Mitigating Cyberattacks caused by Fast-Acting Hardware

This is a research based project sponsored by Dr. Saied Hemati and the University of Idaho ECE Department. The goal of this project is to design a nearly undetectable hardware trojan capable of disabling targeted integrated circuits (ICs) and developing defensive schemes to prevent a widespread flash fatal trojan attack.

Background
A widespread flash fatal trojan attack may cause millions of sensitive communications, networking, computing, sensing, and/or interfacing devices to stop working and may cause enormous financial, political, or military losses. Developing techniques for eliminating security weaknesses and circuit vulnerabilities, which can be exploited in a flash fatal Trojan attack, is a high payoff and high risk research goal requiring expertise in cybersecurity, transistor physics, and mixed-signal integrated circuit design techniques.

Mission Statement
To conduct exploratory research on the feasibility of hardware Trojan attacks, and to develop suitable defensive schemes to protect vital systems.

Specifications

 * Trojan must produce enough voltage to break a modern MOSFET or FINFET.


 * Trojan must be able to be built within a simple, existing IC device.


 * Ideally must be hidden and difficult to detect (small layout and very low power consumption).


 * Trojan must be able to be activated by an external signal.


 * If a device is built and validated, research will be conducted on methods to mitigate its effect.

Deliverables
Our deliverables will include:
 * A functioning trojan capable of rendering an IC unusable.
 * Research regarding the best defensive schemes to protect IC's against trojans similar to our design.
 * A technical paper with publishable results.

Vulnerabilities
The idea behind this project is to generate a voltage large enough, that when applied to the oxide layer, it destroys it, rendering the MOSFET useless. For this, we used Cadence to simulate what these breakdown voltages will be, with schematic and simulation results shown below. These breakdown voltages are dependent on the technology used and the thickness of the oxide layer.



DC to DC Converters
Since our goal is to build a voltage up to a gate oxide breakdown level from a low input voltage, we first looked at classic DC boost converters that could be altered to complete the job. The details of these are explained below.

Inductive Boost Converter
The first DC to DC converter that we looked at was the classic DC to DC boost converter.



The boost converter can generate voltages dependent on the size of the capacitor, inductor, and the switching frequency. This topic was not explored too much due to the size of inductors. One consideration was using the integrated circuit packaging intrinsic inductances, or using an off chip inductor. While this style of DC to DC converter could certainly generate the voltages needed, it would be easily identified and thus is not suited for a hardware trojan project.



Charge Pump
The team spent a fair amount of time exploring the charge pump, specifically the Dickson charge pump, as the DC to DC converter to boost the input voltage to gate oxide breakdown level voltages.



Current Method
The circuit that was implemented works by charging the a group of capacitors in parallel, and then switching the capacitors to be in series, in effect adding the voltages across each capacitor and then applying it to the output.

Voltage is limited by the size of the transistors as well, since larger transistors have larger breakdown voltages. This does not impact our design however, since our goal is to break transistors that are on the same technology node, so larger transistors will require larger voltages before they enter breakdown.

The circuit has not been shown at the request of our adviser and project sponsor.

Simulation Results
Here, we show the simulation results that show our effects. Need to put in a table that shows how when we add more stages we get more voltage out. This has been done, need to add photos and explanations of photos.

Forward Progress
Continue simulations and discrete building.

Have struggled with transistors w body connections?

Triggering Mechanism
After developing the circuit, another part of the design phase is developing a method to set off the trojan.

The triggering mechanism is created by putting PMOS transistors in series with a LED that might be used in the device that is being targeted by the trojan. These allow the LED to be floating when the LED is turned off. Typical status LEDs (such as an LED showing 'power on' for example) are not turned on using a constant DC voltage, but instead using a square wave signal with some duty cycle. When the LED is off due to the duty cycle not being 1, even though it appears to be on, we can use the LED as a receiver for a message transmitted by using the optical spectrum of the electromagnetic spectrum.

The Team


{| class="wikitable collapsible" style="width:80%; margin-right:auto; background: #FFFFFF; border:2px solid #FFFFFF;" !style="background-color:#000000; width:65%"| Member !style="background-color:#000000; width:35%"| Discipline
 * - style="color:white"

Hector grew up in Boise, Idaho. His academic interests include microelectronics and power electronics. Outside of school, he enjoys just being a dude. After graduation, he plans on becoming a hard working engineer in the workforce. Dustin was born and raised in Idaho Falls, Idaho. His academic interests include electronics and communication systems. Throughout his time at the University of Idaho, he has served as a lab assistant for the Circuits I lab and as President of the ECE Ambassadors organization. Outside of school, he enjoys playing hockey and woodworking. After graduation, he is moving to Orlando, FL, to be a Systems Integration and Test Engineer.
 * Hector Cruz || Electrical Engineering
 * colspan="6"| teamtbd_hector.jpg
 * colspan="6"| teamtbd_hector.jpg
 * colspan="6"| teamtbd_hector.jpg
 * colspan="6" bgcolor="#000000"|
 * Dustin Mallett || Electrical Engineering & Applied Scientific Modeling Mathematics
 * colspan="6"| teamtbddustin.jpg
 * Dustin Mallett || Electrical Engineering & Applied Scientific Modeling Mathematics
 * colspan="6"| teamtbddustin.jpg
 * colspan="6"| teamtbddustin.jpg

Brenton grew up in Kuna, Idaho. His academic interests include microelectronic design and semiconductor devices. Outside of school, he enjoys playing on the University of Idaho club lacrosse team. After graduation, he is moving back to Boise to be a DRAM Product Engineer at Micron Technology. Rafael is from Aguas Claras, Brazil. His academic interests include microelectronic design and power electronics. After graduation, he intends on continuing towards a masters degree here at the University of Idaho with a focus on power electronics.
 * colspan="6" bgcolor="#000000"|
 * Brenton Van Leeuwen || Electrical Engineering
 * colspan="6"| teamtbd_brenton.jpg
 * Brenton Van Leeuwen || Electrical Engineering
 * colspan="6"| teamtbd_brenton.jpg
 * colspan="6"| teamtbd_brenton.jpg
 * colspan="6" bgcolor="#000000"|
 * Rafael Watanabe || Electrical Engineering & Applied Scientific Modeling Mathematics
 * colspan="6"| teamtbd_rafael.jpg
 * Rafael Watanabe || Electrical Engineering & Applied Scientific Modeling Mathematics
 * colspan="6"| teamtbd_rafael.jpg
 * colspan="6"| teamtbd_rafael.jpg
 * colspan="6" bgcolor="#000000"|
 * -}
 * -}

Documentation
Further Documentation is shown here.

Meeting Minutes

Schedule

Gantt Chart

Budget