to detect, locate, and mask hardware trojans in digital circuits by · 2016-03-23 · to detect,...
TRANSCRIPT
To Detect, Locate, and Mask Hardware Trojans
in Digital Circuits by
Reverse Engineering
and Functional ECO
Xing (Sean) Wei
2016-1-28
Easy-logic technology ltd.
1
Outline
2
• Introduction
• HT Detection & Kill
• Functional Formal Verification
• Reverse Engineering
• Functional ECO
• Conclusion
An example of Hardware Trojan Injection
3
Specification/
RTL-level circuitRTL-level circuit
Gate-level circuit
Circuit-level circuit
ChipChip
Customer Design house
Invisible to customers!
Add
something!Chip
Spy
We need tools to
detect HT!
Another example in circuitry level
4
8-AND
in[7:0]
s
out
AND
2TO1MUX
in[7:0]
s
out
8-AND 8-XOR
After injecting HTs
Red: added part and
Green: revised part
Original circuit
Our Methodology to Detect, Locate, and Mask
Hardware Trojans
5
• Complementary Greedy Coupling method
• Detect HT by formal verification
• SAT solver coupled with Reverse Engineering
• Locate and Mask HT by functional ECO
• Optimize patch logic by logic rewiring
Algorithm flow
6
Golden DesignR1
Golden DesignR1
Examined DesignG2
Examined DesignG2
Gate-LevelG1
Gate-LevelG1
Arithmetic extractionArithmetic extraction
GlobalHT locating
GlobalHT locating
DetailHT locating &Rectification
DetailHT locating &Rectification
Patch optimization
Patch optimization
Patchednetlist
Patchednetlist
ReverseEngineering
FunctionalECO
LogicRewiring
Formal Verification
7
Golden circuit Revised circuit
??Use OBDD?
SAT?
SAT Performance of Verifying Two Different Multipliers* (Exponential !!)
8
Results for Satz 2.15 Results for Minisat 2.0 with preprocessing
Over 1020
centuries!
Solving time for a 64-bit multiplier?
* Järvisalo, Matti. "Equivalence checking multiplier designs (2007)
SAT Competition 2007 benchmark description."
Why an NPC is hard to solve?
Every NPC contains a computing “Black Hole” !
9
Cases solved in P time
Cases likely “exponential” – the
computing “Black Hole”
10
by SAT
Solver
by Reverse
Engineering (“structural DNA tracing” method)
@
f ≠ g
f = g
Likely solved in P
time
May take
exponential runtime
Could be
exponential
Can be solved in P time
for “practical” industrial
circuits
Efficiently solved in P
time in any condition
f ≠ gf = g f = g
f ≠ g
f = g
f ≠ g
f = g(by RE)
f ≠ g(by SAT)
Solve f = g ?
11
A new thinking of “Wormhole computing”
for “exponential” computing problems in Formal Verification
Wallace tree
multiplier
Booth
multiplier
Traditional verification
flow:
BDD, SAT
Our “RE-based” scheme
Exponential!
Over 1010 centuries
(for 32-bit case)!
Linear
runtime !
in seconds!
Formal verification with RE
12
Input netlistf and g
Input netlistf and g
Normalizearithmetic logicinside f and g
Normalizearithmetic logicinside f and g
Generate CNF clausesGenerate
CNF clauses
Invoke SAT solver
Invoke SAT solver
Operator Mapping
(*,+,MUX…)
Operator Mapping
(*,+,MUX…)
OperandMappingOperandMapping
Formulae EquivalenceChecking
Formulae EquivalenceChecking
ArithmeticFormulae
Normalization
ArithmeticFormulae
Normalization
B
C
A
0 1
(A+B)*C A*C+B*C
(A+B)
An arithmetic extraction example by RE
13
sel
a[2]
a[0]
a[1]
ADDER3
in2[0]in2[1]in2[2]
in1[0]in1[1]in1[2]
sum[3]
sum[2]
sum[1]
sum[0]
011
a[0]a[1]a[2]
Equivalent!
