fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 1
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 2
logic testing approaches. Despite their strength, side-channel become high-transition. Using dummy scan flip flops is
analysis methods pose a major drawback, i.e., their another method in logic testing [14]. In this method, the
vulnerability to process variation which causes some kind of activity of internal low-transition nodes is increased by
Trojans, especially smaller ones, to be undetected. Currently, inserting dummy flip flops which are only used in the test
the main challenge in detecting HTs is to address high process mode and do not affect the normal operation of the design.
variation in fabricated chips and offering higher resolution The main drawbacks of logic testing techniques are two
methods, especially in newer technologies in which process folds. Firstly, these methods are only able to detect functional
variation is getting more severe. Trojans. Secondly, the condition under which a Trojan could
In this paper, we propose a method which uses path delay as be fully activated is not known a priori to the designer, and
a side-channel parameter to detect HTs. In this method, latch- the state space of triggering a Trojan could be generally vast.
based structures are created in the circuit, which convert any As a result, the designer could not test all possible conditions
extra delay caused by Trojans into the changes observable in to reveal the malicious activities. Such methods are only
the functionality of the circuit. As we explain later, the new applicable for detection of small Trojan circuits with few
method is capable of addressing process variation and can triggering inputs.
remove its effects considerably. In some cases, the new Because of the issues mentioned, side-channel analysis
technique could be even used in a manner that the designer is approaches have been used extensively. In these methods,
relieved from having golden chips and use the method as a performance parameters of the circuit to be authenticated are
self-reference technique. By employing the proposed method extracted and compared with those obtained from the golden
in parts of a design where available side-channel approaches circuits. Any extra functionality is detected by the footprint of
perform poorly, we can cover hard-to-detect Trojans and the Trojan on circuit performance parameters, such as
improve the applicability of conventional side-channel transient power (IDDT), leakage power (IDDQ) and delay.
approaches. Due to the Trojans impact on circuit performance, detecting
The organization of this paper is as follows. In Section II, such effects is an appropriate way for HT detection purposes.
an overview on previous studies on HT detection is provided. Studies in [15][22] are some of the proposed methods
In Section III, the main concept of our latch-based structure based on path delay. The authors of [15] introduced shadow
and its capabilities to detect hardware Trojans is presented. registers to measure the timing slack of combinational paths in
Section IV discusses the details of the proposed approach and the design and then compare their measurements with those
its implementation. In Section V, simulation results are obtained from golden chips for detection purposes.
reported and performance of the technique is evaluated in Studies in [16][19] take advantage of ring oscillators
terms of HT detection probability and area overhead. A (ROs) to measure the delay. ROs are useful structures for
discussion on advantages, limitations and security analysis of measuring path delay across a chip, which are implemented by
the technique is presented in Section VI. Finally, Section VII creating a logical loop covering a path with odd number of
concludes the paper. inverting stages and measuring the frequency using a counter.
The work in [20], known as clock sweeping, is similar to
II. PREVIOUS WORK [15], but instead of using shadow registers, the frequency of
There are many studies addressing HT detection. These system clock is increased up to a point where the delay faults
studies can be grouped into two categories, namely, logic are observed. Such frequencies for different paths are used as
testing and side-channel analysis. Logic testing methods signatures of the design, and compared with the signatures
suppose that the HT has stealthy nature and is activated under obtained from the golden designs. Since overclocking for low-
rare conditions. Therefore, these methods try to remove such delay paths may have some difficulties, the authors in [21]
conditions by eliminating low activity nodes in various ways. proposed a special structure to provide zero-slack clock cycle
Chakraborty et al. [8] proposed an algorithm, called MERO, to measure the delay of any arbitrary path in the design.
to generate a set of test vectors that increase signal activity of As delay-based HT detection is done more accurately in
a set of given circuit nodes up to a desired threshold point. An shorter paths due to lower process noise, Shekarian et al. in
improvement over MERO was proposed in [9] by selecting a [22] proposed a retiming technique to shorten the long paths
more compact and more effective set of test vectors to cover of the designs and reported higher HT detection probability.
