IEEE TRANSACTIONS ON COMPUTERS, VOL. 62, NO. …swarup.ece.ufl.edu/papers/J/J40.pdf · 2184 IEEE TRANSACTIONS ON COMPUTERS, VOL. 62, NO. 11, ... are synchronous stand-alone counters,

Hardware Trojan Detection by Multiple-Parameter Side-Channel Analysis

Seetharam Narasimhan, Member, IEEE, Dongdong Du, Rajat Subhra Chakraborty, Member, IEEE,

Somnath Paul, Member, IEEE, Francis G. Wolff, Christos A. Papachristou, Senior Member, IEEE,

Kaushik Roy, Fellow, IEEE, and Swarup Bhunia, Senior Member, IEEE

Abstract—Hardware Trojan attack in the form of malicious modification of a design has emerged as a major security threat. Side-

channel analysis has been investigated as an alternative to conventional logic testing to detect the presence of hardware Trojans.

However, these techniques suffer from decreased sensitivity toward small Trojans, especially because of the large process variations

present in modern nanometer technologies. In this paper, we propose a novel noninvasive, multiple-parameter side-channel analysis-

based Trojan detection approach. We use the intrinsic relationship between dynamic current and maximum operating frequency of a

circuit to isolate the effect of a Trojan circuit from process noise. We propose a vector generation approach and several design/test

techniques to improve the detection sensitivity. Simulation results with two large circuits, a 32-bit integer execution unit (IEU) and a

128-bit advanced encryption standard (AES) cipher, show a detection resolution of 1.12 percent amidst �20 percent parameter

variations. The approach is also validated with experimental results. Finally, the use of a combined side-channel analysis and logic

testing approach is shown to provide high overall detection coverage for hardware Trojan circuits of varying types and sizes.

Index Terms—Hardware security, hardware Trojan attack, side-channel analysis, logic testing

Ç

1 INTRODUCTION

ONE of the recent issues in hardware security is toprovide a level of trust in integrated circuits (ICs) to

ensure that a fabricated IC does not contain any maliciousmodification, also referred to as a “hardware Trojan” [1].These malicious alterations in the circuitry can be incorpo-rated at different stages of the design flow. However, a majorconcern is potential Trojan insertion in an untrustedfoundry, because of the prevalence of outsourcing of ICfabrication services to foreign countries. An intelligentadversary is likely to insert a Trojan instance which evadesdetection during conventional postmanufacturing test butmanifests itself during in-field operation [2], [3], [4]. This canbe achieved by externally triggering its operation or bymaking it dependent on rare circuit conditions [5], [6]. Werefer to the condition of Trojan activation as the triggercondition, which can be purely combinational or sequentially

related to the clock or a set of rare events, and the nodeaffected by the Trojan as its payload. Fig. 1a shows someexample Trojan circuits, including a combinational and asequential Trojan, inserted into a complex system-on-chip(SoC). The malicious effects of Trojan payloads can rangefrom passive, such as leakage of secret information [7] from acryptographic IC, to actively altering the desired function-ality of a circuit in a critical fashion [8].

Several approaches for hardware Trojan detection duringmanufacturing test have been proposed. A general taxon-omy of Trojan detection approaches is shown in Fig. 1b.These are broadly classified as: 1) logic testing and 2) side-channel analysis approaches. Conventional structural andfunctional testing approaches aimed at functional valida-tion or fault coverage are not directly applicable to Trojandetection. The random test patterns or automatic testpattern generation (ATPG) tool-generated test patterns donot provide high detection coverage, even for combina-tional Trojans which are easier to activate and observe thantheir sequential counterparts. Hence, statistical logic testingapproaches [5], [6] have been proposed which generatestructural tests to activate rare events in the circuit andpropagate the malicious effect in logic values to primaryoutputs. Such approaches can be effective in detectingultrasmall Trojans (typically a few gates in size) reliablyunder large process variations. The main challenge withlogic testing approaches, however, is the difficulty to triggerand observe an arbitrary Trojan instance, particularly thecomplex sequential Trojans, and the inordinately largenumber of possible Trojan instances an adversary canexploit [6].

On the other hand, measurement of physical “side-channel” parameters like power signature [11], [12], [13],[14], [15], [16], [17] or delay [18], [19] of an IC can be used to

IEEE TRANSACTIONS ON COMPUTERS, VOL. 62, NO. 11, NOVEMBER 2013 2183

. S. Narasimhan, F.G. Wolff, C.A. Papachristou, and S. Bhunia are with theDepartment of Electrical Engineering and Computer Science, Case WesternReserve University, 2123 Martin Luther King Jr. Drive, Glennan 514A,Cleveland, Ohio 44106. E-mail: {sxn124, fxw12, cap2, skb21}@case.edu.

. D. Du is with Hyland Software, 2123 Martin Luther King Jr. Drive,Glennan 514A, Cleveland, Ohio 44106. E-mail: [email protected].

. R.S. Chakraborty is with the Department of Computer Science andEngineering, Indian Institute of Technology, Kharagpur 721302, WestBengal, India. E-mail: [email protected].

. S. Paul is with SoC Design Lab, Intel Corp, Hillsboro, Oregon.E-mail: [email protected].

. K. Roy is with the School of Electrical and Computer Engineering, PurdueUniversity, Electrical Engineering Building, 465 Northwestern Ave.,WestLafayette, Indiana 47907-2035. E-mail: [email protected].

Manuscript received 24 Mar. 2011; revised 7 Mar. 2012; accepted 7 Aug.2012; published online 17 Aug. 2012.Recommended for acceptance by J. Plusquellic.For information on obtaining reprints of this article, please send e-mail to:[email protected], and reference IEEECS Log Number TC-2011-03-0195.Digital Object Identifier no. 10.1109/TC.2012.200.

