Abstract
An SoC should be verified against several vulnerabilities to endure its security and trust. However, the existing verification and validation techniques are not sufficient to identify security issues in SoC due to the lack of security specification, the vast complexity of SoC designs, aggressive time-to-market, globally distributed supply chain of SoCs, design issues, and unsecured computer-aided design (CAD) tools. In this chapter, we review the challenges in SoC security and trust verification and review some existing approaches to evaluate the resiliency of SoCs against various types of attacks. We also discuss the limitation of these approaches.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
SCOAP: Sandia Controllability/Observability Analysis Program [38].
References
A. Adir, E. Almog, L. Fournier, E. Marcus, M. Rimon, M. Vinov, A. Ziv, Genesys-pro: innovations in test program generation for functional processor verification. IEEE Des. Test Comput. 21, 84–93 (2004)
D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan detection using IC finger-printing, in Symposium on Security and Privacy (2007), pp. 296–310
A. Ahmed, P. Mishra, QUEBS: qualifying event based search in concolic testing for validation of RTL models, in IEEE International Conference on Computer Design (ICCD) (2017), pp. 185–192
A. Ahmed, F. Farahmandi, Y. Iskander, P. Mishra, Scalable hardware Trojan activation by interleaving concrete simulation and symbolic execution, in IEEE International Test Conference (ITC) (2018)
A. Ahmed, F. Farahmandi, P. Mishra, Directed test generation using concolic testing of RTL models, in Design Automation and Test in Europe (DATE) (2018), pp. 1538–1543
M. Banga, M. Hsiao, Trusted RTL: Trojan detection methodology in pre-silicon designs, in IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) (2010), pp. 56–59
G. Becker, J. Cooper, E. DeMulder, G. Goodwill, J. Jaffe, G. Kenworthy, T. Kouzminov, A. Leiserson, M. Marson, P. Rohatgi et al., Test vector leakage assessment (TVLA) methodology in practice, in International Cryptographic Module Conference, vol. 1001 (2013), p. 13
P. Behnam, B. Alizadeh, In-circuit mutation-based automatic correction of certain design errors using SAT mechanisms, in 2015 IEEE 24th Asian Test Symposium (ATS) (IEEE, Piscataway, 2015), pp. 199–204
P. Behnam, B. Alizadeh, Z. Navabi, Automatic correction of certain design errors using mutation technique, in 2014 19th IEEE European Test Symposium (ETS) (IEEE, Piscataway, 2014), pp. 1–2
A. Biere, A. Cimatti, E. Clarke, Y. Zhu, Symbolic model checking without BDDs, in International Conference on Tools and Algorithms for the Construction and Analysis of Systems (Springer, Berlin, 1999), pp. 193–207
E. Brier, C. Clavier, F. Olivier, Correlation power analysis with a leakage model, in Cryptographic Hardware and Embedded Systems – CHES, ed. by M. Joye, J.-J. Quisquater (Springer, Berlin, 2004), pp. 16–29
R.E. Bryant, Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. C-35, 677–691 (1986)
R.E. Bryant, Y.-A. Chen, Verification of arithmetic circuits with binary moment diagrams, in Proceedings of the 32nd Annual ACM/IEEE Design Automation Conference (ACM, New York, 1995), pp. 535–541
M. Bushnell, V.D. Agrawal, Essentials of electronic testing for digital, memory, and mixed signal VLSI circuits, vol. 17 (Springer, New York, 2000)
B. Çakir, S. Malik, Hardware Trojan detection for gate-level ICS using signal correlation based clustering, in Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition (EDA Consortium, San Jose, 2015), pp. 471–476
R.S. Chakraborty, F. Wolf, C. Papachristou, S. Bhunia, MERO: a statistical approach for hardware Trojan detection, in International Workshop on Cryptographic Hardware and Embedded Systems (CHES’09) (2009), pp. 369–410
S. Chari, J.R. Rao, P. Rohatgi, Template attacks, in Cryptographic Hardware and Embedded Systems – CHES, ed. by B.S. Kaliski, Ç.K. Koç, C. Paar (Springer, Berlin, 2003), pp. 13–28
M. Chen, P. Mishra, Functional test generation using efficient property clustering and learning techniques. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 29(3), 396–404 (2010)
