Temperature-variation-based hardware frequency can be expressed as: f = C/Tf.

Due to the linear relationship

Trojan detection through ring oscillator
Jingxin Zhong, Jianye Wang and Hao Ding
Hardware Trojan (HT) insertions have emerged as a major security
concern for integrated circuits. HT can cause undesired change in func-
tional behaviour, while it also changes the temperature characteristic of
the chip. A temperature variation-based HT detection technique
through ring oscillator is proposed. Ring-oscillator is a thermally sen-
sitive digital oscillator, and the number of oscillations that the counter
counts varies with temperature. It is shown that the ring oscillators
count in a chip with HT insertion in a xed duration drops faster.
With this count, statistical analysis nds that the deviation between
the maximum and minimum value in a chip without HT insertion is
approximate to another, while HT insertion will cause the deviation
value extend. Then, we present a Trojan detection approach using
ring oscillators count analysis. Experimental results show that the pro-
posed approach achieves more effective and easier for Trojan detec-
tion. Moreover, the proposed detection approach can be used to
detect different HT insertion in different place on the chips.
between f and C, in this Letter we use C to take the place of f.
When the ICs start working, the operation temperature will rise up
and stabilise in a few minutes. As a result, the ROs oscillation frequency
will drop correspondingly. If HT is inserted into testing ICs, operation
temperature will rise quickly and the oscillation frequency will drop
quickly than the ICs without HT. Fig. 2 shows a ve-stage ROs oscil-
lation cycle count variations following time change on Alter Cyclone III
EP3C16F484 FPGA chip (DE0 platform), with environment tempera-
ture T = 15C, Tf = 8.192 s, and testing time Ttest = 3 min. The black
rhomb represents the RO without HT, and the red star represents the
RO with HT nearby. A 32 bit shift register is used as HT, which is
driven by 200 MHz clock signal. As Fig. 2 shows, the deviation value
(D-value) between the maximum oscillation cycle count (Cmax) and
the minimum (Cmin) increases from 32 to 37 when HT inserted into
the chip.
Cmax
3790 Cmax'
3780

oscillation cycle count

Introduction: Hardware Trojans (HTs) are malicious alterations or D-value = 32

insertions of extra circuitry to integrated circuits (ICs) for malicious 3770

D-value' = 37
using, such as obstruct a system or intercept its condentiality. HT
can hardly be detected for several reasons: (i) with the rapid develop- 3760
ment of microelectronics and nanoelectronics, HT will take smaller Cmin
area in the ICs; (ii) adversary will hide a HT in ICs where we hardly chip without HT

nd out; (iii) HT always be activated under rare conditions; and (iv) 3750 chip with HT
Cmin'
most of the ICs have not reserved the detection design in it, so the detec- 0 20 40 60 80 100 120 140 160 180
tion approach is always complex. time, s
At present, HT detection approaches proposed by academia do not
have unied taxonomy to classify. There are some common approaches Fig. 2 ROs oscillation cycle count on EP3C16F484 FPGA
for HT detection, such as logic testing, design for test, side-channel
analysis, reverse engineering and so on [1]. Design for test is to insert Due to the random manufacturing deviation, oscillation cycle count of
extra testing circuits in ICs for HT detection. These testing circuits ROs set in same area of different chips are different from each other even
only work at testing phase and make HT detection easily. under same working condition. Histogram obtained from testing ve-
Side-channel analysis is an effective approach for HT detection stage ROs on ten FPGAs without HT is shown in Fig. 3, which is
through analysis of ICs physical parameters such as voltage, current, tested in the same condition (T = 15C, Tf = 8.192 s, and Ttest =
temperature and electromagnetic. Temperature is widely used for asses- 3 min). Fig. 3 shows the difference of oscillation cycle count between
sing the performance of circuits. For example, Wang and Geiger [2] different chips. It is hard to distinguish whether the differences are
used temperature to assess the performance of circuits with undesired caused by HT or random manufacturing deviation. The D-value in the
equilibrium states. same chip is approximately equal to another, but it will change dramati-
Zhang and Tehranipoor [3] used a design for test structure called ring cally when HT is inserted. So, the D-value between Cmax and Cmin on
oscillator network (RON) to collect the information of support voltage ROs can be used to estimate if there is a HT in testing chip.
variations caused by HT. Ring oscillator is sensitive to thermal variations
inside ICs. Boemo and Lpez-Buedo [4] have demonstrated that ring 4000
oscillators (ROs) oscillation frequency drops following the temperature D-value
3950 30
rise. Temperature impact on ROs frequency is illustrated in Fig. 1, which Cmin

