
Power Analysis
Divide the IC into distinct re-gionsVerify of power properties forindividual regionsIsolate the Trojan-free andTrojan-inserted regions
Timing Analysis
Verify the delay property foreach pathIdentify the Intruded path onproperty failure
Osman Hasan Formal Verification for HT Detection November 14, 2016 17 / 25
![Page 49: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/49.jpg)
Proposed MethodologyHardware Intrusions
The counterexamples can be used to identify the malicious behavior
Power Analysis
Divide the IC into distinct re-gionsVerify of power properties forindividual regionsIsolate the Trojan-free andTrojan-inserted regions
Timing Analysis
Verify the delay property foreach pathIdentify the Intruded path onproperty failure
Osman Hasan Formal Verification for HT Detection November 14, 2016 17 / 25
![Page 50: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/50.jpg)
Proposed MethodologyHardware Intrusions
The counterexamples can be used to identify the malicious behavior
Power Analysis
Divide the IC into distinct re-gionsVerify of power properties forindividual regionsIsolate the Trojan-free andTrojan-inserted regions
Timing Analysis
Verify the delay property foreach pathIdentify the Intruded path onproperty failure
Osman Hasan Formal Verification for HT Detection November 14, 2016 17 / 25
![Page 51: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/51.jpg)
Outline
1 Introduction
2 Proposed Methodology
3 Case Studies
4 Conclusions
Osman Hasan Formal Verification for HT Detection November 14, 2016 18 / 25
![Page 52: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/52.jpg)
Case Studies
ISCAS-85 C17
(6 Basic Gates)
Full Adder
(16 Basic Gates)
Ripple Carry Adder
(64 Basic Gates)
Osman Hasan Formal Verification for HT Detection November 14, 2016 19 / 25
![Page 53: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/53.jpg)
Case StudiesIntrusions for ISCAS-85 C17
ISCAS-85 C17 Intrusion I
Total Number of basic Gates = 7
Number of Malicious Gates = 1
Effect: Power Consumption
Type: Side Channel Based Trojan
ISCAS-85 C17 Intrusion II
Total Number of basic Gates = 12
Number of Malicious Gates = 6
Effect: Functionality, Delay and Power
Type: Logical/Side Channel Based Trojan
Osman Hasan Formal Verification for HT Detection November 14, 2016 20 / 25
![Page 54: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/54.jpg)
Case StudiesIntrusions for ISCAS-85 C17
ISCAS-85 C17 Intrusion I
Total Number of basic Gates = 7
Number of Malicious Gates = 1
Effect: Power Consumption
Type: Side Channel Based Trojan
ISCAS-85 C17 Intrusion II
Total Number of basic Gates = 12
Number of Malicious Gates = 6
Effect: Functionality, Delay and Power
Type: Logical/Side Channel Based Trojan
Osman Hasan Formal Verification for HT Detection November 14, 2016 20 / 25
![Page 55: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/55.jpg)
Case StudiesISCAS-85 C17 2
The proposed approach was able to detect the exact Trojan
2Wei et. al.“Malicious Circuitry Detection using Thermal Conditioning”, IEEE Transactions on Information Forensics and
Security 6(3), 2011, pp. 11361145
Osman Hasan Formal Verification for HT Detection November 14, 2016 21 / 25
![Page 56: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/56.jpg)
Case StudiesISCAS-85 C17 2
The proposed approach was able to detect the exact Trojan
2Wei et. al.“Malicious Circuitry Detection using Thermal Conditioning”, IEEE Transactions on Information Forensics and
Security 6(3), 2011, pp. 11361145
Osman Hasan Formal Verification for HT Detection November 14, 2016 21 / 25
![Page 57: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/57.jpg)
Case StudiesISCAS-85 C17 2
The proposed approach was able to detect the exact Trojan
2Wei et. al.“Malicious Circuitry Detection using Thermal Conditioning”, IEEE Transactions on Information Forensics and
Security 6(3), 2011, pp. 11361145
Osman Hasan Formal Verification for HT Detection November 14, 2016 21 / 25
![Page 58: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/58.jpg)
Case StudiesISCAS-85 C17 2
The proposed approach was able to detect the exact Trojan
2Wei et. al.“Malicious Circuitry Detection using Thermal Conditioning”, IEEE Transactions on Information Forensics and
Security 6(3), 2011, pp. 11361145
Osman Hasan Formal Verification for HT Detection November 14, 2016 21 / 25
![Page 59: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/59.jpg)
Case StudiesISCAS-85 C17 2
The proposed approach was able to detect the exact Trojan
