Hassan Salmani

A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time

Fabless semiconductor industry and government agencies have raised serious concerns about tampering with inserting hardware Trojans in an integrated circuit supply chain in recent years. Most of the recently proposed Trojan detection methods are based on Trojan activation to observe either a faulty output or measurable abnormality on side-channel signals. Time to activate a hardware Trojan circuit is a major concern from the authentication standpoint. This paper analyzes time to generate a transition in functional Trojans. Transition is modeled by geometric distribution and the number of clock cycles required to generate a transition is estimated. Furthermore, a dummy scan flip-flop insertion procedure is proposed aiming at decreasing transition generation time. The procedure increases transition probabilities of nets beyond a specific threshold. The relation between circuit topology, authentication time, and the threshold is carefully studied. The simulation results on s38417 benchmark circuit demonstrate that, with a negligible area overhead, our proposed method can significantly increase Trojan activity and reduce Trojan activation time.

Hardware Trojan Detection and Isolation Using Current Integration and Localized Current Analysis

This paper addresses a new threat to the security of integrated circuits (ICs). The migration of IC fabrication to untrusted foundries has made ICs vulnerable to malicious alterations, that could, under specific conditions, result infunctional changes and/or catastrophic failure of the system in which they are embedded. Such malicious alternations and inclusions are referred to as Hardware Trojans. In this paper, we propose a current integration methodology to observe Trojan activity in the circuit and a localized current analysis approach to isolate the Trojan. Our simulation results considering process variations show that with a very small number of clock cycles the method can detect hardware Trojans as small as few gates without fully activating them. However, for very small Trojan circuits with less than few gates, process variations could negatively impact the detection and isolation process.

New design strategy for improving hardware Trojan detection and reducing Trojan activation time

Hardware Trojans in integrated circuits and systems have become serious concern to fabless semiconductor industry and government agencies in recent years. Most of the previously proposed Trojan detection methods rely on Trojan activation to either observe a faulty output or measure side-channel signals such as transient current or charge. From the authentication stand point, time to trigger a hardware Trojan circuit is a a major concern. This paper analyzes time to (i) generate a transition in functional Trojans and (ii) fully activate them. An efficient dummy flip-flop insertion procedure is proposed to increase Trojan activity. Depending on authentication time and circuit topology, a transition probability threshold is selected so that inserted dummy flip-flops would moderately impact area overhead. The simulation results on s38417 benchmark circuit demonstrate that, with a negligible area overhead, our proposed method can significantly increase Trojan activity and reduce Trojan activation time.

Trustworthy Hardware: Trojan Detection and Design-for-Trust Challenges

Globalization of the semiconductor industry and associated supply chains have made integrated circuits increasingly vulnerable to Trojans. Researchers must expand efforts to verify trust in intellectual property cores and ICs.

Layout-Aware Switching Activity Localization to Enhance Hardware Trojan Detection

Government agencies and the semiconductor industry have raised serious concerns about malicious modifications to the integrated circuits. The added functionality known as hardware Trojan poses major detection and isolation challenges. This paper presents a new hardware trust architecture to magnify functional Trojans activity. Trojan detection resolution depends on Trojan activity directly and circuit activity reversely. The proposed architecture reorders scan cells based on their placement during physical design to reduce circuit switching activity by limiting it into a specific region. This helps magnify Trojan contribution to the total circuit transient power by increasing Trojan-to-circuit switching activity (TCA) and Trojan-to-circuit power consumption (TCP). The proposed technique aims to improve the efficiency of power-based side-channel signal analysis techniques for detecting hardware Trojans. Our simulation results demonstrate the efficiency of the method in significantly increasing TCA and TCP.

