Journal of Electronic Testing (2019) 35:293–302https://doi.org/10.1007/s10836-019-05803-1

Activity Factor Based Hardware Trojan Detection and Localization

Yongkang Tang1 · Liang Fang1 · Shaoqing Li1

Received: 27 January 2019 / Accepted: 7 May 2019 / Published online: 20 May 2019© Springer Science+Business Media, LLC, part of Springer Nature 2019

AbstractDue to the globalization of integrated circuit design and manufacturing, hardware Trojan has become a serious securitythreat. In this paper, we decompose redundant thermal maps to extract Trojan activity factor using factor analysis toimplement hardware Trojan detection and location. Xilinx FPGAs configured with the benchmark circuits from Trust-hubare utilized to evaluate our proposed countermeasure. The results indicate that hardware Trojans with less than 20 gates canbe detected.

Keywords Hardware Trojan detection and localization · Trojan activity factor · Factor analysis

1 Introduction

With the increasing integrated circuit (IC) globalization, ICdesigners are forced to utilize third-party intellectual pro-tocol (IP) cores and outsource their designs to third-partyfoundries. Under this situation, hardware Trojan (HT) is oneof the most serious threats and can implement maliciouspurposes such as function modification, information leak-age, and system destruction, etc. Untrusted IP vendors caninsert the so-called HT modules into those IP cores andmalicious foundries can insert the HTs through lithographyor doping modification (as shown in Fig. 1) [2, 17]. AnHT detection approach is specifically utilized for its corre-sponding attack scenario. In this paper, we assume that thirdparty IP cores have been inspected as trustable and pay ourattention on the logic HTs inserted by malicious foundriesthrough lithography modification.

Under this attack scenario, the HTs are malicious tiny cir-cuits that are embedded into the ICs’ vacant areas. Presently,academia worldwide has proposed various countermeasuresthat can detect these HTs. Countermeasures like designfor test [3, 7, 8, 10, 13] and reverse engineering [11, 21]become more and more unsuitable because the IC scale iscontinually increasing. In addition, reverse engineering can

Responsible Editor: P. Mishra

� Yongkang Tangtangyongkang17@nudt.edu.cn

1 College of Computer, National University of DefenseTechnology, Changsha, China

cause ICs’ unrecoverable destroy. Currently, power basedside-channel analysis can detect the HTs with 1500 gates[20] and electromagnetism based side-channel analysis candetect the HTs with 130 gates [5]. These two detections aredifficult to implement HT location and their detection abil-ity is limited by their side-channel signal acquisition areas[1, 5–9, 15, 16, 19, 20]. However, thermal map based side-channel analysis needs small signal acquisition area that canreach to several microns. In 2014, Nowroz, etc, proposeda thermal map based HT detection approach for the firsttime [12]. However, they only took simulation experiments.The simulation results indicate that their method can detectand locate the HTs with 0.443 μW/μm2 local Trojan powerdensity. In addition, they proposed a power map based HTdetection approach but the inversion from thermal map topower map is difficult for common testers. In this paper, wedevelop a new thermal map based HT detection and loca-tion approach. In the redundant thermal maps, the thermalvariations of the points inserted by HTs are different fromthose of the pure points. Hence, factor analysis (FA) [18]can be utilized to extract the Trojan activity factor (TAF)from the redundant thermal maps according to those ther-mal variations. The real experiments are taken to validateour proposed method, which indicates that this approach candetect and locate HTs with less than 20 gates.

The organization of this paper is as follows. In Section 2,we introduce our detection principle, and in Section 3, weindicate how FA can work on TAF extraction and implementHT detection. Section 4 introduces our experimental setup,design and result. Finally, in the Section 5, we conclude ourwork.