0018-9340/13/$31.00 � 2013 IEEE Published by the IEEE Computer Society

identify the presence of an undesired structural change inthe design. Such approaches do not require triggering of theTrojan and observing its impact at the primary output. Themajor challenge is due to the extensive process variations,which can cause extreme variations in the measured side-channel parameter, for example, 20� power and 30 percentdelay variations in 180-nm technology [20], correspondingto only 20 percent variations in the transistor thresholdvoltage. Existing side-channel approaches suffer from oneor more of the following shortcomings: 1) In scaledtechnology nodes, with increasing process variations, theeffectiveness of the process calibration techniques andhence, the Trojan detection sensitivity reduces; 2) theyconsider only die-to-die process variations and do notconsider local within-die variations; and 3) they requiredesign modifications, which can potentially be compro-mised by an adversary. Besides, the effect of processvariations is worsened by measurement noise (electricaland environmental) which makes isolation of the Trojaneffect further difficult. Typically, the detection sensitivity ofside-channel approaches degrades with increasing size ofthe original circuit and decreasing Trojan size.

In this paper, we describe a novel noninvasive multiple-parameter side-channel analysis approach for effectivedetection of complex Trojans under large process-inducedparameter variations. The concept takes its inspirationfrom multiple-parameter testing [22], which considers thecorrelation of the intrinsic leakage (IDDQ) to the maximumoperating frequency (Fmax) of the circuit to distinguish fast,intrinsically leaky ICs from defective ones. Instead of usingonly the power signature (which is highly vulnerable tovariations [11], [20]), the proposed side-channel approachachieves high signal-to-noise ratio (SNR) using the intrinsicdependences between transient supply current (IDDT ) andFmax of a circuit to identify the Trojan-infected ICs ina noninvasive manner. Here, we focus on the problem ofdetecting Trojans inserted in the ICs at an untrusted foundry.Hence, we assume the presence of a golden design, whichcan be used to generate test vectors and characterize thedesign. It precludes the case where the design involves

untrusted third-party IPs or CAD tools. Moreover, weassume that a set of golden ICs [1], [11] can be extractedfrom the untrusted population of ICs by destructivereverse-engineering and these will be used to characterizethe golden trend line in presence of process noise.

In particular, the major contributions are as follows:

1. It proposes a multiple-parameter-based noninvasiveTrojan detection technique using IDDT and Fmax.This technique requires no modification to thedesign flow and incurs no hardware overhead.

2. It provides a theoretical analysis regarding how therelationship between the multiple parameters isused for reducing the process noise and identifyingTrojans.

3. It provides both simulation verification and hard-ware validation with an FPGA-based measurementsetup of the proposed approach.

4. To detect small Trojans (<0:1 percent of die area) in amultimillion transistor circuit, it proposes severalapproaches to improve the detection sensitivityunder process variation induced noise. First, itprovides a structural test-generation approach thatminimizes the switching activity in different parts ofthe design, while increasing the activity of anarbitrary Trojan within a region-under-test. Next, itproposes using power gating techniques to reducethe background current, thereby improving the SNR.It also proposes using a third parameter, quiescentcurrent (or IDDQ) to improve confidence of detection.Finally, it explores the choice of proper test condi-tions, such as operating voltage and frequency, toincrease detection sensitivity.

5. It integrates the proposed side-channel approachand a statistical logic testing approach, whichprovides complementary ability for Trojan detectionof different types and sizes.

The remainder of this paper is organized as follows:Section 2 presents the background on past research onhardware Trojan detection and the motivation behind thiswork. The multiple-parameter-based Trojan detectionmethodology is described in Section 3. Section 4 presentsthe simulation and measurement results. Integration of theproposed approach with a logic-testing-based Trojan detec-tion scheme is discussed in Section 5. Section 6 concludesthe paper.

2 BACKGROUND

Hardware trojans. A detailed taxonomy of Trojans and theirdetection mechanisms is presented in [9]. A commonclassification of Trojans [8], [19] is based on the activationmechanism (referred as Trojan trigger) and the effect on thecircuit functionality (referred as Trojan payload). Trojans canbe both combinationally and sequentially triggered. Fig. 1shows an example of a combinationally triggered Trojanwhere the occurrence of the condition A ¼ B at the triggerinputs A and B causes a payload node ER to have anincorrect value at ER?. An adversary is expected to choosean extremely rare activation condition so that it is highlyunlikely for the Trojan to trigger during conventional

2184 IEEE TRANSACTIONS ON COMPUTERS, VOL. 62, NO. 11, NOVEMBER 2013

Fig. 1. (a) Complex SoC with malicious insertion or hardware Trojan,which can be combinational or sequential. (b) Taxonomy of Trojandetection techniques.

manufacturing test. Sequentially triggered Trojans (the so-called “time bombs”), on the other hand, are activated bythe occurrence of a sequence of rare events, or after a periodof continuous operation. The simplest sequential Trojansare synchronous stand-alone counters, which trigger amalfunction on reaching a particular count. Fig. 1 showsan asynchronous k-bit counter which activates when thecount reaches 2k�1, by modifying the node ER to anincorrect value at node ER?. Here, the count is increasednot by the clock, but by a rising transition at the output ofan AND gate with inputs p and q. The output of the Trojancircuit can maliciously affect the functionality of the circuitby affecting the logic values at its internal nodes (payload)as shown in the above examples. Another kind of Trojanwhich has a passive payload, consists of a linear feedbackshift register (LFSR) [7] which is used to leak the secret keyused in cryptographic hardware by aiding in side-channelattacks. A classification of Trojans designed for informationleakage is presented in [10].

