Design And Implantation Of Hardware Trojan Based On RISC-V Processor

The Hardware Trojan is a new type of attack weapon for information systems,which directly attacks the integrated circuit itself.The existing upper information security measures are ineffective for it,and the current integrated circuit design and manufacturing process cannot defend its implantation.Microprocessor,as the core chip of information system,is a vulnerable node withstanding the attack of Hardware Trojan.Research on design and implantation of microprocessor Hardware Trojan is not only the basis of research on detection and defense strategy of Hardware Trojan,but also helpful to promote the research and development of equipment and technology with strategic significance in the information domain.It is very important for the research and development of next generation information security system.However,most of the existing open source Hardware Trojan designs are relatively simple and original.There is no concealed optimization design for Hardware Trojan,nor is there any special implantation research based on the characteristics of microprocessors.This cannot fully reflect the serious harm of Hardware Trojan and the security threats faced by open source microprocessors,and it is difficult to meet the needs of information security system research and development.In order to solve the above problems,the thesis focuses on the RISC-V instruction set architecture microprocessor.According to the proposed Hardware Trojan model and concealed optimization design strategy,ten kinds of Hardware Trojans are designed,implanted and experimentally verified,and two of them are implemented on a RV32 SoC chip.Firstly,based on the analysis of the existing software Trojan horse model,Hardware Trojan model and the attributes of microprocessor Hardware Trojan,a formalized description of microprocessor Hardware Trojan model called PHTMT is proposed.Then,based on the analysis of RISC-V instruction set microprocessor design features,application scenarios,attack intentions,controllable resources,the feasibility of Hardware Trojan attack is analyzed,attack points are determined,and the attack model of RISC-V processor is constructed.Then,based on the analysis of existing Hardware Trojan design and new detection methods,four design strategies for avoidance detection are proposed.For traditional function detection,using processor instruction sequence and special nodes constructed trojan cone to reduce the trigger probability;for unused circuit detection,test coverage is improved by splitting trigger conditions,optimizing gate-level netlists and using special structure;for equivalence detection,don't care conditions in original design are used to avoid;for side channel detection,original design resources and back-end timing optimization are used to reduces side channel impact.Finally,according to the attack model and design strategy,ten kinds of Hardware Trojans are designed and embedded in a RV32 SoC chip.Among them,the function is destroyed by interfering with ALU operation data path and forcing module reset;information stealing is carried out by privilege promotion;processor performance is reduced by interfering branch prediction mechanism;and power attack is carried out by interfering with processor dormancy.The Hardware Trojan validation platforms based on software FPGA are implemented,and the related simulation tests are carried out.Experiments results show that the Hardware Trojan can achieve the expected function,and the design strategy can effectively avoid detection,with less impact on area,power consumption and delay.Finally,two kinds of Hardware Trojan are implanted into a SoC and tested successfully in SMIC 55 nm process.It is of some value to further understand the mechanism of microprocessor Hardware Trojan attack,to warn the security of open source processor,and to promote the research of Hardware Trojan detection and defense technology.