294 J Electron Test (2019) 35:293–302

IC Designers

Third-party IP Vendors Third-party Foundries

User Demands

Multi-demands Time Pressure

Use third-party IP Cores

IP cores with HTs

Manufacture

ICs with HTs

RTL-Level Gate-Level Circuit-LevelVDD

F

A

B

A B

Wafer

IC

Placement&Routing/Layout

HT Insertable Phases

Potential HT Insertion Parties

Threatened Parties

Fig. 1 The globalization of IC chip design & manufacture, and the third-party hardware Trojan threats

2 HT Detection Principle

Figure 2 formulates the general HT detection frameworkbased on redundant thermal maps. In this framework,both the thermal map capture system and the simulationsystem are needed. The former consists of thermal cameraand software, which measures the thermal maps of thetarget ICs. The latter includes NC Verilog, Primetime-PX,

Hotspot, etc, which generates the corresponding goldenmodels for the target ICs.

The value of a cell i(i = 1, 2, ..., p) in a measuredthermal map can be demonstrated by the following equation.

Ti = Ti measurement + Ti environment

+Ti circuits + Ti process + eTi round (1)

... ...

Target IC Chip

... ...Primetime-PX

Hotspot

NC Verilog

Design Compiler

Hardware Trojan Exposure

...

...

...

...

Redundant Thermal Matrix

...

...

...

... ... ... ... ...... ... ... ... ...

...

Thermal Camera

Measurement

Software

Thermal Map Measurement System

Simulation System

Measured Thermal Maps at Every Time

Golden Models at Every Time

Detection Algorithm

Kalman Filtering

Principle Component Analysis

Statistical Analysis...

1 2

1 11 21 1

2 12 22 2

1 2

m

m

m

n n n mn

p p pt T T Tt T T T

t T T T

1 2

1 11 21 1

2 12 22 2

1 2

m

m

m

n n n mn

p p pt T T Tt T T T

t T T T

Fig. 2 Hardware Trojan detection framework based on redundant thermal map

J Electron Test (2019) 35:293–302 295

Ti is the total thermal of the cell i. Ti measurement andTi environment are respectively the measurement noise andthe environment noise from the measurement process. Bothof them are Gaussian white noise. Ti circuits is the thermalcaused by the operation of normal circuits with typicalprocess parameters. Ti process is the thermal caused by theprocess variation of the normal circuits. Ti round is thethermal caused by circuits around the cell i’s correspondingregion in the target IC. e is decided by the physicalproperties of silicon, the operation time of the target IC andthe environmental heat dissipation ability of the experimentsetup.

If the corresponding region of a cell i(i = 1, 2, ..., p) inthe target IC does not have any circuits, the equation (1) canbe simplified to the following equation.

Ti = Ti measurement + Ti environment + eTi round

If the corresponding region of a cell i(i = 1, 2, ..., p) inthe target IC is infected by Hardware Trojan, the equation(1)should be changed to the following equation.

Ti = Ti measurement + Ti environment

+Ti circuits + Ti process + eTi round + TT rojan

,where TT rojan is the thermal caused by Hardware Trojan.The value of a cell i(i = 1, 2, ..., p) in a golden thermal

map can be demonstrated by the following equation.

TiGM = TiGM circuits

,where TiGM circuits is the thermal caused by the operationof normal circuits with typical process parameters. If thecorresponding region of a cell in the golden model doesn’thave any circuits, the value of T CGM is 0.

As what Fig. 2 demonstrates, through the differenceoperation between the measured thermal maps and thegolden thermal maps, the redundant thermal maps can beobtained. The redundant thermal matrix demonstrates theredundant thermal value of p cells at n sampling times.

ΔT =

⎡⎢⎢⎢⎢⎢⎢⎣

ΔT11 ΔT12 ... ΔT1pΔT21 ΔT22 ... ΔT1p. . .. . ... .. . .

ΔTn1 ΔTn2 ... ΔTnp

⎤⎥⎥⎥⎥⎥⎥⎦

,where ΔTij = Tij − TijGM .

3 HT Detection Using FA

3.1 Basic Model

There are m common factors, which are recorded asF1, F2, ..., Fm. The redundant thermal value of a cell

i(i = 1, 2, ..., p) can be demonstrated by the followingequation.

ΔTi = ai1F1 + ai2F2 + ... + aimFm + εi

This is the factor analysis model of the cell i’s redundantthermal. In this model, m unobservable and uncorrelatedcommon factors (F1, F2, ..., Fm) and a special factor (εi) areused to describe the observable variable ΔTi .

