Visible to the public Hardware Trojan Horse Detection 2015

SoS Newsletter- Advanced Book Block


SoS Logo

Hardware Trojan Horse Detection


Detection and neutralization of hardware-embedded Trojans is a difficult problem. Current research is attempting to find ways to develop detection methods and processes and to automate the process. This research is relevant to cyber physical systems security, resilience, and composability.  The work presented here addresses path delay, slack removal, reverse engineering, and counterfeit prevention. These papers were presented in 2015.

Flottes, M.-L.; Dupuis, S.; Ba, P.-S.; Rouzeyre, B., “On the Limitations of Logic Testing for Detecting Hardware Trojans Horses,” in Design & Technology of Integrated Systems in Nanoscale Era (DTIS), 2015 10th International Conference on, vol.,
no., pp. 1–5, 21–23 April 2015. doi:10.1109/DTIS.2015.7127362
Abstract: The insertion of malicious alterations to a circuit, referred to as Hardware Trojan Horses (HTH), is a threat considered more and more seriously in the last years. Several methods have been proposed in literature to detect the presence of such alterations. Among them, logic testing approaches consist in trying to activate potential HTHs and detect erroneous outputs by exploiting manufacturing digital test techniques. Besides the complexity of this approach due to the intrinsic stealthiness of the potential HTH, we will show that a particular HTH targeting the test infrastructure itself may jeopardize the possibility of detecting any other alterations.
Keywords: logic testing; security; HTH; digital test technique; erroneous output detection; hardware Trojan horse detection; logic testing approach; malicious alteration; Automatic test pattern generation; Clocks; Hardware; Payloads; Trojan horses; Hardware Trojan; Logic testing (ID#: 15- )


Balasch, J.; Gierlichs, B.; Verbauwhede, I., “Electromagnetic Circuit Fingerprints for Hardware Trojan Detection,” in Electromagnetic Compatibility (EMC), 2015 IEEE International Symposium on, vol., no., pp. 246–251, 16–22 Aug. 2015. doi:10.1109/ISEMC.2015.7256167
Abstract: Integrated circuit counterfeits, relabeled parts and maliciously modified integrated circuits (so-called Hardware Trojan horses) are a recognized emerging threat for embedded systems in safety or security critical applications. We propose a Hardware Trojan detection technique based on fingerprinting the electromagnetic emanations of integrated circuits. In contrast to most previous work, we do not evaluate our proposal using simulations but we rather conduct experiments with an FPGA. We investigate the effectiveness of our technique in detecting extremely small Hardware Trojans located at different positions within the FPGA. In addition, we also study its robustness to the often neglected issue of variations in the test environment. The results show that our method is able to detect most of our test Hardware Trojans but also highlight the difficulty of measuring emanations of unrealistically tiny Hardware Trojans. The results also confirm that our method is sensitive to changes in the test environment.
Keywords: copy protection; embedded systems; field programmable gate arrays; integrated logic circuits; invasive software; logic testing; FPGA; electromagnetic circuit fingerprints; electromagnetic emanations; hardware Trojan detection technique; hardware Trojan horses; integrated circuit counterfeits; Field programmable gate arrays; Hardware; Integrated circuit modeling; Payloads; Probes; Trojan horses (ID#: 15-7307)


Karimian, N.; Tehranipoor, F.; Rahman, M.T.; Kelly, S.; Forte, D., “Genetic Algorithm for Hardware Trojan Detection with Ring Oscillator Network (RON),” in Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, vol., no.,
pp. 1–6, 14–16 April 2015. doi:10.1109/THS.2015.7225334
Abstract: Securing integrated circuits against malicious modifications (i.e., hardware Trojans) is of utmost importance, as hardware Trojans may leak information and reduce reliability of electronic systems in critical applications. In this paper, we use ring oscillators (ROs) to gather measurements of ICs that may contain hardware Trojans. To distinguish between Trojan-inserted ICs and Trojan-free ICs, we investigate several classification approaches. Furthermore, we propose a novel feature selection approach based on the Genetic Algorithm (GA) and evaluate its performance compared to several popular alternatives. The proposed method is an improvement over principal component analysis (PCA) in terms of accuracy and equal error rate by 30% and 97% respectively.
Keywords: electronic engineering computing; feature selection; genetic algorithms; integrated circuit measurement; invasive software; oscillators; IC measurements; PCA; Trojan-free IC; Trojan-inserted IC; feature selection approach; genetic algorithm; hardware Trojans; integrated circuits; malicious modifications; principal component analysis; ring oscillator network; Classification algorithms; Genetic algorithms; Genetics; Principal component analysis; Receivers; Support vector machines; Trojan horses; Genetic Algorithm; Hardware Trojan Detection; One class classification; Ring Oscillator Network (ID#: 15-7308)


Bao, C.; Forte, D.; Srivastava, A., “On Reverse Engineering-Based Hardware Trojan Detection,” in Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, vol. 35, no. 1, pp. 49–57, Jan. 2016. doi:10.1109/TCAD.2015.2488495
Abstract: Due to design and fabrication outsourcing to foundries, the problem of malicious modifications to integrated circuits (ICs), also known as hardware Trojans (HTs), has attracted attention in academia as well as industry. To reduce the risks associated with Trojans, researchers have proposed different approaches to detect them. Among these approaches, test-time detection approaches have drawn the greatest attention. Many test-time approaches assume the existence of a Trojan-free (TF) chip/model also known as “golden model.” Prior works suggest using reverse engineering (RE) to identify such TF ICs for the golden model. However, they did not state how to do this efficiently. In fact, RE is a very costly process which consumes lots of time and intensive manual effort. It is also very error prone. In this paper, we propose an innovative and robust RE scheme to identify the TF ICs. We reformulate the Trojan-detection problem as clustering problem. We then adapt a widely used machine learning method, ${K}$ -means clustering, to solve our problem. Simulation results using state-of-the-art tools on several publicly available circuits show that the proposed approach can detect HTs with high accuracy rate. A comparison of this approach with our previously proposed approach [1] is also conducted. Both the limitations and application scenarios of the two methods are discussed in detail.
Keywords: integrated circuit modelling; integrated circuit testing; invasive software; learning (artificial intelligence); reverse engineering; Trojan-detection problem; Trojan-free chip; clustering problem; golden model; hardware trojan detection; integrated circuits; machine learning; robust RE scheme; test-time detection; Fabrication; Feature extraction; Hardware; Integrated circuits; Layout; Support vector machines; Trojan horses; ${K}$ -means clustering; Hardware Trojan (HT) detection; Hardware Trojan detection; K-Means clustering; integrated circuit (IC) security and trust; one-class SVM; one-class support vector machine (SVM); reverse-engineering (RE)-based HT detection; reverse-engineering based hardware Trojan detection (ID#: 15-7309)


