一种基于静态分析的多视图硬件木马检测方法

doi:10.3969/j.issn.1671-1122.2023.10.007

摘要/Abstract

摘要：

随着集成电路产业的全球化，大部分设计、制造和测试过程已经转移到了世界各地不受信任的第三方实体，这样可能存在攻击者在硬件设计中插入有恶意行为电路的风险，即硬件木马。在早期发现硬件木马至关重要，若在设计后期或制造后再想移除它将开销很大。文章提出一种基于静态分析的多视图硬件木马检测方法，首先通过分析Verilog代码得出变量数据依赖图和变量控制依赖图，从多个视角深度挖掘硬件设计的语义信息；然后通过多视图表示目标硬件设计不同视角下的行为表示向量；最后利用多视图融合方法进行协同融合，将得出的表示向量送入分类器中，从而检测Verilog代码是否被插入了硬件木马。实验结果表明，文章所提的检测方法在不依赖设计规范和不局限于模式库的情况下，实现了对硬件木马精确且全面的检测以及对Verilog代码的全自动分析。

关键词: 硬件木马检测, 多视图融合, 图表示学习, 静态分析

Abstract:

With the globalization of the integrated circuit industry, a significant portion of the design, manufacturing, and testing processes has been shifted to untrusted third-party entities around the world. This has led to the potential risk of malicious circuit insertion in hardware designs by attackers, known as hardware trojans. Early detection of hardware trojans is crucial because removing them after the design or manufacturing stages can be extremely costly. Therefore, this paper presented a static analysis-based multi-view hardware trojan detection method. By analyzing Verilog code, variable data dependency graphs and variable control dependency graphs were generated to extract semantic information from multiple perspectives in hardware design. Then, this method employed multi-view representation learning to derive behavioral representation vectors for the target hardware design from different viewpoints. Finally, a multi-view fusion approach was applied to collaboratively integrate the obtained representation vectors and feed them into a classifier to detect the presence of hardware trojans in Verilog code. Experimental validation demonstrated that the presented detection method achieves accurate and comprehensive hardware trojan detection without relying on design specifications and without being limited to pattern libraries, enabling fully automated analysis of Verilog code.

Key words: hardware trojan detection, multi-view fusion, graph representation learning, static analysis

中图分类号:

TP309

陈星任, 熊焰, 黄文超, 付贵禄. 一种基于静态分析的多视图硬件木马检测方法[J]. 信息网络安全, 2023, 23(10): 48-57.

CHEN Xingren, XIONG Yan, HUANG Wenchao, FU Guilu. A Multi-View Hardware Trojan Detection Method Based on Static Analysis[J]. Netinfo Security, 2023, 23(10): 48-57.