Considering all the cells’ redundant thermals−→ΔT =

(ΔT1, ΔT2, ..., ΔTp)′ with mean μ and covariance matrix� = (σij )(i = 1, 2, ..., pj = 1, 2, ..., n).

The mathematical model with m common factors can beexpressed as the following equation.−→ΔT = μ + A

−→F + −→ε (2)

Where, A is a factor load matrix.

A =

⎡⎢⎢⎢⎢⎢⎢⎣

a11 a12 ... a1ma21 a22 ... a2m. . .. . ... .. . .

ap1 ap2 ... apm

⎤⎥⎥⎥⎥⎥⎥⎦

−→F = (F1, F2, . . . , Fm) is the common factor vector of ΔT .−→ε = (ε1, ε2, . . . , εp) is the special factor vector ofΔT . Theysatisfy the following conditions.⎧⎪⎨⎪⎩

E(−→F ) = 0, V ar(

−→F ) = Im

E(−→ε ) = 0, V ar(−→ε ) = diag(σ 21 , . . . , σ 2

1

)Cov(

−→F , −→ε ) = 0

3.2 Model Property

1) The element aij in A characterizes the correlationbetween ΔTi and Fj .

Proof

Cov(−→ΔT ,

−→F ) = E[(−→ΔT − E(

−→ΔT ))(

−→F − E(

−→F ))′]

= E[(−→ΔT − μ)−→F ′]

= E[(A−→F + −→ε )

−→F ′]

= AE(−→F

−→F ′) = A

2) The squares sum h2i of ai reflects the dependence ofΔTi on the public factor F .

Proof

V ar(ΔTi) = V ar

[m∑

k=1

aikFk + εi

]

=m∑

k=1

a2ikV ar(Fk) + V ar(εi)

= h2i + σ 2i

296 J Electron Test (2019) 35:293–302

This formula indicates that the variance of ΔTi consists oftwo parts, h2i and σ 2

i . h2i is the contribution of all commonfactors to the total variance of ΔTi . σ 2

i is the varianceproduced by the special factor εi , which is only related toΔTi .

3.3 Parameter Estimation

Our purpose is to use FA to describe the followingcovariance structure of ΔT with a few common factors.

� = AA′ + D

Where, D = diag(σ 21 , σ 2

2 , ..., σ 2p)

μ in the FA model can be estimated by ΔT. Thecovariance matrix � of ΔT can be estimated by thefollowing equation.

S = 1

n − 1

n∑i=1

(ΔT − ΔT)(ΔT − ΔT)′

Principle component analysis is utilized to estimate Aand σ 2

i (i = 1, 2, . . . , p).Assuming that λ1 ≥ λ2 . . . ≥ λp ≥ 0 is the eigenvalue

of sample covariance matrix, and the correspondingeigenvectors are l1, l2, . . . , lp, the eigendecomposition of Scan be expressed as the following.

S =p∑

i=1

λili l′i

When the final m − p eigenvalues are small, S can beapproximately decomposed by the following equation.

S ≈m∑

i=1

λi li l′i + diag

(σ 21 , σ 2

2 , . . . , σ 2p

)

= (√

λ1l1,√

λ2l2, . . . ,√

λmlm)(√

λ1l1,√

λ2l2, . . . ,√

λmlm)′

+ diag(σ 21 , σ 2

2 , . . . , σ 2p)

= AA′ + D

Where,{A = (

√λ1l1,

√λ2l2, . . . ,

√λmlm)

Δ= (aij )p×m

σ 2i = sii − ∑m

j=1 a2ij , i = 1, 2, . . . , p

Let the sum of error squares E = S − (AA′ + D)∧=

(eij )p×p, we can get the following inequality.

Q(m) =p∑

i=1

p∑j=1

e2ij � λ2m+1 + ... + λ2p

Therefore, when m is chosen appropriately, E can be verysmall.

According to the principle of principal componentsselecting, a threshold value Δ(0.5 � Δ � 1) is determined,

and m is selected as the minimum positive integer to satisfythe following inequality.