Zhou, B.; Zhang, W.; Srikanthan, T.; Teo Kian Jin, J.; Chaturvedi, V.; Luo, T., “Cost-efficient Acceleration of Hardware Trojan Detection through Fan-out Cone Analysis and Weighted Random Pattern Technique,” in Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, vol. PP, no. 99, pp. 1–1, 23 July 2015. doi:10.1109/TCAD.2015.2460551
Abstract: Fabless semiconductor industry and government agencies have raised serious concerns about tampering with inserting Hardware Trojans (HTs) in an integrated circuit supply chain in recent years. In this paper, a low hardware overhead acceleration method of the detection of HTs based on the insertion of 2-to-1 MUXs as test points is proposed. In the proposed method, the fact that one logical gate has a significant impact on the transition probability of the logical gates in its logical fan-out cone is utilized to optimize the number of the inserted MUXs. The nets which have smaller transition probability than the user-specified threshold and minimal logical depth from the primary inputs are selected as the candidate nets. As for each candidate net, only its input net with smallest signal probability is required to be inserted the MUXs based test points. The procedure repeats until the minimal transition probability of the entire circuit is not smaller than the threshold value. In order to further optimize the number of required insertions and reduce the overhead, the weighted random pattern technique is also applied. Experiment results on ISCAS’89 benchmark circuits show that our proposed method can achieve remarkable improvement of transition probability with on average 9.50% power, 2.37% delay, and 10.26% area penalty.
Keywords: Controllability; Delays; Flip-flops; Hardware; Integrated circuits; Logic gates; Trojan horses; Fan-out cone; Hardware Trojan; Transition probability; Weighted random pattern (ID#: 15-7310)


Chongxi Bao; Yang Xie; Srivastava, Ankur, “A Security-Aware Design Scheme for Better Hardware Trojan Detection Sensitivity,” in Hardware Oriented Security and Trust (HOST), 2015 IEEE International Symposium on, vol., no., pp. 52–55,
5–7 May 2015. doi:10.1109/HST.2015.7140236
Abstract: Due to the trend of outsourcing designs to foundries overseas, there has been an increasing threat of malicious modifications to the original integrated circuits (ICs), also known as hardware Trojans. Numerous countermeasures have been proposed. However, very little effort has been made to design-time strategies that help to make test-time or run-time detection of Trojans easier. In this paper, we characterize each cell’s sensitivity to malicious modifications and develop an algorithm to select a subset of standard cells for a given circuit such that Trojans are easily detected using [1] when the circuit is synthesized on it. Experiments on 8 publicly available benchmarks show that using our method, we could detect on average 16.87% more Trojans with very small power/area overhead and no timing violations.
Keywords: integrated circuits; invasive software; design-time strategies; hardware Trojan detection sensitivity; security-aware design scheme; Benchmark testing; Hardware; Integrated circuits; Libraries; Standards; Timing; Trojan horses (ID#: 15-7311)


Bao Liu; Sandhu, Ravi., “Fingerprint-Based Detection and Diagnosis of Malicious Programs in Hardware,” Reliability, IEEE Transactions on, vol. 64, no. 3, pp.1068–1077, Sept. 2015. doi:10.1109/TR.2015.2430471
Abstract: In today’s Integrated Circuit industry, a foundry, an Intellectual Property provider, a design house, or a Computer Aided Design vendor may install a hardware Trojan on a chip which executes a malicious program such as one providing an information leaking back door. In this paper, we propose a fingerprint-based method to detect any malicious program in hardware. We propose a tamper-evident architecture (TEA) which samples runtime signals in a hardware system during the performance of a computation, and generates a cryptographic hash-based fingerprint that uniquely identifies a sequence of sampled signals. A hardware Trojan cannot tamper with any sampled signal without leaving tamper evidence such as a missing or incorrect fingerprint. We further verify fingerprints off-chip such that a hardware Trojan cannot tamper with the verification process. As a case study, we detect hardware-based code injection attacks in a SPARC V8 architecture LEON2 processor. Based on a lightweight block cipher called PRESENT, a TEA requires only a 4.5% area increase, while avoiding being detected by the TEA increases the area of a code injection hardware Trojan with a 1 KB ROM from 2.5% to 36.1% of a LEON2 processor. Such a low cost further enables more advanced tamper diagnosis techniques based on a concurrent generation of multiple fingerprints.
Keywords: cryptography; industrial property; invasive software; microprocessor chips; read-only storage; signal sampling; PRESENT; ROM; SPARC V8 architecture LEON2 processor; TEA; advanced tamper diagnosis techniques; computer aided design; cryptographic hash-based fingerprint; fingerprint-based detection method; fingerprint-based diagnosis; hardware Trojan; hardware-based code injection attack detection; integrated circuit industry; intellectual property provider; lightweight block cipher; malicious program detection; multiple fingerprint concurrent generation; runtime signal sampling; sampled signal sequence; storage capacity 1 Kbit; tamper-evident architecture; Built-in self-test; Cryptography; Hardware; Integrated circuits; Runtime; Supply chains; Trojan horses; Security; built-in self-test; integrated circuits (ID#: 15-7312)


