Search for a command to run...
The shift towards decentralized microelectronics manufacturing creates significant security vulnerabilities. Untrusted partners, foundries, and testing facilities gain full design access, enabling them to inspect, reverse engineer, and compromise critical security features. Sophisticated design-for-security (DfS) primitives have been developed to counter these threats; however, this paper demonstrates that these primitives can be systematically dismantled by hardware Trojans (HT), which represent the ultimate insider threat within untrusted ecosystems. We introduce the concept of Trojan-assisted meta-attacks; a new attack paradigm in which Trojans structurally neutralize protections rather than algorithmically bypassing them. Adversaries leverage comprehensive design knowledge from supply chain access, employing advanced netlist analysis and data-flow examination to precisely identify and subvert security infrastructure. We present a unified meta-attack framework that generalizes across DfS primitives, supported by case studies on Physically Unclonable Functions (PUFs) and Dynamically Obfuscated Scan Chains (DOSC). Our systematic methodology achieves highly accurate security primitive identification through heuristic algorithms and machine learning approaches. Case studies demonstrate a complete authentication bypass through the extraction of PUF challenge–response pairs and an attack that disables DOSC protections by exploiting its deterministic structure. Together, these results show that meta-attacks constitute a broader paradigm shift in hardware security, exposing vulnerabilities across diverse DfS primitives. To address this challenge, we evaluate countermeasures that provide significant security improvements with reasonable overhead. By framing both the attacks and defenses within a unified meta-attack/defense framework, this work establishes a foundation for future research on Trojan-aware security architectures and underscores the urgent need to design protections that remain effective even under structural compromise.