A layout-aware approach for improving localized switching to detect hardware Trojans in integrated circuits

Malicious activities and alterations to integrated circuits have raised serious concerns to government agencies and the semiconductor industry. The added functionality, known as hardware Trojan, poses major detection and isolation challenges. In this paper, we present a method to localize design switching to any specific region independent from test patterns. The new architecture allows activating any target region and keeping others quiet which reduces total circuit switching activity. This helps magnify the Trojans contribution to the total circuit transient power by increasing Trojan-to-circuit switching activity (TCA) and power consumption. The proposed method is aimed at improving the efficiency of power-based side-channel signal analysis techniques for detecting hardware Trojans. Our simulation results demonstrate the efficiency of the method in significantly increasing TCA.

On design vulnerability analysis and trust benchmarks development

The areas of hardware security and trust have experienced major growth over the past several years. However, research in Trojan detection and prevention lacks standard benchmarks and measurements, resulting in inconsistent research outcomes, and ambiguity in analyzing strengths and weaknesses in the techniques developed by different research teams and their advancements to the state-of-the-art. We have developed innovative methodologies that, for the first time, more effectively address the problem. We have developed a vulnerability analysis flow. The flow determines hard-to-detect areas in a circuit that would most probably be used for Trojan implementation to ensure a Trojan goes undetected during production test and extensive functional test analysis. Furthermore, we introduce the Trojan detectability metric to quantify Trojan activation and effect. This metric offers a fair comparison for analyzing weaknesses and strengths of Trojan detection techniques. Using these methodologies, we have developed a large number of trust benchmarks that are available for use by the public, as well as researchers and practitioners in the field.

Analyzing circuit vulnerability to hardware Trojan insertion at the behavioral level

Considerable attention has been paid to hardware Trojan detection and prevention. However, there is no existing systematic approach to investigate circuit vulnerability to hardware Trojan insertion during development. We present such an approach to investigate circuit vulnerability to Trojan insertion at the behavioral level. This novel vulnerability analysis determines a circuits susceptibility to Trojan insertion based on statement hardness analysis as well as observability of circuit signals. Further, the Trojan detectability metric is introduced to quantitatively compare the detectability of behavioral Trojans inserted into different circuits. This creates a fair comparison for analyzing the strengths and weaknesses of Trojan detection techniques as well as helping verify trustworthiness of a third party Intellectual Property (IP).

COTD: Reference-Free Hardware Trojan Detection and Recovery Based on Controllability and Observability in Gate-Level Netlist

This paper presents a novel hardware Trojan detection technique in gate-level netlist based on the controllability and observability analyses. Using an unsupervised clustering analysis, the paper shows that the controllability and observability characteristics of Trojan gates present significant inter-cluster distance from those of genuine gates in a Trojan-inserted circuit, such that Trojan gates are easily distinguishable. The proposed technique does not require any golden model and can be easily integrated into the current integrated circuit design flow. Furthermore, it performs a static analysis and does not require any test pattern application for Trojan activation either partially or fully. In addition, the timing complexity of the proposed technique is an order of the number of signals in a circuit. Moreover, the proposed technique makes it possible to fully restore an inserted Trojan and to isolate its trigger and payload circuits. The technique has been applied on various types of Trojans, and all Trojans are successfully detected with 0 false positive and negative rates in less than 14 s in the worst case.

Vulnerability Analysis of a Circuit Layout to Hardware Trojan Insertion

While the horizontal integrated circuit design process is extensively practiced, untrusted foundries can impose significant threats on the security of final products. A carefully inserted extra circuitry as a hardware trojan in a circuit layout can interfere with circuit functionality under very rare circumstances with inconsiderable footprints. In this paper, we introduce a novel layout-level vulnerability analysis flow to evaluate the susceptibility of a circuit layouts regions to hardware Trojan insertion. We also present several metrics based on a circuit layout to quantify the possibility of hardware Trojan insertion in a specific region of layout. Results of applying our flow to several benchmarks have revealed considerably high vulnerability of circuit layouts to hardware Trojan insertion. Furthermore, several Trojans are implemented and inserted in layout regions with different vulnerabilities to evaluate the effectiveness of our new metrics. Our novel layout-level vulnerability analysis flow makes it possible to quantitatively determine the vulnerability of different implementations of a circuit and analyze the susceptibility of each corner of circuit layout to different types of functional Trojans.