A 4 * 4 Wallace Tree Multiplier
14
FA
pp2,0pp1,1
pp1,0pp0,1
pp3,0pp2,1pp3,1pp2,2
pp0,3pp1,3pp3,2
pp2,3pp3,3 pp0,2
pp1,2
O1O5O6 O2O3O4
O7
16 partial products
12 1-bit adders
4 half adders, 8 full addersFA
FAFAFAFA
FA FA HA HA HA HA
A 4 * 4 Booth Multiplier
15
pp2,4 pp2,3
pp0,1pp0,0
pp2,2pp0,4 pp0,3 pp2,1 pp0,2 pp2,0
O0O1O2O3O4O5O6
O7X1
X3
10 partial products, 2 constants
10 1-bit adders
5 half adders, 5 full adders
HAHAHAHAHAFAFA
FAFAFA
Build XOR trees
16
• Find all xor subcircuits within the global circuit
Global CircuitGlobal Circuit
xor
xor
xor
xor
xor
xor
xor
xor
Find carry out bits among xor trees
17
xor
xor
xor
xor
xor
xor
xor
xor xor
xor
xor
xor
xor
xor
xor
xor carry carry
xor
carry
Identify operands
• Each input of XOR should
be a 2-input functional gate
for non-booth multipliers
18
xor
xor
xor
xor
xor
xor
xor
xor carry carry
xor
carry
And
x0 x1
And
x2 x3
0
5000
10000
15000
20000
25000
30000
35000
0
10
20
30
40
50
60
70
90
80
cost (in contest metric) # solved
100
110
120
40000
45000
2nd 3rd 4th 5 6 7 8 9 10 11 12 13 14 15
171719191919
33333333383838383838
4141
5151515157575757
1010
19
Cases (out of 120) solved for ICCAD CAD contest benchmarks (2014)
Most teams solved < 50% cases, trapped in those “black hole” cases
Easy-
LEC
116
Where are
g3 and g5 ?
(b) New RTL design
g1
g2
g3
g4
g5
cd
ab
o1
o2
o3
Synthesis
Find bug
and fix it
ECO
process
Accomplish new
specification !
An example of Functional ECO(revised from Cadence example shown in ICCAD Contest Ceremony 2012)
g1
g2
g3
g4
g5
cd
ab
o1
o2
o3
(a) Old RTL design
(c) Synthesized netlist from (a)
cb
o1
o2
o3a
d
y1
AOI2X1 y2
AOI2X1 y3
(d) ECO result by (b) and (c)
o2
o3
o1b
d
y1
c
a
y4
AOI2X1 y2
AOI2X1 y3
(e) An even optimized ECO result
o2
o3
o1
AOI2X1
AOI2X1
b
d
y2
y3
y1
c
a
Better
solution
Result
produced by
commercial
engine
Better result
produced by
our engine
How does Functional ECO work for HT masking
21
• Locating the logic difference between golden and HT-tampered
netlist
• Generate patch to rectify HT-tampered netlist
• Optimize patch as small as possible
Some Preliminaries
• Set of Boolean variables
• X={x1,x2,…xn}
• Denoting the set of primary inputs (PIs)
• Diff-set
• For an old and new function pair f and g
• 𝑑𝑖𝑓𝑓 𝑋 = 𝑓 𝑋 ⨂𝑔 𝑋
• The set of input assignments where f and g have opposite values
• Care-set
• For an internal signal r (function is t ) and a PO driven by r (function is f )
• 𝑐𝑎𝑟𝑒 𝑋 = 𝑓(𝑋, 𝑡 𝑋 )⨂𝑓(𝑋, 𝑡 𝑋 )
• The set of input assignments that can affect PO value
How to eliminate diff set for one single PO
Input: internal signal r and its function t(X)
𝑑𝑖𝑓𝑓 𝑋 = 𝑓 𝑋 ⨂𝑔 𝑋
𝑐𝑎𝑟𝑒 𝑋 = 𝑓 𝑋, 𝑡 𝑋 ⨂𝑓 𝑋, 𝑡 𝑋
𝑂𝑛 𝑋 = 𝑐𝑎𝑟𝑒 𝑋 ∩ 𝑑𝑖𝑓𝑓 𝑋 ∩ 𝑡 𝑋
𝑂𝑓𝑓 𝑋 = 𝑐𝑎𝑟𝑒 𝑋 ∩ 𝑑𝑖𝑓𝑓 𝑋 ∩ 𝑡 𝑋
𝑝𝑎𝑡𝑐ℎ 𝑋 = 𝑖𝑛𝑡𝑒𝑟𝑝𝑜𝑙𝑎𝑡𝑒 𝑂𝑛 𝑋 , 𝑂𝑓𝑓 𝑋 *
Diff set is
smaller !f
Greedy Coupling Effect
• Two algorithms have similar style with certain strategic contrast
• when a coupling algorithm is switched in, a sudden
“performance jump" can be observed
(a) Algorithms alone(b) Algorithms coupled
Performance
#Iteration
The coupling algorithm
is switched in !
