| 摘要: |
| 在现代集成电路设计中,随着芯片规模的不断扩大,越来越多的功能集成其中,不可避免地引入很多第三方设计的IP核。第三方IP核的引入极大地缩短了芯片设计周期,但也导致在芯片设计阶段可能引入具有恶意功能的电路,即硬件木马。植入的硬件木马一旦触发,可以改变芯片的原有功能、泄漏芯片内处理的信息,甚至物理上损坏芯片。因此,针对IP核进行硬件木马检测可以降低芯片设计中引入的风险。随着现代芯片制造工艺发展到纳米尺度及3D结构,从流片后的芯片中检测微小的硬件木马电路变得困难。设计阶段的硬件木马检测变得越来越重要。为了增强隐蔽性,硬件木马电路通常采用低概率触发的电路设计,同时保证电路规模较小。现有的硬件木马检测方法通过硬件木马的低概率触发电路的某一特征进行检测,比如可测性值、扇入扇出电路结构等。近期,一些学者提出了抗检测的硬件木马设计,可以针对性擦除硬件木马网表中的检测结构特征。在本文中,提出了一种新型的建模方法将电路转为节点控制流图NCFG,并提出了基于控制流分析的硬件木马检测方法。该方法可以同时分析组合逻辑电路和时序逻辑电路,还可以量化分析硬件木马的隐蔽性。实验结果表明,对于常见的硬件木马(TrustHub硬件木马检测样本库)和新型抗检测硬件木马(如抗UCI木马、DeTrust木马、DeTest木马等),该检测方法都可以达到很高的准确性。更重要的是,本文提出的节点控制流图NCFG模型具有很好的扩展性。对于未来出现的硬件木马,可以基于此模型添加新的特征分析进行扩展。 |
| 关键词: 芯片安全 硬件木马检测 网表 控制流 特征分析 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2026.01.20 |
| 投稿时间:2020-12-14修订日期:2021-02-22 |
| 基金项目:国家重点研发计划课题(No.2022YFC3320600)资助。 |
|
| A Novel Hardware Trojan Detection Method based on the Controllability Flow Analysis of the Netlist |
| ZHANG Ning,LV Zhiqiang,ZHANG Yanlin,HUANG Weiqing |
| Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100084, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
| Abstract: |
| With the expansion of modern integrated circuit(IC) scale, it's inevitable to introduce many intellectual property(IP) cores designed by the third party. The insertion of IP cores extremely shortens the IC design process, while it also leads to the potential insertion of malicious circuits called Hardware Trojans(HT). When inserted HT is triggered, it can change the desired functions of IC, leak the secret information in the IC, even destroy the IC physically. Thus, HT detections are essential to mitigate the thread of HT which may be inserted during the IC design flow. With the IC manufacture technology development to nanometer and 3D structure, it's challenging to detect small HT circuits in a whole IC after fabricated. The HT detection in the design flow becomes more and more important. To improve invisibility, HT circuits are usually rarely triggered and consist of small circuits scale. Most of existing HT detection methods are rely on the particular character of rarely triggered HT netlist, like measurability value, the fan-in and fan-out structure, etc. Recently, many researchers present some novel implicitly anti-detection HT designs which can resist netlist character based detections. In this paper, we propose a general modeling method of designs, which transform the netlist to a Node Controllability Flow Graph(NCFG). Meanwhile, we propose a novel HT detection method based on the controllability flow analysis of NCFG considering both combinational and sequential logics. It synthesize the HT detection analysis of combinational andsequential logics. We can use NCFG analysis to quantize the implicity of HT circuits. The experiment result shows that it has high accuracy to detect common HT from Trust Hub testbench and novel implicitly HT, like Defeating UCI, De Trust and De Test. Moreover, the proposed NCFG model has good expansibility, it has advantages to be extended for future stealthier HT features analysis based on NCFG. |
| Key words: chip security hardware trojan detection netlist controllability flow feature analysis |
