Two Countermeasures Against Hardware Trojans Exploiting Non-Zero Aliasing Probability of BIST
This addresses a critical security vulnerability in hardware systems, particularly for applications where public safety, national economy, or national security are at risk, by providing specific defenses against stealthy Trojan attacks.
The paper tackles the problem of hardware Trojans exploiting non-zero aliasing probability in Logic Built-In-Self-Test (LBIST) by presenting two countermeasures: one uses a configurable key programmed post-manufacturing to make test patterns dependent on it, and the other employs a remote test management system to vary test patterns at each cycle, effectively preventing such attacks.
The threat of hardware Trojans has been widely recognized by academia, industry, and government agencies. A Trojan can compromise security of a system in spite of cryptographic protection. The damage caused by a Trojan may not be limited to a business or reputation, but could have a severe impact on public safety, national economy, or national security. An extremely stealthy way of implementing hardware Trojans has been presented by Becker et al. at CHES'2012. Their work have shown that it is possible to inject a Trojan in a random number generator compliant with FIPS 140-2 and NIST SP800-90 standards by exploiting non-zero aliasing probability of Logic Built-In-Self-Test (LBIST). In this paper, we present two methods for modifying LBIST to prevent such an attack. The first method makes test patterns dependent on a configurable key which is programed into a chip after the manufacturing stage. The second method uses a remote test management system which can execute LBIST using a different set of test patterns at each test cycle.