The First Thorough Side-Channel Hardware Trojan

  • Maik Ender
  • Samaneh Ghandali
  • Amir MoradiEmail author
  • Christof Paar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10624)


Hardware Trojans have gained high attention in academia, industry and by government agencies. The effective detection mechanisms and countermeasures against such malicious designs are only possible when there is a deep understanding of how hardware Trojans can be built in practice. In this work, we present a mechanism which shows how easily a stealthy hardware Trojan can be inserted in a provably-secure side-channel analysis protected implementation. Once the Trojan is triggered, the malicious design exhibits exploitable side-channel leakage leading to successful key recovery attacks. Such a Trojan does not add or remove any logic (even a single gate) to the design which makes it very hard to detect. In ASIC platforms, it is indeed inserted by subtle manipulations at the sub-transistor level to modify the parameters of a few transistors. The same is applicable on FPGA applications by changing the routing of particular signals, leading to null resource utilization overhead. The underlying concept is based on a secure masked hardware implementation which does not exhibit any detectable leakage. However, by running the device at a particular clock frequency one of the requirements of the underlying masking scheme is not fulfilled anymore, i.e., the Trojan is triggered, and the device’s side-channel leakage can be exploited.

Although as a case study we show an application of our designed Trojan on an FPGA-based threshold implementation of the PRESENT cipher, our methodology is a general approach and can be applied on any similar circuit.



The work was partially funded through grants ERC Advanced 695022 and NSF CNS-1421352.