图/表 8

图1

图2

表1

表2

图3

表3

表4

表5

参考文献 28

[1]	HU Wei, HONG C C, ANIRBAN S, et al. An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2021, 40(6): 1010-1038. doi: 10.1109/TCAD.2020.3047976 URL
[2]	TAMZIDUL H, JONATHAN C, PRABUDDHA C, et al. Hardware IP Trust Validation:Learn (the Untrustworthy), and Verify[C]// IEEE. IEEE International Test Conference. New York: IEEE, 2018: 1-10.
[3]	LU Sian. Research on Test Architectures of Reusable IP Core and SoC (System on a Chip)[D]. Zhejiang: Zhejiang University, 2003.
	陆思安. 可复用 IP 核以及系统芯片 SoC 的测试结构研究[D]. 浙江大学, 2003.
[4]	SONIA A, KASEM K, MAGDY A B. A Survey on Hardware Security: Current Trends and Challenges[J]. IEEE Access, 2023, 11: 77543-77565. doi: 10.1109/ACCESS.2023.3288696 URL
[5]	JOHANN K, KAVUN E B, FRANCESCO R, et al. Towards Secure Composition of Integrated Circuits and Electronic Systems: On the Role of EDA[C]// EDAA. 2020 Design, Automation & Test in Europe Conference & Exhibition. New York: IEEE, 2020: 508-513.
[6]	XUE Mingfu, GU Chongyan, LIU Weiqiang, et al. Ten Years of Hardware Trojans: A Survey from the Attacker’s Perspective[J]. IET Computers & Digital Techniques, 2020, 14(6): 231-246. doi: 10.1049/cdt2.v14.6 URL
[7]	SKOROBOGATOV S, WOODS C. Breakthrough Silicon Scanning Discovers Backdoor in Military Chip[C]// IACR. Cryptographic Hardware and Embedded Systems(CHES 2012)-14th International Workshop. Berlin:Springer, 2012: 23-40.
[8]	NICOLE F, ISMAIL S, CETIN K K, et al. Hiding Hardware Trojan Communication Channels in Partially Specified SoC Bus Functionality[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2017, 36(9): 1435-1444. doi: 10.1109/TCAD.2016.2638439 URL
[9]	HUANG Zhao, WANG Quan, YANG Pengfei. Hardware Trojan: Research Progress and New Trends on Key Problems[J]. Chinese Journal of Computers, 2019, 42(5): 993-1017.
	黄钊, 王泉, 杨鹏飞. 硬件木马:关键问题研究进展及新动向[J]. 计算机学报, 2019, 42(5): 993-1017.
[10]	CHAKRABORTY R S, WOLFF F, PAUL S, et al. MERO: A Statistical Approach for Hardware Trojan Detection[C]// IACR. Cryptographic Hardware and Embedded Systems (CHES 2009). Berlin:Springer, 2009: 396-410.
[11]	SAHA S, CHAKRABORTY R S, NUTHAKKI S S, et al. Improved Test Pattern Generation for Hardware Trojan Detection Using Genetic Algorithm and Boolean Satisfiability[C]// IACR. Cryptographic Hardware and Embedded Systems (CHES 2015)-17th International Workshop. Berlin:Springer, 2015: 577-596.
[12]	LYU Y, MISHRA P. Automated Trigger Activation by Repeated Maximal Clique Sampling[C]// IEEE. 25th Asia and South Pacific Design Automation Conference. New York: IEEE, 2020: 482-487.
[13]	SUBRAMANYAN P, ARORA D. Formal Verification of Taint-Propagation Security Properties in a Commercial SoC Design[C]// IEEE. Design Automation & Test in Europe Conference & Exhibition (DATE 2014). New York: IEEE, 2014: 1-2.
[14]	RAJENDRAN J, VEDULA V, KARRI R. Detecting Malicious Modifications of Data in Third-Party Intellectual Property Cores[C]// ACM. Proceedings of the 52nd Annual Design Automation Conference. New York: ACM, 2015: 1-112.
[15]	RAJENDRAN J, DHANDAYUTHAPANY A M, VEDULA V, et al. Formal Security Verification of Third Party Intellectual Property Cores for Information Leakage[C]// IEEE. 29th International Conference on VLSI Design and 15th International Conference on Embedded Systems. New York: IEEE, 2016: 547-522.
[16]	GUO Xiaolong, DUTTA R G, MISHRA P, et al. Scalable SoC Trust Verification Using Integrated Theorem Proving and Model Checking[C]// IEEE. 2016 IEEE International Symposium on Hardware Oriented Security and Trust. New York: IEEE, 2016: 124-129.
[17]	NAHIYAN A, SADI M, VITTAl R, et al. Hardware Trojan Detection Through Information Flow Security Verification[C]// IEEE. IEEE International Test Conference (ITC 2017). New York: IEEE, 2017: 1-10.
[18]	NAHIYAN A, XIAO Kan, YANG Kun, et al. AVFSM: A Framework for Identifying and Mitigating Vulnerabilities in FSMs[C]// DAC EC. Proceedings of the 53rd Annual Design Automation Conference. New York: ACM, 2016: 1-89.
[19]	WAKSMAN A, SUOZZO M, SETHUMADHAVAN S. FANCI: Identification of Stealthy Malicious Logic Using Boolean Functional Analysis[C]// ACM. 2013 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2013: 697-708.
[20]	ZHANG Jie, YUAN Feng, WEI Lingxiao, et al. VeriTrust: Verification for Hardware Trust[C]// ACM. The 50th Annual Design Automation Conference 2013. New York: ACM, 2013: 1-61.
[21]	ZHANG Jie, YUANFeng, XUQiang. Detrust: Defeating Hardware Trust Verifi- Cation with Stealthy Implicitly-Triggered Hardware Trojans[C]// ACM. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2014: 153-166.
[22]	PICCOLBONI L, MENON A, PRAVADELLI G. Efficient Control-Flow Subgraph Matching for Detecting Hardware Trojans in RTL Models[J]. ACM Transactions on Embedded Computing Systems, 2017, 16 (5S): 1-19.
[23]	DEMROZI F, ZUCCHELLI R, PRAVADELLI G. Exploiting Sub-graph Isomorphism and Probabilistic Neural Networks for the Detection of Hardware Trojans at RTL[C]// IEEE. 2017 IEEE International High Level Design Validation and Test Workshop. New York: IEEE, 2017: 67-73.
[24]	HAN Tao, WANGYuze, LIUPeng. Hardware Trojans Detection at Register Transfer Level Based on Machine Learning[C]// IEEE. IEEE International Symposium on Circuits and Systems (ISCAS 2019). New York: IEEE, 2019: 1-5.
[25]	HASEGAWA K, YANAGISAWA M, TOGAWA N. Hardware Trojans Classification for Gate-Level Netlists Using Multi-Layer Neural Networks[C]// IEEE. 23rd IEEE International Symposium on on-Line Testing and Robust System Design. New York: IEEE, 2017: 227-232.
[26]	FARHATH Z, ROBERT K. Detecting RTL Trojans Using Artificial Immune Systems and High Level Behavior Classification[C]// AHSC. Asian Hardware Oriented Security and Trust Symposium (AsianHOST 2018). New York: ACM, 2018: 68-73.
[27]	YASAEI R, YU S Y, FARUQUE M A A. GNN4TJ: Graph Neural Networks for Hardware Trojan Detection at Register Transfer Level[C]// ECSI. Design Automation & Test in Europe Conference & Exhibition (DATE 2021). New York: IEEE, 2021: 1504-1509.
[28]	SHAKYA B, HE T, SALMANI H, et al. Benchmarking of Hardware Trojans and Maliciously Affected Circuits[J]. Journal of Hardware and Systems Security, 2017, 1(1): 85-102. doi: 10.1007/s41635-017-0001-6

