1 186 186 186 IEEEIEEE TRANSACTIONS TRANSACTIONS ON MULTI-SCALE ON MULTI-SCALEIEEE COMPUTING TRANSACTIONS COMPUTING SYSTEMS, SYSTEMS, ON MULTI-SCALE VOL. VOL. 2, NO. 2, COMPUTING 3,NO. JULY-SEPTEMBER 3, JULY-SEPTEMBER SYSTEMS, 2016 VOL. 2016 2, NO. 3, JULY-SEPTEMBER 2016 DesignDesign andDesign and ValidationDesign Validation and and Validation for for Validation FPGA FPGA for Trust Trust for FPGA FPGA Trust Trust under underunder Hardware HardwareunderHardware Trojan Trojan Hardware Attacks Attacks Trojan Trojan Attacks Attacks Sanchita Mal-Sarkar, Member, IEEE, Robert Karam, Student Member, IEEE, SanchitaSanchita Mal-Sarkar, Mal-Sarkar,Member,Member,SeetharamSanchita IEEE IEEE Mal-Sarkar,, Robert Narasimhan,, Robert Karam, Karam,Member,Member,StudentStudent IEEE IEEEMember,, RobertMember,, Anandaroop IEEE Karam, IEEE, ,Student Ghosh, Member, Aswin Krishna, IEEE, SeetharamSeetharam Narasimhan, Narasimhan,Member,SeetharamMember, IEEEand IEEE Narasimhan,, Swarup Anandaroop, Anandaroop Bhunia,Member, Ghosh, Ghosh,Senior IEEE Member,, Anandaroop IEEE Ghosh, AswinAswin Krishna, Krishna,StudentStudent Member,Aswin Member, Krishna, IEEE IEEE, and,Student and Swarup Swarup Member, Bhunia, Bhunia, IEEESeniorSenior, and Member, Member,Swarup IEEE Bhunia, IEEE Senior Member, IEEE Abstract—Field programmable gate arrays (FPGAs) are being increasingly used in a wide range of critical applications, including industrial, automotive, medical, and military systems. Since FPGA vendors are typically fabless, it is more economical to outsource Abstract—Abstract—FieldField programmable programmable gate gateAbstract— arrays arrays (FPGAs) (FPGAs)Field areprogrammable beingare being increasingly increasingly gate arrays used used (FPGAs) in a inwide a wide are range being range of critical increasingly of critical applications, applications, used in including a wide including range of critical applications, including device production to off-shore facilities. This introduces many opportunities for the insertion of malicious alterations of FPGA Devices in industrial,industrial, automotive, automotive, medical, medical, and and militaryindustrial, military systems. automotive, systems. Since Since medical, FPGA FPGA vendors and vendors military are typically are systems. typically fabless, Since fabless, it FPGA is moreit is vendors more economical economical are typically to outsource to outsource fabless, it is more economical to outsource the foundry, referred to as hardware Trojan attacks, that can cause logical and physical malfunctions during field operation. The devicedevice production production to off-shore to off-shore facilities. facilities.device This Thisproduction introduces introduces to many off-shore many opportunities opportunities facilities. for This the for introduces insertionthe insertion of many malicious of malicious opportunities alterations alterations for ofthe FPGA insertionof FPGA devices ofdevices malicious alterations of FPGA devices vulnerability of these devices to hardware attacks raises serious security concerns regarding hardware and design assurance. In this in thein foundry, the foundry, referred referred to as to hardware as hardwarein Trojan the Trojan foundry, attacks, attacks, referred that that can to can ascause hardware cause logical logical Trojan and and physical attacks, physical malfunctions that malfunctions can cause during logical during field and field operation. physical operation. The malfunctions The during field operation. The paper, we present a taxonomy of FPGA-specific hardware Trojan attacks based on activation and payload characteristics along with vulnerabilityvulnerability of these of these devices devices to hardware to hardwarevulnerability attacks attacks of raises these raises serious devices serious security to security hardware concerns concerns attacks regarding regardingraises hardware serious hardware security and and design concerns design assurance. assurance. regarding In this hardware In this and design assurance. In this paper,paper, we present we present a taxonomy a taxonomy of FPGA-specific ofTrojanpaper, FPGA-specific models we present hardware that hardware acan taxonomy Trojan be Trojan inserted attacks of attacks FPGA-specific by based an based attacker. on activation on hardware activation We also and Trojan present and payload payload attacks an characteristics efficient basedcharacteristics Trojanon activation along detection along with and with method payload for characteristics FPGA based along on a with TrojanTrojan models models that that can canbe inserted be inserted bycombinedTrojan an by attacker. an models attacker. approach We that alsoWe can of also present logic-testing be present inserted an efficient an by and efficient an side-channel