基于灰度图谱分析的IP软核硬件木马检测方法

doi:10.19678/j.issn.1000-3428.0067597

摘要/Abstract

摘要：

随着芯片设计、制造、封装等流程的分工细化，利用第三方知识产权（IP）软核进行二次开发可以明显提升设计效率，减少重复工作。但是大量非自主可控IP软核被用于加速设计时，可能导致芯片在设计阶段被植入硬件木马，使得芯片安全性难以保证。当前IP软核安全检测方法主要依赖功能测试、代码覆盖率和翻转率分析，或在语义层面进行关键字匹配，且无法对加密IP软核进行检测。在分析硬件木马结构及其在IP软核中实现特征的基础上，利用非可控IP软核与“Golden”IP软核中寄存器传输级（RTL）代码灰度图谱的特征差异，基于Trust-Hub构建“Golden”软核集，提出基于灰度图谱特征的IP软核硬件木马检测模型和算法。以功能篡改型IP软核B19-T100为实验对象，通过调整合适的成像矩阵参数，利用分块匹配对比方式实现硬件木马检测，结果表明，该算法的检测精度达97.18%。在对B19、B15、S38417等5类共18个样本进行测试时，所提算法的平均检测精度达92%以上，表明其可实现对硬件木马的有效识别，检测精度和适用性较强。

关键词: 知识产权软核, 硬件木马, 灰度图谱, 芯片安全, 特征差异

Abstract:

With the refinement of the division of labor in chip design, manufacturing, and packaging processes, the use of third-party Intellectual Property(IP) soft cores for secondary development can significantly improve design efficiency and reduce duplication of work. However, while a large number of non-autonomous controllable IP soft cores are used to accelerate the design, it also puts the chip at risk of being implanted in hardware Trojans in the design stage, and the chip security is difficult to guarantee. Current IP soft core security detection methods mainly rely on functional testing, code coverage, and flip rate analysis, or keyword matching at the semantic level, and cannot detect encrypted IP soft cores. Based on the hardware analysis of the Trojan structure and its implementation features in IP soft cores, this study uses the feature differences between non-controllable IP and "Golden" IP soft cores in Register Transfer Level(RTL) code grayscale maps, and constructs the "Golden" soft core set based on Trust-Hub. Additionally, it proposes a detection model and an algorithm for IP soft hardware Trojans based on grayscale map features. The experiment takes the functional tampering IP soft core B19-T100 as the object, and by adjusting the appropriate imaging matrix parameters, the hardware Trojan detection is realized by block matching and comparison. The detection accuracy of the proposed algorithm is 97.18%. A total of 18 samples of five categories such as B19, B15, and S38417 are tested, and the average detection accuracy is greater than 92%. The results demonstrate that the algorithm can effectively identify the hardware Trojan, and the detection accuracy and applicability are strong.

Key words: Intellectual Property(IP) soft core, hardware Trojan, grayscale graph, chip security, characteristic differences

倪林, 刘子辉, 张帅, 韩久江, 鲜明. 基于灰度图谱分析的IP软核硬件木马检测方法[J]. 计算机工程, 2024, 50(3): 44-51.

Lin NI, Zihui LIU, Shuai ZHANG, Jiujiang HAN, Ming XIAN. IP Soft Core Hardware Trojan Detection Method Based on Grayscale Graph Analysis[J]. Computer Engineering, 2024, 50(3): 44-51.

http://www.ecice06.com/CN/Y2024/V50/I3/44

图/表 13

图1 硬件木马结构

Fig.1 Hardware Trojan structure

图2 硬件木马实现方式

Fig.2 Hardware Trojan implementation method

图3 IP软核硬件木马检测流程

Fig.3 Hardware Trojan detection procedure of IP soft core

图4 “Golden”软核集构建流程

Fig.4 "Golden" soft core set construction procedure

图5 灰度图谱的产生流程

Fig.5 Procedure of grayscale map generation

图6 匹配检测过程

Fig.6 Matching detection process

图7 B19-T100含木马样本检测匹配结果

Fig.7 Detection and matching results of samples containing Trojans in B19-T100

图8 B19-T100不含木马样本检测匹配结果

Fig.8 Detection and matching results of samples without Trojans in B19-T100

图9 S38417-T200含木马样本检测匹配结果

Fig.9 Detection and matching results of samples containing Trojans in S38417-T200