特征名称	提取方法
Add	统计变量相关的加法的次数
Minus	统计变量相关的减法的次数
Multip	统计变量相关的乘法的次数
Divide	统计变量相关的除法的次数
Mod	统计变量相关的取模的次数
Not	统计变量相关的取反的次数
Or	统计变量相关的或运算的次数
And	统计变量相关的与运算的次数
Xor	统计变量相关的异或运算的次数
Shift	统计变量相关的移位操作的次数
Cat	统计变量相关的拼接操作的次数
Ifn	统计变量所属if 分支的次数
Can	统计变量所属case分支的次数
Loopn	统计变量所属循环结构的次数
Sensitivity	变量敏感性

方法	Precision	F1值	ACC
本文方法	88.7%	93.9%	88.7%
文献[26]方法	79.4%	83.8%	82.9%
文献[27]方法	88.1%	92.1%	—

基准	触发方式	有效载荷	本文方法	文献[22]方法	文献[17]方法
AES-T1900	定时炸弹	性能下降	√	√	?
RS232-T700	作弊码	信息泄露	√	?	√
AES-T1800	作弊码	性能下降	√	?	?

视图	ACC	Precision	F1值
DDG	84.4%	89.7%	91.2%
CDG	68.8%	87.5%	80.8%
融合视图	90.6%	90.3%	94.9%

DDG权重	CDG权重	ACC	Precision	F1值
1	1	87.5%	87.5%	93.3%
3	1	90.6%	90.3%	94.9%
1	3	84.4%	87.1%	91.5%
2	3	71.9%	85.2%	83.6%
3	2	75.0%	85.7%	85.7%
4	1	81.2%	86.7%	89.7%
1	4	78.1%	86.2%	87.7%