Verifying the absence of maliciously inserted Trojans in Integrated Circuits (ICs) is a crucial task - especially for security-enabled products. Assuming that the original IC layout is benign and free of backdoors, the primary security threats are usually identified as the outsourced manufacturing and transportation. To ensure the absence of Trojans in commissioned chips, one straightforward solution is to compare the received semiconductor devices to the design files that were initially submitted to the foundry. Clearly, conducting such a comparison requires advanced laboratory equipment and qualified experts. Nevertheless, the fundamental techniques to detect Trojans which require evident changes to the silicon layout are nowadays well-understood. Despite this, there is a glaring lack of public case studies describing the process in its entirety while making the underlying data sets publicly available. In this talk, we present a public and open hardware Trojan detection case study based on four different digital ICs using a Red Team vs. Blue Team approach. Our results spark optimism for the Trojan seekers and answer common questions about the efficiency of such techniques for relevant IC sizes. Further, they allow to draw conclusions about the impact of technology scaling on the detection performance.
We will demonstrate our image processing approaches to detect replaced fill cells and/or modified standard cells using our datasets and abstracted GDSII data.
Endres Puschner is researcher and PhD student at the Max Planck Institute for Security and Privacy, Germany. His research focus is on the security of embedded systems, especially in the Internet of things and real-world applications. Current projects include detection and insertion strategies of unwanted circuitry in ASICs and FPGAs at various steps of the design and fabrication process of products.
Steffen Becker is a PostDoc at Ruhr University Bochum and the Max Planck Institute for Security and Privacy. His work focuses on enhancing the security of hardware by investigating the human aspects involved in reverse-engineering-based attacks. Steffen is also interested in strengthening end-user perceptions and behaviors with respect to security and privacy.