Abstract
The Internet-of-Things (IoT) has emerged as one of the most innovative multidisciplinary paradigms combining heterogeneous sensors, software architectures, embedded hardware systems, and data analytics. With the growth in deployment of IoT systems, security of the sensors and trustworthiness of the data exchanged is of paramount significance. IoT security approaches are derived from the vulnerabilities existing in cyber-physical systems (CPS) and the countermeasures designed against them. This paper surveys the vulnerabilities posed due to the presence of hardware Trojans in such IoT-based CPS. The threats, trigger points, detection methods, and countermeasures for targeting hardware Trojans are discussed in detail. Finally, some of the new emerging security challenges and countermeasures are addressed.
Similar content being viewed by others
References
Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: Mirai and other Botnets. Computer 50(7):80–84
SentinelOne (2016) New Trojan virus is targeting IoT devices. November. [Online]. Available: https://www.csoonline.com/article/3134720/security/new-trojan-virus-is-targeting-iot-devices.html
Ghoshal A (2017) Hackers use ransomware to target hotel guests’ door locks. February. [Online]. Available: https://thenextweb.com/security/2017/01/30/hackers-use-ransomware-to-lock-hotel-guests-in-their-rooms/
Bianco D The pyramid of pain. [Online]. Available: http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
Cisco (2014) The internet of things reference model. [Online]. Available: http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_Paper_June_4_2014.pdf
Tehranipoor M, Koushanfar F (2010) A survey of hardware Trojan taxonomy and detection. IEEE Des Test Comput 27(1):10–25
Beaumont M, Hopkins B, Newby T (2011) Hardware Trojans-prevention, detection, countermeasures: a literature review) DTIC Document. Tech. Rep.
Suri N, Tortonesi M, Michaelis J, Budulas P, Benincasa G, Russell S, Stefanelli C, Winkler R (2016) Analyzing the applicability of Internet of Things to the battlefield environment in. In: 2016 international conference on military communications and information systems (ICMCIS), pp 1–8
Karri R, Rajendran J, Rosenfeld K, Tehranipoor M (2010) Trustworthy hardware: identifying and classifying hardware Trojans. Computer 43(10):39–46
Wang X, Tehranipoor M, Plusquellic J (2008) Detecting malicious inclusions in secure hardware: challenges and solutions. In: IEEE international workshop on hardware-oriented security and trust, 2008. HOST 2008, pp 15–19
Rajendran J, Gavas E, Jimenez J, Padman V, Karri R (2010) Towards a comprehensive and systematic classification of hardware Trojans. In: Proceedings of 2010 IEEE international symposium on circuits and systems (ISCAS), pp 1871–1874
Lin L, Burleson W, Paar C (2009) MOLES: malicious off-chip leakage enabled by side-channels. In: Proceedings of the 2009 international conference on computer-aided design, ser. ICCAD ’09. ACM, New York, pp 117–122. [Online]. Available: https://doi.org/10.1145/1687399.1687425
Jin Y, Kupp N, Makris Y (2009) Experiences in hardware Trojan design and implementation. In: IEEE international workshop on hardware-oriented security and trust, 2009 HOST ’09, pp 50–57
Jin Y, Makris Y (2010) Hardware Trojans in wireless cryptographic ICs. IEEE Des Test Comput 27(1):26–35
Adee S (2008) The hunt for the kill switch. IEEE Spectr 45(5):34–39
Wolff F, Papachristou C, Bhunia S, Chakraborty R (2008) Towards Trojan-free trusted ICs: problem analysis and detection scheme. In: Design, automation and test in Europe, 2008 DATE ’08, pp 1362–1365
Chakraborty R, Narasimhan S, Bhunia S (2009) Hardware Trojan: threats and emerging solutions. In: High level design validation and test workshop, 2009. HLDVT 2009. IEEE International, pp 166–171
Agrawal D, Baktir S, Karakoyunlu D, Rohatgi P, Sunar B (2007) Trojan detection using IC fingerprinting. In: IEEE symposium on security and privacy, 2007. SP ’07, pp 296–310
King ST, Tucek J, Cozzie A, Grier C, Jiang W, Zhou Y (2008) Designing and implementing malicious hardware. LEET 8:1–8
Shiyanovskii Y, Wolff F, Papachristou C, Weyer D, Clay W Exploiting semiconductor properties for hardware Trojans 06 2009. [Online]. Available: arXiv:0906.3834