Chunhua He; Bo Hou; Liwei Wang; Yunfei En; Shaofeng Xie, “A Failure Physics Model for Hardware Trojan Detection Based on Frequency Spectrum Analysis,” in Reliability Physics Symposium (IRPS), 2015 IEEE International, vol., no.,
pp. PR.1.1–PR.1.4, 19–23 April 2015. doi:10.1109/IRPS.2015.7112822
Abstract: Hardware Trojan embedded by adversaries has emerged as a serious security threat. Until now, there is no a universal method for effective and accurate detection. Since traditional analysis approaches sometime seem helpless when the Trojan area is extremely tiny, this paper will focus on the novel detection method based on frequency spectrum analysis. Meanwhile, a failure physics model is presented and depicted in detail. A digital CORDIC IP core is adopted as a golden circuit, while a counter is utilized as a Trojan circuit. The automatic test platform is set up with Xilinx FPGA, LabVIEW software, and high precision oscilloscope. The power trace of the core power supply in FPGA is monitored and saved for frequency spectrum analysis. Experimental results in time domain and frequency domain both accord with those of theoretical analysis, which verifies that the proposed failure physics model is accurate. In addition, due to immunity to vast measurement noise, the novel method processing in frequency domain is superior to the traditional method conducting in time domain. It can easily achieve about 0.1% Trojan detection sensitivity, which indicates that the novel detection method is effective.
Keywords: field programmable gate arrays; invasive software; multiprocessing systems; FPGA; LabVIEW software; Trojan area; Trojan circuit; Xilinx FPGA; automatic test platform; core power supply; digital CORDIC IP core; failure physics model; frequency spectrum analysis; golden circuit; hardware Trojan detection; novel detection method; security threat; Frequency-domain analysis; Hardware; Noise; Physics; Spectral analysis; Time-domain analysis; Trojan horses; Hardware Trojan; side-channel analysis
(ID#: 15-7313)


Hong Zhao; Kwiat, Kevin A.; Kamhoua, Charles A.; Rodriguez, Manuel, “Applying Chaos Theory for Runtime Hardware Trojan Detection,” in Computational Intelligence for Security and Defense Applications (CISDA), 2015 IEEE Symposium on, vol., no.,
pp. 1–6, 26–28 May 2015. doi:10.1109/CISDA.2015.7208642
Abstract: Hardware Trojans (HTs) are posing a serious threat to the security of Integrated Circuits (ICs). Detecting HT in an IC is an important but hard problem due to the wide spectrum of HTs and their stealthy nature. In this paper, we propose a runtime Trojan detection approach by applying chaos theory to analyze the nonlinear dynamic characteristics of power consumption of an IC. The observed power dissipation series is embedded into a higher dimensional phase space. Such an embedding transforms the observed data to a new processing space, which provides precise information about the dynamics involved. The feature model is then built in this newly reconstructed phase space. The overhead, which is the main challenge for runtime approaches, is reduced by taking advantage of available thermal sensors in most modern ICs. The proposed model has been tested for publicly-available Trojan benchmarks and simulation results show that the proposed scheme outperforms the state-of-the-art method using temperature tracking in terms of detection rate and computational complexity. More importantly, the proposed model does not make any assumptions about the statistical distribution of power trace and no Trojan-active data is needed, which makes it appropriate for runtime use.
Keywords: integrated circuits; invasive software; statistical analysis; HT; Trojan benchmarks; Trojan-active data; chaos theory; computational complexity; detection rate; integrated circuit security; nonlinear dynamic characteristics; phase space reconstruction; power consumption; power dissipation series; runtime Hardware Trojan detection; runtime Trojan detection approach; statistical distribution; stealthy nature; thermal sensors; Chaos; Integrated circuit modeling; Runtime; Thermal sensors; Trojan horses
(ID#: 15-7314)


Çakir, B.; Malik, S., “Hardware Trojan Detection for Gate-Level ICs Using Signal Correlation Based Clustering,” in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015, vol., no., pp. 471–476, 9–13 March 2015. doi: (not provided)
Abstract: Malicious tampering of the internal circuits of ICs can lead to detrimental results. Insertion of Trojan circuits may change system behavior, cause chip failure or send information to a third party. This paper presents an information-theoretic approach for Trojan detection. It estimates the statistical correlation between the signals in a design, and explores how this estimation can be used in a clustering algorithm to detect the Trojan logic. Compared with the other algorithms, our tool does not require extensive logic analysis. We neither need the circuit to be brought to the triggering state, nor the effect of the Trojan payload to be propagated and observed at the output. Instead we leverage already available simulation data in this information-theoretic approach. We conducted experiments on the TrustHub benchmarks to validate the practical efficacy of this approach. The results show that our tool can detect Trojan logic with up to 100% coverage with low false positive rates.
Keywords: information theory; integrated circuit testing; invasive software; logic testing; Trojan circuits; Trojan logic; chip failure; clustering algorithm; hardware Trojan detection; integrated circuit; internal circuits; logic analysis; malicious tampering; signal correlation based clustering; statistical correlation; system behavior; Clustering algorithms; Correlation; Integrated circuit modeling; Logic gates; Payloads; Trojan horses; Wires (ID#: 15-7315)


Kim, Lok-Won; Villasenor, John D., “Dynamic Function Verification for System on Chip Security Against Hardware-Based Attacks,” in Reliability, IEEE Transactions on, vol. 64, no. 4, pp. 1229–1242, Dec. 2015. doi:10.1109/TR.2015.2447111
Abstract: As chip designs become increasingly complex, there is a corresponding increased vulnerability to malicious circuitry that could be inserted in the design process. Such hardware Trojans can be designed to avoid pre-deployment detection, and thus to potentially launch attacks that could impede the function of the system or compromise the integrity of the data it contains. Given the near impossibility of exhaustive detection of malicious hardware during pre-deployment verification, techniques that enable post-deployment hardware integrity verification can play a vital role in system security. In this paper, we propose a system architecture for performing online verification in a manner that does not impede normal system hardware function. The proposed approach provides a comprehensive architectural design method aimed at system on chip (SoC) based hardware systems that performs run-time testing, detects run-time attacks by Trojans, mitigates them, quarantines the detected malicious hardware modules, and regenerates the lost system functions with modest cost.
Keywords: Hardware; IP networks; Registers; System-on-chip; Testing; Trojan horses; Hardware Trojan horses; online test; system architecture; system on chip (ID#: 15-7316)