Trojan detection approaches. Hardware Trojans are stealthyin nature because they are typically activated by rare eventsinside the circuit. Also, the enormous variety of Trojansmakes it difficult to devise a single “silver bullet” Trojandetection technique that would be applicable for all Trojantypes [8]. A general taxonomy of Trojan detection techni-ques is shown in Fig. 1b. Destructive testing of a chip bydepackaging, de-metallization and microphotography-based reverse-engineering is highly expensive (in timeand cost) and not a feasible solution because an attackermay selectively insert a Trojan into a small subset of themanufactured ICs [12]. The nondestructive Trojan detectionapproaches can be classified under two main types: 1) logictesting based and 2) side-channel analysis based. The logictesting-based Trojan detection approaches [5], [6], [24] aimto trigger rare events at internal nodes in the circuit toactivate Trojans and then compare the obtained outputlogic values of the circuit with the expected golden valuesof the IC. A design technique to enhance logic-testingcoverage for Trojan detection was presented in [25], byincreasing the controllability of possible Trojan triggernodes and observability of possible Trojan payloads. Thetest stimulus can be applied either postmanufacturingbefore deployment, or online during runtime [3], [26],[27]. On the other hand, the side-channel analysis-basedTrojan detection approaches [11], [13], [19], [28], [29]observe the effect of an inserted Trojan on a physicalparameter such as circuit transient current, leakage currentor path delay, and then compare it with the precharacter-ized golden value of the parameter. If the observed valuediffers by more than a threshold from the golden value, thepresence of a Trojan is suspected. Most side-channelanalysis-based techniques try to minimize the effect ofprocess noise on the “background signal” or maximize theTrojan signal by appropriate test vector generation [12],[28], characterization of the experimental noise [11], orcharacterization of the measurement port transfer function[13], [14], [15] to accurately extract the side-channelinformation. Characterization of the golden circuit’s leak-age to detect presence of Trojan is described in [29] and[30]. Design techniques for improving Trojan detectionsensitivity for side-channel analysis are presented in [15]and [18].

Both classes of Trojan detection techniques have theirrelative pros and cons. The main challenge for logic testingbased approaches is the extremely large Trojan design space,which makes complete enumeration and test generationcomputationally infeasible. The advantage of side-channelanalysis based approaches is that even if the Trojan circuitdoes not cause observable malfunction in the circuit duringtest, the presence of the extra circuitry can be reflectedin the measured side-channel parameter. The mainchallenges associated with side-channel analysis are largeprocess-induced parameter variations in modern nanometertechnologies [20], and measurement noise, which can maskthe effect of an inserted Trojan circuit, especially for smallTrojans. However, most of the proposed techniques do notconsider simultaneous elimination of the effects of “inter-die” or global process variation (the variation betweendifferent ICs), as well as “intra-die” or local processvariation (the variation in the same IC) on the measuredparameter. Recent work on calibrating the effect of within-die parameter variations on the leakage current has beenpresented in [14]. While the calibration circuitry can itselfbe tampered to hide the Trojan effect, the sensitivity ofsuch approach also degrades for large designs and smallTrojans because of the exponential nature of dependence ofleakage current on process variations. The main motivationbehind the work described in this paper is the develop-ment of a noninvasive side-channel analysis-based Trojandetection technique that systematically eliminates bothglobal and local process variation effects by using multiplemeasured parameters like maximum operating frequencyand transient current.

3 METHODOLOGY

Any malicious hardware (Trojan) inserted in a trusteddesign will consume leakage power, which is largelydependent on the size of the Trojan. It will also contributeto the dynamic power when any switching activity isinduced inside the Trojan. Power analysis techniques can,therefore, be employed to discover the differences in side-channel information between trusted and untrusted ICs [11].However, there are two main challenges in such techniques:

1. Small Trojan circuits are likely to cause little or nochange in the supply current, thereby making itdifficult to discover their presence, effectivelyresulting in “false negatives.”

2. Leakage current in scaled technologies can vary byup to 20� [20] due to process variations. Thus a“false positive” may be detected when differencesbetween the power consumption of trusted anduntrusted ICs are masked by process variations.Also, if provision is made for a “guard-band” toaccount for the process variation effects, sometampered ICs can be considered benign.

Trojan detection based on the analysis of side-channel information has two major advantages: 1) it isnoninvasive—i.e., it does not require design modification orany postmanufacturing destructive procedure; and 2) itdoes not require activation of the malicious payload of theTrojan to observe its impact at primary output nodes, whichcan be extremely difficult for a complex sequential Trojanduring manufacturing test.

NARASIMHAN ET AL.: HARDWARE TROJAN DETECTION BY MULTIPLE-PARAMETER SIDE-CHANNEL ANALYSIS 2185

3.1 Multiple-Parameter Trojan Detection

To use side-channel analysis for Trojan detection, we need

to distinguish between the Trojan contribution and process

noise by comparing the side-channel information for the

golden and the untrusted ICs. However, the effect of a

Trojan circuit on the maximum operating frequency or Fmaxand the transient supply current or IDDT can be masked

by process variations. Average IDDT and Fmax values for an

8-bit ALU circuit (c880 from ISCAS-85 benchmark suite)

obtained from simulation in HSPICE are plotted in Figs. 2a

and 2b for 100 chips which lie at different process corners.

Here, we consider only die-to-die or interdie variations in

transistor threshold voltage (V th), where all transistors in a

die experience similar variations. The effect of process-

induced variations in other parameters like Tox and Leff can

be modeled as variations in V th [21]. The effect of a

combinational Trojan (8-bit comparator circuit) is only

observed in the current; it does not affect the Fmax because

it is not inserted in the critical path of the circuit. The spread

in IDDT due to variation easily masks the effect of the

Trojan, making it infeasible to isolate from process noise, as

shown in Fig. 2a. The problem becomes more severe with

decreasing Trojan size or increasing variations in device

parameters in scaled technologies.

To overcome this issue, the intrinsic relationship between

IDDT and Fmax can be utilized to differentiate between the

original and tampered versions. The plot for IDDT versus

Fmax for the ISCAS-85 circuit c880 is shown in Fig. 2c. It can

be observed that two chips (e.g., Chipi and Chipj) can have

the same IDDT value, one due to presence of Trojan and the

other due to process variation. By considering only one side-

channel parameter, it is not possible to distinguish between

these chips. In fact the Chipi and Chipk are at the same

process corner as indicated by their identical Fmax values.