图10 S38417-T200不含木马样本检测匹配结果

Fig.10 Detection and matching results of samples without Trojans in S38417-T200

图11 Wb_conmax-T100含木马样本检测匹配结果

Fig.11 Detection and matching results of samples containing Trojans in Wb_conmax-T100

图12 Wb_conmax-T100不含木马样本检测匹配结果

Fig.12 Detection and matching results of samples without Trojans in Wb_conmax-T100

参考文献 27

1	AHMED A, FARAHMANDI F, ISKANDER Y, et al. Security and trust verification of IoT SoCs[EB/OL]. [2023-04-05]. https://link.springer.com/chapter/10.1007/978-3-030-02807-7_1.
2	倪林, 石磊, 韩鹍, 等. 基于特征匹配的IP软核硬件木马检测. 计算机工程, 2017, 43 (3): 176- 180. doi: 10.3969/j.issn.1000-3428.2017.03.030
	NI L, SHI L, HAN K, et al. Hardware Trojan detection of IP soft cores based on feature matching. Computer Engineering, 2017, 43 (3): 176- 180. doi: 10.3969/j.issn.1000-3428.2017.03.030
3	CHEN K J, ARIAS O, GUO X L, et al. IP-tag: tag-based runtime 3PIP hardware Trojan detection in SoC platforms. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2023, 42 (1): 68- 81. doi: 10.1109/TCAD.2022.3174171
4	胡涛, 佃松宜, 蒋荣华. 基于长短时记忆神经网络的硬件木马检测. 计算机工程, 2020, 46 (7): 110- 115. doi: 10.19678/j.issn.1000-3428.0055589
	HU T, DIAN S Y, JIANG R H. Hardware Trojan detection based on long short-term memory neural network. Computer Engineering, 2020, 46 (7): 110- 115. doi: 10.19678/j.issn.1000-3428.0055589
5	宋钛, 黄正峰, 徐辉. 用于检测硬件木马延时的线性判别分析算法. 电子与信息学报, 2023, 45 (1): 59- 67. URL
	SONG T, HUANG Z F, XU H. Linear discriminant analysis algorithm for detecting hardware Trojans delay. Journal of Electronics & Information Technology, 2023, 45 (1): 59- 67. URL
6	闫华钰, 陈岚, 佟鑫, 等. 面向物联网应用的SoC安全检查架构设计. 计算机工程, 2021, 47 (2): 152- 159. doi: 10.19678/j.issn.1000-3428.0057460
	YAN H Y, CHEN L, TONG X, et al. Design of SoC security check architecture for Internet of Things applications. Computer Engineering, 2021, 47 (2): 152- 159. doi: 10.19678/j.issn.1000-3428.0057460
7	陈长林, 骆畅航, 刘森, 等. 忆阻器类脑计算芯片研究现状综述. 国防科技大学学报, 2023, 45 (1): 1- 14. URL
	CHEN C L, LUO C H, LIU S, et al. Review on the memristor based neuromorphic chips. Journal of National University of Defense Technology, 2023, 45 (1): 1- 14. URL
8	王庆林, 裴向东, 廖林玉, 等. 多核数字信号处理器矩阵乘卷积算法性能评测. 国防科技大学学报, 2023, 45 (1): 86- 94. URL
	WANG Q L, PEI X D, LIAO L Y, et al. Evaluating matrix multiplication-based convolution algorithm on multi-core digital signal processors. Journal of National University of Defense Technology, 2023, 45 (1): 86- 94. URL
9	HUANG D C, HSIAO C F, CHANG T W, et al. A security method of hardware Trojan detection using path tracking algorithm. EURASIP Journal on Wireless Communi- cations and Networking, 2022, (1): 81.
10	ASHOK M, TURNER M J, WALSWORTH R L, et al. Hardware Trojan detection using unsupervised deep learning on quantum diamond microscope magnetic field images. ACM Journal on Emerging Technologies in Computing Systems, 2018, (4): 67.
11	郭青帅, 高宏玲, 翟腾. 芯片硬件安全技术分析与防护措施. 工业技术创新, 2021, 8 (6): 150- 154. URL
	GUO Q S, GAO H L, ZHAI T. Technological analysis and protection measures on chip hardware security. Industrial Technology Innovation, 2021, 8 (6): 150- 154. URL
12	常永伟, 余超, 刘海静, 等. 130 nm加固SOI工艺的抗辐射控制芯片设计. 国防科技大学学报, 2020, 42 (3): 17- 21. URL
	CHANG Y W, YU C, LIU H J, et al. Design of radiation-tolerant controller chip in 130 nm hardened SOI process. Journal of National University of Defense Technology, 2020, 42 (3): 17- 21. URL
