Search papers, labs, and topics across Lattice.
This paper introduces an automated framework that generates stealthy cell-embedded Hardware Trojans (HTs) by exploiting compromised standard-cell implementations in Integrated Circuits (ICs). By analyzing mapped designs and identifying candidate cell instances, the framework applies payload templates that activate malicious behavior under rare conditions, demonstrating the potential for undetected attacks. Experimental results reveal that the framework can create valid Trojan instances across various cell types and design sizes, underscoring significant vulnerabilities in current detection methodologies.
Current Trojan detection methods overlook the stealthy risks posed by compromised standard-cell libraries, revealing a critical vulnerability in zero-trust IC design.
Hardware Trojans (HTs) pose significant threats across the Integrated Circuit (IC) design lifecycle because they can be inserted by untrusted entities at different stages under the zero-trust model. When triggered under rare conditions, HTs can compromise the functionality, reliability, or security of the fabricated chip. HT assessment is typically performed by modeling realistic Trojan insertion scenarios in RTL implementation or gate-level netlists. While this model is useful for evaluating detection methods, it does not capture attacks where malicious behavior is hidden inside standard-cell implementations from a compromised library supplied by an untrusted vendor. This paper presents a novel framework for automatically generating cell-embedded hardware Trojans using compromised standard-cell implementations. Our proposed framework analyzes a mapped design, identifies candidate cell instances with rare input conditions, and applies payload templates that corrupt the selected cell output only when the trigger condition is satisfied. Experiments on open-source combinational and sequential benchmark designs show that our proposed framework can generate valid and stealthy Trojan instances across different cell types and design sizes. The results highlight a critical gap in current Trojan detection assumptions and show the need for cell-aware validation of standard-cell implementations in zero-trust IC design flows.