However, the correlation between IDDT and Fmax can be

used to distinguish malicious changes in a circuit under

process noise. The presence of a Trojan will cause the chip to

deviate from the trend line. As seen in Fig. 2c, the presence

of a Trojan in Chipi causes a variation in IDDT when

compared to a golden chip (Chipk), while it does not have

similar effect on Fmax as induced by process variation—i.e.,

the expected correlation between IDDT and Fmax is violated

by the Trojan.

Note that in the proposed approach, Fmax is used for

calibrating the process corner of the chips. It is usually

measured for each chip during the speed-binning process

of testing. In practice, the delay of any path in the circuit

can be used for this purpose. Hence, it becomes difficult for

an attacker to know in advance which path delay will be

used for calibrating process noise. Since a typical design

will have exponentially large number of paths, it is

infeasible for an attacker to manipulate all circuit paths to

hide the Trojan effect. Furthermore, even if the path is

guessed by the attacker, an inserted Trojan is likely to

increase both delay and activity of the path on which it is

inserted. Hence, a chip containing the Trojan will deviate

from the expected IDDT versus Fmax trend line, where both

current and frequency increase or decrease simultaneously.

Finally, to alter the Fmax such that the Trojan evades the

multiple-parameter approach (i.e., it falls within the limit

line in Fig. 2c), the adversary needs to know the exact

magnitude of process variation for each path of each chip,

which is difficult to estimate prior to fabrication [20].Fig. 2d shows the effect of random intradie process

variation effects on top of interdie variations upon the IDDTand Fmax values for 1,000 instances of the c880 circuit withand without Trojan. We performed Monte Carlo simula-tions in HSPICE using interdie (� ¼ 10%) and intradie(� ¼ 6%) variations in V th (see Fig. 3). In this case, thetransistors on the same die can have random variations ontop of a common interdie shift from the nominal processcorner, causing deviations from the trend line obtained byconsidering only interdie variations. However, the spreadin IDDT values for a fixed Fmax value is much less comparedto the total spread in IDDT across all process corners. Thetrend line is obtained by using polynomial curve fitting oforder three in MATLAB, which matches the trend obtainedby considering only interdie process variation effects. Bycomputing the spread in IDDT values for a given Fmax,corresponding to a particular interdie process corner, wecan estimate the sensitivity of the approach in terms ofTrojan detection. Any Trojan which consumes extra currentless than this spread will remain undetected. The limit line


Fig. 2. (a) Average IDDT values at 100 random process corners (withmaximum variation of �20% in interdie V th) for c880 circuit. The impactof Trojan (8-bit comparator) in IDDT is masked by process noise.(b) Corresponding Fmax values. The Fmax versus IDDT plot can helpidentify Trojan-containing ICs under both (c) interdie, and (d) intradieprocess variations.

Fig. 3. Effect of process variations (both inter- and intradie) on devicethreshold voltage [17].

is obtained by scaling the trend line by the spread factor,which is computed using the mean and standard deviationof the actual spread in IDDT values for a given Fmax, for thegolden sample of ICs and allows us to identify all the Trojaninstances without any error, even for a small Trojan. Atheoretical basis for the existence of a trend line betweenIDDT and Fmax under process variations is provided inAppendix A, which can be found on the Computer SocietyDigital Library at http://doi.ieeecomputersociety.org/10.1109/TC.2012.200.

3.2 Improving Detection Sensitivity

The minimum size of Trojan which can be detected by anyside-channel approach based on the measurement ofcurrent for a given amount of process noise is quantifiedby the detection sensitivity. In a single V th (or Fmax) point, thesensitivity can be expressed as

Sensitivity ¼ Itampered � IoriginalIoriginal

� 100%: ð1Þ

The detection sensitivity of the proposed approach reduceswith decreasing Trojan size and increasing circuit size.To extend the approach for detecting small sequential/combinational Trojans in large circuits (with >105 transis-tors), we need to improve the SNR using appropriate side-channel isolation techniques. Clearly, the sensitivity can beimproved by increasing the current contribution of theTrojan circuit relative to that of the original circuit. Next, wedescribe different techniques used to reduce Ioriginal andincrease its difference from Itampered.

3.2.1 Test Vector Selection

Note that although Fmax is a unique parameter for each IC,the average IDDT is a function of the applied input vector.A set of patterns that maximizes the activity in the Trojancircuit, while reducing the background current, is likely toprovide the best signal-to-noise ratio. Our test generationapproach tries to maximize the contribution of an arbitraryTrojan circuit in supply current while minimizing theeffect of background current. Fig. 4 illustrates the overall

methodology for the proposed Trojan detection technique,along with the steps of the test vector generationalgorithm [17].

A complex circuit under test (CUT) typically comprisesof several functional modules fMIg, which are intercon-nected according to their input/output dependences. Ingeneral, the activity in most functional blocks can becontrolled by input conditions. For example in a processor,activity in the floating point unit (FPU), branch logic ormemory peripheral logic can be turned off by selecting aninteger ALU operation. Similarly, in a pipelined processor,the different pipeline stages correspond to the differentregions. By repeating the same initial test instruction, wecan fill the pipeline such that on application of a new testvector, the different pipeline stages are activated one-at-a-time. Any large functional block is furthered partitioned byhypergraph partitioning or by using other region-basedpartitioning approaches [12]. The partitioning approachshould consider the following properties: 1) The blocksshould be reasonably large to cancel out the effect ofrandom parameter variations, but small enough to mini-mize the background current. 2) The blocks should befunctionally independent so that the test generation processcan increase the activity of one block (or few blocks) whileminimizing the activity of all others.