Find the result !@
Mariano Rivera (Best Closer)David Price (Best Starter 2012)
Patch generation strategy
• Neighbor-Prior
• Not enlarge the diff set of any neighbor PO
• Local-Prior
• Eliminate the diff set of local PO with best effort
Neighbor-Prior Strategy
(a) Before patching (b) After patching
Better
Better
Neighbor-Prior Patch generation• Input: internal signal r and its function t(X)
• 𝑂𝑛 𝑋 = ∅, 𝑂𝑓𝑓 𝑋 = ∅• For each primary output POi and its function f i(X) do
• If 𝑓𝑖 𝑋 = 𝑔𝑖(𝑋) then
• 𝑑𝑖𝑓𝑓𝑖 𝑋 = ∅• Else
• 𝑑𝑖𝑓𝑓𝑖 𝑋 = 𝑓𝑖(𝑋)⨂𝑔𝑖(𝑋)• End if
• 𝑐𝑎𝑟𝑒𝑖𝑟(𝑋) = 𝑓𝑖(𝑋, 𝑡(𝑋))⨂𝑓𝑖(𝑋, 𝑡(𝑋))
• 𝑂𝑛 𝑋 = 𝑂𝑛 𝑋 + 𝑐𝑎𝑟𝑒𝑖𝑟(𝑋) ∧ 𝑑𝑖𝑓𝑓𝑖 𝑋 ∧ 𝑡(𝑋)
• 𝑂𝑓𝑓 𝑋 = 𝑂𝑓𝑓 𝑋 + 𝑐𝑎𝑟𝑒𝑖𝑟(𝑋) ∧ 𝑑𝑖𝑓𝑓𝑖 𝑋 ∧ 𝑡(𝑋)
• End for• For each primary output POi and its function f i(X) do
• If 𝑓𝑖 𝑋 ≠ 𝑔𝑖(𝑋) then
• 𝑂𝑛𝑡 𝑋 = 𝑂𝑛 𝑋 + 𝑐𝑎𝑟𝑒𝑖𝑟 𝑋 ∧ 𝑑𝑖𝑓𝑓𝑖 𝑋 ∧ 𝑡 𝑋
• 𝑂𝑓𝑓𝑡 𝑋 = 𝑂𝑓𝑓 𝑋 + 𝑐𝑎𝑟𝑒𝑖𝑟(𝑋) ∧ 𝑑𝑖𝑓𝑓𝑖 𝑋 ∧ 𝑡(𝑋)
• If 𝑂𝑛𝑡 𝑋 ∧ 𝑂𝑓𝑓𝑡 𝑋 = ∅ then
• 𝑂𝑛 𝑋 = 𝑂𝑛𝑡 𝑋• 𝑂𝑓𝑓 𝑋 = 𝑂𝑓𝑓𝑡 𝑋
• End if• End if
• End for
• 𝑝𝑎𝑡𝑐ℎ 𝑋 = 𝑖𝑛𝑡𝑒𝑟𝑝𝑜𝑙𝑎𝑡𝑒(𝑂𝑛 𝑋 , 𝑂𝑓𝑓 𝑋 )
Local-Prior Strategy
(a) Before patching (b) After patching
Empty !
Worse !
