隨著IC產業的蓬勃發展,積體電路產業的分工也越來越細緻化與國際化,因產業分工越來越明確,使用第三方資源已無可避免,然而,任何來自或經過第三方公司的資源都將是不可信任的,也因此,新型態的硬體安全疑慮大量衍生,而其中硬體木馬獲得主要關注。多數木馬研究學者皆於偵測硬體木馬技術的發展,而疏於木馬產生、插入和攻擊技術,而此將造成偵測技術發展的偏頗,因此,本論文提出一種全新且自動化的木馬產生框架以規避主流的邏輯閘層硬體木馬偵測技術。主流的邏輯閘木馬偵測技術可分為兩種,其一為基於電路邏輯閘結構,其二為基於Sandia Controllability/Observability Analysis Program (SCOAP) 分數,在我們的框架中,我們使用貪婪算法去構成硬體木馬,貪婪算法使的木馬結構與一般電路結構盡量相似,而後,藉由插入特殊結構與一般訊號已達到降低SCOAP分數的目的,實驗結果顯示,相較於一般的隨機方式,我們提出的貪婪方法能提供更好的選擇,此外,在SCOAP分數降低環節插入三條一般訊號後,可以降低68\%的SCOAP分數,最後,我們將產生的硬體木馬結果測試目前最知名以及最新的基於結構以及基於SCOAP分數的偵測器,結果顯示,兩種偵測器均有很高的偽陽性率和偽陰性率以及很低的準確度。
The division of labor in the integrated circuit (IC) industry has become more detailed. Outsourcing IC design or fabrication to third-party vendors is inevitable, which has caused a variety of hardware security issues. With the attention of hardware Trojan, most recent research has focused on detection techniques instead of attack or insertion methods. Existing detection methods for gate level can be classified into two categories: one based on circuit structure features and the other based on the Sandia Controllability/Observability Analysis Program (SCOAP) values. This paper proposes a new hardware Trojan insertion framework that can automatically construct Trojan with low SCOAP values against both structural features-based and SCOAP-based detection techniques. In our framework, we use the greedy algorithm to build a Trojan structure similar to a genuine circuit as much as possible and then reduce SCOAP values by inserting genuine nets. The experimental results demonstrated that our greedy method achieves significant improvements in structure generation than the random method. Moreover, the insertion framework can reduce the average SCOAP values by 68\% after inserting three genuine nets. Finally, we evaluate state-of-the-art detection techniques using hardware Trojan samples generated by our proposed framework, which provides a high False Positive Rate (FPR)/False Negative Rate (FNR) and low accuracy.