Chen Z, Guo X, Nagesh R, Reddy A, Gora M, Maiti A (2008) Hardware Trojan designs on BASYS FPGA board. In: Embedded system challenge contest in Cyber Security Awareness Week-CSAW. [Online]. Available: http://isis.poly.edu/esc/2008/Reports/vt.pdf
Waksman A, Sethumadhavan S (2011) Silencing hardware backdoors. In: 2011 IEEE symposium on security and privacy (SP), pp 49–63
Yang K, Hicks M, Dong Q, Austin T, Sylvester D (2016) A2: analog malicious hardware. In: 2016 IEEE symposium on security and privacy (SP), pp 18–37
Shila DM, Venugopal V (2014) Design, implementation and security analysis of hardware Trojan threats in FPGA. In: IEEE international conference on communications (ICC), pp 719–724
Shila DM, Venugopalan V, Patterson CD (2015) Unraveling the security puzzle: a distributed framework to build trust in FPGAs in network and system security, ser. Lecture Notes in Computer Science, vol 9408. Springer International Publishing, pp 95–111
Venugopalan V, Patterson CD, Shila D (2016) Detecting and thwarting hardware Trojan attacks in cyber-physical systems. In: 2016 IEEE conference on communications and network security (CNS): international workshop on cyber-physical systems security (CPS-Sec), pp 421–425
Venugopalan V (2017) Enhancing trust in reconfigurable hardware systems. Ph.D. dissertation, Bradley Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg
Skorobogatov S (2012) Introduction to hardware security and trust. Springer, New York. ch. Physical attacks and tamper resistance, pp 143–173. [Online]. Available: https://doi.org/10.1007/978-1-4419-8080-9_7
Hicks M, Finnicum M, King ST, Martin M, Smith JM (2010) 2010 IEEE symposium on overcoming an untrusted computing base: detecting and removing malicious hardware automatically. In: 2010 IEEE symposium on security and privacy (SP). IEEE, pp 159–172
Sturton C, Hicks M, Wagner D, King S (2011) Defeating UCI: building stealthy and malicious hardware. In: 2011 IEEE symposium on security and privacy (SP), pp 64–77
Waksman A, Suozzo M, Sethumadhavan S (2013) FANCI: identification of stealthy malicious logic using Boolean functional analysis. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security. ACM, pp 697–708
El Defrawy K, Francillon A, Perito D, Tsudik G (2012) SMART: secure and minimal architecture for (establishing a dynamic) root of trust. In: Proceedings of the network & distributed system security symposium (NDSS), San Diego
Zhang J, Yuan F, Wei L, Sun Z, Xu Q (2013) VeriTrust: verification for hardware trust. In: Proceedings of the 50th annual design automation conference. ACM, p 61
Zhang J, Yuan F, Xu Q (2014) DeTrust: defeating hardware trust verification with stealthy implicitly-triggered hardware Trojans. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, ser. CCS ’14. ACM, New York, pp 153–166. [Online]. Available: https://doi.org/10.1145/2660267.2660289
Venugopalan V, Patterson CD (2017) Architectural refinements for enhancing trust and securing cyber-physical systems. In: IEEE international conference on advanced and trusted computing (ATC), San Francisco, pp 1509–1516
Haider SK, Jin C, Ahmad M, Shila D, Khan O, van Dijk M (2017) Advancing the state-of-the-art in hardware Trojans detection. IEEE Trans Depend Secure Comput PP(99):1–1
Salmani H (2017) COTD: reference-free hardware Trojan detection and recovery based on controllability and observability in gate-level netlist. IEEE Trans Inf Forens Secur 12(2):338–350
Sethumadhavan S, Waksman A, Suozzo M, Huang Y, Eum J (2015) Trustworthy hardware from untrusted components. Commun ACM 58(9):60–71
Koushanfar F, Karri R (2014) Can the SHIELD protect our integrated circuits?. In: 2014 IEEE 57th international midwest symposium on circuits and systems (MWSCAS). IEEE, pp 350–353
Love E, Jin Y, Makris Y (2011) Enhancing security via provably trustworthy hardware intellectual property. In: 2011 IEEE international symposium on hardware-oriented security and trust (HOST). IEEE, pp 12–17
Abramovici M, Bradley P (2009) Integrated circuit security: new threats and solutions. In: Proceedings of the 5th annual workshop on cyber security and information intelligence research: cyber security and information intelligence challenges and strategies, ser. CSIIRW ’09. ACM, New York, pp 55:1–55:3. [Online]. Available: https://doi.org/10.1145/1558607.1558671
McIntyre D, Wolff F, Papachristou C, Bhunia S, Weyer D (2009) Dynamic evaluation of hardware trust. In: IEEE international workshop on hardware-oriented security and trust, 2009 HOST ’09, pp 108–111