Gunti, N.B.; Lingasubramanian, K., “Efficient Static Power Based Side Channel Analysis for Hardware Trojan Detection Using Controllable Sleep Transistors,” SoutheastCon 2015, vol., no., pp. 1–6, 9–12 April 2015. doi:10.1109/SECON.2015.7132948
Abstract: Modern integrated circuits (ICs) are vulnerable to Hardware Trojans (HTs) due to the globalization of semiconductor design and fabrication process. HT is an extra circuitry which alters functionality or leaks information making military and financial sectors vulnerable to security threats. The challenge in detection of HTs lies in their clever design and placement that makes them stealthy due to rare activation. While HTs can be detected through power side channels, methodologies that rely on dynamic power, which requires activation of HTs, can prove inefficient. On the other hand, static power based methodologies, which do not require activation of HTs, will be efficient even though they suffer from lower detection sensitivity. In this work, we propose a static power based HT detection methodology where the detection sensitivity is improved by compartmentalizing the circuit, utilizing the sleep transistors used to reduce leakage power. In order to provide efficient HT detection, the power based control is overridden in such a way that only a single sleep transistor is turned ON at any given instance. Even if the Trojan is distributed across the circuit to make it stealthier, the proposed method can effectively detect it. Using the proposed method, detection sensitivity of a 3-bit comparator based HT (0.26% of the total number of gates) has increased from 0.7% to 4.43% without process variations and from 2.03% to 4.32% in the presence of process variations with just 3 controllable sleep transistors The proposed method improved the detection sensitivity of smaller Trojan (only 0.02% of the total number of gates) by 10 folds with just 15 controllable sleep transistors.
Keywords: invasive software; HT detection methodology; IC; controllable sleep transistors; detection sensitivity; dynamic power; fabrication process; financial sectors; hardware Trojan detection; integrated circuits; military sectors; power based control; semiconductor design; static power based side channel analysis; Delays; Integrated circuit modeling; Logic gates; Sensitivity; Switching circuits; Transistors; Trojan horses; Hardware Security; Hardware Trojan; Power Gating; sleep transistors; static power (ID#: 15-7317)


Ngo, X.-T.; Exurville, I.; Bhasin, S.; Danger, J.-L.; Guilley, S.; Najm, Z.; Rigaud, J.-B.; Robisson, B., “Hardware Trojan Detection by Delay and Electromagnetic Measurements,” in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015, vol., no., pp. 782–787, 9–13 March 2015. doi: 10.7873/DATE.2015.1103
Abstract: Hardware Trojans (HT) inserted in integrated circuits have received special attention of researchers. In this paper, we present firstly a novel HT detection technique based on path delays measurements. A delay model, which considers intra-die process variations, is established for a net. Secondly, we show how to detect HT using ElectroMagnetic (EM) measurements. We study the HT detection probability according to its size taking into account the inter-die process variations with a set of FPGA. The results show, for instance, that there is a probability greater than 95% with a false negative rate of 5% to detect a HT larger than 1.7% of the original circuit.
Keywords: delays; field programmable gate arrays; integrated circuit design; invasive software; FPGA; delay measurement; delay model; electromagnetic measurement; hardware Trojan detection; integrated circuits; path delays measurement; Clocks; Delays; Field programmable gate arrays; Noise; Registers; Trojan horses (ID#: 15-7318)


Rithesh, M.; Bhargav, R.B.V.; Harish, G.; Yellampalli, S., “Detection and Analysis of Hardware Trojan Using Scan Chain Method,” in VLSI Design and Test (VDAT), 2015 19th International Symposium on, vol., no., pp. 1–6, 26–29 June 2015. doi:10.1109/ISVDAT.2015.7208124
Abstract: Due to the globalization of the Integrated Circuit manufacturing industry and wide use of third party IP in the modern SoCs has opened the backdoor for Hardware Trojan insertion. The detection of Hardware Trojan is challenging because of its very rare activation mechanism and unpredictable change in the functionality of the system. This paper proposes a new hardware Trojan detection scheme using power analysis and experiments the insertion and detection of hardware Trojan using existing scan chain efficiently in ISCAS'89 benchmark circuits.
Keywords: benchmark testing; integrated circuit manufacture; invasive software; system-on-chip; IP; ISCAS'89 benchmark circuits; SoC; hardware trojan insertion; integrated circuit manufacturing industry; power analysis; scan chain; Benchmark testing; Clocks; Fabrication; Hardware; Logic gates; Radiation detectors; Trojan horses; Application Specific Integrated Circuit (ASIC); Dummy Scan F l i p Flop (DSFF); Graphical Data System II (GDSII); Integrated Circuit (IC); Register Transfer Level (RTL) SoC; Ring Oscillator Network (RON) (ID#: 15-7319)


Lesperance, N.; Kulkarni, S.; Kwang-Ting Cheng, “Hardware Trojan Detection Using Exhaustive Testing of k-bit Subspaces,” in Design Automation Conference (ASP-DAC), 2015 20th Asia and South Pacific, vol., no., pp. 755–760, 19–22 Jan. 2015. doi:10.1109/ASPDAC.2015.7059101
Abstract: Post-silicon hardware Trojan detection is challenging because the attacker only needs to implement one of many possible design modifications, while the verification effort must guarantee the absence of all imaginable malicious circuitry. Existing test generation strategies for Trojan detection use controllability and observability metrics to limit the modifications targeted. However, for cryptographic hardware, the n plaintext bits are ideal for an attacker to use in Trojan triggering because the size of n prohibits exhaustive testing, and all n bits have identical controllability, making it impossible to bias testing using existing methods. Our detection method addresses this difficult case by observing that an attacker can realistically only afford to use a small subset, k, of all n possible signals for triggering. By aiming to exhaustively cover all possible k subsets of signals, we guarantee detection of Trojans using less than k plaintext bits in the trigger. We provide suggestions on how to determine k, and validate our approach using an AES design.
Keywords: cryptography; integrated circuit design; security; AES design; controllability metrics; cryptographic hardware; design modifications; exhaustive testing; k-bit subspaces; malicious circuitry; observability metrics; plaintext bits; post-silicon hardware trojan detection; verification effort; Equations; Hardware; Logic gates; Observability; Testing; Trojan horses; Vectors (ID#: 15-7320)


