Hardware Trojans in Wireless Cryptographic ICs
Over the last decade, the problem of hardware Trojans in manufactured integrated circuits (ICs) has been a topic of intense investigation by academic researchers and governmental entities. Hardware Trojans are malicious modiﬁcations introduced in a manufactured IC, which can be exploited by a knowledgeable adversary to cause incorrect results, steal sensitive data, or even incapacitate a chip. Given the sensitive nature of applications wherein hardware Trojan-infested ICs may be deployed, developing detection methodologies has become paramount. Indeed, traditional test methods fall short in revealing hardware Trojans, as they are geared towards identifying modeled defects and, therefore, cannot reveal unmodeled malicious inclusions. Various hardware Trojan detection methods have been proposed, most of them targeted digital circuits. As pointed out therein, the Analog/RF domain is an attractive attack target, since the wireless communication of these chips with the environment over public channels simpliﬁes the process of staging an attack without obtaining physical access to the I/O of the chip. On the other hand, signals in an Analog/RF IC are continuous and highly-correlated to one another; hence, the likelihood of a modiﬁcation disturbing these correlations is very high. Therefore, this dissertation outlines the problems and proposes three solutions to ensure trustworthiness of Analog/RF ICs: namely, i) Utilize statistical side channel ﬁngerprinting to detect hardware Trojan in Analog/RF ICs. ii) Propose to use a combination of a trusted simulation model, measurements from process control monitors (PCMs), that are typically present either on die or on wafer kerf, and advanced statistical tail modeling techniques to detect hardware Trojan without relying on golden chips. iii) Introduce a concurrent hardware Trojan detection (CHTD) methodology for wireless cryptographic integrated circuits (ICs), based on continuous extraction of a side-channel ﬁngerprint and evaluation by a trained on-chip neural classiﬁer. All methods proposed in this dissertation have been veriﬁed with measurements from actual silicon chips.