rare conditions. In this study, the authors used genetic Since any extra circuit affects leakage power of a design,
algorithm together with a SAT (satisfiability) technique to some studies have focused on detecting Trojans based on
generate the test vectors. The authors also considered hard-to- consumed leakage power. The work in [23] is one of the
trigger Trojans for which the payload effect cannot be studies that measure the leakage power for special test vectors
propagated to the output, and reduced the state space of rare applied to the chip. As the leakage power due to a Trojan
combinations by excluding this type of Trojans. Studies in circuit could be negligible compared to the total circuit
[10][12] follow a similar idea and base their work on special leakage power, the study in [24] proposed to measure the
test pattern generation. The study in [13] proposed to invert leakage from different power ports individually, instead of a
polarity of logic gates to obtain inverted functionality. Using global measurement, to enhance the resolution of detection.
this method, AND and OR gates act as NAND and NOR IDDT current or transient power is another performance
gates, respectively, (and vice versa) and low-transition states parameter used in malicious circuitry detection [25][27].
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 3
Since transient power of a circuit has direct relation to its Trojan is activated and hence, the set of test vectors required
internal nodes switching activity, a promising way to enhance to apply to the circuit is not known.
the strength of detection is to increase the Trojan circuit As another study in this context, Davoodi et al. [29]
activity or to decrease the main circuit activity. Based on this, presented a method which finds similar sequences in a design
Banga et al. in [25] partition a circuit into different regions and embeds sensors with similar structures as reference
and attempt to investigate each region, individually, for the models. Using this technique, the delay of each path in a
existence of a Trojan. In this study, specific test vectors are fabricated chip could be accurately estimated by measuring
applied to the circuit such that the activity of the region under the sensor delay. Applicability of this method is limited due to
consideration is increased while the activity of other regions is the fact that finding sequences of similar structures is not
kept low. All regions are investigated in this manner. The always possible in a design.
work in [26] follows a different strategy to increase the The study in [30] proposes to use correlation between side-
activity of the regions. This study takes advantage of scan channel signatures to detect infected signatures, called as
chain flip flips (SFFs), and reorders them such that SFFs Outliers. In this approach, test vectors are applied to the
located in the neighborhood of each other are connected circuit and signatures are extracted. Since a given signature
together. This provides the possibility of increasing switching may have correlation with a set of neighboring signatures, it
activity in a local region and keeping the activity of other may be estimated by observing its neighbors. The paper uses
regions as low as possible by feeding appropriate logical this property and compares a measured signature with the
values into the scan chain. The sensitivity of transient power estimated one. If noticeable deviation observed, one can
to Trojan circuits and enhancing detection resolution using deduce the signature is an outlier. To estimate a given
calibration techniques are investigated in [27]. signature, this method requires PV models that should be
The main strength of side-channel-based detection methods provided by the foundry. However, as the foundry is assumed
lies in the fact that every Trojan has effects on circuit to be untrusted, one cannot rely on the provided PV models.
performance, and detecting such effects would indicate The study in [31] uses simulation to extract performance
existence of unwanted circuits, regardless of the type of parameters instead of obtaining golden chips. Since one
Trojan (functional or parametric). However, there are two cannot rely on simulation statistics as they use inaccurate
main drawbacks that limit the effectiveness of these models and variation affects the parameters, the authors
approaches. First of all, performance parameters of fabricated proposed to use PCM (Process Control Monitor)
chips are strongly affected by process variations and measurements to tune the simulation models and remove
measurement noise. Process, Voltage and Temperature (PVT) discrepancy between simulation statistics and real ones. This
variations result in the performance parameters to be expanded method has some limitations. First of all, PCMs may not
in a wide range. Thus, the shift in golden chip parameters always be available in the designs. Secondly, they are
range due to Trojan could be negligible, especially for small themselves subject to attack and the foundry may fabricate
Trojan circuits. Therefore, distinguishing Trojan effects may them in a way that distracts the simulation parameters. Finally,
not be simply feasible, especially in newer technologies with the method can only obtain golden parameters and does not
higher variation effects. Despite different techniques used for address process variation. Therefore, the problem of detecting
removing variation effects, such as local measurement and small Trojans is still a challenging problem.