λ1 + ... + λm

λ1 + ... + λm + ... + λp

� Δ

Generally, Δ should be more than 60%.

3.4 Practical Significance of Common Factors

The purpose that we take this analysis is to explain thepractical sense of the selected public factors in HT detectionand location. However, it is difficult to implement this fromA above. Therefore, A should be transformed to be sparseso that its practical significance is obvious. Fortunately,A is not unique. Assuming Γ is any m-order orthogonalmatrix, the former factor model (2) can be expressed as thefollowing model.

−→ΔT = μ + (AΓ )(Γ ′−→F ) + −→ε

To take Γ ′−→F as common factor and AΓ as load factor,the several conditions of factor analysis model can also besatisfied.

We use Γ to make orthogonal transformation on A.Geometrically, this operation is to rotate the coordinatesystem in order to get a simpler factor load structure, thatis , to make AΓ have more distinct practical significance.The optimal load structure is that each variable has a largerload on only one factor, while the load on the other factorsis smaller. In other words, we hope that the elements of eachfactor load vector after rotation will be as close as possibleto the poles 0 or 1 according to the absolute value, so as tosimplify the factor load structure.

The variance Vj of −→aj (corresponding to Fj ) can be

defined as the following.

Vj = 1

p

p∑i=1

[d2ij − 1

p

p∑k=1

d2ik

]2

= 1

p2

⎡⎣p

p∑i=1

a4ij

h4i

−(

p∑i=1

a2ij

h2i

)2⎤⎦

Therefore, the variance of A is

V =m∑

j=1

Vj = 1

p2

⎧⎨⎩

m∑j=1

⎡⎣p

p∑i=1

a4ij

h4i

−(

p∑i=1

a2ij

h2i

)2⎤⎦

⎫⎬⎭

If Vj is larger, the j th factor load vector value of A canbe more dispersed. In other words, the relationship betweenΔTi and Fj can be polarized (close or almost irrelevant).Therefore, we hope that the variance of A can be as large aspossible.

J Electron Test (2019) 35:293–302 297

Table 1 Used benchmarks from trust-hub in our experiment

No. Types Function GQ RQ Coordinate (x1, x2, y1, y2) CR (%)

1 wb conmax−T100 DoS 19 0 43 45 46 49 92.51

2 RS232−T1000 FC 31 0 46 50 23 26 94.92

3 RS232−T1200 FC 24 4 36 39 73 74 98.62

4 RS232−T1300 FC 21 0 36 39 53 54 98.68

5 RS232−T1500 FC 31 1 55 58 31 34 91.42

6 RS232−T1600 FC 20 2 32 35 60 64 98.74

In order to achieve the orthogonal rotation ofA’s varianceas large as possible, we start with m = 2, where the factorload matrix is

A =

⎡⎢⎢⎢⎢⎢⎢⎣

a11 a12a21 a22. .. .. .

ap1 ap2

⎤⎥⎥⎥⎥⎥⎥⎦

Set orthogonal matrix Γ =[cosϕ − sinϕ

sinϕ cosϕ

], and let

B=AΓ =

⎡⎢⎢⎢⎢⎢⎣

a11 cosϕ+a12 sinϕ −a11 sinϕ+a12 cosϕ

a21 cosϕ+a22 sinϕ −a21 sinϕ+a22 cosϕ

. .

. .

. .ap1 cosϕ+ap2 sinϕ −ap1 sinϕ+ap2 cosϕ

⎤⎥⎥⎥⎥⎥⎦

Δ=

⎡⎢⎢⎢⎢⎢⎣

b11 b12b21 b22. .. .. .

bp1 bp2

⎤⎥⎥⎥⎥⎥⎦

Table 2 Hardware Trojan detection results

Coordinate No. 1 F ∗1 , F

∗2 Coordinate No. 2 F ∗

1 , F∗2 Coordinate No. 3 F ∗

1 , F∗2

(0,0) 0.5441 0.1699 (0,0) 0.6368 0.1801 (0,0) 0.6680 0.1794

(0,1) 0.7234 0.2013 (0,1) 0.6804 0.1855 (0,1) 0.6785 0.1881

... ... ... ... ... ... ... ... ... ... ... ... ... ...

