Communications systems are increasingly reliant on system-on-chip (SoC) solutions. As the complexity and size of SoCs continues to grow, so does the risk of “Trojan” attacks, in which an integrated circuit (IC) design is surreptitiously and maliciously altered at some point during the design or manufacturing process. Despite the risks that such an attack entail, relatively little attention has been given in the literature to methods enabling detection of and response to run-time Trojan attacks. In the present paper, we present a Trojan-resistant system bus architecture suitable across a wide range of SoC bus systems. The system detects malicious bus behaviors associated with Trojan hardware, protects the system and system bus from them and reports the malicious behaviors to the CPU. Use of this bus and associated embedded software is highly effective in reducing IC Trojan vulnerabilities without loss of bus performance.
Silicon systems in general and communications SoCs in particular are getting exponentially more complex, harder to test, and interdependent. Such systems increasingly involve third party intellectual property (IP) designs and are increasingly reliant on outsourced and/or offshore aspects in the design and manufacturing process. With more and more of the system design steps occurring in environments where it is difficult to ensure the security of the design, there is a growing threat of “Trojan” attacks, in which an integrated circuit (IC) design is surreptitiously and maliciously altered at some point during the design or manufacturing process.
While the threat of Trojan ICs has received increasing attention in recent years, most anti-Trojan efforts are directed at identifying Trojans during verification and testing, prior to silicon deployment. For example, there is a class of techniques based on comparing measured physical characteristics such as power consumption, timing variations, and layout structures with respect to a “golden model” deemed to be trustworthy. There are also attempts to design “malicious hardware” in order to demonstrate how significant large-scale attacks can be mounted by the help of hardware. Other methods rely on adding logic which is used to identify authentic chips or test original designs to identify functional defects that may have malicious origins. These approaches, while they are an important part of an overall mitigation strategy, are far from comprehensive in SoC and SiP (System in Package) applications.
For example, when third party IP designs are provided using register transfer level (RTL) descriptions, it is likely that there will be no trusted golden model to use for comparison. In addition, the use of increasingly complicated SoC, SiP and MCP (Multi-chip-package) designs provides a would-be attacker with multiple opportunities for the insertion of Trojans, including front-end logic design, floor planning, place-and-route, mask creation, large scale manufacturing, and packaging. Even if all the constituent IP designs and chips are known to be trustworthy, an attacker could insert a malicious die during the manufacturing process. In this context, it is very difficult to reliably create a trustworthy system-level model against which production samples can be compared. In addition, traditional approaches would not be particularly effective at identifying a true Trojan—an attack designed to remain hidden and inactive until triggered either internally or externally.