Skip to main content
Log in

Surveying the Hardware Trojan Threat Landscape for the Internet-of-Things

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

The Internet-of-Things (IoT) has emerged as one of the most innovative multidisciplinary paradigms combining heterogeneous sensors, software architectures, embedded hardware systems, and data analytics. With the growth in deployment of IoT systems, security of the sensors and trustworthiness of the data exchanged is of paramount significance. IoT security approaches are derived from the vulnerabilities existing in cyber-physical systems (CPS) and the countermeasures designed against them. This paper surveys the vulnerabilities posed due to the presence of hardware Trojans in such IoT-based CPS. The threats, trigger points, detection methods, and countermeasures for targeting hardware Trojans are discussed in detail. Finally, some of the new emerging security challenges and countermeasures are addressed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Kolias C, Kambourakis G, Stavrou A, Voas J (2017) DDoS in the IoT: Mirai and other Botnets. Computer 50(7):80–84

    Article  Google Scholar 

  2. SentinelOne (2016) New Trojan virus is targeting IoT devices. November. [Online]. Available: https://www.csoonline.com/article/3134720/security/new-trojan-virus-is-targeting-iot-devices.html

  3. Ghoshal A (2017) Hackers use ransomware to target hotel guests’ door locks. February. [Online]. Available: https://thenextweb.com/security/2017/01/30/hackers-use-ransomware-to-lock-hotel-guests-in-their-rooms/

  4. Bianco D The pyramid of pain. [Online]. Available: http://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html

  5. Cisco (2014) The internet of things reference model. [Online]. Available: http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_Paper_June_4_2014.pdf

  6. Tehranipoor M, Koushanfar F (2010) A survey of hardware Trojan taxonomy and detection. IEEE Des Test Comput 27(1):10–25

    Article  Google Scholar 

  7. Beaumont M, Hopkins B, Newby T (2011) Hardware Trojans-prevention, detection, countermeasures: a literature review) DTIC Document. Tech. Rep.

  8. Suri N, Tortonesi M, Michaelis J, Budulas P, Benincasa G, Russell S, Stefanelli C, Winkler R (2016) Analyzing the applicability of Internet of Things to the battlefield environment in. In: 2016 international conference on military communications and information systems (ICMCIS), pp 1–8

  9. Karri R, Rajendran J, Rosenfeld K, Tehranipoor M (2010) Trustworthy hardware: identifying and classifying hardware Trojans. Computer 43(10):39–46

    Article  Google Scholar 

  10. Wang X, Tehranipoor M, Plusquellic J (2008) Detecting malicious inclusions in secure hardware: challenges and solutions. In: IEEE international workshop on hardware-oriented security and trust, 2008. HOST 2008, pp 15–19

  11. Rajendran J, Gavas E, Jimenez J, Padman V, Karri R (2010) Towards a comprehensive and systematic classification of hardware Trojans. In: Proceedings of 2010 IEEE international symposium on circuits and systems (ISCAS), pp 1871–1874

  12. Lin L, Burleson W, Paar C (2009) MOLES: malicious off-chip leakage enabled by side-channels. In: Proceedings of the 2009 international conference on computer-aided design, ser. ICCAD ’09. ACM, New York, pp 117–122. [Online]. Available: https://doi.org/10.1145/1687399.1687425

  13. Jin Y, Kupp N, Makris Y (2009) Experiences in hardware Trojan design and implementation. In: IEEE international workshop on hardware-oriented security and trust, 2009 HOST ’09, pp 50–57

  14. Jin Y, Makris Y (2010) Hardware Trojans in wireless cryptographic ICs. IEEE Des Test Comput 27(1):26–35

    Article  Google Scholar 

  15. Adee S (2008) The hunt for the kill switch. IEEE Spectr 45(5):34–39

    Article  Google Scholar 

  16. Wolff F, Papachristou C, Bhunia S, Chakraborty R (2008) Towards Trojan-free trusted ICs: problem analysis and detection scheme. In: Design, automation and test in Europe, 2008 DATE ’08, pp 1362–1365

  17. Chakraborty R, Narasimhan S, Bhunia S (2009) Hardware Trojan: threats and emerging solutions. In: High level design validation and test workshop, 2009. HLDVT 2009. IEEE International, pp 166–171

  18. Agrawal D, Baktir S, Karakoyunlu D, Rohatgi P, Sunar B (2007) Trojan detection using IC fingerprinting. In: IEEE symposium on security and privacy, 2007. SP ’07, pp 296–310

  19. King ST, Tucek J, Cozzie A, Grier C, Jiang W, Zhou Y (2008) Designing and implementing malicious hardware. LEET 8:1–8

    Google Scholar 

  20. Shiyanovskii Y, Wolff F, Papachristou C, Weyer D, Clay W Exploiting semiconductor properties for hardware Trojans 06 2009. [Online]. Available: arXiv:0906.3834