Kumar, K.S.; Chanamala, R.; Sahoo, S.R.; Mahapatra, K.K., “An Improved AES Hardware Trojan Benchmark to Validate Trojan Detection Schemes in an ASIC Design Flow,” in VLSI Design and Test (VDAT), 2015 19th International Symposium on, vol., no., pp. 1–6, 26–29 June 2015. doi:10.1109/ISVDAT.2015.7208064
Abstract: The semiconductor design industry has globalized and it is economical for the chip makers to get services from the different geographies in design, manufacturing and testing. Globalization raises the question of trust in an integrated circuit. It is for the every chip maker to ensure there is no malicious inclusion in the design, which is referred as Hardware Trojans. Malicious inclusion can occur by an in-house adversary design engineer, Intellectual Property (IP) core supplied from the third party vendor or at untrusted manufacturing foundry. Several researchers have proposed hardware Trojan detection schemes in the recent years. Trust-Hub provides Trojan benchmark circuits to verify the strength of the Trojan detection techniques. In this work, our focus is on Advanced Encryption Standard (AES) Trojan benchmarks, which is most vulnerable block cipher for Trojan attacks. All 21 Benchmarks available in Trusthub are analyzed against standard coverage driven verification practices, synthesis, DFT insertion and ATPG simulations. The analysis reveals that 19 AES benchmarks are weak and Trojan inclusion can be detected using standard procedures used in ASIC design flow. Based on the weakness observed design modification is proposed to improve the quality of Trojan benchmarks. The strength of proposed Trojan benchmarks is better than existing circuits and their original features are also preserved after design modification.
Keywords: application specific integrated circuits; cryptography; integrated circuit design; AES hardware Trojan benchmark; ASIC design flow; Trojan detection schemes; advanced encryption standard; intellectual property core; malicious inclusion; Benchmark testing; Discrete Fourier transforms; Hardware; Leakage currents; Logic gates; Shift registers;Trojan horses; AES; ASIC; Hardware Trojan; Security; Trust-Hub (ID#: 15-7321)


Reece, T.; Robinson, W.H., “Detection of Hardware Trojans in Third-Party Intellectual Property Using Untrusted Modules,”
in Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, vol. 35, no. 3, pp. 357–366, March 2016. doi:10.1109/TCAD.2015.2459038
Abstract: During the design of an integrated circuit, there are several opportunities for adversaries to make malicious modifications or insertions to a design. These attacks, known as hardware Trojans, can have catastrophic effects on a circuit if left undetected. This paper describes a technique for identifying hardware Trojans with logic-based payloads that are hidden within third-party intellectual property. Through comparison of two similar but untrusted designs, functional differences can be identified for all possible input combinations within a window of time. This technique was tested on multiple Trojan benchmarks and was found to be very effective, both in detectability and in speed of testing. As this technique has very low costs to implement, it represents an easy way for designers to gain a level of trust in previously untrusted designs.
Keywords: Hardware; IP networks; Licenses; Payloads; Testing; Trojan horses; Wrapping (ID#: 15-7322)


Courbon, F.; Loubet-Moundi, P.; Fournier, J.J.A.; Tria, A., “A High Efficiency Hardware Trojan Detection Technique Based on Fast SEM Imaging,” in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015, vol., no., pp. 788–793, 9–13 March 2015. doi: (not provided)
Abstract: In the semiconductor market where more and more companies become fabless, malicious integrated circuits’ modifications are seen as possible threats. Those Hardware Trojans can have various effects and can be implemented by different entities with different means. This article includes the integration of an almost automatic Hardware Trojan detection. The latter is based on a visual inspection implemented within the integrated circuit life cycle. The proposed detection methodology is quite efficient regarding tools, user experience and time needed. A single layer of the chip is accessed and then imaged with a Scanning Electron Microscope (SEM). The acquisition of several hundred images at high magnification is automated as does the images registration. Then depending on the reference availability, one can check if any supplementary gates have been inserted in the design using a golden reference or a graphic/text design file. Depending on the reference, either basic image processing is used to compare the chip extracted image with a golden model or some pattern recognition can be used to retrieve the number of occurrences of each standard cell. The depicted methodology aims to detect any gate modification, substitution, removal or addition and so far require an invasive approach and a reference.
Keywords: image registration; inspection; integrated circuit measurement; invasive software; scanning electron microscopy; chip extracted image; fast SEM imaging; graphic-text design file; high efficiency Hardware Trojan detection technique; image acquisition; image processing; image registration; integrated circuit life cycle; pattern recognition; scanning electron microscope; semiconductor market; supplementary gates; visual inspection; Correlation; Hardware; Image processing; Logic gates; Scanning electron microscopy; Standards; Trojan horses (ID#: 15-7323)


Rajendran, J.; Vedula, V.; Karri, R., “Detecting Malicious Modifications of Data in Third-Party Intellectual Property Cores,”
in Design Automation Conference (DAC), 2015 52nd ACM/EDAC/IEEE, pp. 1–6, 8–12 June 2015. doi:10.1145/2744769.2744823
Abstract: Globalization of the system-on-chip (SoC) design flow has created opportunities for rogue elements in the intellectual property (IP) vendor companies to insert malicious circuits (a.k.a. hardware Trojans) into their IPs. We propose to formally verify third party IPs (3PIPs) for unauthorized corruption of critical data such as secret key. Our approach develops properties to identify corruption of critical registers. Furthermore, we describe two attacks where computations can be performed on corrupted data without corrupting the critical register. We develop additional properties to detect such attacks. We validate our technique using Trojans in 8051 and RISC processors and AES designs from Trust-Hub.
Keywords: cryptography; industrial property; invasive software; system-on-chip; 3PIP; AES designs; RISC processors; SoC design flow; Trojans; advanced encryption standards; malicious data modification detection; system-on-chip; third party IP; third-party intellectual property cores; Clocks; Radiation detectors; Reduced instruction set computing; Registers; System-on-chip; Trojan horses (ID#: 15-7324)