attacker. Trojan Trojan detection We detection analysis.also method present method Finally, for an FPGA efficient for we FPGA propose based Trojan based on a detection novel a on combined a design combined method approach, for FPGA referred based to on as a Adapted combined approachapproach of logic-testing of logic-testing and and side-channel side-channelTripleapproach Modular analysis. ofanalysis. logic-testing Redundancy Finally, Finally, we and propose we (ATMR), side-channel propose a to novel areliably novel analysis.design designprotect approach, Finally, approach, against we referred Trojan propose referred to circuits asa to novel Adapted as of Adapted design varying Triple approach, Triple forms in FPGA referred devices. to as Adapted We compare Triple ATMR ModularModular Redundancy Redundancy (ATMR), (ATMR), to reliably towithModular reliably the protect conventional protectRedundancy against against Trojan TMR (ATMR), Trojan approach.circuits circuits to reliably of varying The of varying protect results forms againstforms demonstrate in FPGA in Trojan FPGA devices. the circuits devices. advantages We of compareWe varying compare of formsATMR ATMR ATMR in over with FPGA with TMRthe devices. the with respect We compare to power ATMR overhead, with the conventionalconventional TMR TMR approach. approach. The The resultswhileconventional results demonstrate maintaining demonstrate TMR the the approach.same advantages the advantages or The higher ofresults ATMR level of ATMR demonstrate of over security over TMR TMR withand the with respectperformancesadvantages respect to power to of poweras ATMR overhead, TMR. overhead, over Further TMR while while withimprovement respect to in power overhead overhead, associated while with maintainingmaintaining the samethe same or higher or higher level levelATMR ofmaintaining security of is security achieved and the and performances same by performances exploiting or higher as reconfigurationlevel TMR. as TMR.of Further security Further improvement and and improvement time-sharingperformances in overhead in of as overhead resources. TMR. associated Further associated improvement with with ATMR ATMR is in overheadis associated with ATMR is achievedachieved by exploiting by exploiting reconfiguration reconfigurationachieved and and time-sharing bytime-sharing exploiting of resources. reconfiguration of resources. and time-sharing of resources.! Ç Ç Ç 1I1INTRODUCTIONNTRODUCTION 1INTRODUCTION and secure processing due to the efficient implementation IELDIELDprogrammableprogrammable gate gate arraysField arraysIELD programmable(FPGA)programmable (FPGA) are are integrated integratedgate gate arrays arraysPrevious (FPGA) (FPGA)Previous research are are research integrated on on programmable programmableofPrevious cryptographic logic research logic devices algorithms. devices on programmablehas has The growing logic use devicesof FPGAs has in FFcircuitscircuits (IC), (IC), consisting consisting ofFcircuits, an of ancircuitsarray array consisting of (IC), logic of logic consisting blocks of blocks an and array of and anprimarily arrayofprimarily logic of focused logic blocks focused blocks on and tappingon and dis- tapping theirprimarilydiverse their potential potential and focused critical for forimplement- on implement- applicationstapping their has potential motivated for implement- designers distributeddistributed interconnect interconnect structure, structure,distributedtributed which interconnect which interconnect can can be structure, be pro- structure, pro-ing whiching signal which can signal processingbe can programmedprocessing be algorithms,pro- algorithms,ingto consider signal building building processing the reconfigurable security reconfigurable algorithms, of these devices. building In reconfigurable this context, grammedgrammed and andreprogrammedreprogrammedgrammedand re severalprogrammed several and timesre timesprogrammed several post- post- timessystems,systems, severalpost-manufacturing and and times for for applications applications post- to systems,security in ain wide a refers and wide range forto range protecting applications of usageof usage against in a Intellectual wide range Property of usage (IP) manufacturingmanufacturing to implement to implement logicmanufacturingimplement logic functions. functions. logic to Early functions. implement Early FPGAs FPGAs Early logicdomains, FPGAsdomains, functions. including were including Early used satellite,FPGAs only satellite, automotive,domains,Piracy, automotive, due including andto the and military substantial military satellite, sys- sys- automotive, financial investment and military involved sys- werewere used used only only as as prototypes prototypeswereas prototypes for used for implementing implementing only for