  21. Chen Z, Guo X, Nagesh R, Reddy A, Gora M, Maiti A (2008) Hardware Trojan designs on BASYS FPGA board. In: Embedded system challenge contest in Cyber Security Awareness Week-CSAW. [Online]. Available: http://isis.poly.edu/esc/2008/Reports/vt.pdf

  22. Waksman A, Sethumadhavan S (2011) Silencing hardware backdoors. In: 2011 IEEE symposium on security and privacy (SP), pp 49–63

  23. Yang K, Hicks M, Dong Q, Austin T, Sylvester D (2016) A2: analog malicious hardware. In: 2016 IEEE symposium on security and privacy (SP), pp 18–37

  24. Shila DM, Venugopal V (2014) Design, implementation and security analysis of hardware Trojan threats in FPGA. In: IEEE international conference on communications (ICC), pp 719–724

  25. Shila DM, Venugopalan V, Patterson CD (2015) Unraveling the security puzzle: a distributed framework to build trust in FPGAs in network and system security, ser. Lecture Notes in Computer Science, vol 9408. Springer International Publishing, pp 95–111

  26. Venugopalan V, Patterson CD, Shila D (2016) Detecting and thwarting hardware Trojan attacks in cyber-physical systems. In: 2016 IEEE conference on communications and network security (CNS): international workshop on cyber-physical systems security (CPS-Sec), pp 421–425

  27. Venugopalan V (2017) Enhancing trust in reconfigurable hardware systems. Ph.D. dissertation, Bradley Department of Electrical and Computer Engineering, Virginia Tech, Blacksburg

  28. Skorobogatov S (2012) Introduction to hardware security and trust. Springer, New York. ch. Physical attacks and tamper resistance, pp 143–173. [Online]. Available: https://doi.org/10.1007/978-1-4419-8080-9_7

    Google Scholar 

  29. Hicks M, Finnicum M, King ST, Martin M, Smith JM (2010) 2010 IEEE symposium on overcoming an untrusted computing base: detecting and removing malicious hardware automatically. In: 2010 IEEE symposium on security and privacy (SP). IEEE, pp 159–172

  30. Sturton C, Hicks M, Wagner D, King S (2011) Defeating UCI: building stealthy and malicious hardware. In: 2011 IEEE symposium on security and privacy (SP), pp 64–77

  31. Waksman A, Suozzo M, Sethumadhavan S (2013) FANCI: identification of stealthy malicious logic using Boolean functional analysis. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security. ACM, pp 697–708

  32. El Defrawy K, Francillon A, Perito D, Tsudik G (2012) SMART: secure and minimal architecture for (establishing a dynamic) root of trust. In: Proceedings of the network & distributed system security symposium (NDSS), San Diego

  33. Zhang J, Yuan F, Wei L, Sun Z, Xu Q (2013) VeriTrust: verification for hardware trust. In: Proceedings of the 50th annual design automation conference. ACM, p 61

  34. Zhang J, Yuan F, Xu Q (2014) DeTrust: defeating hardware trust verification with stealthy implicitly-triggered hardware Trojans. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, ser. CCS ’14. ACM, New York, pp 153–166. [Online]. Available: https://doi.org/10.1145/2660267.2660289

  35. Venugopalan V, Patterson CD (2017) Architectural refinements for enhancing trust and securing cyber-physical systems. In: IEEE international conference on advanced and trusted computing (ATC), San Francisco, pp 1509–1516

  36. Haider SK, Jin C, Ahmad M, Shila D, Khan O, van Dijk M (2017) Advancing the state-of-the-art in hardware Trojans detection. IEEE Trans Depend Secure Comput PP(99):1–1

    Article  Google Scholar 

  37. Salmani H (2017) COTD: reference-free hardware Trojan detection and recovery based on controllability and observability in gate-level netlist. IEEE Trans Inf Forens Secur 12(2):338–350

    Article  Google Scholar 

  38. Sethumadhavan S, Waksman A, Suozzo M, Huang Y, Eum J (2015) Trustworthy hardware from untrusted components. Commun ACM 58(9):60–71

    Article  Google Scholar 

  39. Koushanfar F, Karri R (2014) Can the SHIELD protect our integrated circuits?. In: 2014 IEEE 57th international midwest symposium on circuits and systems (MWSCAS). IEEE, pp 350–353

  40. Love E, Jin Y, Makris Y (2011) Enhancing security via provably trustworthy hardware intellectual property. In: 2011 IEEE international symposium on hardware-oriented security and trust (HOST). IEEE, pp 12–17

  41. Abramovici M, Bradley P (2009) Integrated circuit security: new threats and solutions. In: Proceedings of the 5th annual workshop on cyber security and information intelligence research: cyber security and information intelligence challenges and strategies, ser. CSIIRW ’09. ACM, New York, pp 55:1–55:3. [Online]. Available: https://doi.org/10.1145/1558607.1558671

  42. McIntyre D, Wolff F, Papachristou C, Bhunia S, Weyer D (2009) Dynamic evaluation of hardware trust. In: IEEE international workshop on hardware-oriented security and trust, 2009 HOST ’09, pp 108–111

