DETECTION and prevention of hardware Trojan attacks has become a major concern for a company wishing to outsource its hardware manufacturing. The threat of a hardware Trojan could lie dormant on a new chip for years before crippling it. Hardware Trojans could also steal encryption keys, passwords, or other sensitive information, compromising security-critical systems. These data leakage Trojans can leak secret information out through Wi-Fi or even through the power signature itself. Detecting hardware Trojans has proven very difficult if not impossible. Some Trojans have been demonstrated to successfully operate with as little as five transistors. Most current methods of defense would be ineffective against such an attack. This problem extends beyond custom application specified integrated circuit (ASIC) designs and the firms creating them. Most companies buy commercial chips and are in no way involved in the design and production processes. Protecting against Trojan’s in a commercial off-the-shelf (COTS) chip has so far been a mostly unexplored area of hardware Trojan defense.
Current methods of detecting hardware Trojans after production involve runtime monitoring and post manufacture testing. Runtime monitoring and post manufacture testing rely on identifying the differences in chip operation introduced by the Trojan circuit. These methods depend on the tester’s ability to trigger the Trojan circuit so the effects of the Trojan can be measured. For runtime monitoring and post manufacture testing to work, a “golden chip” is usually needed for comparison, as simulation of the chip functionality is generally not accurate enough to show the very small changes introduced by the additional Trojan circuitry. How to produce the golden chip is a major problem. Furthermore, neither of these broad categories of Trojan protection is relevant for a third party company buying a COTS chip.
A more reliable method of protection is to design the chip for security from the beginning. The concept of design for security (DFS) encompasses many possible ideas and methods, such as obfuscation, layout camouflaging, and split manufacturing. Obfuscation and layout camouflaging, however, are both susceptible to reverse engineering given enough time and effort. Split manufacturing is susceptible if multiple fabrication runs are used, which is often the case in modern design flows. This paper focuses on a new DFS method known as Randomized Encoding of Combinational Logic for Resistance to Data Leakage (RECORD) and more specifically the sequential RECORD variant which can protect sensitive information from being leaked even when the full design is known to the attacker and multiple fabrication runs are needed.
Sequential RECORD took the initial concept of RECORD, which was only specified for combinational logic, and extended it to sequential circuits. The method uses two randomly generated numbers to temporarily encode incoming data into a dual-rail signal. The random numbers represent one of the rails. Through Boolean manipulation and split manufacturing, the sequential RECORD process is able to effectively prevent any data leakage Trojans from capturing meaningful data from anywhere on the chip. This process does not try to detect or even prevent hardware Trojans on the chip. There is no longer any need. Any data captured by the attacks would be meaningless.
The sequential RECORD process suffers from two drawbacks. First, the RECORD algorithm increases the area by almost 4× and the power by about 4.5×. And since it is a DFS method, it must be designed into the chip from the start making it useless for COTS applications. In this paper two modifications to the RECORD process are presented. The first, time-division multiplexing (TDM) RECORD, will show how the RECORD process can be modified to reduce the area and power overhead by 63% and 56%, respectively, at the expense of processing time and total energy used. Second, a scheme to use the RECORD concepts off chip to allow safe operation of COTS products is presented. This method is shown to work effectively without modification of the COTS product and can be implemented on a field-programmable gate array (FPGA) or other processor which may already be present in the design with an approximately 4× increase in processing time.
The sequential RECORD design process is a modification of RECORD which allows it to be used successfully on sequential designs. The application of RECORD to combinational logic. The first step in the sequential RECORD process is to create dual-rail representations of the incoming data vectors. The conversion is done by XORing the input bits, x, with one of the two randomly generated signals r1 and r2, which then becomes the second bit of the dual-rail signal t.
t = x ⊕ r1 or t = x ⊕ r2 ..(1)
Selection of which input bits are XORed with which random signal is up to the designer and can be changed from one chip to another.
Bits r1 and r2 randomly change on each clock. The dual-rail signals represent a logic 0 as either 00 or 11. Logic 1 is represented as either 01 or 10. The dual-rail signal is represented by t and r in (1). The original input value, x, is dropped. The second bit, r, of the dual-rail signal is always the random signal bit. This bit is never routed to the sequential logic. Keeping the random bit private to a trusted portion of the hardware is the key to the RECORD scheme, since an attacker cannot decode the second rail, t, without the random bit. Only the first bit, t, of the new dual-rail input is ever routed to the inner combinational logic (see Fig. 1).