Next, we generate test vectors for activating each moduleseparately. The test vector generation algorithm needs totake into account two factors: 1) Only one region must beactivated at a time. 2) When a particular region is beingactivated, the test vectors should try to activate possibleTrojan trigger conditions to cause some switching activitywithin possible Trojan circuits. This motivates us toconsider a modified version of the statistical test generationapproach (MERO) proposed in [6] for maximizing Trojantrigger coverage. Note that, unlike logic testing approaches,the Trojan payload need not be affected during test time,and the observability of Trojan effect on the side-channelparameter is enough to signify the presence of the Trojan.For each module Mi, we use connectivity analysis to assignweights to the primary inputs in terms of their tendency tomaximize activity in the region under consideration whileminimizing activity in other regions. This step can alsoidentify control signals which can direct the activityexclusively to particular regions. Next, we generateweighted random input vectors and estimate the activitywithin each region for each pair of input vectors using agraph-based functional simulation approach. We sort thevectors based on a metric Cij which is higher for a vectorpair which can maximally activate module Mi whileminimizing activity in each of the other modules. Then,we prune the vector set to choose a reduced but highlyefficient vector set generated by MERO, which is motivatedby the N-detect test generation technique [33]. In thisapproach, we identify internal nodes with rare valueswithin each module, which can be candidate trigger signalsfor a Trojan. Then we identify the subset of vectors whichcan take the rare nodes within the module to their rarevalues at least N times, thus increasing the triggerpossibility of arbitrary Trojans. The vectors for all regionsare combined to generate a test suite which can be appliedto each chip for measuring supply current corresponding toeach of its regions.


Fig. 4. Major steps in the multiple-parameter Trojan detection approach.

3.2.2 Power Gating and Operand Isolation

To prevent unwanted switching in independent functionalmodules, low-power designs conventionally use powergating techniques such as clock gating, supply gating, oroperand isolation. We propose to employ the already-existing power gating controls to improve Trojan detectionsensitivity by reducing Ioriginal, without introducing anymodifications to the design. These approaches are supple-mentary to the test vector generation technique describedearlier and are applicable to circuits in which the region-based test generation is not very effective. We appliedthese techniques to the advanced encryption standard(AES) circuit, shown in Fig. 5 [23]. It should be noted thatdepending on the functionality of the CUT, it might not bealways possible to switch-off certain units whose outputsfeed other dependent modules. Thus, when testing forTrojan in module 4, we cannot shut off the modules 1 and3 that affect the controllability (and hence the activity) ofthe internal nodes in 4. One major concern against usingpower gating is that if we introduce power gating duringtest-time as a method to increase our Trojan detectionsensitivity, the attacker can use these control signals todisable the Trojan during test time. However, in this case,it is difficult for the adversary to distinguish between thenormal functional mode and Trojan detection mode, sincethe decision about which blocks are turned off or biased istaken dynamically. Hence, the attacker cannot use thepower gating techniques to reduce the current contributionof the inserted Trojan.

3.2.3 Use of Other Side-Channel Parameters

It should be noted that various measurable parameters canbe used for multiple-parameter side-channel-based Trojandetection where at least one parameter is affected by theTrojan and other parameters are used to calibrate theprocess noise. Besides IDDT and Fmax, other circuit para-meters such as quiescent or leakage current (IDDQ) can alsobe used to increase the confidence level. Apart fromcontributing to the dynamic current (IDDT ), a Trojan willalso contribute to the leakage current (IDDQ). Moreover,similar to IDDT , the value of IDDQ increases monotonicallywith Fmax for a given design from one process corner toanother. Thus, any decision derived from studying the IDDTversus Fmax relation can be reinforced by observing theIDDQ versus Fmax relation for the same set of ICs. Similar toIDDT , the value for IDDQ is input-dependent; thus, a low-leakage vector can improve the IDDQ sensitivity of a Trojan.

To understand the joint effect of the three variables, wesimulated the c880 circuit with and without an 8-bitcomparator Trojan. Fig. 6 shows a 3D plot of IDDT , IDDQ,and Fmax, with projections on the IDDQ-Fmax and IDDT -Fmaxplanes. We can observe that a Trojan instance clearlyisolates a chip in the multiple-parameter space from processinduced variations.

3.2.4 Test Conditions

During side-channel testing, the choice of testing conditionscan have a significant impact on sensitivity of Trojandetection. For instance, the placement of the current sensorto measure IDDT for the chip is an important parameter. Itshould be noted that in case of a noninvasive approach forTrojan detection, the current sensors are not inserted withinthe chip. If they are inserted within the chip, they can betampered with, by the attacker. However, it is advisable tomeasure the current as close to the pins as possible. If wemeasure the current drawn from the power supply, theaveraging effect of the bypass capacitors on the board cancause a negative impact on Trojan detection sensitivity.Moreover, if the current sensing can be done at individualVDD pins at the chip-level, instead of at the commonsupply node at the board-level, we can divide the back-ground current to a considerably smaller value. It can alsohelp in isolating the Trojan effect if the functional regionsbeing activated draw supply current dominantly fromdifferent VDD pins. In this context, a region-based Trojandetection approach described in [13], explains how one canuse the supply current values for different regions tocalibrate the process noise.

The value of the supply voltage and the operatingfrequency during testing can also be varied to get betterTrojan detection sensitivity by our approach. As the supplyvoltage is reduced below nominal, the gates start switchingslowly. Also, the dynamic and leakage current get reduced.Since we use average current measured over a clock periodas the IDDT value corresponding to a pair of test vectors, itcontains components from both switching current and theleakage current. Based on the equations derived in Section 1,and the trend lines in Fig. 6, a trend line exists betweenFmax and IDDT whereas the relation between Fmax and IDDQis nonlinear. We can see that if the measured averagecurrent is dominated by the leakage component, therelationship has a nonlinear trend. If the trend remainsclose to linear, it is easier to get a limit line and determine a


Fig. 5. Schematic showing the functional modules of the AES ciphercircuit. The “Key Expand” module is clock-gated and operand isolation isapplied to the “SBOX” modules to reduce the background current. Fig. 6. The correlation among IDDT , IDDQ, and Fmax can be used to

improve Trojan detection confidence.

threshold for characterizing process variations. We canreduce the leakage component by measuring the averageleakage current for the same vector and subtracting it fromthe measured switching current to extract the actual IDDT .On the other hand, we can get similar sensitivity bymeasuring the current for shorter period of time (i.e., athigh operating frequency) which leaves very little marginbeyond the critical path delay, or by testing at a lowersupply voltage, when the gate delays increase and consumethe slack for the particular operating frequency. If otherlow-power design techniques are built into the design, likeapplying body-bias to reduce leakage or clock/supplygating or adaptive voltage scaling for different functionalregions, these can be used to our advantage to increaseTrojan detection sensitivity.