is respectively centred at different frequencies assigned with different 3900 30

31
oscillation cycle count

types of FPGA interconnect. In this Letter, we use RON as the monitors 3850
to collect the information about thermal variations caused by HT. 32
3800 30
30
32
30
3750 33 30
24
s1 27 kHz/ C 3700
22 s2 54 kHz/ C
s3 50 kHz/ C 3650
20
3600
output frequency, MHz

18 1 2 3 4 5 6 7 8 9 10
chip number
16

14 Fig. 3 ROs oscillation cycle counts on ten EP3C16F484 FPGA chips

without HT
12

10 Experimental setup: During the experiment phase, ten EP3C16F484

8
FPGA chips are used for test. Fig. 4a shows 16 ve-stage ROs distrib-
uted across the entire chip consist the RON structure. Data encryption
6
10 20 30 40 50 60 70 80 90 100 110
standard (DES) module is used to simulate the process and background
temperature, C
noise. Two shift registers are used to replace HT, of which T1 is a 32 bit
shift register and T2 is a 64 bit shift register. T1 and T2 are driven by
200 MHz clock signal and separately placed in A, B and C. The control-
Fig. 1 Linear relationship between frequency and temperature on three
ROs [4]
ler in the chip controls the counting time (Tf = 8.192 s and Ttest = 3 min)
and transmits the count data to the upper computer. In order to minimise
the environment noise and temperature effect, as shown in Fig. 4b, a
Methodology: Normally, a counter will be used to calculate the RO thermostat is used to make sure the environment temperature stabilises
oscillation cycle count C in a xed duration (Tf ), so the oscillation in 15C.

ELECTRONICS LETTERS 21st July 2016 Vol. 52 No. 15 pp. 13021304

 It has been known in [3] that HT has great impact on RO which is
RO1 RO2 RO3 RO4 close to it. So, the data from RO1 and RO11 would be obtained for
A HT detection. Fig. 5 shows the chip quantity distribution about oscil-
B
lation cycle count D-value. Figs. 5a and b show the D-value about
RO5 RO6 RO7 RO8
RO1 and RO11 from HT free chips, Fig. 5c shows the comparison
between RO1 and RO11 from HT free chips. Figs. 5d and e shows
DES module the D-value about the chips which with T2 separately placed in A and
RO9 RO10 RO11 RO12
B. Fig. 5f shows the comparison between T2-inserted chips and
HT-free chips on RO1. Figs. 5g and h show the D-value about the
C
chips which with T1 and T2 separately placed in C. Fig. 5i shows the
RO13 RO14 RO15 RO16 comparison between HT-inserted chips and HT-free chips on RO11. It
controller
RO_
is observed from Fig. 5f that the HT placed in A has greater impact
counter
on chips than which does in B. So more closely the HT near the
a b testing RO, more effectively HT detection will be, and it is also demon-
strated the RON structure, of which ROs distribute across the entire chip,
Fig. 4 Experimental setup on chip and testing environment is very effective on HT detection. Moreover, it is also observed from
a RON and DES module layout after placement Fig. 5i that the T2 has greater impact on chips than T1, so HT which
b EP3C16F484 FPGA chips be tested in thermostat occupied more area will make HT detection easier.
In Fig. 5a, the average D-value is 30.8 in HT-free chips. If the
Table 1 shows the area occupied by DES module and RON structure threshold value (the judgment about if there is a HT insertion) is set
on EP3C16F484 FPGA. The RON structure occupied only 1.51% area as the average D-value from HT-free chips, the HT detection rate is
overhead which only works in testing phase, thus it has little impact on 100%, because the D-value of all chips with T2 exceed 30.8 observed
the original design. by Fig. 5f. In Fig. 5b, the average D-value in HT-free chips is 30.6,
and from Fig. 5i we nd that the D-value of all chips with HT exceed
Table 1: Estimation of area occupied by DES module and RON 30.6, so the HT detection rate is 100%. However there is a problem in
structure in terms of logic element quantity on this criterion, because some HT-free chips D-value exceed the
EP3C16F484 FPGA threshold value, and this phenomenon will bring false judgment to
HT detection. As shown in Fig. 5f, the false-alarm probability on HT
Module Logic elements Total elements Proportion (%) free chips is 40%, if the threshold is 32, the detection rate will be
DES 1088 15 408 7.06 decreased to 90% for chips with T2 in place B, but the false-alarm prob-
RON 223 15 408 1.51 ability is decreased to 10%. So, how to decrease the false-alarm prob-
ability is very important and will be researched in future.
Results and analysis: During the experiment phase, ten chips with or
without T1 or T2 were tested. All testing chips were placed in the ther- Conclusion: HT insertion will bring extra thermal to chips, causing per-
mostat at least 1h before test to make sure their temperature was same as formances variation on the chips. A simple approach for HT detection
the testing environment. The next data collection should be started after based on oscillation cycle count D-value which is one of the perform-
1h for the testing chips heat dissipation. ances on the chips is discussed. Ten EP3C16F484 FPGA chips with
or without HT insertion inside are used to verify the proposed approach.
6 6
Experimental results show that the proposed detection approach can be
6
RO1 RO11 HT-free chips
RO1
extremely eective for small scale Trojans with small number of trigger
HT-free chips HT-free chips
chip quality
chip quality

