Title: “Malicious LUT: A Stealthy FPGA Trojan Injected and Triggered by the Design Flow”
Speaker: Christian Krieg, Vienna University of Technology, Vienna, Austria
Date and Time: Thursday, November 17, 2016 at 2:00 PM
Location: Donald Bren Hall 3011
Host: Professor Nikil Dutt
Abstract: We present a novel type of Trojan trigger targeted at the field-programmable gate array (FPGA) design flow. Traditional triggers base on rare events, such as rare values or sequences. While in most cases these trigger circuits are able to hide a Trojan attack, exhaustive functional simulation and testing will reveal the Trojan due to violation of the specification. Our trigger behaves functionally and formally equivalent to the hardware description language (HDL) specification throughout the entire FPGA design flow, until the design is written by the place-and-route tool as bitstream configuration file. From then, Trojan payload is always on. We implement the trigger signal using a 4-input lookup table (LUT), each of the inputs connecting to the same signal. This lets us directly address the least significant bit (LSB) and most significant bit (MSB) of the LUT. With the remaining 14 bits, we realize a “magic” unary operation. This way, we are able to implement 16 different Triggers. We demonstrate the attack with a simple example and discuss the effectiveness of the recent detection techniques unused circuit identification (UCI), functional analysis for nearly-unused circuit identification (FANCI) and VeriTrust in order to reveal our trigger.
Biography: Christian Krieg received the bachelor’s and master’s degree in electrical engineering from TU Wien and is now pursuing his PhD studies on hardware security at TU Wien. His research focuses on design-level hardware Trojan design and detection. He also works on reasonable threat models for hardware Trojan attacks. Christian recently received the William McCalla best paper award for a novel hardware Trojan implementation. At a wider scope, Christian’s research interests include cyber-physical systems security and IoT security.