  43. Huffmire T, Brotherton B, Wang G, Sherwood T, Kastner R, Levin T, Nguyen T, Irvine C (2007) Moats and drawbridges: an isolation primitive for reconfigurable hardware based systems. In: IEEE symposium on security and privacy, 2007 SP ’07, pp 281–295

  44. Huffmire T, Sherwood T, Kastner R, Levin T (2008) Enforcing memory policy specifications in reconfigurable hardware. Comput Secur 27(5):197–215

    Article  Google Scholar 

  45. Huffmire T, Levin T, Nguyen T, Irvine C, Brotherton B, Wang G, Sherwood T, Kastner R (2010) Security primitives for reconfigurable hardware-based systems. ACM Trans Reconfigurable Technol Syst (TRETS) 3(2):10

    Google Scholar 

  46. Banga M, Hsiao M (2009) A novel sustained vector technique for the detection of hardware Trojans. In: 2009 22nd international conference on VLSI Design, pp 327–332

  47. Jin Y, Makris Y (2008) Hardware Trojan detection using path delay fingerprint. In: IEEE international workshop on hardware-oriented security and trust, 2008. HOST 2008. IEEE, pp 51–57

  48. Potkonjak M, Nahapetian A, Nelson M, Massey T (2009) Hardware Trojan horse detection using gate-level characterization. In: Design automation conference, 2009. DAC’09. 46th ACM/IEEE. IEEE, pp 688–693

  49. Zick KM, Hayes JP (2012) Low-cost sensing with ring oscillator arrays for healthier reconfigurable systems. ACM Trans Reconfigurable Technol Syst 5(1):1:1–1:26. [Online]. Available: https://doi.org/10.1145/2133352.2133353

    Article  Google Scholar 

  50. Kim L-W, Villasenor J, Koc C (2009) A Trojan-resistant system-on-chip bus architecture. In: Military communications conference, 2009. MILCOM 2009. IEEE, pp 1–6

  51. Das A, Memik G, Zambreno J, Choudhary A (2010) Detecting/preventing information leakage on the memory bus due to malicious hardware. In: Design, automation test in europe conference exhibition (DATE), 2010, pp 861–866

  52. Trimberger S (2007) Trusted design in FPGAs. In: Proceedings of the 44th annual design automation conference, ser. DAC ’07. ACM, New York, pp 5–8. [Online]. Available: https://doi.org/10.1145/1278480.1278483

  53. Webb JB (2006) Methods for securing the integrity of FPGA configurations. Master’s thesis, Virginia Polytechnic Institute and State University

  54. Baumgarten A, Tyagi A, Zambreno J (2010) Preventing IC piracy using reconfigurable logic barriers. IEEE Des Test Comput 27(1):66–75

    Article  Google Scholar 

  55. Chakraborty R, Bhunia S (2009) Security against hardware Trojan through a novel application of design obfuscation. In: IEEE/ACM international conference on computer-aided design—digest of technical papers, 2009. ICCAD 2009, pp 113–116

  56. Chakraborty R, Saha I, Palchaudhuri A, Naik G (2013) Hardware Trojan insertion by direct modification of FPGA configuration bitstream. IEEE Des Test 30(2):45–54

    Article  Google Scholar 

  57. Mal-Sarkar S, Krishna A, Ghosh A, Bhunia S (2014) Hardware Trojan attacks in FPGA devices: threat analysis and effective counter measures. In: Proceedings of the 24th edition of the Great Lakes symposium on VLSI, ser. GLSVLSI ’14. ACM, New York, pp 287–292. [Online]. Available: https://doi.org/10.1145/2591513.2591520

  58. Hardjono T, Smith N (2016) Cloud-based commissioning of constrained devices using permissioned blockchains. In: Proceedings of the 2nd ACM international workshop on IoT privacy, trust, and security, ser. IoTPTS ’16. ACM, New York, pp 29–36. [Online]. Available: https://doi.org/10.1145/2899007.2899012

  59. Banafa A (2016) How to secure the internet of things (IoT) with blockchain. [Online]. Available: https://datafloq.com/read/securing-internet-of-things-iot-with-blockchain/2228

  60. Kuchler H (2016) Cyber attacks raise questions about blockchain security. September [Online]. Available: https://www.ft.com/content/05b5efa4-7382-11e6-bf48-b372cdb1043a

  61. Cárdenas AA, Amin S, Sastry S (2008) Research challenges for the security of control systems. In: Proceedings of the 3rd conference on hot topics in security, ser. HOTSEC’08. USENIX Association, Berkeley, pp 6:1–6:6

  62. Mo Y, Sinopoli B (2009) Secure control against replay attacks. In: 2009 47th annual Allerton conference on communication, control, and computing (Allerton), pp 911–918

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Vivek Venugopalan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Venugopalan, V., Patterson, C.D. Surveying the Hardware Trojan Threat Landscape for the Internet-of-Things. J Hardw Syst Secur 2, 131–141 (2018). https://doi.org/10.1007/s41635-018-0037-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-018-0037-2

Keywords

Navigation