M. Chen, P. Mishra, Property learning techniques for efficient generation of directed tests. IEEE Trans. Comput. 60(6), 852–864 (2011)
M. Chen, P. Mishra, Decision ordering based property decomposition for functional test generation, in Design Automation and Test in Europe (DATE) (2011), pp. 167–172
M. Chen, X. Qin, P. Mishra, Learning-oriented property decomposition for automated generation of directed tests. J. Electron. Test. 30(3), 287–306 (2014)
M.J. Ciesielski, P. Kalla, Z. Zheng, B. Rouzeyre, Taylor expansion diagrams: a compact, canonical representation with applications to symbolic verification, in Proceedings 2002 Design, Automation and Test in Europe Conference and Exhibition (IEEE, Piscataway, 2002), pp. 285–289
E.M. Clarke, E.A. Emerson, and A.P. Sistla, Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2), 244–263 (1986)
J. Cruz, F. Farahmandi, A. Ahmed, P. Mishra, Hardware Trojan detection using ATPG and model checking, in 2018 31st International Conference on VLSI Design and 2018 17th International Conference on Embedded Systems (VLSID) (IEEE, Piscataway, 2018), pp. 91–96
N. Dang, A. Roychoudhury, T. Mitra, P. Mishra, Generating test programs to cover pipeline interactions, in ACM/IEEE Design Automation Conference (DAC) (2009), pp. 142–147
F. Farahmandi, B. Alizadeh, Groebner basis based formal verification of large arithmetic circuits using Gaussian elimination and cone-based polynomial extraction. Microprocess. Microsyst. 39(2), 83–96 (2015)
F. Farahmandi, P. Mishra, Automated test generation for debugging arithmetic circuits, in 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE) (IEEE, Piscataway, 2016), pp. 1351–1356
F. Farahmandi, P. Mishra, FSM anomaly detection using formal analysis, in IEEE International Conference on Computer Design (ICCD) (2017), pp. 313–320
F. Farahmandi, P. Mishra, Automated debugging of arithmetic circuits using incremental Gröbner basis reduction, in IEEE International Conference on Computer Design (ICCD) (2017), pp. 193–200
F. Farahmandi, P. Mishra, Automated test generation for debugging multiple bugs in arithmetic circuits. IEEE Trans. Comput. 68(2), 182–197 (2019)
F. Farahmandi, B. Alizadeh, Z. Navabi, Effective combination of algebraic techniques and decision diagrams to formally verify large arithmetic circuits, in 2014 IEEE Computer Society Annual Symposium on VLSI (IEEE, Piscataway, 2014), pp. 338–343
F. Farahmandi, P. Mishra, S. Ray, Exploiting transaction level models for observability-aware post-silicon test generation, in Design Automation and Test in Europe (DATE) (2016), pp. 1477–1480
F. Farahmandi, Y. Huang, P. Mishra, Trojan localization using symbolic algebra, in Asia and South Pacific Design Automation Conference (ASPDAC) (2017), pp. 591–597
N. Fern, S. Kulkarni, K.-T.T. Cheng, Hardware Trojans hidden in RTL don’t cares – automated insertion and prevention methodologies, in 2015 IEEE International Test Conference (ITC) (IEEE, Piscataway, 2015), pp. 1–8
N. Fern, I. San, C.K. Koç, K.-T.T. Cheng, Hardware Trojans in incompletely specified on-chip bus systems, in Proceedings of the 2016 Conference on Design, Automation & Test in Europe (EDA Consortium, San Jose, 2016), pp. 527–530
N. Fern, I. San, K.-T.T. Cheng, Detecting hardware Trojans in unspecified functionality through solving satisfiability problems, in 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC) (IEEE, Piscataway, 2017), pp. 598–504
B. Gierlichs, K. Lemke-Rust, C. Paar, Templates vs. stochastic methods, in Cryptographic Hardware and Embedded Systems – CHES 2006, ed. by L. Goubin, M. Matsui (Springer, Berlin, 2006), pp. 15–29
L.H. Goldstein, E.L. Thigpen, SCOAP: Sandia controllability/observability analysis program, in Proceedings of the 17th Design Automation Conference (ACM, New York, 1980), pp. 190–196
X. Guo, R.G. Dutta, Y. Jin, F. Farahmandi, P. Mishra, Pre-silicon security verification and validation: a formal perspective, in ACM/IEEE Design Automation Conference (DAC) (2015), pp. 145:1–145:6
X. Guo, R.G. Dutta, P. Mishra, Y. Jin, Scalable SoC trust verification using integrated theorem proving and model checking, in IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (2016), pp. 124–129