Huffmire T, Brotherton B, Wang G, Sherwood T, Kastner R, Levin T, Nguyen T, Irvine C (2007) Moats and drawbridges: an isolation primitive for reconfigurable hardware based systems. In: IEEE symposium on security and privacy, 2007 SP ’07, pp 281–295
Huffmire T, Sherwood T, Kastner R, Levin T (2008) Enforcing memory policy specifications in reconfigurable hardware. Comput Secur 27(5):197–215
Huffmire T, Levin T, Nguyen T, Irvine C, Brotherton B, Wang G, Sherwood T, Kastner R (2010) Security primitives for reconfigurable hardware-based systems. ACM Trans Reconfigurable Technol Syst (TRETS) 3(2):10
Banga M, Hsiao M (2009) A novel sustained vector technique for the detection of hardware Trojans. In: 2009 22nd international conference on VLSI Design, pp 327–332
Jin Y, Makris Y (2008) Hardware Trojan detection using path delay fingerprint. In: IEEE international workshop on hardware-oriented security and trust, 2008. HOST 2008. IEEE, pp 51–57
Potkonjak M, Nahapetian A, Nelson M, Massey T (2009) Hardware Trojan horse detection using gate-level characterization. In: Design automation conference, 2009. DAC’09. 46th ACM/IEEE. IEEE, pp 688–693
Zick KM, Hayes JP (2012) Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Trans Reconfigurable Technol Syst 5(1):1:1–1:26. [Online]. Available: https://doi.org/10.1145/2133352.2133353
Kim L-W, Villasenor J, Koc C (2009) A Trojan-resistant system-on-chip bus architecture. In: Military communications conference, 2009. MILCOM 2009. IEEE, pp 1–6
Das A, Memik G, Zambreno J, Choudhary A (2010) Detecting/preventing information leakage on the memory bus due to malicious hardware. In: Design, automation test in europe conference exhibition (DATE), 2010, pp 861–866
Trimberger S (2007) Trusted design in FPGAs. In: Proceedings of the 44th annual design automation conference, ser. DAC ’07. ACM, New York, pp 5–8. [Online]. Available: https://doi.org/10.1145/1278480.1278483
Webb JB (2006) Methods for securing the integrity of FPGA configurations. Master’s thesis, Virginia Polytechnic Institute and State University
Baumgarten A, Tyagi A, Zambreno J (2010) Preventing IC piracy using reconfigurable logic barriers. IEEE Des Test Comput 27(1):66–75
Chakraborty R, Bhunia S (2009) Security against hardware Trojan through a novel application of design obfuscation. In: IEEE/ACM international conference on computer-aided design—digest of technical papers, 2009. ICCAD 2009, pp 113–116
Chakraborty R, Saha I, Palchaudhuri A, Naik G (2013) Hardware Trojan insertion by direct modification of FPGA configuration bitstream. IEEE Des Test 30(2):45–54
Mal-Sarkar S, Krishna A, Ghosh A, Bhunia S (2014) Hardware Trojan attacks in FPGA devices: threat analysis and effective counter measures. In: Proceedings of the 24th edition of the Great Lakes symposium on VLSI, ser. GLSVLSI ’14. ACM, New York, pp 287–292. [Online]. Available: https://doi.org/10.1145/2591513.2591520
Hardjono T, Smith N (2016) Cloud-based commissioning of constrained devices using permissioned blockchains. In: Proceedings of the 2nd ACM international workshop on IoT privacy, trust, and security, ser. IoTPTS ’16. ACM, New York, pp 29–36. [Online]. Available: https://doi.org/10.1145/2899007.2899012
Banafa A (2016) How to secure the internet of things (IoT) with blockchain. [Online]. Available: https://datafloq.com/read/securing-internet-of-things-iot-with-blockchain/2228
Kuchler H (2016) Cyber attacks raise questions about blockchain security. September [Online]. Available: https://www.ft.com/content/05b5efa4-7382-11e6-bf48-b372cdb1043a
Cárdenas AA, Amin S, Sastry S (2008) Research challenges for the security of control systems. In: Proceedings of the 3rd conference on hot topics in security, ser. HOTSEC’08. USENIX Association, Berkeley, pp 6:1–6:6
Mo Y, Sinopoli B (2009) Secure control against replay attacks. In: 2009 47th annual Allerton conference on communication, control, and computing (Allerton), pp 911–918
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Venugopalan, V., Patterson, C.D. Surveying the Hardware Trojan Threat Landscape for the Internet-of-Things. J Hardw Syst Secur 2, 131–141 (2018). https://doi.org/10.1007/s41635-018-0037-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41635-018-0037-2