Local-Prior Patch generation
• Input: internal signal r and its function t(X)
• 𝑂𝑛 𝑋 = ∅, 𝑂𝑓𝑓 𝑋 = ∅• For each primary output POi and its function f i(X) do
• If 𝑓𝑖 𝑋 = 𝑔𝑖(𝑋) then
• 𝑐𝑎𝑟𝑒𝑖𝑟(𝑋) = 𝑓𝑖(𝑋, 𝑡(𝑋))⨂𝑓𝑖(𝑋, 𝑡(𝑋))
• 𝑂𝑛 𝑋 = 𝑂𝑛 𝑋 + 𝑐𝑎𝑟𝑒𝑖𝑟(𝑋) ∧ 𝑡(𝑋)
• 𝑂𝑓𝑓 𝑋 = 𝑂𝑓𝑓 𝑋 + 𝑐𝑎𝑟𝑒𝑖𝑟(𝑋) ∧ 𝑡(𝑋)
• End if• End for• For each primary output POi and its function f i(X) do
• If 𝑓𝑖 𝑋 ≠ 𝑔𝑖(𝑋) then
• 𝑂𝑛𝑡 𝑋 = 𝑂𝑛 𝑋 + 𝑐𝑎𝑟𝑒𝑖𝑟 𝑋 ∧ 𝑑𝑖𝑓𝑓𝑖 𝑋 ∧ 𝑡(𝑋) +
𝑐𝑎𝑟𝑒𝑖𝑟 𝑋 ∧ 𝑑𝑖𝑓𝑓𝑖 𝑋 ∧ 𝑡 𝑋
• 𝑂𝑓𝑓𝑡 𝑋 = 𝑂𝑓𝑓 𝑋 + 𝑐𝑎𝑟𝑒𝑖𝑟 𝑋 ∧ 𝑑𝑖𝑓𝑓𝑖 𝑋 ∧ 𝑡(𝑋) +
𝑐𝑎𝑟𝑒𝑖𝑟(𝑋) ∧ 𝑑𝑖𝑓𝑓𝑖 𝑋 ∧ 𝑡(𝑋)
• If 𝑂𝑛𝑡 𝑋 ∧ 𝑂𝑓𝑓𝑡 𝑋 = ∅ then
• 𝑂𝑛 𝑋 = 𝑂𝑛𝑡 𝑋• 𝑂𝑓𝑓 𝑋 = 𝑂𝑓𝑓𝑡 𝑋
• End if• End if
• End for
• 𝑝𝑎𝑡𝑐ℎ 𝑋 = 𝑖𝑛𝑡𝑒𝑟𝑝𝑜𝑙𝑎𝑡𝑒(𝑂𝑛 𝑋 , 𝑂𝑓𝑓 𝑋 )
Patch Optimization Strategy
• Logic Rewiring
• Add-first
• Add some redundant logic into the patch first so as to
remove more logic from the patch
• Cut-first
• Remove logic from the patch first and add alternative
logic to keep the functionality
What is logic rewiring
G1
G2G3
G4
G5 G6G7
G8
ab
cd
e
f
o1
o2
target wire (TW)alternative wire (AW)
31
Rewiring: an ideal technique for
patch optimization
• Powerful
• Completeness*
• Fast & scalable
• Most flexible & Minimum perturbation
• One wire/gate change
*W. Kunz, et al. Logic Optimization and Equivalence Checking
by Implication Analysis, TCAD 1997 32
Add-first strategy
(a) Before optimization (b) After optimization
Cut-first strategy
(a) Before optimization (b) After optimization
X. Yang, T.-K. Lam, and Y.-L. Wu, “ECR: A low complexity generalized
error cancellation rewiring scheme,” DAC2010
CaseOurs ECO1st at ICCAD2012
Patch size CPU Time Patch size CPU Time
open01 0 0 0 0
open02 0 0 0 0
open03 1 18 0 10
open04 0 21 0 10
open05 0 1 0 65
open06 0 24 0 235
…… …… …… …… ……hidden17 54 27 111 383
hidden18 55 45 55 126
hidden19 65 48 FAIL FAIL
hidden20 53 78 117 456
hidden21 73 146 86 498
hidden22 22 28 FAIL FAIL
total 757 957 1094 6597
ratio1 61% 14% 1 1
Cases for ICCAD CAD contest benchmarks (2012)
We generate only 61% patches while consuming 14% CPU times
compared to Champion Version
Conclusion
36
• Hardware Trojan detection & masking is a changeling topic
• Use formal verification to check if any HT exists in a netlist
• Complementary Greedy Coupling method
• SAT @ RE
• Use functional ECO to locate and mask HT
• Rewiring to optimize patch logics
37
Thank You!