2Wei et. al.“Malicious Circuitry Detection using Thermal Conditioning”, IEEE Transactions on Information Forensics and
Security 6(3), 2011, pp. 11361145
Osman Hasan Formal Verification for HT Detection November 14, 2016 21 / 25
![Page 60: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/60.jpg)
Case StudiesResults
Machine: Core i7 processor, 2.67GHz, with 6 GB memory
0
20
40
60
80
100
120
140
(C 17) 6 (Full Adder) 16 (RCA)64
Me
mo
ry (
MB
)
Number of Gates
Memory (MB) Un-Intruded
Power Delay
0
500
1000
1500
2000
2500
3000
3500
4000
(C 17) 6 (Full Adder) 16 (RCA)64
Tim
e (
s)
Number of Gates
Time (s) Un-intruded
Power Delay
0
10
20
30
40
50
60
70
80
90
(C 17 -I )7 (C 17 -II )12 (Full Adder) 21 (RCA) 68
Me
mo
ry (
MB
)
Number of Gates
Memory (MB) Intruded
Power Delay
0
200
400
600
800
1000
1200
1400
(C 17 -I )7 (C 17 -II )12 (Full Adder) 21 (RCA) 68
Tim
e (
s)
Number of Gates
Time (s) Intruded
Power Delay
Osman Hasan Formal Verification for HT Detection November 14, 2016 22 / 25
![Page 61: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/61.jpg)
Outline
1 Introduction
2 Proposed Methodology
3 Case Studies
4 Conclusions
Osman Hasan Formal Verification for HT Detection November 14, 2016 23 / 25
![Page 62: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/62.jpg)
Conclusions
A formal verification based methodology to detect Hardware Trojansbased on side channel information (dynamic power and path delay)
ExhaustivenessnuXmv model checker
Rational numbersSMT Solvers
Ongoing and Future Work
Incorporating the leakage power parameter to enhance the precision andscope of Hardware Trojan detectionIntegrating the effects of process variationAutomating netlist translationExperimenting with larger case studies
Osman Hasan Formal Verification for HT Detection November 14, 2016 24 / 25
![Page 63: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/63.jpg)
Conclusions
A formal verification based methodology to detect Hardware Trojansbased on side channel information (dynamic power and path delay)
ExhaustivenessnuXmv model checker
Rational numbersSMT Solvers
Ongoing and Future Work
Incorporating the leakage power parameter to enhance the precision andscope of Hardware Trojan detection
Integrating the effects of process variationAutomating netlist translationExperimenting with larger case studies
Osman Hasan Formal Verification for HT Detection November 14, 2016 24 / 25
![Page 64: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/64.jpg)
Conclusions
A formal verification based methodology to detect Hardware Trojansbased on side channel information (dynamic power and path delay)
ExhaustivenessnuXmv model checker
Rational numbersSMT Solvers
Ongoing and Future Work
Incorporating the leakage power parameter to enhance the precision andscope of Hardware Trojan detectionIntegrating the effects of process variation
Automating netlist translationExperimenting with larger case studies
Osman Hasan Formal Verification for HT Detection November 14, 2016 24 / 25
![Page 65: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/65.jpg)
Conclusions
A formal verification based methodology to detect Hardware Trojansbased on side channel information (dynamic power and path delay)
ExhaustivenessnuXmv model checker
Rational numbersSMT Solvers
Ongoing and Future Work
Incorporating the leakage power parameter to enhance the precision andscope of Hardware Trojan detectionIntegrating the effects of process variationAutomating netlist translation
Experimenting with larger case studies
Osman Hasan Formal Verification for HT Detection November 14, 2016 24 / 25
![Page 66: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/66.jpg)
Conclusions
A formal verification based methodology to detect Hardware Trojansbased on side channel information (dynamic power and path delay)
ExhaustivenessnuXmv model checker
Rational numbersSMT Solvers
Ongoing and Future Work
Incorporating the leakage power parameter to enhance the precision andscope of Hardware Trojan detectionIntegrating the effects of process variationAutomating netlist translationExperimenting with larger case studies
Osman Hasan Formal Verification for HT Detection November 14, 2016 24 / 25
![Page 67: Formal Verification of Gate-Level Multiple Side Channel](https://reader033.vdocuments.mx/reader033/viewer/2022060603/62969eae90f7502b5a7a6563/html5/thumbnails/67.jpg)
Thanks!
More information: save.nust.seecs.edu.pk
Osman Hasan Formal Verification for HT Detection November 14, 2016 25 / 25