Supplementary material


  1. 1.
    Side-channel AttacK User Reference Architecture.
  2. 2.
    Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware trojans. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 197–214. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  3. 3.
    Beyne, T., Bilgin, B.: Uniform first-order threshold implementations. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 79–98. Springer, Cham (2017). Google Scholar
  4. 4.
    Biham, E., Carmeli, Y., Shamir, A.: Bug attacks. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 221–240. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  5. 5.
    Biham, E., Carmeli, Y., Shamir, A.: Bug attacks. J. Cryptol. 29(4), 775–805 (2016)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Bilgin, B., Bogdanov, A., Knežević, M., Mendel, F., Wang, Q.: Fides: lightweight authenticated cipher with side-channel resistance for constrained hardware. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 142–158. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  7. 7.
    Bilgin, B., Daemen, J., Nikov, V., Nikova, S., Rijmen, V., Van Assche, G.: Efficient and first-order DPA resistant implementations of Keccak. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 187–199. Springer, Cham (2014). Google Scholar
  8. 8.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 267–284. Springer, Cham (2014). CrossRefGoogle Scholar
  9. 9.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 326–343. Springer, Heidelberg (2014). Google Scholar
  10. 10.
    Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Trade-offs for threshold implementations illustrated on AES. IEEE Trans. CAD Integr. Circuits Syst. 34(7), 1188–1200 (2015)CrossRefzbMATHGoogle Scholar
  11. 11.
    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Stütz, G.: Threshold implementations of all \(3 \times 3\) and \(4 \times 4\) S-boxes. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 76–91. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  12. 12.
    Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Tokareva, N., Vitkup, V.: Threshold implementations of small S-boxes. Cryptogr. Commun. 7(1), 3–33 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Biryukov, A., De Cannière, C., Braeken, A., Preneel, B.: A toolbox for cryptanalysis: linear and affine equivalence algorithms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 33–50. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  14. 14.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  15. 15.
    Bozilov, D., Bilgin, B., Sahin, H.A.: A note on 5-bit quadratic permutations’ classification. IACR Trans. Symmetric Cryptol. 2017(1), 398–404 (2017)Google Scholar
  16. 16.
    Canright, D., Batina, L.: A very compact “perfectly masked” S-box for AES. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 446–459. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  17. 17.
    Carlet, C., Danger, J.-L., Guilley, S., Maghrebi, H.: Leakage squeezing of order two. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 120–139. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  18. 18.
    Chakraborty, R.S., Narasimhan, S., Bhunia, S.: Hardware Trojan: threats and emerging solutions. In: HLDVT 2009, pp. 166–171. IEEE Computer Society (2009)Google Scholar
  19. 19.
    Chakraborty, R.S., Wolff, F., Paul, S., Papachristou, C., Bhunia, S.: MERO: a statistical approach for hardware Trojan detection. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 396–410. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  20. 20.
    Endo, S., Li, Y., Homma, N., Sakiyama, K., Ohta, K., Fujimoto, D., Nagata, M., Katashita, T., Danger, J., Aoki, T.: A silicon-level countermeasure against fault sensitivity analysis and its evaluation. IEEE Trans. VLSI Syst. 23(8), 1429–1438 (2015)CrossRefGoogle Scholar
  21. 21.
    Ghandali, S., Becker, G.T., Holcomb, D., Paar, C.: A Design methodology for stealthy parametric Trojans and its application to bug attacks. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 625–647. Springer, Heidelberg (2016). Google Scholar
  22. 22.
    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side channel resistance validation. In: NIST Non-invasive Attack Testing Workshop (2011).
  23. 23.
    Gross, H., Mangard, S., Korak, T.: An efficient side-channel protected AES implementation with arbitrary protection order. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 95–112. Springer, Cham (2017). CrossRefGoogle Scholar
  24. 24.
    Groß, H., Wenger, E., Dobraunig, C., Ehrenhöfer, C.: Suit up! - made-to-measure hardware implementations of ASCON. In: DSD 2015, pp. 645–652. IEEE Computer Society (2015)Google Scholar
  25. 25.
    Güneysu, T., Moradi, A.: Generic side-channel countermeasures for reconfigurable devices. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 33–48. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  26. 26.
    Gupta, P., Kahng, A.B., Sharma, P., Sylvester, D.: Gate-length biasing for runtime-leakage control. IEEE Trans. CAD Integr. Circuits Syst. 25(8), 1475–1485 (2006)CrossRefGoogle Scholar
  27. 27.
    Jin, Y., Makris, Y.: Hardware Trojan detection using path delay fingerprint. In: HOST 2008, pp. 51–57. IEEE Computer Society (2008)Google Scholar
  28. 28.
    Jin, Y., Makris, Y.: Hardware Trojans in wireless cryptographic ICs. IEEE Des. Test Comput. 27(1), 26–35 (2010)CrossRefGoogle Scholar
  29. 29.
    Karri, R., Rajendran, J., Rosenfeld, K., Tehranipoor, M.: Trustworthy hardware: identifying and classifying hardware trojans. IEEE Comput. 43(10), 39–46 (2010)CrossRefGoogle Scholar
  30. 30.
    Kasper, M., Moradi, A., Becker, G.T., Mischke, O., Güneysu, T., Paar, C., Burleson, W.: Side channels as building blocks. J. Cryptogr. Eng. 2(3), 143–159 (2012)CrossRefGoogle Scholar