calibration techniques, this problem is still posing itself as a In this paper, we propose a mechanism which uses path
main barrier against obtaining accurate detection. delays for detecting HTs. The new method attempts to remove
Another challenge relates to the availability of golden chips the Trojan hiding effects of process variation as much as
to use their performance parameters as reference models. possible to enhance the resolution of detection. The new
Providing golden models requires comprehensive testing and method can also be implemented in a manner that increases
measurements on a set of test chips which may be the risk of concealing the HT by the attacker which makes this
accompanied by de-layering those chips to insure that they are technique independent of golden models in some scenarios.
free of Trojans and the measured parameters are valid. Such
comprehensive evaluation may be very time-consuming and III. LATCH-BASED STRUCTURE: BASIC CONCEPT
requires considerable cost and effort. By far, some methods The basic idea of using latch-based structures is to embed
have been proposed to address this challenge. Narasimhan et simple latches in the circuit to compare relative delays of two
al. [28] assumed that the Trojan is a sequential circuit that is given paths. The reason behind using latch elements lies in the
activated when its flip flop states reaches a special pattern. At dependency of their logical outputs to the delay of their
this point, the Trojan circuit would consume some extra elements. To clarify the matter, consider simple SR NAND
transient power which was not present before. Based on this, latch shown in Fig. 1 in which a common signal Test drives S
the paper proposed to measure transient power of the circuit at and R inputs. When Test=0, then Y1Y2=11. By applying a low-
different time slices and compare them to see if any to-high transition on Test, both outputs, i.e., Y1 and Y2, go
considerable deviation is observed. Although this study is a towards changing their value from 1 to 0. Since the gates in
self-referencing method (does not rely on external reference the latch may have different propagation delays, one of the
values), it has serious problems. First, it is only applicable to outputs may change its value sooner than the other, which
sequential Trojans. Secondly, the condition under which a causes the slower gate to keep its logical value. This means
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 4
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 5
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 6
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 7
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 8
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 9
TABLE I
HDP RESULTS FOR A SET OF TARGET PATHS
CO = 0 ps CO = 10 ps CO = 20 ps CO = 30 ps
Benchmark Path# FP 2G 1G FP 2G 1G FP 2G 1G FP 2G 1G
#1 82% - - 34% - - 0% 100% 10% 0% 100% 100%
#2 62% - - 0% 98% 76% 0% 84% 66% 0% 74% 0%
s1423 #3 0% 100% 2% 8% 100% 100% 0% 100% 100% - - -
#4 100% - - 100% - - 0% 100% 62% 0% 0% 0%
#5 2% 100% 100% - - - - - - - - -
#1 100% - - 0% 0% 0% 0% 0% 0% 0% 100% 98%
#2 24% - - 10% 100% 100% 0% 100% 100% - - -
s5378 #3 0% 0% 0% 6% 100% 22% 0% 100% 54% 0% 0% 0%
#4 64% - - 90% - - 0% 100% 100% - - -
#5 0% 100% 0% 0% 58% 0% 0% 84% 52% 0% 24% 0%
#1 2% 100% 100% - - - - - - - - -
#2 72% - - 0% 100% 72% 0% 100% 0% 0% 8% 0%
s9234 #3 22% - - 0% 100% 34% 0% 0% 0% 0% 100% 32%
#4 0% 100% 100% - - - - - - - - -
#5 28% - - 16% - - 0% 100% 66% 0% 4% -
TABLE II
HDP OF SOME TARGET PATHS FOR EXTENDED CO VALUES
CO = -10 ps CO = -5 ps CO = 5 ps CO = 15 ps CO = 25 ps
Benchmark Path# FP 2G 1G FP 2G 1G FP 2G 1G FP 2G 1G FP 2G 1G
#3 38% - - 0% 100% 2% 0% 0% 0% 0% 100% 46% 0% 100% 100%
s5378
#5 54% - - 0% 100% 0% 0% 58% 0% 0% 78% 10% 0% 0% 0%
#2 100% - - 0% 100% 100% - - - - - - - - -
s9234
#3 0% 100% 20% 0% 0% 0% 0% 0% 0% 0% 100% 96% 0% 14% 0%
