부산대학교 도서관

Printed circuit Boards (PCBs) are becoming increasingly vulnerable to malicious design alteration, also known as Trojan attacks, due to a distributed business model that often involves various untrusted parties. Such attacks can be mounted at various stages in the PCB life cycle. The relative ease of alteration of PCB hardware even after fabrication (due to physical access to surface-mounted critical components and traces) makes them attractive for an adversary to manipulate their functional/physical behavior for malicious intent. There is a growing need to explore viable Trojan attacks in a PCB, analyze their functional and physical characteristics (e.g., impact on power or delay), and study the effectiveness of countermeasures against these attacks. While simulation-based approaches for PCB Trojan insertion are effective at creating a large population of possible Trojans, they fail to provide functional feasibility analysis with a realistic workload for a trigger circuit. Also, they cannot estimate a Trojan’s side-channel footprint due to the unavailability of physical models of diverse PCB components. To address these deficiencies, in this paper, we present PRISTINE, a PCB-level emulation system for any integrity or physical tampering issues, specifically, hardware Trojan insertion. The need for building such an emulation platform to resolve PCB trust issues in the supply chain is also surveyed and discussed. Both custom Hardware Hacking (HaHa) boards and multiple commercial PCBs are then used to test the ability of the proposed system to emulate various hardware Trojans specially designed to exploit board-specific hardware characteristics. Experimental results on emulated board-level Trojans show that a wide range of Trojans can be successfully activated, thus enabling the expected payload effects on both types of boards to be studied and quantified. The resulting data are further analyzed to create PCB-level Trojan benchmarks. In particular, a comparative evaluation of the experimental results is used to propose a risk level metric that quantifies the probability of detection and degree of payload impact of each Trojan on a given commercial PCB.