13	刘海亮. 基于特征提取的硬件木马检测技术研究[D]. 成都: 电子科技大学, 2017.
	LIU H L. Research of hardware Trojan detection based on feature extraction[D]. Chengdu: University of Electronic Science and Technology of China, 2017. (in Chinese)
14	周宏伟, 徐实, 王忠奕, 等. 众核处理器访存链路接口的FPGA验证. 国防科技大学学报, 2018, 40 (3): 176- 182. URL
	ZHOU H W, XU S, WANG Z Y, et al. FPGA verification for memory link interface of many-core processor. Journal of National University of Defense Technology, 2018, 40 (3): 176- 182. URL
15	SABRI M, SHABANI A, ALIZADEH B. SAT-based integrated hardware Trojan detection and localization approach through path-delay analysis. IEEE Transactions on Circuits and Systems Ⅱ: Express Briefs, 2021, 68 (8): 2850- 2854. doi: 10.1109/TCSII.2021.3074549
16	SONG T, NI T M, HUANG Z F, et al. Valid test pattern identification for VLSI adaptive test. Integration, 2022, 82, 1- 6. URL
17	XUE H, REN S Y. Hardware Trojan detection by timing measurement: theory and implementation. Microelec- tronics Journal, 2018, 77, 16- 25. doi: 10.1016/j.mejo.2018.05.009
18	ELSHAMY M, DI NATALE G, SAYED A, et al. Digital-to-analog hardware Trojan attacks. IEEE Transactions on Circuits and Systems Ⅰ: Regular Papers, 2022, 69 (2): 573- 586. doi: 10.1109/TCSI.2021.3116806
19	唐楠. 基于物理特性的硬件木马检测技术研究[D]. 成都: 电子科技大学, 2021.
	TANG N. Research on hardware Trojan detection technology based on physical characteristics[D]. Chengdu: University of Electronic Science and Technology of China, 2021. (in Chinese)
20	李莹, 陈岚, 周崟灏. 硬件木马旁路检测方法的影响因素研究. 计算机工程, 2019, 45 (1): 145- 152. URL
	LI Y, CHEN L, ZHOU Y H. Research on influencing factor of hardware Trojan side-channel detection method. Computer Engineering, 2019, 45 (1): 145- 152. URL
21	唐明, 伍远翔, 张尧. 基于延迟序列的硬件木马检测方法. 密码学报, 2022, 9 (6): 1109- 1123. URL
	TANG M, WU Y X, ZHANG Y. Hardware Trojan detection based on delay sequence. Journal of Cryptologic Research, 2022, 9 (6): 1109- 1123. URL
22	严迎建, 赵聪慧, 刘燕江. 基于多维结构特征的硬件木马检测技术. 电子与信息学报, 2021, 43 (8): 2128- 2139. URL
	YAN Y J, ZHAO C H, LIU Y J. Hardware Trojan detection based on multiple structural features. Journal of Electronics & Information Technology, 2021, 43 (8): 2128- 2139. URL
23	刘畅, 郭泽晖, 贺旭, 等. 时序驱动的详细布局方法. 国防科技大学学报, 2018, 40 (1): 67- 73. URL
	LIU C, GUO Z H, HE X, et al. Timing-driven method for detailed placement. Journal of National University of Defense Technology, 2018, 40 (1): 67- 73. URL
24	张启智, 赵毅强, 高雅, 等. 基于模型检测的硬件木马检测技术研究. 网络与信息安全学报, 2021, 7 (2): 57- 63. URL
	ZHANG Q Z, ZHAO Y Q, GAO Y, et al. Survey on model checking based hardware Trojan detection technology. Chinese Journal of Network and Information Security, 2021, 7 (2): 57- 63. URL
25	FAEZI S, YASAEI R, BARUA A, et al. Brain-inspired golden chip free hardware Trojan detection. IEEE Transactions on Information Forensics and Security, 2021, 16, 2697- 2708. doi: 10.1109/TIFS.2021.3062989
26	葛明慧. 基于逻辑功能分析的硬件木马设计方法研究[D]. 南京: 南京航空航天大学, 2021.
	GE M H. Research on design method of hardware Trojan based on logical function analysis[D]. Nanjing: Nanjing University of Aeronautics and Astronautics, 2021. (in Chinese)
27	黄姣英, 李胜玉, 高成, 等. 一种时序型总线硬件木马的植入与检测. 计算机工程, 2021, 47 (3): 160- 165. URL
	HUANG J Y, LI S Y, GAO C, et al. Implantation and detection of a sequential bus hardware Trojan. Computer Engineering, 2021, 47 (3): 160- 165. URL