X. Guo, R.G. Dutta, P. Mishra, Y. Jin, Automatic code converter enhanced PCH framework for SoC trust verification. IEEE Trans. Very Large Scale Integr. VLSI Syst. 25(12), 3390–3400 (2017)
K. Hasegawa, M. Yanagisawa, N. Togawa, Hardware Trojans classification for gate-level netlists using multi-layer neural networks, in IEEE 23rd International Symposium on On-Line Testing and Robust System Design (IOLTS) (2017), pp. 227–232
K. Hasegawa, Y. Shi, N. Togawa, Hardware Trojan detection utilizing machine learning approaches, in Proceedings – 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, TrustCom/BigDataSE 2018 (2018), pp. 1891–1896
J. He, Y. Zhao, X. Guo, Y. Jin, Hardware Trojan detection through chip-free electromagnetic side-channel statistical analysis. IEEE Trans. Very Large Scale Integr. VLSI Syst. 25(10), 2939–2948 (2017)
M. He, J. Park, A. Nahiyan, A. Vassilev, Y. Jin, M. Tehranipoor, RTL-PSC: automated power side-channel leakage assessment at register-transfer level, in IEEE VLSI Test Symposium (VTS) (2019)
M. Hicks, M. Finnicum, S.T. King, M.M. Martin, J.M. Smith, Overcoming an untrusted computing base: detecting and removing malicious hardware automatically, in 2010 IEEE Symposium on Security and Privacy (SP) (IEEE, Piscataway, 2010), pp. 159–172
W. Hu, A. Ardeshiricham, M.S. Gobulukoglu, X. Wang, R. Kastner, Property specific information flow analysis for hardware security verification, in 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), San Diego, CA (2018), pp. 1–8
W. Hua, Z. Zhang, G.E. Suh, Reverse engineering convolutional neural networks through side-channel information leaks, in 55th ACM/ESDA/IEEE Design Automation Conference (DAC) (2018), pp. 1–6
Y. Huang, P. Mishra, Trace buffer attack on the AES cipher. J. Hardw. Syst. Secur. 1(1), 68–84 (2017)
Y. Huang, A. Chattopadhyay, P. Mishra, Trace buffer attack: security versus observability study in post-silicon debug, in IEEE International Conference on Very Large Scale Integration (VLSI-SoC) (2015), pp. 355–360
Y. Huang, S. Bhunia, P. Mishra, MERS: statistical test generation for side-channel analysis based Trojan detection, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (ACM, New York, 2016), pp. 130–141
Y. Huang, S. Bhunia, P. Mishra, Scalable test generation for Trojan detection using side channel analysis. IEEE Trans. Inf. Forensics Secur. 13(11), 2746–2760 (2018)
T. Inoue, K. Hasegawa, Y. Kobayashi, M. Yanagisawa, N. Togawa, Designing subspecies of hardware Trojans and their detection using neural network approach, in IEEE 8th International Conference on Consumer Electronics (2018), pp. 1–4
D. Ismari, J. Plusquellic, C. Lamech, S. Bhunia, F. Saqib, On detecting delay anomalies introduced by hardware Trojans, in 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), Austin, TX (2016), pp. 1–7
Y. Jin, Y. Makris, Hardware Trojan detection using path delay fingerprint, in IEEE International Workshop on Hardware-Oriented Security and Trust (2008), pp. 51–57
Y. Jin, Y. Makris, Hardware Trojans in wireless cryptographic ICs. IEEE Des. Test Comput. 27(1), 26–35 (2010)
B. Keng, A. Veneris, Path-directed abstraction and refinement for SAT-based design debugging. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 32(10), 1609–1622 (2013)
P.C. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, Series CRYPTO ’99, London, UK (Springer, London, 1999), pp. 388–397. [Online]. Available: http://dl.acm.org/citation.cfm?id=646764.703989
H.-M. Koo, P. Mishra, Test generation using SAT-based bounded model checking for validation of pipelined processors, in Proceedings of the 16th ACM Great Lakes Symposium on VLSI (ACM, New York, 2006), pp. 362–365
H. Koo, P. Mishra, Functional test generation using property decompositions for validation of pipelined processors, in Design Automation and Test in Europe (DATE) (2006), pp. 1240–1245
A. Kulkarni, Y. Pino, T. Mohsenin, SVM-based real-time hardware Trojan detection for many-core platform, in 17th International Symposium on Quality Electronic Design (ISQED) (2016), pp. 362–367
T.-H. Le, J. Clédière, C. Canovas, B. Robisson, C. Servière, J.-L. Lacoume, A proposition for correlation power analysis enhancement, in Cryptographic Hardware and Embedded Systems – CHES 2006, ed. by L. Goubin, M. Matsui (Springer, Berlin, 2006), pp. 174–186
