MOLES: Malicious off-chip leakage enabled by side-channels

Economic incentives have driven the semiconductor industry to separate design from fabrication in recent years. This trend leads to potential vulnerabilities from untrusted circuit foundries to covertly implant malicious hardware trojans into a genuine design. Hardware trojans provide back doors for on-chip manipulation, or leak secret information off-chip once the compromised IC is deployed in the field. This paper explores the design space of hardware Trojans and proposes a novel technique, ¿Malicious Off-chip Leakage Enabled by Side-channels¿ (MOLES), which employs power side-channels to convey secret information off-chip. An experimental MOLES circuit is designed with fewer than 50 gates and is embedded into an Advanced Encryption Standard (AES) cryptographic circuit in a predictive 45 nm CMOS technology model. Engineered by a spread-spectrum technique, the MOLES technique is capable of leaking multi-bit information below the noise power level of the host IC to evade evaluators´ detections. In addition, a generalized methodology for a class of MOLES circuits and design verification by statistical correlation analysis are presented. The goal of this work is to demonstrate the potential threats of MOLES on embedded system security. Nevertheless, MOLES could be constructively used for hardware authentication, fingerprinting and IP protection.