Hardware Trojan Attack in Embedded Memory

Static Random Access Memory (SRAM) is a core technology for building computing hardware, including cache memory, register files and field programmable gate array devices. Hence, SRAM reliability is essential to guarantee dependable computing. While significant research has been conducted to develop automated test algorithms for detecting manufacture-induced SRAM faults, they cannot ensure detection of faults deliberately implemented in the SRAM array by untrusted parties in the integrated circuit development flow. Indeed, such hardware Trojan attacks represent an emerging security threat. While a growing body of research addresses Trojan designs in logic circuits, little research has explored hardware Trojan attacks in embedded memory arrays [20]. In this article, we propose a new class of hardware Trojans targeting embedded SRAM arrays. The Trojans are designed to evade industry standard post-manufacturing tests while enabling attacks targeting various system hardware components during deployment. Transistor-level simulation results demonstrate minimal impact on SRAM power, performance, and stability while Trojans are not activated. We also prove the feasibility of Trojan insertion in foundries by showing the proposed layouts that preserve the SRAM cell footprint and incur zero silicon area overhead. Finally, we elaborate on several system-level attacks that can leverage these Trojans to compromise security and privacy.