| 引用本文: |
-
李一玮,宿豪,鲁逸晴,武玲娟,胡伟.基于FPGA网表结构和行为特征分析的硬件木马检测[J].信息安全学报,已采用 [点击复制]
- LiYiwei,SU Hao,LU Yiqing,WU Lingjuan,HU Wei.Hardware Trojan detection through structural and behavioral feature analysis of FPGA netlist[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 硬件木马是集成电路中未公开的功能或恶意设计修改,可泄露敏感信息,篡改关键存储器,造成权限提升或拒绝服务,是一种主要的硬件安全与可信威胁。木马通常具有轻量级、低活度和高隐蔽性的特点,导致其难以检测。目前,在寄存器传输、门级,甚至是晶体管级抽象层次上已有相当数量的木马检测研究,然而,现场可编程门阵列(Field Programmable Gate Array, FPGA)网表级的木马检测方法一直是一个被忽视的研究课题。现有木马检测方法主要包括功能测试、形式化验证、侧信道分析、翻转概率分析、逆向工程和基于人工智能的方法等,尚面临着难以快速激活木马、依赖于高质量属性、对背景噪声敏感、易产生大量误报、对芯片造成物理损伤以及难以自动提取有效特征等不足。该文利用FPGA网表中显著的设计结构和行为特征,开展查找表(Look-up-Table, LUT)级硬件木马特征分析,进而提出基于深度学习的LUT级木马特征准确提取与智能匹配方法,以及木马相关属性自动提取与形式验证方法。实验结果表明该方法可以更精确地描述和匹配硬件木马特征,平均真阴性率(True Negative Rate, TNR)、真阳性率(True Positive Rate, TPR)、准确率、曲线下面积(Area Under the Curve, AUC)分别为0.990、0.969、0.971和0.979,该方法还可以通过对提取的属性进行形式化验证来自动搜索和恢复木马触发条件。该文工作提供了一种硬件木马检测研究的新思路,是现有硬件木马检测方法体系的有效补充。结合近期在FPGA配置流解密和反向综合方面的研究进展,论文也为配置流安全分析提供了一种技术途径。 |
| 关键词: 硬件安全 硬件木马检测 查找表 深度学习 属性验证 |
| DOI: |
| 投稿时间:2024-04-21修订日期:2024-09-07 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目)国家重点研发计划基金项目 |
|
| Hardware Trojan detection through structural and behavioral feature analysis of FPGA netlist |
|
LiYiwei1, SU Hao1, LU Yiqing1, WU Lingjuan2, HU Wei1
|
| (1.School of Cybersecurity, Northwestern Polytechnical University;2.College of Informatics, Huazhong Agricultural University) |
| Abstract: |
| Hardware Trojans are unspecified functionality in or malicious design modifications to integrated circuits. They can leak sensitive information, overwrite critical memory, cause privilege escalation or denial of service and thus represents a major threat to hardware security and trust. Trojans are typically associated with the characteristics of light-weight, low-activation rate and highly stealthy, which make them hard-to-detect. While there are a considerable number of research works in hardware Trojan detection at the register transfer, gate and even transistor levels, Trojan detection in Field Programmable Gate Array (FPGA) netlist has long been an overlooked research vector. Existing hardware Trojan detection methods include functional testing, formal verification, side-channel analysis, switching probability analysis, reverse engineering and AI based solutions. These methods are still seeing various drawbacks, such as hard to quickly activate the Trojan, relying on high-quality properties, sensitive to background noise, high false positives, causing physical damage to chips and difficult to automatically extract effective features. This paper performs Trojan feature analysis at the Look-up-Table (LUT) level, leveraging the significant structural and behavioral features in FPGA netlist. It proposes a method for precise extraction and intelligent matching of Trojan features through deep learning. In addition, it provides an approach for automated extraction and formal verification of Trojan related properties. Experimental results using Trust-Hub hardware Trojan benchmarks have demonstrated that the proposed method can achieve more precise depicting and matching of hardware Trojan features, with an average True Negative Rate (TNR), True Positive Rate (TPR), Accuracy and Area Under the Curve (AUC) of 0.990, 0.969, 0.971 and 0.979 respectively. Our method can also automatically search for and recover Trojan trigger condition through formal verification of the extracted properties. This work provides a new perspective for hardware Trojan detection research and an effective completement for the spectrum of hardware Trojan detection methods. It also paves the way for FPGA bitstream security analysis considering the recent research advances in bitstream file decryption and reverse synthesis. |
| Key words: Hardware security Hardware Trojan detection Look-up-Table Deep learning Property verification |
