A Framework for Automated Exploration of Trojan Attack Space in FPGA Netlists
Jonathan Cruz, Christopher Posada, Naren Vikram Raj Masna, Prabuddha Chakraborty, Pravin Gaikwad, Swarup Bhunia
Abstract
Field Programmable Gate Arrays (FPGAs) provide a flexible compute platform for quick prototyping or hardware acceleration in diverse application domains. However, similar to the global semiconductor life-cycle in the modern supply chain, FPGA-based product development includes processes and interactions with potentially untrusted parties outside the traditional scrutiny of a completely in-house development cycle. An untrusted party/software can maliciously alter hardware intellectual property (IP) blocks mapped to an FPGA device during various stages of the FPGA life-cycle. Such malicious alterations, also known as hardware Trojans, have garnered significant research into their detection and prevention in the context of application-specific integrated circuit (ASIC) design flow. However, Trojan attacks in FPGAs have not enjoyed this same attention. Designers often rely on mapping ASIC-specific solutions and benchmarks to the FPGA domain, leaving much of the FPGA-specific Trojan space uncovered. The distinctive business model and architectural configurations of FPGAs also present unique Trojan attack opportunities for adversaries. To this end, we introduce a framework to automatically explore the hardware Trojan attack space in FPGA netlists, which can insert different FPGA-specific Trojans in a netlist enabling rapid exploration of potential Trojan attacks in an FPGA design: soft-template, monolithic and distributed dark silicon. The dark silicon Trojans use the under-utilized input space in FPGA primitives and other optimizations to realize Trojans with effectively zero area, delay, and power footprint. We generate over 1300 Trojan-inserted benchmarks using the introduced FPGA Trojan classes, and compare their impact on utilization, delay, and power and evaluate their stealthiness against Trojan detection.