  31. 31.
    King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and implementing malicious hardware. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET 2008. USENIX Association (2008)Google Scholar
  32. 32.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Google Scholar
  33. 33.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). Google Scholar
  34. 34.
    Kumar, R., Jovanovic, P., Burleson, W.P., Polian, I.: Parametric Trojans for fault-injection attacks on cryptographic hardware. In: FDTC 2014, pp. 18–28. IEEE Computer Society (2014)Google Scholar
  35. 35.
    Lin, L., Burleson, W., Paar, C.: MOLES: malicious off-chip leakage enabled by side-channels. In: ICCAD 2009, pp. 117–122. ACM (2009)Google Scholar
  36. 36.
    Lin, L., Kasper, M., Güneysu, T., Paar, C., Burleson, W.: Trojan side-channels: lightweight hardware Trojans through side-channel engineering. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 382–395. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  37. 37.
    Maghrebi, H., Guilley, S., Danger, J.-L.: Leakage Squeezing countermeasure against high-order attacks. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 208–223. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  38. 38.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007). zbMATHGoogle Scholar
  39. 39.
    Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005). CrossRefGoogle Scholar
  40. 40.
    Moradi, A., Kirschbaum, M., Eisenbarth, T., Paar, C.: Masked dual-rail precharge logic encounters state-of-the-art power analysis methods. IEEE Trans. VLSI Syst. 20(9), 1578–1589 (2012). CrossRefGoogle Scholar
  41. 41.
    Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 125–139. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  42. 42.
    Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  43. 43.
    Moradi, A., Schneider, T.: Side-channel analysis protection and low-latency in action – case study of PRINCE and Midori. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 517–547. Springer, Heidelberg (2016). CrossRefGoogle Scholar
  44. 44.
    Moradi, A., Wild, A.: Assessment of hiding the higher-order leakages in hardware – what are the achievements versus overheads? In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 453–474. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  45. 45.
    Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  46. 46.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A side-channel analysis resistant description of the AES S-box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005). CrossRefGoogle Scholar
  47. 47.
    Popp, T., Kirschbaum, M., Zefferer, T., Mangard, S.: Evaluation of the masked logic style MDPL on a prototype chip. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 81–94. Springer, Heidelberg (2007). CrossRefGoogle Scholar
  48. 48.
    Poschmann, A., Moradi, A., Khoo, K., Lim, C., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2, 300 GE. J. Cryptol. 24(2), 322–345 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  49. 49.
    Merino del Pozo, S., Standaert, F.-X.: Getting the most out of leakage detection. In: Guilley, S. (ed.) COSADE 2017. LNCS, vol. 10348, pp. 264–281. Springer, Cham (2017). CrossRefGoogle Scholar
  50. 50.
    Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  51. 51.
    Rajendran, J., Jyothi, V., Karri, R.: Blue team red team approach to hardware trust assessment. In: ICCD 2011, pp. 285–288. IEEE Computer Society (2011)Google Scholar
  52. 52.
    Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764–783. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  53. 53.
    Saha, S., Chakraborty, R.S., Nuthakki, S.S., Anshul, Mukhopadhyay, D.: Improved test pattern generation for hardware Trojan detection using genetic algorithm and boolean satisfiability. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 577–596. Springer, Heidelberg (2015). Google Scholar
  54. 54.
    Sasdrich, P., Moradi, A., Güneysu, T.: Affine equivalence and its application to tightening threshold implementations. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 263–276. Springer, Cham (2016). CrossRefGoogle Scholar
  55. 55.
    Sasdrich, P., Moradi, A., Güneysu, T.: Hiding higher-order side-channel leakage – randomizing cryptographic implementations in reconfigurable hardware. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 131–146. Springer, Cham (2017). CrossRefGoogle Scholar
  56. 56.
    Schneider, T., Moradi, A.: Leakage assessment methodology – a clear roadmap for side-channel evaluations. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015). CrossRefGoogle Scholar
  57. 57.
    Shiyanovskii, Y., Wolff, F.G., Rajendran, A., Papachristou, C.A., Weyer, D.J., Clay, W.: Process reliability based Trojans through NBTI and HCI effects. In: Adaptive Hardware and Systems AHS 2010, pp. 215–222. IEEE (2010)Google Scholar
  58. 58.
    Smith, G.L.: Model for delay faults based upon paths. In: International Test Conference 1985, pp. 342–351. IEEE Computer Society (1985)Google Scholar
  59. 59.
    Wang, X., Salmani, H., Tehranipoor, M., Plusquellic, J.F.: Hardware Trojan detection and isolation using current integration and localized current analysis. In: DFT 2008, pp. 87–95. IEEE Computer Society (2008)Google Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Maik Ender
    • 1
  • Samaneh Ghandali
    • 2
  • Amir Moradi
    • 1
    Email author
  • Christof Paar
    • 1
    • 2
  1. 1.Horst Görtz Institute for IT SecurityRuhr-Universität BochumBochumGermany
  2. 2.University of Massachusetts AmherstAmherstUSA

Personalised recommendations