(44,46) 0.2190 0.5915 (46,23) 0.2512 0.6748 (37,74) 0.1618 0.5410

(44,47) 0.1908 0.7157 ... ... ... ... ... ... ... ... ... ... ... ...

... ... ... ... ... ... (47,23) 0.2733 0.4801 (38,73) 0.2596 0.6850

(45,46) 0.1716 0.6410 (47,24) 0.2617 0.6412 (38,74) 0.2268 0.6369

(45,47) 0.1691 0.6540 ... ... ... ... ... ... ... ... ... ... ... ...

(45,48) 0.2506 0.7910 (48,23) 0.2028 0.6801 (39,73) 0.2504 0.4872

... ... ... ... ... ... (48,24) 0.1907 0.6463 (39,74) 0.1725 0.6950

(100,98) 0.5803 0.1907 (48,25) 0.3064 0.4629 ... ... ... ... ... ...

(100,99) 0.6254 0.2194 ... ... ... ... ... ... (100, 99) 0.5482 0.2367

(100,100) 0.5853 0.2016 (100,100) 0.4554 0.2669 (100,100) 0.6016 0.1877

Coordinate No. 4 F ∗1 , F

∗2 Coordinate No. 5 F ∗

1 , F∗2 Coordinate No. 6 F ∗

1 , F∗2

(0,0) 0.6256 0.1785 (0,0) 0.7487 0.1675 (0,0) 0.6370 0.1774

(0,1) 0.5708 0.2340 (0,1) 0.5205 0.1500 (0,1) 0.5956 0.2091

... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ...

(36,54) 0.2248 0.5764 (55,32) 0.3030 0.5805 (33,61) 0.2314 0.5541

... ... ... ... ... ... (55,33) 0.2246 0.6294 (33,62) 0.1618 0.4353

(37,53) 0.1692 0.5261 (55,34) 0.1887 0.5467 (33,63) 0.1934 0.5100

(37,54) 0.2541 0.6169 ... ... ... ... ... ... ... ... ... ... ... ...

... ... ... ... ... ... (56,32) 0.2443 0.5605 (34,61) 0.2141 0.6617

(38,53) 0.2548 0.7436 (56,33) 0.1748 0.5391 (34,62) 0.2292 0.7086

(38,54) 0.2861 0.5525 (56,34) 0.1966 0.6086 ... ... ... ... ... ...

... ... ... ... ... ... ... ... ... ... ... ... (35,61) 0.2144 0.5769

(100,99) 0.5178 0.2041 (100,99) 0.7001 0.1988 ... ... ... ... ... ...

(100,100) 0.5914 0.2017 (100,100) 0.6600 0.1582 (100,100) 0.5602 0.2300

298 J Electron Test (2019) 35:293–302

Fig. 3 No. 1 wb conmax−T100

B is the factor load matrix of Γ ′F . Geometrically, it isequivalent to rotating the factor plane determined by F1 andF2 counterclockwise at an angle of ϕ. Under this condition,

Vj = 1

p2

⎡⎣p

p∑i=1

b4ij

h4i

−(

p∑i=1

b2ij

h2i

)2⎤⎦ , (j = 1, 2)

For simplicity, notations are introduced. Let μi =(ai1hi

)2 − (ai2hi

)2, vi = 2 ai1ai2h2i

, (i = 1, 2, ..., p), α =∑p

i=1 μi, β = ∑p

i=1 vi, c = ∑i=1 p(μ2

i − vi2), d =2

∑p

i=1 μivi .

Let ∂V∂ϕ

= ∂(V1+V2)∂ϕ

= 0, we can get tan 4ϕ =d−2αβ/p

c−(α2−β2)/p.

From the above, the optimum rotation angle for two fac-tors can be obtained. When m > 2, the orthogonal rotationangle can be utilized successively on each two factor (Fi, Fj )to generate ϕij to satisfy the above equation. According tothe combinations, C2

mrotation times are needed.When the first transformation is completed, the fact load

variance may not reach the maximum. Therefore, the further

rotations must be carried out from the result of the first oneuntil V does not increase anymore.

