Securing Cyber-Physical Systems from Hardware Trojan Collusion

Hardware Trojans, which are malicious modifications made to circuits, may cause severe security issues in Cyber-Physical Systems (CPS). CPS are usually composed of multiple untrusted nodes and a trusted server, with each node connecting to the server wirelessly in a multi-hop manner. A Trojan in one node may broadcast messages with triggers secretly embedded to simultaneously activate multiple Trojans in other nodes, causing system-wide catastrophe. To prevent hardware Trojan collusion in CPS, this paper presents a collaborative defensive framework. When deploying the network, a security requirement of vendor diversity is enforced between neighboring nodes, thus precluding collusion between neighboring nodes and allowing them to monitor each other's behavior. At runtime, a mutual auditing protocol is utilized to check, for each message, whether it is correctly encrypted by the source node and whether its content is maliciously changed by any node on the routing path. This protocol ensures that any message embedded with hardware Trojan trigger is either muted or detected and abandoned, while the benign messages are thwarted. The experimental results show that the framework effectively prevents hardware Trojan collusion with low latency overhead and almost no impact on packet completion rate and network throughput.