4
4
points, for which side-channel analysis approaches cannot work reliably.
chip quality

4 average = 30.8 average = 30.6 RO11

2 2 2 Hence, the proposed detection approach can be used as complementary

to side-channel analysis-based detection schemes. Now, this approach
0 0 0
28 30 32 34 36 38 28 30 32 34 36 38 28 30 32 34 36 38 has a defect about high false-alarm probability. As a result, one of the
D-value D-value
D-value
future works is to decrease the false-alarm probability or search a
a b c
6 6 6
more effective criterion in identifying HT insertion for this approach.
RO1 RO1 HT-free chips
T2 in place A T2 in place B T2 in place A
chip quality
chip quality

chip quality

4 average = 36 4 average = 34.2 4 T2 in place B

The Institution of Engineering and Technology 2016
2 2 2 Submitted: 26 April 2016 E-rst: 22 June 2016
0 0 0
doi: 10.1049/el.2016.1411
28 30 32 34 36 38 28 30 32 34 36 38 28 30 32 34 36 38
D-value D-value D-value
One or more of the Figures in this Letter are available in colour online.
d e f Jingxin Zhong, Jianye Wang and Hao Ding (Academy of air-defense
6 6 6
RO11
T1 in place C
RO11
T2 in place C
HT-free chips and anti-missle, Air Force Engineering University, Xian, Shaanxi
T1 in place C
Province, Peoples Republic of China)
chip quality

chip quality

chip quality

4 average = 33.6 4 average = 33.9 4 T1 in place C

2 2 2
30.6
E-mail: zhjx_08@163.com
0
28 30 32 34 36 38
0
28 30 32 34 36 38
0
28 30 32 34 36 38 References
D-value D-value D-value
g h i 1 Krieg, C., Dabrowski, A., and Hobel, H.: Hardware malware (Morgan
& Claypool, Florida, USA, 2013)
Fig. 5 D-value distribution of ten chips with or without HT 2 Wang, Q., and Geiger, R.L.: Temperature signatures for performance
a RO1s D-value distribution on HT-free chips
assessment of circuits with undesired equilibrium states, Electron.
b RO11s D-value distribution on HT-free chips Lett., 2015, 51, (22), pp. 17561758
c D-value comparison between RO1 and RO11 on HT-free chips 3 Zhang, X.H., and Tehranipoor, M.: RON: an on-chip ring oscillator
d RO1s D-value distribution on chips with T2 in place A network for hardware Trojan detection. Design, Automation and Test
e RO1s D-value distribution on chips with T2 in place B in Europe Conf., Grenoble, France, March 2011, pp. 16381643
f RO1s D-value distribution comparison between chips with or without HT 4 Boemo, E., and Lpez-Buedo, S.: Thermal monitoring on FPGAs using
g RO11s D-value distribution on chips with T1 in place C ring-oscillators, Lect. Notes Comput. Sci., 1997, 1304, (1), pp. 6978
h RO11s D-value distribution on chips with T2 in place C
i RO11s D-value distribution comparison between chips with or without HT

ELECTRONICS LETTERS 21st July 2016 Vol. 52 No. 15 pp. 13021304