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 10
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 11
TABLE IV
AREA OVERHEAD RESULTS FOR SOME BENCHMARKS
P = 0.0001 P = 0.001
Benchmark
# of nodes # of paths Covered nodes (%) Overhead (%) # nodes # paths Covered nodes (%) Overhead (%)
s1423 0 0 0 0% 1 1 0.6% 1.1%
s1488 5 4 3% 8.3% 19 14 10.7% 29.1%
s5378 23 16 3.9% 8.7% 241 121 42.8% 60.6%
s9234 32 22 8.2% 13.3% 54 28 12.4% 17.9%
s15850 96 52 6.8% 9.3% 502 240 30.2% 42.8%
s13207 63 40 6.2% 7% 303 133 25.2% 23.3%
s38417 53 26 1% 1.6% 342 185 6.8% 11.4%
TABLE V
limited. Experimental results revealed that many of the target PATH LENGTH VS. DETECTION RESOLUTION FOR
paths contain only one or two target nodes. This issue is DIFFERENT NUMBER OF STAGES
caused by the netlist structure in which no or few No. of
combinational paths exist among target nodes. Therefore, the 4 7 10 13
stages
number of target paths is comparable to the number of Average
sensitive nodes. This issue is clear from the results reported in 98% 96% 78% 66%
HDP
Table IV.
A promising way to address this problem can be to bypass Clearly, considering 13 stages as the limit on the target path
flip flops in the test mode and to form target paths containing length results in fewer target paths, and incurs lower area
many target nodes which had been separated by the flip flops. overhead compared to when 7-stage length is used as the
In this way, the number of target paths is considerably threshold value. This is achieved at the cost of lower HDP
reduced. Of course, this strategy requires additional based on the data reported in Table V. This instructs the
multiplexers to separate the two operating modes of the designers to choose an appropriate target path length
circuit, and the overhead of these multiplexers must be taken according to their desirable HDP and area overhead
into account. constraints dictated by the design goals.
We should constrain the length of long target paths created E. CAD flow and run time analysis
by this technique. This constraint is applied for two reasons.
The required steps to implement the proposed technique are
The first one is that longer target paths are more affected by
shown in the flow chart depicted in Fig. 9. The input to the
the process variation which adversely affects the detection
flow chart are some parameters that should be provided by the
resolution. The second reason is that finding reference paths
designer. These parameters are defined in Table VIII.
for very long target paths may not always be possible.
According to the flow, target nodes are recognized and then
To study the efficiency of the bypassing technique, some
are clustered into disjoint regions. In each region, target paths
experiments were conducted and the results are shown in
are established by the target nodes, and then are added to the
Tables V and VI. A set of experiments were done to
list TP_LST. For each target path in the list, different reference
investigate the effects of path length on HT detection
paths may be tested and the one with acceptable HDP result is
resolution. In these experiments for which the results are
selected to configure a latch structure.
shown in Table V, we considered four different path lengths
Based on the presented flow, a possible concern may arise
and HDP values are reported. As expected, when the target
regarding the time required to configure a circuit by the
path length increases (i.e., more target paths are concatenated
proposed structure. The whole time required to create latch-
together) lower HDP values are achieved. In contrast, longer
based structures depends on the number of target paths that
paths incur lower area overhead due to fewer paths. Therefore,
should be covered as well as the size of the circuit. Larger
the designer should consider a trade-off between the area and
circuits have more candidate reference paths, and thus it takes
the desirable HT detection accuracy.
