基于自差分分析的硬件木马检测研究
|
摘要
针对硬件木马旁路检测方法的噪声干扰问题,提出了基于自差分分析的硬件木马检测方法.基于旁路信号特征分析提出了两点假设:a.相同采样窗口内旁路信号的噪声变化小;b.不同激励下硬件木马的旁路特征存在差异.对同一采样窗口内不同激励的旁路信号进行自差分分析,将安全芯片与待测芯片的直接对比转变为自差分信号的相对差异分析,从而降低工艺噪声和环境噪声的干扰.提出了自差分分析的旁路信号模型以及相应检测流程.搭建了基于在线可编程门阵列芯片的验证平台,以8051微处理器内核为实验对象,采用马氏距离度量多点旁路信号差异,验证了假设的正确性,构建了待测芯片集合,成功检测出逻辑规模低至0.025%的硬件木马.
To address the noise interference of side-channel based hardware Trojan detection methods,the self-differential analysis method was proposed.Two hypotheses were proposed based on the analysis of side-channel signal:a. The noise differences are very small in the same sampling window;b. There are differences among the side-channel signal under different activation.The self-differential analysis was carried out by differentiating the side-channel signal in the same sampling window but under different activation.The direct comparison between the golden chip and the chip under test was transformed to the relative comparison of self-differences,so as to suppress the process noise and environmental noise.Side-channel model and detection procedure for self-differential analysis were built.The field programmable gate array(FPGA) platform was set up and the 8051 microprocessor core was burned in.Mahalanobis distance was used to measure the differences of multipoint signals.The two hypotheses were verified in turn.The test set containing multiple hardware Trojans was constructed.The hardware Trojans with area of 0.025% were detected successfully.
To address the noise interference of side-channel based hardware Trojan detection methods,the self-differential analysis method was proposed.Two hypotheses were proposed based on the analysis of side-channel signal:a. The noise differences are very small in the same sampling window;b. There are differences among the side-channel signal under different activation.The self-differential analysis was carried out by differentiating the side-channel signal in the same sampling window but under different activation.The direct comparison between the golden chip and the chip under test was transformed to the relative comparison of self-differences,so as to suppress the process noise and environmental noise.Side-channel model and detection procedure for self-differential analysis were built.The field programmable gate array(FPGA) platform was set up and the 8051 microprocessor core was burned in.Mahalanobis distance was used to measure the differences of multipoint signals.The two hypotheses were verified in turn.The test set containing multiple hardware Trojans was constructed.The hardware Trojans with area of 0.025% were detected successfully.
引文
[1]BHUNIA S,HSIAO M S,BANGA M,et al.Hardware Trojan attacks:threat analysis and countermeasures[J].Proceedings of the IEEE,2014,102(8):1229-1247.
[2]张鹏,王新成,周庆.基于电磁辐射信号分析的芯片硬件木马检测[J].电子学报,2014,42(2):341-346.
[3]赵毅强,刘沈丰,何家骥,等.基于自组织竞争神经网络的硬件木马检测方法[J].华中科技大学学报:自然科学版,2016,44(2):51-55.
[4]李雄伟,王晓晗,张阳,等.一种基于核最大间距准则的硬件木马检测新方法[J].电子学报,2017,45(3):656-661.
[5]张阳,全厚德,李雄伟,等.基于多元正态分析的硬件木马检测研究[J].华中科技大学学报:自然科学版,2018,46(1):17-21.
[6]YANG K,HICKS M,DONG Q,et al.A2:analog malicious hardware[C]//Proc of IEEE Symposium on Security and Privacy(SP).New York:IEEE,2016:49-63.
[7]张阳,李雄伟,陈开颜,等.基于故障注入的硬件木马设计与差分分析[J].华中科技大学学报:自然科学版,2014,42(4):68-71.
[8]XIAO K,FORTE D,JIN Y,et al.Hardware Trojans:lessons learned after one decade of research[J].ACMTransactions on Design Automation of Electronic Systems,2016,22(1):1-23.
[9]HOQUE T,NARASIMHAN S,WANG X,et al.Goldenfree hardware Trojan detection with high sensitivity under process noise[J].Journal of Electronic Test,2017,33(7):107-124.
[10]BALASH J,GIERLICHS B,VERBAUWHEDE I.Electromagnetic circuit fingerprints for hardware Trojan detection[C]//Proc of IEEE International Symposium on Electromagnetic Compatibility.New York:IEEE,2015:246-251.
[11]王学民.应用多元分析[M].上海:上海财经大学出版社,2014.
[12]Trust HUB organization.Hardware Trojan benchmarks[EB/OL].[2016-10-11].https://www.trust-hub.org/resources/benchmarks.
[2]张鹏,王新成,周庆.基于电磁辐射信号分析的芯片硬件木马检测[J].电子学报,2014,42(2):341-346.
[3]赵毅强,刘沈丰,何家骥,等.基于自组织竞争神经网络的硬件木马检测方法[J].华中科技大学学报:自然科学版,2016,44(2):51-55.
[4]李雄伟,王晓晗,张阳,等.一种基于核最大间距准则的硬件木马检测新方法[J].电子学报,2017,45(3):656-661.
[5]张阳,全厚德,李雄伟,等.基于多元正态分析的硬件木马检测研究[J].华中科技大学学报:自然科学版,2018,46(1):17-21.
[6]YANG K,HICKS M,DONG Q,et al.A2:analog malicious hardware[C]//Proc of IEEE Symposium on Security and Privacy(SP).New York:IEEE,2016:49-63.
[7]张阳,李雄伟,陈开颜,等.基于故障注入的硬件木马设计与差分分析[J].华中科技大学学报:自然科学版,2014,42(4):68-71.
[8]XIAO K,FORTE D,JIN Y,et al.Hardware Trojans:lessons learned after one decade of research[J].ACMTransactions on Design Automation of Electronic Systems,2016,22(1):1-23.
[9]HOQUE T,NARASIMHAN S,WANG X,et al.Goldenfree hardware Trojan detection with high sensitivity under process noise[J].Journal of Electronic Test,2017,33(7):107-124.
[10]BALASH J,GIERLICHS B,VERBAUWHEDE I.Electromagnetic circuit fingerprints for hardware Trojan detection[C]//Proc of IEEE International Symposium on Electromagnetic Compatibility.New York:IEEE,2015:246-251.
[11]王学民.应用多元分析[M].上海:上海财经大学出版社,2014.
[12]Trust HUB organization.Hardware Trojan benchmarks[EB/OL].[2016-10-11].https://www.trust-hub.org/resources/benchmarks.