4 RESULTS

4.1 Simulation-Based Verification

4.1.1 Test Setup

We used two test cases to validate the proposed Trojandetection approach: 1) an AES cipher circuit with anequivalent area of slightly over 25,000 two-input NANDgates (i.e., >105 transistors) and about 30 percent of the totalarea contributed by memory elements and 2) a 32-bitpipelined integer execution unit (IEU) with about20,000 two-input gates. Both designs were synthesizedusing Synopsys Design Compiler and mapped to an LEDAlibrary. To determine the trend line and estimate the Trojandetection sensitivity, we used �20% variation over thenominal V th in our simulations. We validated ourtechnique with both 250-nm TSMC models and 70-nmpredictive technology model (PTM) [34] models to establish thetechnology scalability of our approach. Finally, we usedMonte Carlo simulations in HSPICE with random variationsin interdie and intradie Vth.

We introduced four types of Trojan circuits in the two testcircuits, with each Trojan type having an area an order ofmagnitude smaller than the previous type. Trojans I, II, andIII are sequential Trojans that are designed as counters ofdecreasing size (24, 10, and 3 flip-flops, respectively.However, they derive their clock from internal nodesof the circuit with rare values. Trojan IV is a combinational8-bit comparator circuit, which occupies a meagre 0.04 per-cent of the AES circuit area. Fig. 7 shows schematics of theTrojan circuits considered in our simulations.

4.1.2 Results

Fig. 8a shows a plot of IDDT versus Fmax for the AES circuit,with and without an inserted Trojan of type I. From thisplot, it is observed that the current differential due to the

Trojan circuit is only 2.63 percent at different processcorners. For smaller Trojan circuits (Trojan II-IV), thisdifference is less prominent and likely to be masked byprocess noise. Thus, as discussed in Section 3.2.2, the clockgating and operand isolation were implemented to improvethe Trojan detection sensitivity in the AES test circuit. As aresult of selective gating, it was possible to reduce theaverage activity per node significantly (from 0.16 to 0.05).Fig. 8b shows the average IDDT versus Fmax plots forTrojan I, with power gating applied, which increases thesensitivity from 2.63 percent (see Fig. 8a) to 12.2 percent.The sensitivity for different Trojan sizes is shown in Table 1.

Figs. 8c and 8d show IDDT versus Fmax trends for the32-bit IEU circuit, which shows sensitivity reduction withdecrease in Trojan size. These sensitivity values can beimproved by choosing proper low-activity vectors whichreduce the background current. The improvement insensitivity for different Trojan circuits due to low-activityvectors is shown in Table 2. Fig. 9 shows the detectionsensitivity using multiple-parameter approach for Trojansof different sizes in the IEU circuit. Large sequentialTrojans having 24 and 10 flip-flops have better sensitivitywith IDDQ, since the Trojan circuit occupies a considerablepercentage of the original circuit area. However, smallersequential (three flip-flops) and combinational Trojans (16,10, 8-bit comparators) which occupy very small percentageof the area have very low detection sensitivity using IDDQ.Since quiescent current is measured for the entire circuit,its sensitivity decreases for large circuits and small Trojans.In this regard, multi-power port measurement [13] can be


Fig. 7. Trojans considered in our simulation setup.

Fig. 8. IDDT versus Fmax relationship for both golden and tampered AESand IEU circuits showing the sensitivity of our approach for detectingdifferent Trojan circuits.

TABLE 1Detection Sensitivity for Different Trojan Sizes in AES

useful to attain higher confidence. However, using IDDTand low-activity vectors, we can increase the detectionsensitivity to more than 2 percent. For ultrasmall Trojans(4-bit comparator), the side-channel sensitivity is below2 percent, which can be increased by proper test condi-tions. Moreover, such Trojans are easily detected by logic-testing approaches [6].

Fig. 10 shows the results of Monte Carlo simulations for1,000 instances of the IEU circuit with and withoutTrojan IV. Here, we consider both die-to-die and within-die variations as well as uncorrelated variations betweenNMOS and PMOS threshold voltages. Using a 2 percentsensitivity limit line, we obtain 99.3 percent Trojan detectionaccuracy, with 0.3 percent false alarms, which indicates that3 out of 1,000 dies fall beyond the 2 percent limit line.Hence, the multiple-parameter approach is shown to workeven under random process variation effects on top ofinterdie variations. However, these results were obtained atnominal supply voltage of 1V and relatively low operatingfrequency of 200 MHz (clock period ¼ 5 ns). As describedin Section 3.2.4, we can use supply voltage scaling andfrequency scaling during testing to make the measuredsupply current reflect the switching current (IDDT ) only. Byreducing the slack when no switching activity takes place inthe circuit, we can get better Trojan detection sensitivity asshown in Fig. 11. By decreasing the clock period to 3 ns, welimit the idle time within the measurement period. Also, byreducing the supply voltage to 0.8 V, the switching speed ofthe gates reduces and the slack decreases further to givelarge separation between golden trend line and Trojan IDDT .Thus, proper choice of test conditions can lead to increasedsensitivity for detecting ultrasmall combinational Trojans.

4.2 Hardware Validation

4.2.1 Test Setup

Hardware validation of the proposed multiple-parameterapproach was performed using an FPGA-platform where

FPGA chips were used to emulate the ASIC scenario. Wewanted to observe the effectiveness of the proposedapproach to isolate the Trojan effect in presence of processvariations, when a golden design and its variant withTrojan are mapped to the FPGA devices. Such an FPGA-based test setup provides a convenient platform forhardware validation using different Trojan types, sizesand even different designs. The selected FPGA device wasXilinx Virtex-II XC2V500 fabricated in 120-nm CMOStechnology. We designed a custom test board withsocketed FPGAs for measuring current from eight indivi-dual supply pins as well as the total current, using 0:5�precision current sense resistors. The test circuit was the32-bit IEU with a five-stage pipelined multiplier which hasa logic utilization of 90 percent of the FPGA slices. TheTrojan circuit was a sequential counter circuit, whose sizewas varied from 256 (1.76 percent of design size) to4 (0.03 percent) flip-flops. IDDT was monitored for twotypes of input vectors: low-activity logic operations andhigh-activity multiplication operations.