more time to choose an appropriate reference path. Table VII
A second set of experiments were performed to investigate
reports the time spent by our automated flow for some of the
the overhead reduction of the bypassing scheme. Table VI
benchmarks. The results are based on the set of target paths
shows the area overhead for different benchmarks when
achieved for the activity threshold P=0.0001.
employing bypassing strategy. For each benchmark in the
The run time for large circuits may be tolerated since the
table, the results of experiments are reported for two activity
technique is implemented at the design-time. Moreover, the
thresholds and two different lengths of target paths. In each
designer can speed up the flow by limiting the number of
experiment, the first column represents the number of target
reference paths to be tested for a given target path at the cost
paths, the second column represents the number of
of area overhead.
multiplexers used for bypassing the flip flops, and finally, the
third column represents the resulting area overhead.
VI. ADVANTAGES, LIMITATIONS AND SECURITY ANALYSIS
Compared to Table IV, we achieved a significant reduction
in the area overhead (between 30% and 60% improvement). The proposed detection structure has many advantages over
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 12
TABLE VI
AREA OVERHEAD RESULTS FOR THE TECHNIQUE OF BYPASSING FLIP FLOPS
P = 0.0001 P = 0.001
Benchmark 7 stages 13 stages 7 stages 13 stages
# of # of Overhead # of # of Overhead # of # of Overhead # of # of Overhead
paths MUXs (%) paths MUXs (%) paths MUXs (%) paths MUXs (%)
s1423 0 0 0% 0 0 0% 1 0 1.1% 1 0 1.1%
s1488 2 2 5.2% 1 3 3.7% 7 7 18.3% 5 10 15.8%
s5378 6 10 4.3% 4 12 3.5% 60 65 38.5% 34 67 28.3%
s9234 9 13 7.9% 5 17 6% 15 14 11.9% 8 20 8.4%
s15850 28 25 6.1% 16 37 4.5% 119 132 27.3% 66 174 19.8%
s13207 22 18 4.6% 12 28 3.3% 82 60 17.1% 44 90 11.8%
s38417 16 10 1.1% 9 17 0.8% 107 85 7.9% 58 127 5.6%
TABLE VII
AUTOMATED FLOW RUN TIME
Bench. s1488 s5378 s9234 s15850 s13207 s38417
Run
time 12 80 84 447 680 940
(minute)
TABLE VIII
PARAMETER DEFINITION FOR THE CAD FLOW
Parameter Definition
P Threshold value for the activity of the target nodes
S Region size to cluster the target nodes
L Maximum length for the target paths
MHDP Minimum desirable HDP
Trojan size (in terms of delay) for which the MHDP
D
is desirable
CO_LST List of CO values to be tested
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 13
Obviously, testing the delay of a part of a path is not possible seeking for. Achieving higher HDP requires selecting the best
using frequency testing, and requires adding extra flip flops, compensation offset among a larger set of options, which in
which results in timing problems. Considering only a part of a turn prolongs the design time. Of course, the results reported
path for delay comparison can be a promising way for further in Section V-B for the target paths show that the set of options
decreasing variation effects of long paths. is not very large, and good candidates can be selected by
As another advantage, we can point out the use of available testing few offset values.
