Christos A. Papachristou

MERO: A Statistical Approach for Hardware Trojan Detection

In order to ensure trusted in---field operation of integrated circuits, it is important to develop efficient low---cost techniques to detect malicious tampering (also referred to as Hardware Trojan ) that causes undesired change in functional behavior. Conventional post--- manufacturing testing, test generation algorithms and test coverage metrics cannot be readily extended to hardware Trojan detection. In this paper, we propose a test pattern generation technique based on multiple excitation of rare logic conditions at internal nodes. Such a statistical approach maximizes the probability of inserted Trojans getting triggered and detected by logic testing, while drastically reducing the number of vectors compared to a weighted random pattern based test generation. Moreover, the proposed test generation approach can be effective towards increasing the sensitivity of Trojan detection in existing side---channel approaches that monitor the impact of a Trojan circuit on power or current signature. Simulation results for a set of ISCAS benchmarks show that the proposed test generation approach can achieve comparable or better Trojan detection coverage with about 85% reduction in test length on average over random patterns.

Towards trojan-free trusted ICs: problem analysis and detection scheme

There have been serious concerns recently about the security of microchips from hardware trojan horse insertion during manufacturing. This issue has been raised recently due to outsourcing of the chip manufacturing processes to reduce cost. This is an important consideration especially in critical applications such as avionics, communications, military, industrial and so on. A trojan is inserted into a main circuit at manufacturing and is mostly inactive unless it is triggered by a rare value or time event; then it produces a payload error in the circuit, potentially catastrophic. Because of its nature, a trojan may not be easily detected by functional or ATPG testing. The problem of trojan detection has been addressed only recently in very few works. Our work analyzes and formulates the trojan detection problem based on a frequency analysis under rare trigger values and provides procedures to generate input trigger vectors and trojan test vectors to detect trojan effects. We also provide experimental results.

Instruction randomization self test for processor cores

Access to embedded processor cores for application of test has greatly complicated the testability of large systems on silicon. Scan based testing methods cannot be applied to processor cores which cannot be modified to meet the design requirements for scan insertion. Instruction Randomization Self Test (IRST) achieves stuck-at-fault coverage for an embedded processor core without the need for scan insertion or mux isolation for application of test patterns. This is a new built-in self test method which combines the execution of microprocessor instructions with a small amount of on-chip test hardware which is used to randomize those instructions. IRST is well suited for meeting the challenges of testing ASIC systems which contain embedded processor cores.

A data path synthesis method for self-testable designs

A high level synthesis for testability method is presented whose objective is to generate self-testable RTL designs from data flow behavioral descriptions. The approach is formulated as an allocation problem based on an underlying structural testability model and its connection rules. Two allocation techniques have been developed to solve this problem: one based on an efficient heuristic algorithm that generates cost-effective designs, the other based on an integer linear program formulation that generates optimal designs. The allocation algorithms have been implemented and several benchmark examples are presented.

Microprocessor based testing for core-based system on chip

The purpose of this paper is to develop a flexible design for test methodology for testing a core-based system on chip (SOC). The novel feature of the approach is the use an embedded microprocessor/memory pair to test the remaining components of the SOC. Test data is downloaded using DMA techniques directly into memory while the microprocessor uses the test data to test the core. The test results are transferred to a MISR for evaluation. The approach has several important advantages over conventional ATPG such as achieving at-speed testing, not limiting the chip speed to the tester speed during test and achieving great flexibility since most of the testing process is based on software. Experimental results on an example system are discussed.

Multiple-parameter side-channel analysis: A non-invasive hardware Trojan detection approach

Malicious alterations of integrated circuits during fabrication in untrusted foundries pose major concern in terms of their reliable and trusted field operation. It is extremely difficult to discover such alterations, also referred to as “hardware Trojans” using conventional structural or functional testing strategies. In this paper, we propose a novel non-invasive, multiple-parameter side-channel analysis based Trojan detection approach that is capable of detecting malicious hardware modifications in the presence of large process variation induced noise. We exploit the intrinsic relationship between dynamic current (IDDT ) and maximum operating frequency (Fmax) of a circuit to distinguish the effect of a Trojan from process induced fluctuations in IDDT . We propose a vector generation approach for IDDT measurement that can improve the Trojan detection sensitivity for arbitrary Trojan instances. Simulation results with two large circuits, a 32-bit integer execution unit (IEU) and a 128-bit Advanced Encryption System (AES) cipher, show a detection resolution of 0.04% can be achieved in presence of ±20% parameter (Vth) variations. The approach is also validated with experimental results using 120nm FPGA (Xilinx Virtex-II) chips.

Hardware Trojan Detection by Multiple-Parameter Side-Channel Analysis

Hardware Trojan attack in the form of malicious modification of a design has emerged as a major security threat. Sidechannel analysis has been investigated as an alternative to conventional logic testing to detect the presence of hardware Trojans. However, these techniques suffer from decreased sensitivity toward small Trojans, especially because of the large process variations present in modern nanometer technologies. In this paper, we propose a novel noninvasive, multiple-parameter side-channel analysisbased Trojan detection approach. We use the intrinsic relationship between dynamic current and maximum operating frequency of a circuit to isolate the effect of a Trojan circuit from process noise. We propose a vector generation approach and several design/test techniques to improve the detection sensitivity. Simulation results with two large circuits, a 32-bit integer execution unit (IEU) and a 128-bit advanced encryption standard (AES) cipher, show a detection resolution of 1.12 percent amidst ±20 percent parameter variations. The approach is also validated with experimental results. Finally, the use of a combined side-channel analysis and logic testing approach is shown to provide high overall detection coverage for hardware Trojan circuits of varying types and sizes.

A linear program driven scheduling and allocation method followed by an interconnect optimization algorithm

A new method for high level synthesis is reported whose basic feature is the tight interaction and coupling of the scheduling and allocation phases providing a global direction to synthesis. A linear program based allocation is proposed which uses multifunction ALU cost estimation, and iteratively drives a tree search for scheduling. A major contribution of this paper is a new interconnect optimization algorithm which is based on several interconnect transformations for multiplexer input collapsing and merging. Several other important synthesis aspects are included, e.g. register and interconnect bindings, operation chaining and operation multicycling. The method has been implemented in C on a Sun 3/60,

An Efficient BICS Design for SEUs Detection and Correction in Semiconductor Memories

We propose a new built-in current sensor (BICS) to detect single event upsets (SEUs) in SRAM. The BICS is designed and validated for 100 nm process technology. The BICS reliability analysis is provided for process, voltage and temperature variations, and power supply noise. The BICS detects various shapes of current pulses generated due to particle strike. The BICS power consumption and area overhead are also provided. The BICS is found to be very reliable for process, voltage and temperature variations and under stringent noise conditions.

A design for testability scheme with applications to data path synthesis

The recent progress of high level synthesis has illuminated an effective aid for system designers. To keep pace with the development of such an environment, there is a need to consider design for testability (DFT) during the synthesis process. This paper proposes a DFT scheme that can be coordinated with data path synthesis by an interactive trade-off process. The basis of this work is a system level testability model. To quantify the qualitative description of testability, a con- trollability measure and an observability measure is devel- oped. Based on these two measures, a procedure of trading- off between testing time and test hardware overhead is demonstrated. Featuring the ability to work on partial designs, this testing cost evaluation scheme is well suited to the demands of high level synthesis. Currently, simu- lation tools for obtaining testability measures have been completed and experiments have been conducted to vali- date this model.