The test setup is shown in Fig. 12. To measure IDDT , wemeasured the voltage drop across a sense resistor, usinghigh-side current sensing strategy. To increase accuracy ofmeasurements amidst measurement noise, the senseresistors were connected between the core VDD pins andthe bank of bypass capacitors. A differential probe wasused to measure the voltage waveforms, which wererecorded using an Agilent mixed-signal oscilloscope(100 MHz, 2 Gsa/sec). The timing diagram for theapplication of test vectors, along with “SYNC” signal foraveraging the current waveform over multiple applica-tions of the same test vectors is shown in Fig. 13. Thewaveforms were synchronized with a 10-MHz clock inputand recorded over 16 cycles corresponding to a pattern of16 input vectors. A “SYNC” signal was used to indicatethe first input vector in the set, so that the current can bemeasured for the same vectors in all cases. Averagecurrent waveforms were obtained from the oscilloscope by


Fig. 9. Sensitivity of Trojans of different sizes and types to differentparameters.

TABLE 2Detection Sensitivity for Different Trojan Sizes in IEU

Fig. 10. Effect of random process variations using Monte Carlosimulations with interdie � ¼ 10% and random intradie � ¼ 6% for the32-bit IEU circuit with Trojan IV inserted. VDD ¼ 1V, Period ¼ 5 ns.

Fig. 11. Choosing a faster clock period (3 ns) and lowering the supplyvoltage from 1 to 0.8 V gives better Trojan detection accuracy.

averaging over 1,024 repetitions of the same vector set toreduce the measurement and temporal noise. We per-formed experiments with 10 FPGA chips from the samelot, which were placed in the same test board using aBGA socket, with the same design mapped to each chip.

Frequency (an estimate of Fmax) was measured forprocess-calibration of the FPGA chips using a 15-inverterchain ring oscillator circuit with an on-chip counter, asdescribed in [35]. The measurement of ring oscillatorfrequencies mapped to the FPGAs was done multiple (10)times with a stable experimental setup to ensure similaroperating conditions including temperature, and averagedto eliminate temporal variations. The spatial variations wereaveraged by measuring ring oscillator frequency from fivedifferent placements (four quadrants and center) of the ringoscillator in each IC (taking care to preserve the internalrouting). The entire set of measurements for the 20 testchips (taking a total time of 14 hours) was repeated threetimes to ensure the accuracy of the trend line.

4.2.2 Results

The experimental results for multiple-parameter testingapproach are shown in Fig. 14. The results show that whilemeasurements of IDDT only (see Fig. 14a) may not be able tocapture the effect of a Trojan under parameter variations,multiple-parameter-based side-channel analysis can beeffective to isolate it. For a set of golden chips, IDDT versusFmax follows an expected trend under process noise anddeviation from this trend indicates the presence ofstructural changes in the design. Fig. 14b shows thisscenario for 10 FPGA chips, 8 golden and 2 with Trojans(16-bit sequential Trojan). The ones with Trojans stand outfrom the rest in the IDDT versus Fmax space. Note that somedesign marginalities, such as small capacitive coupling,which cause localized variation, can make the IDDT versusFmax plot for golden chips to deviate from the linear trend.Also, better trend can be obtained by performing measure-ments over larger population of chips, than was available.

Fig. 15a shows the measured IDDT versus Fmax trend for a4-bit sequential Trojan, which occupied 0.03 percent of logicresources in the FPGA. By drawing a limit line with asensitivity of 2 percent, we get errors in Trojan detection.Lowering the sensitivity to 1 percent will decrease thenumber of false negatives (Trojan chips classified as golden),but increase the number of false positives (golden chipsclassified as Trojan). To improve the sensitivity of Trojandetection, we subtracted the background current (currentmeasured with no input activity) for each chip and thecorresponding IDDT versus Fmax trend is shown in Fig. 15b.Even with a sensitivity of 1 percent, we can now clearlyidentify the Trojan chips without any errors.

Fig. 16 shows the variation in Trojan detection sensitivitywith Trojans of various sizes and with sets of input testvectors with differing activity levels. It is clear from thisgraph, that the sensitivity of Trojan detection decreases withdecrease in Trojan size, and for very small Trojans, weneed to use sensitivity improvement techniques to avoid


Fig. 12. (a) Test PCB schematic. (b) Test circuit schematic.(c) Experimental setup. (d) Snapshot of measured IDDT waveform fromoscilloscope.

Fig. 13. Timing diagram for application of test vectors and acquisition ofaverage current values (IDDT).

Fig. 14. Measurement results for 10 FPGA chips showing (a) IDDTvalues only and (b) IDDT versus Fmax trend for the IEU test circuit and a16-bit sequential Trojan (0.14 percent area).

Fig. 15. Measured IDDT versus Fmax results for eight golden and twoTrojan chips for the IEU circuit with and without a 4-bit sequential Trojan(0.03 percent area).

classification errors. The sensitivity toward Trojan detectionby measuring from individual pins compared to thesensitivity when measuring the total current is plotted inFig. 17. It can be observed that when activating themultiplier which is spread out over a large part of theFPGA, we do not get much improvement in sensitivity.However, the supply current corresponding to the logicoperations shows clear improvement in sensitivity of�1:25� over the overall current sensitivity, for the pin R2which is closest to the placement of the logic block of theIEU on the FPGA. The sensitivity can be improved furtherby integrating current sensors into the packaging closer tothe pins and by using current integration circuitry toperform the averaging.