Graves, R.; Di Natale, G.; Batina, L.; Bhasin, S.; Ege, B.; Fournaris, A.; Mentens, N.; Picek, S.; Regazzoni, F.; Rozic, V.; Sklavos, N.; Bohan Yang, “Challenges in Designing Trustworthy Cryptographic Co-Processors,” in Circuits and Systems (ISCAS), 2015 IEEE International Symposium on, vol., no., pp. 2009–2012, 24–27 May 2015. doi:10.1109/ISCAS.2015.7169070
Abstract: Security is becoming ubiquitous in our society. However, the vulnerability of electronic devices that implement the needed cryptographic primitives has become a major issue. This paper starts by presenting a comprehensive overview of the existing attacks to cryptography implementations. Thereafter, the state-of-the-art on some of the most critical aspects of designing cryptographic co-processors are presented. This analysis starts by considering the design of asymmetrical and symmetrical cryptographic primitives, followed by the discussion on the design and online testing of True Random Number Generation. To conclude, techniques for the detection of Hardware Trojans are also discussed.
Keywords: cryptography; invasive software; microprocessor chips; random number generation; asymmetrical cryptographic primitives; cryptographic coprocessors; electronic devices; hardware Trojans; true random number generation; Elliptic curve cryptography; Hardware; Resistance; Testing; Trojan horses (ID#: 15-7325)


Exurville, I.; Zussa, L.; Rigaud, J.-B.; Robisson, B., “Resilient Hardware Trojans Detection Based on Path Delay Measurements,” in Hardware Oriented Security and Trust (HOST), 2015 IEEE International Symposium on, vol., no.,
pp. 151–156, 5–7 May 2015. doi:10.1109/HST.2015.7140254
Abstract: A Hardware Trojan is a malicious hardware modification of an integrated circuit. It could be inserted at different design steps but also during the process fabrication of the target. Due to the damages that can be caused, detection of these alterations has become a major concern. In this paper, we propose a new resilient method to detect Hardware Trojan based on path delay measurements. First, an accurate path delay model is defined. Then, path delay measurements are compared in a way that theoretically eliminate process and experimental variations effects. Finally, this proposed detection method is experimentally validated using different FPGA boards with substantial process variations. Both small sized sequential and combinatorial Hardware Trojans are implemented and successfully detected.
Keywords: field programmable gate arrays; integrated circuits; invasive software; FPGA boards; combinatorial Hardware Trojans; integrated circuit; malicious hardware modification; path delay measurements; resilient hardware Trojans detection; Delays; Field programmable gate arrays; Hardware; Mathematical model; Synchronization; Trojan horses; Hardware Trojan; delay model; process variation (ID#: 15-7326)


Lenox, J.; Tragoudas, S., “Towards Trojan Circuit Detection with Maximum State Transition Exploration,” in On-Line Testing Symposium (IOLTS), 2015 IEEE 21st International, vol., no., pp. 50–52, 6–8 July 2015. doi:10.1109/IOLTS.2015.7229831
Abstract: An approach for Trojan circuit detection in a finite state machine is presented. It is based on a model where long sequences of inputs that are applied to the system in the functional mode can detect if Trojan hardware is triggered with high probability. An efficient and scalable input generation algorithm for broadside tests is introduced.
Keywords: finite state machines; integrated circuit testing; invasive software; broadside tests; finite state machine; functional mode; maximum state transition exploration; trojan circuit detection; trojan hardware; Boolean functions; Conferences; Hardware; Integrated circuits; Testing; Trojan horses (ID#: 15-7327)


Francq, J.; Frick, F., “Introduction to Hardware Trojan Detection Methods,” in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015, vol., no., pp. 770–775, 9–13 March 2015. doi: (not provided)
Abstract: Hardware Trojans (HTs) are identified as an emerging threat for the integrity of Integrated Circuits (ICs) and their applications. Attackers attempt to maliciously manipulate the functionality of ICs by inserting HTs, potentially causing disastrous effects (Denial of Service, sensitive information leakage, etc.). Over the last 10 years, various methods have been proposed in literature to circumvent HTs. This article introduces the general context of HTs and summarizes the recent advances in HT detection from a French funded research project named HOMERE. Some of these results will be detailed in the related special session.
Keywords: integrated circuits; invasive software; HOMERE project; HT detection; hardware Trojan detection methods; Application specific integrated circuits; Field programmable gate arrays; Hardware; Logic testing; Production; Trojan horses (ID#: 15-7328)


Hoque, Tamzidul; Mustapa, Muslim; Amsaad, Fathi; Niamat, Mohammed, “Assessment of NAND Based Ring Oscillator for Hardware Trojan Detection,” in Circuits and Systems (MWSCAS), 2015 IEEE 58th International Midwest Symposium on, vol., no., pp. 1–4, 2–5 Aug. 2015. doi:10.1109/MWSCAS.2015.7282110
Abstract: Malicious inclusion inside integrated circuits (ICs) is a recently evolved concept in the semiconductor industry. This has become a matter of concern with the increase in outsourcing of semiconductors which are used both in military and commercial sectors. To facilitate the detection of Trojans using power based analysis, NOT gate based ring oscillator (RO) network models have been suggested in the past. It has been observed that due to the presence of process variation, environmental variation and measurement noise, a stealthy Trojan may go undetected. In this paper we study the NAND based RO as a power monitor which is more sensitive to voltage fluctuation. A RO network constituting 7 ROs is implemented using the ISCAS'85 c2670 benchmark on several Xilinx Spartan-3E FPGAs. The results demonstrate that the impact of Trojans on the frequency of nearby ROs is noticeably larger for NAND based structure compared to the NOT one, which is helpful in detection of the Trojan.
Keywords: Field programmable gate arrays; Hardware; Logic gates; Ring oscillators; Trojan horses; Hardware Trojan; IC trust; security (ID#: 15-7329)


