TruDetect: Trustworthy Deep-Learning based Hardware Trojan Detection

TruDetect：值得信赖的基于深度学习的硬件木马检测

• 批准号: EP/X036960/1
• 负责人: Máire O'Neill
• 金额: $ 112.27万
• 依托单位: Queen's University Belfast
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2023
• 资助国家: 英国
• 起止时间: 2023 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FX036960%2F1
• 关键词: TruDetect; Trustworthy; Deep; Learning; based

The modern semiconductor supply chain uses overseas foundries, third-party IP and third-party test facilities. However, with so many different untrusted entities, this design and fabrication outsourcing has exposed silicon chips to a range of hardware-based security threats such as counterfeiting, IP piracy, reverse engineering and hardware Trojans (HT).A hardware Trojan is a malicious modification of a circuit in order to control, modify, disable, monitor or affect the operation of the circuit. Although there have been no public reports of HTs detected in practice, in 2020, the cybersecurity company F-Secure published a report on their investigation into a pair of counterfeit Cisco Catalyst 2960-X series switches . While these devices did not have back-door functionality, they did employ measures to bypass processes that authenticate system components and F-Secure stated that motivated attackers use the same approach to insert hardware trojans to stealthily backdoor companies.Such hardware threats are major security threats for safety-critical and embedded systems applications, for e.g in the medical, automotive or transport sectors. Due to the nature of this clandestine industry, it is very difficult to ascertain the true scale of the problem. However, in recent years both the sovereignty and cyber security of the semiconductor supply chain have become significant concerns for many countries.The recently published EU Cyber Resilience Act (September 2022) outlines essential cybersecurity requirements for products with digital elements and states that such produced ''shall be delivered without any known exploitable vulnerabilities'. In addition, the 2022 National Cyber Strategy 2022 outlines the need to 'ensure that wherever possible the next generation of connected technologies are designed, developed and deployed with security and resilience in mind and ... embrace a 'secure by design' approach'.The overall goal of the TruDetect project is to develop a trustworthy DL-based HT detection system that can be easily integrated into a security verification framework in EDA tools. This will include the design of novel countermeasures that ensure trustworthiness of the DL-based HT detection system against adversarial HTs and the use of Explainable AI to offer a comprehensive analysis of the DL system behaviour.

现代半导体供应链使用海外代工厂、第三方IP和第三方测试设施。然而，由于有如此多不同的不可信实体，这种设计和制造外包使硅芯片面临一系列基于硬件的安全威胁，如假冒、IP盗版、反向工程和硬件特洛伊木马(HT)。硬件特洛伊木马是对电路的恶意修改，以控制、修改、禁用、监视或影响电路的运行。虽然在实践中还没有检测到HTS的公开报告，但在2020年，网络安全公司F-Secure发布了一份关于他们对一对假冒Cisco Catalyst 2960-X系列交换机的调查报告。虽然这些设备没有后门功能，但它们确实采用了绕过验证系统组件的过程的措施，F-Secure表示，动机相同的攻击者使用相同的方法插入硬件特洛伊木马到秘密的后门公司。这些硬件威胁是安全关键型和嵌入式系统应用程序的主要安全威胁，例如在医疗、汽车或交通领域。由于这一秘密行业的性质，很难确定问题的真正规模。然而，近年来，半导体供应链的主权和网络安全已成为许多国家的重大担忧。最近发布的欧盟网络弹性法案(2022年9月)概述了对带有数字元素的产品的基本网络安全要求，并规定此类产品的交付应没有任何已知的可利用漏洞。此外，《2022年国家网络战略2022年》概述了这样的需求：在可能的情况下，确保在设计、开发和部署下一代互联技术时考虑到安全性和弹性，并……采用一种‘设计安全’的方法。TruDetect项目的总体目标是开发一种可靠的基于DL的HT检测系统，该系统可以很容易地集成到EDA工具中的安全验证框架中。这将包括设计新的对策，以确保基于DL的HT检测系统针对敌对HTS的可信性，并使用可解释的人工智能来提供对DL系统行为的全面分析。