Prior to the 1980s, the design and fabrication processes of semiconductors were developed by the same company. Semiconductor industries owned their own technology and produced their own devices.
With the rising costs of modern fabrication technologies, industries started to outsource the production of integrated circuits (ICs) to specialized factories.

The shift to outer IC manufacture, known as fabless manufacturing, reduces drastically the production control and makes ICs vulnerable to malicious alteration that could result, under specific conditions, in functional changes and/or failure of the system in which they are embedded.
For instance, let us suppose that the fabrication facility is not trusted but the design process is. Then, given an IC corresponding to a known design, does the IC that is delivered do what it is supposed to do and nothing more?

The threat posed by this shift is of great importance. In fact this shift “endangers the security of classified information embedded in chip designs; additionally, it opens the possibility that “Trojan horses” and other unauthorized design inclusions may appear in unclassified integrated circuits used in military applications” (from High performance microchip supply).

In order to ensure the security of data and to determine whether the fabrication can be trusted, companies need to be able to determine whether the IC hardware received has been modified. Unfortunately, unlike random errors, malicious inclusions cannot be detected by traditional tests efficiently. Indeed, malicious modifications differ from random modifications because typically malicious modifications require a trigger condition to be activated. Moreover the adversary who inserts the trojan will make it difficult for the user of the chip to activate it, in order to prevent accidental activation and detection during the testing phase of the chip.

Our idea is to focus on a particular typology of trojan and to design an IC in such a way that no matter what the adversary does with the IC, we can at least ensure equivalent functionality. According to Gal and Szegedy (Fault tolerant circuits and probabilistically checkable proofs) we can theoretically design such an IC, provided that the adversary only changes a constant fraction of gates per circuit layer.

Starting from this theoretical result, the idea is to convert the threats posed by the specific chosen class of malicious circuits into an algebraic problem and find original solutions for hardware trojans detection. The “final output” should be an IC design such that the insertion of hardware trojans would be detectable by either testing or inspection.

The following is a list a people that has been involved in the project at some point in time.

• Fabio Massacci
• Valentina Pulice (Phd student)
• Massimiliano Sala

This activity was supported by the following project

• NESSOS