Chongxi Bao; Forte, D.; Srivastava, A., “Temperature Tracking: Toward Robust Run-Time Detection of Hardware Trojans,” in Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on, vol. 34, no. 10, pp. 1577–1585, Oct. 2015. doi:10.1109/TCAD.2015.2424929
Abstract: The hardware Trojan threat has motivated development of Trojan detection schemes at all stages of the integrated circuit (IC) lifecycle. While the majority of existing schemes focus on ICs at test-time, there are many unique advantages offered by post-deployment/run-time Trojan detection. However, run-time approaches have been underutilized with prior work highlighting the challenges of implementing them with limited hardware resources. In this paper, we propose three innovative low-overhead approaches for run-time Trojan detection which exploit the thermal sensors already available in many modern systems to detect deviations in power/thermal profiles caused by Trojan activation. The first one is a local sensor-based approach that uses information from thermal sensors together with hypothesis testing to make a decision. The second one is a global approach that exploits correlation between sensors and maintains track of the ICs thermal profile using a Kalman filter (KF). The third approach incorporates leakage power into the system dynamic model and apply extended KF (EKF) to track ICs thermal profile. Simulation results using state-of-the-art tools on ten publicly available Trojan benchmarks verify that all three proposed approaches can detect active Trojans quickly and with few false positives. Among three approaches, EKF is flawless in terms of the ten benchmarks tested but would require the most overhead.
Keywords: Kalman filters; invasive software; EKF; IC test-time; KF; Kalman filter; Trojan activation; Trojan detection schemes; extended KF; integrated focus test-time; local sensor-based approach; power profiles; robust run-time detection; temperature tracking; thermal profiles; thermal sensors; Integrated circuit modeling; Power demand; Temperature sensors; Trojan horses; Extended Kalman Filter; Extended Kalman filter (EKF); Hardware Trojan; Kalman Filter; Runtime Detection; Temperature Tracking; hardware Trojan; run-time detection;  (ID#: 15-7330)


Doohwang Chang; Bakkaloglu, B.; Ozev, S., “Enabling Unauthorized RF Transmission Below Noise Floor with No Detectable Impact on Primary Communication Performance,” in VLSI Test Symposium (VTS), 2015 IEEE 33rd, vol., no., pp. 1–4, 27–29 April 2015. doi:10.1109/VTS.2015.7116257
Abstract: With increasing diversity of supply chains from design to delivery, there is an increasing risk of unauthorized changes within an IC. One of the motivations for this type change is to learn important information (such as encryption keys, spreading codes) from the hardware and pass this information to a malicious party through wireless means. In order to evade detection, such unauthorized communication can be hidden within legitimate bursts of transmit signal. In this paper, we present a stealth circuit for unauthorized transmissions which can be hidden within the legitimate signal. A CDMA-based spread spectrum with a CDMA encoder is implemented with a handful of transistors. We show that the unauthorized signal does not alter the circuit performance while being easily detectable by the malicious receiver.
Keywords: code division multiple access; cryptography; encoding; radio receivers; spread spectrum communication; CDMA encoder; CDMA-based spread spectrum; encryption keys; legitimate signal; malicious party; malicious receiver; noise floor; primary communication performance; spreading codes; stealth circuit; unauthorized RF transmission; unauthorized communication; wireless means; Binary phase shift keying; Hardware; Noise; Receivers; Transmitters; Trojan horses (ID#: 15-7331)


Xiaotong Li; Schafer, Benjamin Carrion, “Temperature-Triggered Behavioral IPs HW Trojan Detection Method with FPGAs,” in Field Programmable Logic and Applications (FPL), 2015 25th International Conference on, vol., no., pp. 1–4, 2–4 Sept. 2015. doi:10.1109/FPL.2015.7294009
Abstract: This works targets the detection of temperature triggered HW Trojans, in particular for third party behavioral IPs (3PBIPs) given in ANSI-C. One of the biggest advantages of C-Based VLSI design is its ability to automatically generate architectures with different trade-offs by only setting different synthesis options. This work uses this property to detect temperature-triggered HW Trojan. A complete design flow is presented. It comprises two main phases: (1) In the first phase, a design space explorer generates micro-architectures with different area vs. power trade-offs automatically for the given behavioral IP. (2) The second phase, maps three of these micro-architectures with different power profiles onto a reconfigurable computing board to create a 3-way redundant system. This system combined with a majority voter scheme is used to detect if a HW Trojan is present in the behavioral IP. Having different power profiles implies that each micro-architecture has a different thermal behavior and thus will trigger the HW Trojan at different time intervals. The outputs of the three designs are compared for discrepancies at regular intervals, allowing our method to therefore exactly pinpoint the exact trigger temperature of the HW Trojan. A case study is presented showing the effectiveness of our method.
Keywords: Field programmable gate arrays; Hardware; Temperature measurement; Temperature sensors; Trojan horses (ID#: 15-7332)


Rithesh, M.; Harish, G.; Yellampalli, S., “Detection and Analysis of Hardware Trojan Using Dummy Scan Flip-Flop,” in Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), 2015 International Conference on, vol., no., pp. 439–442, 6–8 May 2015. doi:10.1109/ICSTM.2015.7225457
Abstract: Hardware Trojan is a significant threat to the modern integrated circuits. Hardware Trojan is a modification in the circuit which can alter the functionality of the design. Due to the globalization of the Integrated Circuit manufacturing industry and the desperate use of third party IP in the system has increased the insertion of Hardware Trojan in the circuit day by day. This paper studies and experiments the insertion and detection of hardware Trojan in ISCAS'89 benchmark circuits.
Keywords: flip-flops; integrated logic circuits; invasive software; ISCAS'89 benchmark circuits; dummy scan flip-flop; hardware Trojan analysis; hardware Trojan detection; integrated circuit manufacturing industry; third party IP; Application specific integrated circuits; Hardware; IP networks; Organizations; Radiation detectors; Trojan horses; Application Specific Integrated Circuit (ASIC); Dummy Scan; Flip Flop (DSFF); Graphical Data System II (GDSII); Integrated Circuit (IC); Register Transfer Level (RTL)
(ID#: 15-7333)