circuit structures for delay measurement. In our method, delay
comparison is done by embedding latch-based structures. VII. CONCLUSION AND FUTURE WORKS
Since logical gates used in these structures are part of the main A delay-based HT detection technique was proposed in
circuit, an attacker may not simply manipulate or remove which the delay of a Trojan-susceptible path is compared with
them, as it may change the delay of the paths or functionality the delay of other paths of the design by embedding latches at
of the circuit. This issue helps to remove some of vulnerable the end of the two paths. These latches indicate the existence
points in the design. Consider, for example, RO-based of Trojans by converting any extra delay to the changes in the
detection methods. In RO structures, the path delays are functionality of the circuit. Using the delay of in-circuit paths
measured using embedded counters. Although these counters as golden reference models can make this technique a golden
are in-circuit elements, since they play no role in the main chip-free approach. The erroneous effects of die-to-die,
functionality of the design, an attacker may alter or bypass systematic within-die and environmental variations are
them in the test mode to conceal his/her Trojan side-effects. considerably removed by selecting near target and reference
As an example, the work in [39] shows a successful attempt to paths on a die. Security analysis of the technique indicates that
embed a Trojan circuit in a design equipped with RO the method can achieve high detection resolution. The
structures. proposed method can be used together with other side-channel
One possible attack to our technique is to embed a Trojan in approaches to improve their detection probability by covering
a target path and neutralizing the extra delay by increasing the parts of a design wherein inserted Trojans are hard-to-detect
delay in the corresponding reference path. We should note that by available approaches.
this kind of attack is risky for the attackers since they have to As future works, layout-level techniques can be considered
double their Trojans side effects. Moreover, the designers can to tune the delay differences in finer granularity, hence
make this attack more risky by using subsequent latching achieving higher Trojan detection accuracy.
scheme. Consider, for example, that a target path T1 forms a
latch with a peer reference path R1. R1 can also form a latch REFERENCES
with another reference path R2, and this trend can be [1] F. Koushanfar, Provably secure active IC metering techniques for
continued. Given this structure, thwarting the Trojan in the piracy avoidance and digital right management, IEEE Transactions
path T1 needs adding extra delay to the path R1, which in turn, on Information Forensics And Security, vol. 7, Issue 1, pp. 51-63,
necessitates adding more delay to the path R2 and all other 2012.
[2] Defense Science Board (DSB) Study on High Performance Microchip
reference paths. Another way to conceal the Trojan effects is Supply[Online].Available:http://www.dtic.mil/docs/citations/ADA43
to reduce the delay of the target path. In this case, the 5563.
adversary has to replace the original standard cells with the [3] J. Roy, F. Koushanfar and I. L. Markov, Ending piracy of integrated
circuits, IEEE Transactions on Computer, vol. 43, Issue 10, pp. 30-
ones that have wider transistors and higher driving strength 38, 2010.
which results in more power consumption. Moreover, the [4] M. Tehranipoor and C. Wang, Introduction to Hardware Security
position in the layout wherein the target path is located may be and Trust, Springer, 2012.
[5] M. Tehranipoor, H. Salmani and X. Zhang, Integrated Circuit
fully occupied with other cells and the attacker may need to Authentication, Springer, 2014.
make room to place wider cells. This is too difficult as it may [6] M. Tehranipoor and F. Koushanfar, A survey of hardware trojan
require to move many of the standard cells in the nearby to taxonomy and detection, IEEE Design & Test of Computers, vol. 27,
Issue 1, pp. 10-25, 2010.
make enough room which may also change the routing of [7] S. Bhunia, M. Abramovici, D. Agrawal, P. Bradley, M. S. Hsiao, J.
some interconnections. This issue can considerably affect the Plusquellic and M. Tehranipoor, Protection against hardware trojan
background effects and increase Trojan-to-circuit ratio which attacks: towards a comprehensive solution, IEEE Design & Test,
vol. 30, Issue 3, pp. 6-17, 2013.
is not desirable for an adversary. [8] R. S. Chakraborty, F. Wolff, S. Paul, C. Papachristou and S. Bhunia,
As a drawback for the proposed method, we can point out MERO: a statistical approach for hardware trojan detection, in
the area overhead of the design. Since embedding latch-based Proc. CHES, 2009, pp. 396-410.
structures requires adding extra elements, if large number of [9] S. Saha, R. S. Chakraborty, S. S. Nuthakki, Anshul and D.
