

# A Side-Channel Hardware Trojan in 65nm CMOS with 2µW precision and Multi-bit Leakage Capability

<u>Tiago D. Perez and Samuel Pagliarini</u> Dpt. of Computer Systems - School of IT Tallinn University of Technology

A Side-Channel Hardware Trojan in 65nm CMOS with 2µW precision and Multi-bit Leakage Capability

# Contents

- **Overview**
- Side-Channel Trojan Design
- Trojan Insertion
- ASIC Prototype
- Conclusion

#### **Overview**

- **Goal**: demonstrate the capability of a rogue element inside an untrusted foundry
- **Motivation**: feasibility of trojan insertion during fabrication-time
- **Problem**: designing and insert such Hardware Trojan
- Novelty: using an Engineering Changing Order (ECO) for inserting the Hardware Trojan





#### **IC Design Process**





#### **IC Design Process**



#### **IC Design Process**



#### **Hardware Trojans**





Source: ICAS: an Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive Trojans Timothy, 2020, IEEE Symposium on Security and Privacy (SP). 7 Side-Channel Hardware Trojan

Target: crypto cores

Trigger: crypto core going idle. Specifically, when the "Done" signal is asserted

Payload: induce extra power consumption in a controlled manner



#### **Hardware Trojans**





Source: ICAS: an Extensible Framework for Estimating the Susceptibility of IC Layouts to Additive Trojans Timothy, 2020, IEEE Symposium on Security and Privacy (SP).

#### Side-Channel Hardware Trojan – Architecture



#### **Side-Channel Hardware Trojan – Functionality Example**



### How to insert a Hardware Trojan into a finalized layout?



□A hardware trojan can be inserted manually



A hardware trojan can be inserted manuallyTime intensive task and prone to errors



A hardware trojan can be inserted manuallyTime intensive task and prone to errors

□Re-implementing the entire design



A hardware trojan can be inserted manuallyTime intensive task and prone to errors

Re-implementing the entire design
Requires time and power constraints
Very likely to hinder victim`s design performance



A hardware trojan can be inserted manuallyTime intensive task and prone to errors

Re-implementing the entire design
Requires time and power constraints
Very likely to hinder victim`s design performance

Utilizing the Engineering Change Order flow (ECO)



A hardware trojan can be inserted manuallyTime intensive task and prone to errors

Re-implementing the entire design
Requires time and power constraints
Very likely to hinder victim`s design performance

Utilizing the Engineering Change Order flow (ECO)
Does not change the original circuit
Can be done with estimated constraints









Operating frequency can be estimated by trialand-error:

Educated guess a frequency value

Perform a timing analysis and observe the critical path

□ Repeat until the timing slack is near zero







#### **Experimental Investigation**

Benchmark circuits: AES and Present cryptocores.

Implementation parameters:
Higher density possible for minimizing empty spaces
Very challenging frequency
Low-frequency – 10% of high-frequency target



#### **Experimental Investigation – Cores implementation**

|            | Before SCT insertion |           |                         |                    |  |  |  |
|------------|----------------------|-----------|-------------------------|--------------------|--|--|--|
| Core       | Density              | Leakage   | <b>Clock Tree Power</b> | <b>Total Power</b> |  |  |  |
|            | (%)                  | $(\mu W)$ | $(\mu W)$               | $(\mu W)$          |  |  |  |
| AES@100MHz | 75                   | 75.8      | 116.7                   | 1660               |  |  |  |
| AES@1GHz   | 72                   | 1036      | 1241                    | 22610              |  |  |  |
| PST@95MHz  | 70                   | 14.09     | 31.89                   | 371.2              |  |  |  |
| PST@950MHz | 69                   | 34.13     | 329.10                  | 3785               |  |  |  |

Target Power



(Leakage + Clock Tree Power) x Designer Margin



#### **Experimental Investigation – RO Design**

| Target   | RO               | Power & RO Frequency (µW & MHz) |         |         |         |  |
|----------|------------------|---------------------------------|---------|---------|---------|--|
| core     |                  | S=00                            | S=01    | S=10    | S=11    |  |
| AES@100M | $HzRO_{D8I14}$   | 32@90                           | 27@61   | 23@46   | 20@31   |  |
| AES@1GHz | $RO_{D12I14}$    | 249@551                         | 227@483 | 198@390 | 169@300 |  |
| PST@95MH | $z RO_{D8I6}$    | 22@169                          | 19@90   | 16@46   | 13@21   |  |
| PST@950M | Hz $RO_{D10I10}$ | 30@90                           | 24@60   | 20@37   | 17@19   |  |

ND1 = 2 ND2 = 1 ND3 = 2 ND4 = 1



S=00 has 2 active delay cells S=01 has 3 active delay cells S=10 has 5 active delay cells S=11 has 6 active delay cells



#### **Experimental Investigation – Post-ECO Timing Impact**





#### Side-channel Trojan – Density Comparison





#### **ASIC Prototype**





#### Workbench Setup – AES@100MHz Example





#### Hardware Validation Measures – 28 Samples Assessd



TAL TECH

#### **Conclusions**

□ECO flow can be used for malicious reasons.

A rogue element inside a foundry has all means necessary to modify a layout using ECO.

A very precise side-channel trojan can be built with only standard cells without the need of full custom design



# 

## THANK YOU! CONTACT: TIAGO.PEREZ@TALTECH.EE