B. Le, H. Mangassarian, B. Keng, A. Veneris, Non-solution implications using reverse domination in a modern SAT-based debugging environment, in Design Automation and Test in Europe (DATE) (2012), pp. 629–634
J. Lee, M. Tebranipoor, J. Plusquellic, A low-cost solution for protecting IPs against scan-based side-channel attacks, in 24th IEEE VLSI Test Symposium (2006), pp. 1–6
C. Li, J. Gaudiot, Online detection of spectre attacks using microarchitectural traces from performance counters, in 2018 30th International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD), Lyon, France (2018), pp. 25–28
M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, M. Hamburg, Meltdown: reading kernel memory from user space, in 27th Security Symposium (USENIX Security) (2018), pp. 973–990
L. Liu, S. Vasudevan, Efficient validation input generation in RTL by hybridized source code analysis, in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2011 (IEEE, Piscataway, 2011), pp. 1–6
Y. Liu, K. Huang, Y. Makris, Hardware Trojan detection through golden chip-free statistical side-channel fingerprinting, in Proceedings of the 51st Annual Design Automation Conference (DAC ’14) (ACM, New York, 2014), 6 pp. Article 155
Y. Lyu, P. Mishra, A survey of side channel attacks on caches and countermeasures. J. Hardw. Syst. Secur. 2, 33–50 (2018)
Y. Lyu, P. Mishra, Efficient test generation for Trojan detection using side channel analysis, in Design Automation and Test in Europe (DATE) (2019)
Y. Lyu, X. Qin, M. Chen, P. Mishra, Directed test generation for validation of cache coherence protocols. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 38, 163–176 (2018)
S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards. Advances in Information Security (Springer, New York, 2007)
H. Mangassarian, A. Veneris, S. Safarpour, M. Benedetti, D. Smith, A performance-driven QBF-based iterative logic array representation with applications to verification, debug and test, in 2007 IEEE/ACM International Conference on Computer-Aided Design (IEEE, Piscataway, 2007), pp. 240–245
K.L. McMillan, Model Checking (Wiley, New York, 2003)
T.S. Messerges, E.A. Dabbish, R.H. Sloan, Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002). [Online] Available: https://doi.org/10.1109/TC.2002.1004593
P. Mishra, M. Chen, Efficient techniques for directed test generation using incremental satisfiability, in International Conference on VLSI Design (2009), pp. 65–70
P. Mishra, N. Dutt, Graph-based functional test program generation for pipelined processors, in Design Automation and Test in Europe (DATE) (2004), pp. 182–187
P. Mishra, N. Dutt, Functional coverage driven test generation for validation of pipelined processors, in Design Automation and Test in Europe (DATE) (2005), pp. 678–683
P. Mishra, N. Dutt, Specification-driven directed test generation for validation of pipelined processors. ACM Trans. Des. Autom. Electron. Syst. 13(2), 36 pp., article 42 (2008)
P. Mishra, S. Bhunia, M. Tehranipoor (eds.), Hardware IP Security and Trust (Springer, Cham, 2017). ISBN: 978-3-319-49024-3
A. Nahiyan, K. Xiao, K. Yang, Y. Jin, D. Forte, M. Tehranipoor, AVFSM: a framework for identifying and mitigating vulnerabilities in FSMs, in 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC) (IEEE, Piscataway, 2016), pp. 1–6
A. Nahiyan, F. Farahmandi, P. Mishra, D. Forte, M. Tehranipoor, Security-aware FSM design flow for identifying and mitigating vulnerabilities to fault attacks. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 38, 1003–1016 (2018)
S. Narasimhan, D. Du, R.S. Chakraborty, S. Paul, F.G. Wolff, C.A. Papachristou, K. Roy, S. Bhunia, Hardware Trojan detection by multiple-parameter side-channel analysis. IEEE Trans. Comput. 62(11), 2183–2195 (2013)
M. Oya, Y. Shi, M. Yanagisawa, N. Togawa, A score-based classification method for identifying hardware-Trojans at gate-level netlists, in Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition (2015), pp. 465–470
J. Park, A. Nahiyan, A. Vassilev, Y. Jin, M. Tehranipoor, RTL-PSC: automated power side-channel leakage assessment at register-transfer level. arXiv preprint arXiv:1901.05909 (2019)
