A RISC-V SoC with Hardware Trojans: Case Study on Trojan-ing the On-Chip Protocol Conversion

Hardware Trojans (HTs) are a serious security threat to the highly-decentralized, multi-stage production flow of today's Integrated Circuit (IC) industry. Considerable research efforts have gone into developing methodologies for detecting HTs. A significant issue in validating HT detection algorithms is the lack of open-source benchmarks with the complexity of modern-day System-on-Chips (SoCs). The currently available open-source benchmarks are more elementary and, therefore, do not reveal the actual robustness of the algorithms against false positives and false negatives. To address this issue, we present the design and integration of three kinds of HTs (publicly available at [38]) in a RISC-V-based SoC. We explain their functionality and taxonomy in detail. To our knowledge, this work is the first to launch trojan attacks targeting the mismatch in the attributes of two widely used on-chip communication protocols in an SoC. We performed extensive behavioral simulations to verify the functionality of these kinds of SoC-level HTs. We estimated the detectability of these HTs by: (i) synthesizing the HT-infested SoC for FPGA and (ii) evaluating them against a Graph Neural Network-based pre-Silicon HT detection tool, automatic test pattern generation, reverse engineering, and formal verification. In a nutshell, this paper demonstrates the risk of HTs in today's SoCs and an effective environment for strengthening research on HT detection.