Skip to content

Latest commit



123 lines (97 loc) · 6.01 KB

File metadata and controls

123 lines (97 loc) · 6.01 KB

Trojan Detection

Some generic probabilistic methodologies to identify hardware trojans in arbitrary hardware designs

Given a golden bitstream, verilog design + input/output to serial wrapper

  1. Differentiate between bitstreams that have trojans
  2. Identify the trojans, their functionality, and how they are triggered

The bitstreams can be loaded onto a basys3 FPGA dev board for testing


Project Directory

Name Purpose
bitfiles Bitstreams, verilog and design documentation
img Extra docs & demo recordings
tests Input/Output Testing scripts
.gitignore Git configuration file
makefile Rule based scripting file, great for projects



git clone && cd Trojan-Detection

╔═╗╔═╗╔═╗╔═╗  ╔╦╗┬─┐┌─┐ ┬┌─┐┌┐┌  ╔╦╗┌─┐┌┬┐┌─┐┌─┐┌┬┐┬┌─┐┌┐┌
╠╣ ╠═╝║ ╦╠═╣   ║ ├┬┘│ │ │├─┤│││   ║║├┤  │ ├┤ │   │ ││ ││││
╚  ╩  ╚═╝╩ ╩   ╩ ┴└─└─┘└┘┴ ┴┘└┘  ═╩╝└─┘ ┴ └─┘└─┘ ┴ ┴└─┘┘└┘

Finding hardware trojans in FPGA bitsreams...
Made by Rocky 
usage: make <option>
        s1     : Collect golden samples using psudorandom input generation for all training/test safe bitstreams
        t1     : Run simple tests comparing psudorandom input responses on all training/test trojan bitstreams 


TODO Key terms table TODO Project description


Pseudorandom Input/Output Comparison

This method can be used to detect a combinational trojan

TODO, EQUATIONS for probability of finding combinational trojan


  1. Load Golden Bitstream
  2. Record output of Pseudorandom Inputs
  3. Load Bitstream Under Test
  4. Compare output of Pseudorandom Inputs

Example: TODO GIF

Simple Output Analysis

What bits are effected can be derived from which bit positions ever differed from an expected value

The percentage of outputs that differ from expected values could be used to gain information about how many inputs the trigger has. A higher percentage of outputs affected likely means a looser or larger trigger.

looser (input[0] OR input[1]) VS (input[0]  AND input[1])
larger (input[0] OR input[1] OR input[2]) VS (input[0] OR input[1])

Simple Input Analysis

Associating number accurances of 1's and 0's in bit positions with it's liklyhood to be part of the trigger

Divide & Conquer Using Atlanta

This method be used to detect a combinational trojan

  1. Identify bottle necks (down to one gate) in a design, where is alot of traffic going through
  2. Use Atlanta to find inputs that should make that gate satified (evaulate to 1)
    1. This process will make that gate a psudo-output
    2. Gather expected outputs from the inputs
    3. Verify tested outputs samples match expected values, if some don't we know there's a higher likelyhood the trojan lies behind that bottleneck
--- Method Not Explored ----

Loading a Bitstream Without Vivado

Known Issues

  • bitstream train 2, method 1 sometimes returns strange results, it's likely serial coms getting desynchronized



  • Dr. Michael Zuzak, CMPE 361 Intro to Hardware Security Course & Advising, Contact For Resources
  • Long lam, Hardware Security Tutorials & Advising, Contact For Resources
  • Brent Nelson, Program 7 Series FPGA from a Mac or Linux Without Xilinx, Github Wiki