Figure 1 : Conversion of input data to dual rail
The dual-rail equivalent of a function f “randomized” using two random bits is
f (x1, x2, x3 . . .)→ f (x1 ⊕ r1, x2 ⊕ r2, x3 ⊕ r1 . . .) ⊕ r1. …(2)
In this case, the second rail is represented using r1, but could just as easily be represented using r2. Using Shannon’s expansion, this formulation can be rewritten as
f (x1 ⊕ r1, x2 ⊕ r2, x3 ⊕ r1, . . .) ⊕ r1 = r1r2 f (t1,t2,t3, . . .) + r1r¯2 f (t1,t 2,t3, . . .) + ¯r1r2 f (t 1,t2,t 3, . . .) + ¯r1r¯2 f (t1,t 2,t 3, . . .). (3)
Equation (3) describes four identical functions each being sent a slightly altered version of the same input vector. The two random bits are used as select signals to demultiplex the four values of f and select the correct output. Note that the output selected by the demuxing process is still in a dual-rail representation, with r1 in this case. This representation can be easily implemented in hardware,
- Not Implemented Decryption Algorithm
- Not Tested BER
This paper explains the concept of reduction of data leakage Trajons in modulation scheme of TDM (Time Division Multiplexing) using DES (Data Encryption Standard) encoding and decoding concept. The DES is a symmetric key block cipher which is used for encryption and decryption process. In hardware manufacturing, detection and prevention of hardware Trajons attacks becomes a major concern for a manufacturing company. Because, the hardware Trajons is able to steal some sensitive information of a users such as encryption keys, passwords, etc,. So, most defensive methods prefers on prevention of data. The existing system uses the concept of RECORD ( Randomized encoding of combinational logic for resistance to data leakage) to prevent the data from the hardware Trajons even the Trajons known the entire information. Thus the proposed system of TDM version of RECORD design is more secure than the Sequential RECORD system and these case of existing work, will not concentrate and proved TDM RECORD DES Decryption Algorithm. Therefore, the proposed work of this paper will used the concept of TDM version of RECORD with implement in Encryption and Decryption Algorithm with BER Testing, this method will have designed in VHDL and implement in Xilinx FPGA and finally shown the comparison results in terms of area, delay and power.
RECORD provides excellent protection for custom ASIC designs both for combinational or sequential circuits. It does, however, carry a large area and power overhead, approximately 3.75× area and 4.5× power for sequential RECORD. RECORD also benefits from using a simple and generic implementation that can be easily adapted to any design with no circuit specific logic or control. When area or power is at a premium a different approach is needed. TDM offers a perfect solution to reduce the power and area overhead. The sequential RECORD process contains four copies of the same logic. This serves two purposes; it allows for quick parallel processing of the four input vectors and helps to confuse attackers. TDM RECORD eliminates the duplication while at the same time opening up possibilities for an even more secure protection scheme.
The intermediate combinational logic is copied four times and operated on in parallel. The only difference between the blocks is that each block of logic is sent a different input vector. In TDM RECORD, the four variant input combinations can be sent in sequence to just one copy of the intermediate logic instead of four. The outputs of the intermediate logic are then stored in one of the four register blocks before being demuxed to determine the final correct output.
The register blocks are not the same as in sequential RECORD. In sequential RECORD each register stores the demuxed output of the four input vectors before being reindexed to the random bit on the next clock, as shown in Fig. 4. In TDM RECORD, all four outputs are not available in the same clock cycle. Each intermediate output vector, g1–4, is stored on subsequent clock cycles until all four input vectors have completed. The four stored outputs are then demuxed with the two random bits as select signals, as before. The new output is reindexed against two newly generated random bits before being sent on to the next set of intermediate logic, as shown in Fig. 5. The random bits must be stored for four clocks cycles and used to generate g1–4 instead of changing on each cycle. This restriction means that control logic is needed to orchestrate when new random bits are needed and into which register block the intermediate outputs, g1–4, are placed.
The entire process is illustrated in Fig. 6. At clock cycle T , the incoming data vector is converted to the dual-rail representation with r1 and r2. The new input bits, t, are then sent to the first logic block. The output is then stored in register block 1. At clock cycle, T + 1, the same input bits, t, are sent back to the same logic block but with some of the inputs inverted as described in (3). The outputs are stored in register block 2. This process is repeated two more times with the bits of t being inverted or not inverted according to (3). Finally at clock cycle T +4, the register blocks are demuxed using r1 and r2 as select signals. Here, r1 and r2 have not been allowed to change from cycle to cycle but have been stored since cycle T . At clock cycle T + 5 the random bits are allowed to change, the output of the register block is updated, and the process begins again.
The security of the random bits is maintained with split manufacturing. The upper tier would contain the control logic, the input multiplexers, registers with XOR gates, output registers, and final demux. The bottom tier contains all of the intermediate logic. Storing the random bits for four clock cycles does nothing to compromise the security. An attacker would still need to wait until all four input data vectors have processed before attempting to infer the random bit, at which time the bit would change just as in sequential RECORD.
TDM RECORD gives some obfuscation options that were not available with RECORD or sequential RECORD. First, sequential RECORD was resistant to attackers inferring the random bits by reading the signals moving between upper and lower tiers. However, remote possibilities still existed of inferring the encoded data if the attacker knew which combinational block was receiving which input vector, which input bits were indexed against which random bits, and finally knew the indexing of the returning register outputs. By making use of the random number generator/s (RNG) in TDM RECORD, the control logic can randomly change the order in which the input vectors are presented to the logic. For example, the first iteration could present the input vectors in normal order (1, 2, 3, and 4) but the next iteration could present them in the order (2, 3, 1, and 4) and so on. By modifying the presentation order the inference table found in Table I is rendered useless.
Second, to further frustrate attackers, the number of random bits can be increased. Adding a third random bit was previously infeasible due to the excessive area and power overhead. Now that third random bit would increase the number of input vector variations by up to eight but at a very small cost to additional area and power. Only four additional register blocks and alterations to the control logic are needed while at the same time greatly increasing the number of possible dual-rail input and upper tier permutations. The cost of the TDM RECORD process is time. Latency is increased by a minimum of 5×, or 9× in the case of the three random bit option. Design time also increases, as the TDM RECORD concept must be designed into the chip from the beginning and custom control is needed for each design. Finally, while power does decrease compared to sequential RECORD, overall energy usage does not.
- Implemented Decryption Algorithm with BER Testing
- Reduced Error noise