Mukhopadhyay, Improved test pattern generation for hardware
design paths are to be covered, the area overhead would be trojan detection using genetic algorithm and boolean satisfiability, in
high. This issue prevents the technique to be used to cover all Proc. CHES, 2015, pp. 577-596.
parts of a design. As a result, according to the overhead [10] S. Jha and S.K. Jha, Randomization based probabilistic approach to
detect trojan circuits, in Proc. HASE, 2008, pp. 117-124.
constraints dictated by the designer, latches can be augmented [11] F. Wolff, C. Papachristou, S. Bhunia and R. S. Chakraborty,
only in highly critical parts of a design. Towards trojan-free trusted ICs: problem analysis and detection
The other issue is the iterative process required to tune the scheme, in Proc. DATE, 2008, pp. 1362-1365.
[12] R. S. Chakraborty, S. Paul and S. Bhunia, On-demand transparency
delay of target and reference paths. The number of iterations for improving hardware trojan detectability, in Proc. HOST, 2008,
depends on the accuracy of detection which the designer is pp. 48-50.
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TC.2016.2576444, IEEE
Transactions on Computers
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < 14
[13] M. Banga and M. S. Hsiao, VITAMIN: voltage inversion technique [35] J. Plusquellic, D. Acharyya and K. Agarwal, Measuring within-die
to ascertain malicious insertions in ICs, in Proc. HOST, 2009, pp. spatial variation profile through power supply current measurements,
104-107. in Proc. ISQED, 2011, pp. 1-5.
[14] H. Salmani, M. Tehranipoor and J. Plusquellic, A novel technique [36] N. Drego, A. Chandrakasan and D. Boning, All-digital circuits for
for improving hardware trojan detection and reducing trojan measurement of spatial variation in digital circuits, IEEE Journal of
activation time, IEEE Transactions on Very Large Scale Integration, Solid-State Circuits, vol. 45, Issue. 3, pp. 640-651, 2010.
vol. 20, Issue 1, pp. 112-125, 2012. [37] S. Realov and K. L. Shepard, On-chip combined C-V/I-V
[15] J. Li and J. Lach, At-speed delay characterization for IC characterization system in 45-nm cmos technology, IEEE Journal of
authentication and trojan horse detection, in Proc. HOST, 2008, pp. Solid-State Circuits, vol. 48, Issue. 3, pp. 814-826, 2013.
8-14. [38] S. R. Sarangi, B. Greskamp, R. Teodorescu, J. Nakano, A. Tiwari and
[16] X. Wang, M. Tehranipoor and R. Datta, Path-RO: a novel on-chip J. Torrellas, VARIUS: a model of process variation and resulting
critical path delay measurement under process variations, in Proc. timing errors for microarchitects, IEEE Transactions on
ICCAD, 2008, pp. 640-646. Semiconductor Manufacturing, vol. 21, Issue 1, pp. 3-13, 2008.
[17] X. Zhang and M. Tehranipoor, RON: an on-chip ring oscillator [39] X. Zhang, N. Tuzzio and M. Tehranipoor, Red team: design of
network for hardware trojan detection, in Proc. DATE, 2011, pp. 1- intelligent hardware trojans with known defense schemes, in Proc.
6. ICCD, 2011, pp. 309-312.
[18] J. Rajendran, V. Jyothi, O. Sinanoglu and R. Karri, Design and
analysis of ring oscillator based design-for-trust technique, in Proc.
VTS, 2011, pp. 105-110.
[19] A. Ferraiuolo, X. Zhang and M. Tehranipoor, Experimental analysis
of a ring oscillator network for hardware trojan detection in a 90nm G. Zarrinchian is a Ph.D. student at the
ASIC, in Proc. ICCAD, 2012, pp. 37-42. department of Computer Engineering and
[20] K. Xiao, X. Zhang and M. Tehranipoor, A clock sweeping technique
Information Technology of Amirkabir
for detecting hardware trojans impacting circuits delay, IEEE Design
& Test, vol. 30, Issue 2, pp. 26-34, 2013. University of Technology. His research
[21] A. Nejat, S. M. H. Shekarian and M. Saheb Zamani, A study on the interests include hardware security and
efficiency of hardware trojan detection based on path-delay digital system design.
fingerprinting, Microprocessors and Microsystems, vol. 38, Issue 3,
pp. 246-252, 2014.