Kiran, N.R.; Ritesh, M.; Harish, G.; Yellampalli, S., “Hardware Trojan Self-Detector,” in Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), 2015 International Conference on, vol., no., pp. 428–433,
6–8 May 2015. doi:10.1109/ICSTM.2015.7225455
Abstract: Hardware Trojan is a severe threat to the modern integrated circuits, which is posed by the IP business model and untrusted foundries. In most of the modern SoCs several block are licensed from third party IP vendor where the chances of Trojan insertion is high and Trojan can also be inserted in foundries which are all globalized generally untrusted. In this paper a new self-Trojan detection is proposed which detects the Trojan by analyzing the circuit responses with the golden responses.
Keywords: integrated circuit testing; system-on-chip; IP business model; SoC; Trojan insertion; circuit response; golden response; hardware Trojan self-detector; integrated circuit; self-Trojan detection; third party IP vendor; untrusted foundry; Authentication; Built-in self-test; Circuit faults; Foundries; Hardware; Trojan horses; Automatic test equipment (ATE); Circuit Under Test (CUT); Linear Feedback Shift Register (LFSR); Multiple Input Signature Register (MISR); Output response analyzer (ORA) Self-Test Using MISR/Parallel Shift Register Sequence Generator (STUMPS); Test pattern generator (TPG) (ID#: 15-7334)


Wu, Tony F.; Ganesan, Karthik; Hu, Y. Alexander; Wong, H.-S. Philip; Wong, Simon; Mitra, Subhasish, “TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits,” in Computer-Aided Design of Integrated Circuits and Systems, IEEE Transactions on , vol. 35, no. 4, pp. 521–534, April 2016. doi:10.1109/TCAD.2015.2474373
Abstract: There are increasing concerns about possible malicious modifications of integrated circuits (ICs) used in critical applications. Such attacks are often referred to as hardware Trojans. While many techniques focus on hardware Trojan detection during IC testing, it is still possible for attacks to go undetected. Using a combination of new design techniques and new memory technologies, we present a new approach that detects a wide variety of hardware Trojans during IC testing and also during system operation in the field. Our approach can also prevent a wide variety of attacks during synthesis, place-and-route, and fabrication of ICs. It can be applied to any digital system, and can be tuned for both traditional and split-manufacturing methods. We demonstrate its applicability for both ASICs and FPGAs. Using fabricated test chips with Trojan emulation capabilities and also using simulations, we demonstrate: 1. The area and power costs of our approach can range between 7.4-165% and 7-60%, respectively, depending on the design and the attacks targeted; 2. The speed impact can be minimal (close to 0%); 3. Our approach can detect 99.998% of Trojans (emulated using test chips) that do not require detailed knowledge of the design being attacked; 4. Our approach can prevent 99.98% of specific attacks (simulated) that utilize detailed knowledge of the design being attacked (e.g., through reverse-engineering). 5. Our approach never produces any false positives, i.e., it does not report attacks when the IC operates correctly.
Keywords: Encoding; Hardware; Integrated circuits; Monitoring; Random access memory; Trojan horses; Wires; 3D Integration; Concurrent Error Detection; Hardware Security; Hardware Trojan; Randomized Codes; Reliable Computing; Resistive RAM; Split-manufacturing (ID#: 15-7335)


Voyiatzis, I.; Sgouropoulou, C.; Estathiou, C., “Detecting Untestable Hardware Trojan with Non-Intrusive Concurrent On Line Testing,” in Design & Technology of Integrated Systems in Nanoscale Era (DTIS), 2015 10th International Conference on, vol., no., pp. 1-2, 21–23 April 2015. doi:10.1109/DTIS.2015.7127369
Abstract: Hardware Trojans are an emerging threat that intrudes in the design and manufacturing cycle of the chips and has gained much attention lately due to the severity of the problems it draws to the chip supply chain. Hardware Typically, hardware Trojans are not detected during the usual manufacturing testing due to the fact that they are activated as an effect of a rare event. A class of published HTs are based on the geometrical characteristics of the circuit and claim to be undetectable, in the sense that their activation cannot be detected. In this work we study the effect of continuously monitoring the inputs of the module under test with respect to the detection of HTs possibly inserted in the module, either in the design or the manufacturing stage.
Keywords: integrated circuit testing; microprocessor chips; security; HT; chip supply chain; circuit geometrical characteristics; manufacturing cycle; manufacturing stage; manufacturing testing; nonintrusive concurrent on line testing; untestable hardware trojan; Built-in self-test; Europe; Hardware; Monitoring; Radiation detectors; Trojan horses (ID#: 15-7336)


Bhasin, S.; Regazzoni, F., “A Survey on Hardware Trojan Detection Techniques,” in Circuits and Systems (ISCAS), 2015 IEEE International Symposium on, vol., no., pp. 2021–2024, 24–27 May 2015. doi:10.1109/ISCAS.2015.7169073
Abstract: Hardware Trojans recently emerged as a serious issue for computer systems, especially for those used in critical applications such as medical or military. Trojan proposed so far can affect the reliability of a device in various ways. Proposed effects range from the leakage of secret information to the complete malfunctioning of the device. A crucial point for securing the overall operation of a device is to guarantee the absence of hardware Trojans. In this paper, we survey several techniques for detecting malicious modification of circuit introduced at different phases of the design flow. We also highlight their capabilities limitations in thwarting hardware Trojans.
Keywords: invasive software; hardware Trojan detection techniques; malicious modification detection; secret information leakage; Hardware; Integrated circuits; Integrated optics; Layout; Testing; Trojan horses (ID#: 15-7337)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.