ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (1): 163-171.doi: 10.7544/issn1000-1239.2017.20150937

• 系统结构 • 上一篇    下一篇



  1. (信息物理社会可信服务计算教育部重点实验室(重庆大学) 重庆 400044) (重庆大学计算机学院 重庆 400044) (
  • 出版日期: 2017-01-01
  • 基金资助: 
    国家自然科学基金项目(61472052);国家“八六三”高技术研究发展计划基金项目(2015AA015304,2013AA013202) This work was supported by the National Natural Science Foundation of China (61472052) and the National High Technology Research and Development Program of China (863 Program)(2015AA015304, 2013AA013202).

Identifying Inactive Nets in Function Mode of Circuits

Cui Xiaotong, Zou Minhui, Wu Kaijie   

  1. (Key Laboratory of Dependable Service Computing in Cyber Physical Society (Chongqing University), Ministry of Education, Chongqing 400044) (College of Computer Science, Chongqing University, Chongqing 400044)
  • Online: 2017-01-01

摘要: 集成电路设计和制造的全球化趋势使得木马电路可以在集成电路设计制造的任何阶段被插入,这引发了对硬件安全的广泛关注.从防御者的角度出发,木马电路在宿主电路使用过程中绝大多数时间是静默无害的,但是一旦被激活就会造成如信息泄露、功能异常或系统崩溃等严重危害;从攻击者的角度出发,避免木马电路被“误触发”是其最重要的一个设计目标之一.普遍认为,电路中那些具有较低状态翻转概率的惰性节点最有可能成为木马电路的插入点.因此目前检测的主要手段之一是试图寻找到这些惰性点,以便有针对性地尝试以激活木马电路.然而,目前的方法仅专注于寻找被测电路在测试模式下的惰性点.提出了一种寻找被测电路在工作模式下的惰性点的方法.从攻击者的角度出发,两者的交集将是木马电路的最佳插入点——可以较好地避免其插入的木马电路在宿主电路的测试阶段以及试运行阶段被“误触发”.因此从防御者的角度出发,找到测试模式和工作模式下共有的惰性节点并对其进行检测,有助于有效提高检测效率.

关键词: 木马电路, 工作模式, 惰性节点, 状态翻转概率, 总状态

Abstract: The globalization trend of design and manufacture of IC raises serious concerns about hardware security since there is possibility that in each phase of design and manufacture hardware Trojan can be inserted. From the defender’s perspective, hardware Trojan in the host circuit may stay inactive for most of time but will result in disastrous consequences once activated, such as information leakage, false output, system crash, etc. As far as an attacker concerned, one of important design criteria is to prevent the Trojan circuit from being accidently activated. It is believed that inactive nets with lower switching probabilities in the circuit are more likely to be selected as the trigger signals of Trojan circuits. Hence finding these inactive nets is one of the existing countermeasures. However, current techniques only focus on finding inactive nets in test mode of the circuit. This paper proposes a method that can find inactive nets in function mode of the testing circuit. From an attacker’s point of view, the nets that are inactive in both test mode and function mode are the best candidates for Trojan triggers—it will result in the lowest probability of accidental activation of Trojan circuits in both modes. Hence for a defender, focusing on these nets will improve the efficiency of Trojan detection significantly.

Key words: hardware Trojan, function mode, inactive nets, switching probabilities of states, total states