Trojan Detection using IC Fingerprinting

Pankaj Rohatgi

In this talk, I will give an overview of research activities in the Secure Software and Services Department at IBM Research and then describe in detail our recent work in using side-channel analysis to detect Trojan circuits introduced in ICs.

Hardware manufacturers are increasingly outsourcing their IC fabrication overseas due to much lower costs. This poses a significant security risk for ICs used for critical military and business applications. Attackers can exploit this loss of control to substitute Trojan ICs for genuine ones or insert a Trojan circuit into the design or mask used for fabrication. We show that a technique borrowed from side-channel cryptanalysis can be used to mitigate this problem. Our approach uses noise modeling, to construct a set of fingerprints for an IC family utilizing side-channel information such as power, temperature, and electromagnetic (EM) profiles. The set of fingerprints can be developed using a few ICs from a batch and only these ICs would have to be invasively tested to ensure that they were all authentic. The remaining ICs are verified using statistical tests against the fingerprints. We describe the theoretical framework and present preliminary experimental results to show that this approach is viable by presenting results obtained using power simulations performed on representative circuits with several different Trojan circuitry. These results show that Trojans that are 3.4 orders of magnitude smaller than the main circuit can be detected by signal processing techniques. While scaling our technique to detect even smaller Trojans in complex ICs with tens or hundreds of millions of transistors would require certain modifications to the IC design process, our results provide a starting point to address this important problem.


Pankaj Rohatgi is a Research Staff Member and the Manager of the Internet Security Group at IBM's TJ Watson Research Center. He received a B.Tech degree in Computer Science and Engineering from IIT Delhi in 1988 and a Ph.D in Computer Science from Cornell University in 1994. From 1993 to 1996 he worked at Thomson R&D Labs and at the Sun-Thomson Interactive Alliance as the security architect for the OpenTV operating system. In 1996 joined the IBM TJ Watson Research Center where he has contributed to products such as the IBM 4758 crypto co-processor and conducted research in the areas of applied cryptography, side-channel cryptanalysis, network and systems security and security for embedded systems.

14 Feburary (Wednessday) at 1630 hrs

Gates 4B (opposite 490)