4 Experiment Setup, Design and Analysis

4.1 Experiment Setup

In our experimental setup, Xilinx Spartan-3A XC3S50FPGA is used to evaluate our approach. This type ofFPGA adopts ball grid array (BGA) packaging that isone type of flip-chip packagings. Its configurable logicblocks (CLBs) contain flexible look-up tables (LUTs) andcan perform a wide variety of logical functions [3]. Thebenchmark circuits from trust-hub [14] can be implementedwith the CLBs and constrained by PlanAhead in a fixedlayout. Finally, we use incremental compilation to addthe HT to form a new layout without changing previousfixed layout. In our experiment, the FPGAs’ packageheat spreaders are removed, and an infrared camera isutilized to capture thermal patterns, with 25×25μm2 spatialresolution, 25 Hz operation frequency and 30 mK noiseequivalent temperature difference (NETD). To capture clear

Fig. 4 No. 2 RS232−T1000

J Electron Test (2019) 35:293–302 299

Fig. 5 No. 3 RS232−T1200

thermal maps, a cooling fan is utilized to expedite detectedFPGAs’ heat dissipation.

4.2 Experiment Design

One FPGA is configured with the pure benchmark circuitsto mimic the golden model. Other FPGAs are configuredwith the infected benchmark circuits to mimic the ASICinserted with HTs by third-party foundries. The benchmarksutilized in our experiment are shown in Table 1. Thefunctions of HTs include denial of service (DoS) andfunctionality change (FC). Table 1 also presents gatequantity (GQ), register quantity (RQ) and HTs’ coordinatesin FPGAs.

Generally, an HT consists of two parts, trigger logic andpayload logic and all the HTs used in this paper satisfy thiscondition. When a chip inserted with an HT is working,the trigger logic of this HT needs to be always operating tomonitor whether the payload logic should be triggered ornot. Once trigger signal appears, the payload logic can betriggered. During this process, the trigger logic is always

active but the payload logic is only active when triggered.Therefore, in our experiment, we detect the switchingactivity of trigger logic but not activate the payload logicor detect the activity of the whole HT. Although ourproposed approach would work even better if payload logicis activated because detection sensitivity can be improved,how to activate payload logic is out of this paper’s scope.

To avoid false positive cases caused by random factors ina single experiment, according to Bernoulli’s law of largenumbers [23],

limn→∞P

(∣∣∣μn

n− p

∣∣∣ < ε)

= 1

we take 1000 independent repeated experiments in ourexperiment. Every single experiment has 300 continuoussampling times. The detection result of a cell can be oneof the two cases, either purity or infection. The largeprobability event is chosen as the result of a cell. Thefinal factor loads are the integral results calculated from theindependent repeated experiments of the large probabilityevent.

Fig. 6 No. 4 RS232−T1300

300 J Electron Test (2019) 35:293–302

Fig. 7 No. 5 RS232−T1500

In terms of false negative rate, it is decided by theminimum thermal sensitivity of thermal camera, that is,NETD, and related to how NETD is less than the thermalvariation caused by the activity of HTs. Just as what wehave presented, the switching activity of trigger is our key toexpose HT, and the NETD of our thermal camera is sensitiveenough to detect this activity. However, limited by the sameNETD, the cells include payloads may be mistreated aspure, which can be understood as the false negative cases ofa part of HT but not the HT itself.

4.3 Result Analysis

According to the theory proposed before, the redundantthermal matrixes of all the benchmark circuits can begained, and then FA can be used to extract the TAFs fromthese matrixes to expose the regions infected by HTs. Thelast column of Table 1 shows the contribution rates (CR)of the first two factors of the six benchmarks’ redundantthermal matrixes, from which it is easy to find that theCRs of every matrix’s first two factors are bigger than

60%. Therefore, the first two factors in our experimentcan be further analyzed to find the TAFs. Table 2 presentsthe coordinates in FPGAs and the corresponding rotatedfactor’s loads (F ∗

1 , F∗2 ) of the six benchmarks, and the blue

marks are the regions inserted with the triggers of HTs.From Table 2, we can find that all the regions with

triggers have large loads on the second factor and have smallloads on the first factor, and all the normal regions have largeloads on the first factor and have small loads on the secondfactor. Therefore, the second factor can be treated as TAFs.