[1]	黄姣英, 李胜玉, 高成, 杨达明. 一种时序型总线硬件木马的植入与检测[J]. 计算机工程, 2021, 47(3): 160-165.
[2]	胡涛, 佃松宜, 蒋荣华. 基于长短时记忆神经网络的硬件木马检测[J]. 计算机工程, 2020, 46(7): 110-115.
[3]	李莹,陈岚,周崟灏. 硬件木马旁路检测方法的影响因素研究[J]. 计算机工程, 2019, 45(1): 145-152.
[4]	王建新,王柏人,曲鸣,张磊. 基于改进欧式距离的硬件木马检测[J]. 计算机工程, 2017, 43(6): 92-96.
[5]	倪林,石磊,韩鹍,李少青. 基于特征匹配的IP软核硬件木马检测[J]. 计算机工程, 2017, 43(3): 176-180.
[6]	高振斌,白雪,杨松,何家骥. 基于隐马尔可夫模型的硬件木马检测方法[J]. 计算机工程, 2016, 42(9): 126-131.
[7]	赵毅强,何家骥,杨松,刘沈丰. 集成电路中硬件木马防御技术研究[J]. 计算机工程, 2016, 42(1): 128-132,137.
[8]	冯紫竹,赵毅强,刘长龙. 一种基于时序型硬件木马的IP 版权保护结构[J]. 计算机工程, 2014, 40(9): 19-22.
[9]	郑朝霞，李一帆，余良，田园，刘政林. 基于概率签名的硬件木马检测技术[J]. 计算机工程, 2014, 40(3): 18-22.
[10]	刘长龙，赵毅强，史亚峰，冯紫竹. 基于相关性分析的硬件木马检测方法[J]. 计算机工程, 2013, 39(9): 183-185,189.
[11]	邹程, 张鹏, 邓高明, 吴恒旭. 基于功率旁路泄露的硬件木马设计[J]. 计算机工程, 2011, 37(11): 135-137.

选择文件类型/文献管理软件名称

选择包含的内容