Side-Channel Trojan Insertion -- a Practical Foundry-Side Attack via ECO
This addresses security vulnerabilities in outsourced IC fabrication, revealing a practical attack vector that could compromise hardware integrity, though it is incremental in exposing specific implementation details.
The paper tackles the problem of hardware trojan insertion in outsourced integrated circuit fabrication by presenting a framework for designing and inserting a side-channel trojan via an engineering change order flow, showing that a rogue foundry element can easily perform such attacks to leak multiple bits per power signature reading.
Design companies often outsource their integrated circuit (IC) fabrication to third parties where ICs are susceptible to malicious acts such as the insertion of a side-channel hardware trojan horse (SCT). In this paper, we present a framework for designing and inserting an SCT based on an engineering change order (ECO) flow, which makes it the first to disclose how effortlessly a trojan can be inserted into an IC. The trojan is designed with the goal of leaking multiple bits per power signature reading. Our findings and results show that a rogue element within a foundry has, today, all means necessary for performing a foundry-side attack via ECO.