The graphic demonstrations of Table 2 are presented inFigs. 3, 4, 5, 6, 7 and 8. The left of Figs. 3–8 illustratesthe factor load distribution of all the regions. From thesefigures, we can find that although there are some outlierpoints, the trigger regions (yellow points) and the normalregions (blue points) are exactly clustered into two groups.The right of Figs. 3–8 illustrates the triggers’ locations(yellow regions) according to the coordinate informationfrom Table 2. Therefore, the experiment results indicate ourproposed countermeasure can isolate and locate HTs withless than 20 gates (include trigger and payload).

Fig. 8 No. 6 RS232−T1600

J Electron Test (2019) 35:293–302 301

5 Conclusion

In this paper, we utilize FA to extract the TAFs from theredundant thermal matrixes of the target ICs, and thenimplement HT detection and location. Different from thesimulation experiments in [12], benchmark circuits fromTrust-hub are utilized in our real experiments. The resultsindicate that HTs with less than 20 gates (include triggerand payload) can be successfully isolated and located,which is 10 to 102 more accurate than power based andelectromagnetism based approaches.

However, one may argue that it is difficult to constructthe golden thermal matrix for ASICs. Currently, thisproblem can be solved by reverse engineering. Reverseengineering can be utilized to confirm the first batch withoutHTs. Then, we can measure the thermal matrixes of an ICchip from this batch. Finally, these thermal matrixes can beused as the golden models to detect the following batches.

References

1. Agrawal D, Baktir S, Karakoyunlu D, Rohatgi P, Sunar B(2007) Trojan detection using IC fingerprinting. In: 2007 IEEEsymposium on security and privacy, Berkeley, pp 296–310

2. Carikli DG, Blanc M (2018) The intel management engine: anattack on computer users? freedom. Free software foundation.https://www.fsf.org/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom

3. Cha B, Gupta SK (2012) Efficient Trojan detection via calibrationof process variation. In: 2012 IEEE 21st Asian test symposium,Niigata, pp 355–361

4. Chakraborty RS, Wolff F, Paul S (2009) MERO: a statisticalapproach for hardware Trojan detection. Lect Notes Comput Sci5747:396–410

5. He JJ, Zhao YQ, Guo XL, Jin Y (2017) Hardware Trojan detectionthrough chip-free electromagnetic side-channel statistical analy-sis. IEEE Transactions on Very Large Scale Integration Systems25:2939–2948

6. Jin Y, Makris Y (2008) Hardware Trojan detection using pathdelay fingerprint. In: 2008 IEEE international workshop onhardware-oriented security and trust, Anaheim, pp 51–57

7. Li J, Lach J (2008) At-speed delay characterization for icauthentication and Trojan horse detection. In: IEEE internationalworkshop on hardware-oriented security and trust, Anaheim,pp 8–14

8. Lin N, Li SQ, Chen JH, Wei P, Zhao ZX (2014) The influence onsensitivity of hardware Trojan detection by test vector. In: 2014communications security conference, Bejing, pp 1–6

9. Liu Y, Jin Y, Makris Y (2013) Hardware Trojans in wirelesscryptographic ICs: silicon demonstration & detection methodevaluation. In: 2013 IEEE/ACM international conference oncomputer-aided design, San Jose, pp 399–404

10. Liu Y, Volanis G, Huang K,Makris Y (2015) Concurrent hardwareTrojan detection in wireless cryptographic ICs. In: 2015 IEEE testconference, Anaheim, pp 1–8

11. Liu C, Patrick C, Yang CG (2016) A mutual auditing frameworkto protect IoT against hardware Trojans. In: 2016 21st Asia andSouth Pacific design automation conference, pp 69–74

12. Nowroz AN, Hu KQ, Koushanfar F et al (2014) Novel techniquesfor high-sensitivity hardware Trojan detection using thermal andpower maps. IEEE Trans Comput Aided Des Integr Circuits Syst33:1792–1805