[22] S. M. H. Shekarian and M. Saheb Zamani, Improving hardware
trojan detection by retiming, Microprocessors and Microsystems,
vol. 39, Issue 3, pp. 145-156, 2015.
[23] M. Potkonjak, A. Nahapetian, M. Nelson and T. Massey, Hardware M. Saheb Zamani received his B.Sc.
trojan horse detection using gate-level characterization, in Proc.
DAC, 2009, pp. 688-693. degree in Computer Engineering from
[24] J. Aarestad, D. Acharyya, R. Rad and J. Plusquellic, Detecting Isfahan University of Technology in 1989,
trojans though leakage current analysis using multiple supply pad and the M.Eng.Sc. and Ph.D. degrees in
IDDQs, IEEE Transactions on Information Forensics and Security, Computer Engineering from the
vol. 5, Issue 4, pp. 893-904, 2010.
[25] M. Banga and M. S. Hsiao, A region based approach for the University of New South Wales, Australia
identification of hardware trojans, in Proc. HOST, 2008, pp. 40-47. in 1992 and 1996, respectively. He joined
[26] H. Salmani and M. Tehranipoor, Layout-aware switching activity Amirkabir University of Technology in 1996 and He is now
localization to enhance hardware trojan detection, IEEE an associate professor at the department of Computer
Transactions On Information Forensics And Security, vol. 7, Issue 1,
pp. 76-87, 2012. Engineering and IT. His research interests are hardware
[27] R. Rad, J. Plusquellic and M. Tehranipoor, A sensitivity analysis of security and trust, quantum computing, electronic design
power signal methods for detecting hardware trojans under real automation, and biological design automation.
process and environmental conditions, IEEE Transactions on Very
Large Scale Integration Systems, vol. 18, Issue 12, pp. 1735-1744,
2010.
[28] S. Narasimhan, X. Wang, D. Du, R. S. Chakraborty and S. Bhunia,
TeSR: a robust temporal self-referencing approach for hardware
trojan detection, in Proc. HOST, 2011, pp. 71-74.
[29] A. Davoodi, M. Li and M. Tehranipoor, A sensor-assisted self-
authentication framework for hardware trojan detection, IEEE
Design & Test, vol. 30, Issue 5, pp. 74-82, 2013.
[30] J. Zhang, H, Yu and Qiang Xu, HTOutlier: hardware trojan detection
with side-channel signature outlier identification, in Proc. HOST,
2012, pp. 55-58.
[31] Y. Liu, K. Huang and Y. Makris, Hardware trojan detection through
golden chip-free statistical side-channel fingerprinting, in Proc.
DAC, 2014, pp. 1-6.
[32] Y. Su, J. Holleman and B. P. Otis, A digital 1.6 pj/bit chip
identification circuit using process variations, IEEE Journal of Solid-
State Circuits, vol. 43, Issue 1, pp. 69-77, 2007.
[33] L. Cheng, P. Gupta, C. J. Spanos, K. Qian and L. He, Physically
justifiable die-level modeling of spatial variation in view of
systematic across wafer variability, IEEE Transactions on
Computer-Aided Design of Integrated Circuits and Systems, vol. 30,
Issue 3, pp. 388-401, 2011.
[34] L. T. Pang, K. Qian, C. J. Spanos and B. Nikolic, Measurement and
analysis of variability in 45 nm strained-si cmos technology, IEEE
Journal of Solid-State Circuits, vol. 44, Issue. 8, pp. 2233-2243, 2009.
0018-9340 (c) 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.