S. Proch, P. Mishra, Test generation for hybrid systems using clustering and learning techniques, in International Conference on VLSI Design (2016), pp. 589–590
X. Qin, P. Mishra, Directed test generation for validation of multicore architectures. ACM Trans. Des. Autom. Electron. Syst. 17(3), article 24, 21 pp. (2012)
X. Qin, P. Mishra, Automated generation of directed tests for transition coverage in cache coherence protocols, in Design Automation and Test in Europe (DATE) (2012)
X. Qin, P. Mishra, Scalable test generation by interleaving concrete and symbolic execution, in International Conference on VLSI Design (2014), pp. 104–109
X. Qin, M. Chen, P. Mishra, Synchronized generation of directed tests using satisfiability solving, in International Conference on VLSI Design (2010), pp. 351–356
R. Rad, J. Plusquellic, M. Tehranipoor, Sensitivity analysis to hardware Trojans using power supply transient signals, in Workshop on Hardware-Oriented Security and Trust (2008), pp. 3–7
J. Rajendran, V. Vedula, R. Karri, Detecting malicious modifications of data in third-party intellectual property cores, in Proceedings of the 52nd Annual Design Automation Conference (ACM, New York, 2015), pp. 1–6
S. Safarpour, A. Veneris, Abstraction and refinement techniques in automated design debugging, in Seventh International Workshop on Microprocessor Test and Verification (MTV’06) (IEEE, Piscataway, 2006), pp. 88–93
S. Saha, R. Chakraborty, S. Nuthakki, Anshul, D. Mukhopadhyay, Improved test pattern generation for hardware Trojan detection using genetic algorithm and Boolean satisfiability, in Cryptographic Hardware and Embedded Systems (CHES) (2015), pp. 577–596
H. Salmani, COTD: reference-free hardware Trojan detection and recovery based on controllability and observability in gate-level netlist. IEEE Trans. Inf. Forensics Secur. 12(2), 338–350 (2017)
F. Saqib, D. Ismari, C. Lamech, J. Plusquellic, Within-die delay variation measurement and power transient analysis using REBEL. IEEE Trans. Very Large Scale Integr. VLSI Syst. 23(4), 776–780 (2015)
A. Sayed-Ahmed, D. Gro, M. Soeken, R. Drechsler et al., Formal verification of integer multipliers by combining gröbner basis with logic reduction, in 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE) (IEEE, Piscataway, 2016), pp. 1048–1053
K. Sen, G. Agha, CUTE and jCUTE: concolic unit testing and explicit path model-checking tools, in International Conference on Computer Aided Verification (Springer, Berlin, 2006), pp. 419–423
A. Smith, A. Veneris, M.F. Ali, A. Viglas, Fault diagnosis and logic debugging using Boolean satisfiability. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 24(10), 1606–1621 (2005)
C. Sturton, M. Hicks, D. Wagner, S.T. King, Defeating UCI: building stealthy and malicious hardware, in 2011 IEEE Symposium on Security and Privacy (SP) (IEEE, Piscataway, 2011), pp. 64–77
Trust-HUB, https://www.trust-hub.org/
A. Waksman et al., FANCI: identification of stealthy malicious logic using Boolean functional analysis, in CCS (2013), pp. 697–708
Y. Yarom, K. Falkner, FLUSH+ RELOAD: a high resolution, low noise, L3 cache side-channel attack, in USENIX Security Symposium, vol. 1 (2014), pp. 22–25
X. Zhang, M. Tehranipoor, Case study: detecting hardware Trojans in third-party digital IP cores, in 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) (IEEE, Piscataway, 2011), pp. 67–70
J. Zhang, F. Yuan, Q. Xu, DeTrust: defeating hardware trust verification with stealthy implicitly-triggered hardware Trojans, in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (ACM, New York, 2014), pp. 153–166
J. Zhang, F. Yuan, L. Wei, Y. Liu, Q. Xu, VeriTrust: verification for hardware trust. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 34(7), 1148–1161 (2015)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Farahmandi, F., Huang, Y., Mishra, P. (2020). SoC Security Verification Challenges. In: System-on-Chip Security. Springer, Cham. https://doi.org/10.1007/978-3-030-30596-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-30596-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30595-6
Online ISBN: 978-3-030-30596-3
eBook Packages: EngineeringEngineering (R0)