13. Salmani H, Tehranipoor M (2012) Layout-aware switchingactivity localization to enhance hardware Trojan detection. IEEETrans Inf Forensics Secur 7:76–87

14. Salmani H, Tehranipoor M (2018) Trust-hub. https://www.trust-hub.org

15. Shen G, Tang YK, Li SQ, Chen JH, Yang BB (2017) Ageneral framework of hardware Trojan detection: two-leveltemperature difference based thermal map analysis. In: 2017 11th

IEEE international conference on anti-counterfeiting, security andidentification, Xiamen, pp 172–178

16. Soll O, Korak T, Muehlberghuber M, Hutter M (2014) EM-based detection of hardware Trojans on FPGAs. In: 2014 IEEEinternational symposium on hardware-oriented security and trust,Arlington, pp 84–87

17. Tehranipoor M, Koushanfar F (2010) A survey of hardware Trojantaxonomy and detection. IEEE Design & Test of ComputersMagnetism 27:10–25

18. Wang RX (1986) Mathematical statistics. Xi’an Jiaotong Univer-sity Press, Xi’an, pp 32–109

19. Zhang JL, Fang L, Li L, Zhang ZX (2015) A novel approachto detecting hardware Trojan horses. In: 2015 8th internationalsymposium on computational intelligence and design, Hangzhou,pp 43–46

20. Zhao ZX, Ni L, Li SQ, Shi YB (2015) A feature extractionmethod for hardware Trojan detection. In: 2015 internationalconference on automation, mechanical control and computationalengineering, Jinan, pp 1726–1731

21. Zhou B, Zhang W, Thambipilai S (2016) Cost-efficient acceler-ation of hardware Trojan detection through fan-out cone analysisand weighted random pattern technique. IEEE Trans ComputAided Des Integr Circuits Syst 35:792–805

22. (2010) Partan-3A FPGA family: data sheet23. (2018) Law of large numbers. https://en.wikipedia.org/wiki/Law

of large numbers

Publisher’s Note Springer Nature remains neutral with regard tojurisdictional claims in published maps and institutional affiliations.

Yongkang Tang was born in Yantai, Shandong, People’s Republic ofChina in 1992. He received the B.S. degree in surveying engineeringand the M.S. degree in electronic science and technology from the AirForce Engineering University, Xi’an, Shaanxi, People’s Republic ofChina, in 2014 and 2016 respectively.

From 2017 to the present, he is studying for his Ph. D degree inMicroelectronics in the School of Computer, the National Universityof Defense Technology. His current research interest is IC andinformation security.

302 J Electron Test (2019) 35:293–302

Liang Fang was born in Zhejiang, People’s Republic of China, onSeptember 29, 1962. He received the M.S. and the Ph.D. degreesin computer science and technology from the National University ofDefense Technology, Changsha, China, in 1989 and 1995, respectively.

In 2006, he was a Visiting Professor at the Max Planck Institutefor Microstructural Physics in Germany. As a Senior Member of theChina Computer Federation (CCF), he is currently a Professor atthe School of Computer, National University of Defense Technology,and the Chief Director of the Technology Committee of the NationalConference of Storage Technology, and have served as ProgramChair of the 2009 IEEE International Conference on Networking,Architecture, and Storage (NAS’09). He is a member of the editionboard of Computer Engineering and Science, and is hired as theSpecial Reviewer of several international journals, such as Journalof Computer Science and Technology, and Computer Researchand Development. His current research interests include high-performance microprocessor architecture, nano-devices, reliability ofmicroelectronic circuits, novel semiconductor devices, and so on.

Dr. Fang won his university’s Second Prize for Excellent TeachingAchievement in 2004 and 2006, and First and Second Prize forNational Scientific and Technological Progress in 2004 and 2005,respectively.

Shaoqing Li was born in Xi’an, Shaanxi, People’s Republic of Chinain 1963. He received the B.S. and the M.S. degrees in computerapplication from the National University of Defense Technology. From1984 to the present, he works in the School of Computer, the NationalUniversity of Defense Technology. From 1995 to 2001, he was anAssociate Professor. He has been a professor since 2002. His researchinterests include IC design, test and security.