5 INTEGRATION WITH LOGIC-TESTING

As shown in Section 4, sensitivity of Trojan detection withthe proposed side channel approach reduces with Trojansize. Hence, while such an approach can be generallyeffective for relatively large Trojans (including complexsequential Trojans), it may not detect ultrasmall Trojansreliably. On the other hand, logic testing-based approachescan detect small Trojans with high confidence. However, itis extremely challenging to detect structurally and func-tionally complex Trojans using logic testing. This isbecause a finite set of generated test vectors are usuallyunable to trigger the Trojans and manifest their maliciouseffect. As shown in [6], the logic testing approachgenerally achieves poor Trojan detection coverage forTrojans with more than eight inputs. However, for side-channel analysis-based approaches, it is not essential toactivate the entire Trojan circuit—even activating a smallpart of the Trojan circuit might be sufficient to reliablyidentify Trojan effect in supply current. Hence, theproposed methodology can also be integrated with logic-testing-based Trojan detection approaches (such asMERO [6]) to provide comprehensive coverage for Trojansof different types and sizes.

The overall coverage can be estimated by a statisticalsampling approach, in which a random sample of Trojaninstances of a specific size (e.g., 100K) is chosen from theTrojan population. The percentage of Trojans in the sampledetected by a given test-set is determined using functionalsimulation. Trojan detection coverage for a particular test-set is defined as

Coverage ¼ #of Trojans detected

#of sampled Trojans� 100%: ð2Þ

We analyze the effect of changing the rareness of the nodesin terms of Trojan trigger coverage in Fig. 18. As the valueof � increases beyond 0.2, even the Trojans triggered bynonrare nodes are activated with high probability. Hence,even though the N-detect test generation method focuseson taking the rare nodes to their rare values N times, theTrojans triggered by nonrare nodes will also get activated,resulting in high coverage for all Trojans. One can also usecoverage enhancement techniques like test-point insertionto enhance logic-testing-based Trojan detection. We caninsert low-overhead test points to increase the observa-bility of poorly observable internal circuit nodes andmaking them primary outputs. To reduce pin overhead,we can use multiplexing of the test points on existing pins.Similarly, controllable test point insertion can be used toimprove trigger coverage. To observe the effect ofobservable test points, we performed simulations with 5and 10 inserted test points (TP). To select the test points,the nodes were ranked in descending order based on thefollowing metric:

M ¼ fin þ foutabsðfin � foutÞ þ 1

; ð3Þ

where fin and fout represent the sizes of the fanin and fanoutcones of a node, respectively. The metric indicates thatnodes closer to the primary inputs/outputs have less chanceof getting selected. Fig. 19 shows the effect of test pointinsertion on the Trojan coverage as compared to a baselinecase with no inserted test point, for three sequential


Fig. 16. Trojan detection sensitivity decreases with Trojan size butimproves by proper test vector selection.

Fig. 17. Sensitivity of Trojan detection can be improved by measuringcurrent from multiple supply pins.

Fig. 18. Trigger coverage for different values of �, the rareness of thenodes considered for test generation.

(ISCAS’89) benchmark circuits with N ¼ 1;000, q ¼ 2, and� ¼ 0:2 [6]. As observed from this plot, test point insertionhelps to improve the Trojan coverage considerably for somecircuits and helps to reduce the gap between triggercoverage and Trojan coverage. Design techniques toimprove Trojan detection ability have been proposed earlier[15], [18], [25]. Here, we show that the integrated side-channel and logic testing approach for Trojan detection canbenefit from appropriate low-cost design techniques.Although we show the improvement in case of logic testing,a similar approach of inserting controllable points canconsiderably improve Trojan detection sensitivity for side-channel testing approaches by increasing the switchingactivity inside the gates of possible Trojan circuits. It shouldbe noted that such Design for Security (DfS) approachescome with their own overhead and can only be used in caseswhere an invasive approach for ensuring trust is tolerated.

We computed the Trojan detection coverage for differ-ent ISCAS-85 benchmark circuits for a population of100,000 10-input combinational Trojans, using the MEROlogic testing algorithm as well as the combined side-channel and MERO approach, as shown in Table 3. Weused the sensitivity value derived in Section 3.2 todetermine if a Trojan is detected using side-channelapproach. Although the logic testing approach in isolationachieves relatively poor coverage for large Trojans (size�8 inputs), the total coverage of the integrated approach is100 percent for most circuits.

We also analyzed the complementary nature of coverageby the logic testing and side-channel approaches of Trojandetection. Fig. 20 shows the Trojan coverage for logic testingapproach (MERO) and side-channel approach without anysensitivity improvement techniques applied, as well as the

total coverage for the combined approach, for a 32-bit IEUfor Trojans of different sizes. It can be observed that forlarger Trojans with 8 or more inputs, the detection coverageof the MERO approach is much inferior to that of the side-channel-based multiparameter testing. Conversely, smallTrojans are easier to trigger and detect using logic testing,but their contribution to side-channel parameter may bedifficult to distinguish. From this analysis, we note thatTrojans of different types and sizes can be detected withhigh confidence by the integrated approach.

6 CONCLUSION

We have presented a multiple-parameter side-channelanalysis approach for hardware Trojan detection thatexploits the intrinsic relationship between active-modecurrent (IDDT ) and maximum operating frequency (Fmax)to achieve high signal-to-noise ratio in presence of processvariations. The approach is scalable with respect toincreasing die-to-die and within-die process variations innanoscale technologies. We have also presented appro-priate test vector selection techniques, use of power gatingand operand selection, use of IDDQ as a third parameterand choice of test conditions in the context of improvingthe detection sensitivity. The approach is validated usingboth simulation as well as hardware measurements using120-nm FPGA chips. We show that the proposed approachcan detect complex sequential Trojans with high confidencein presence of large process variations. For ultrasmallTrojans, the proposed approach may suffer from reducedsensitivity, whereas logic testing can be more effective.Hence, the proposed approach can be integrated withcomplementary logic testing approach for reliable detectionof Trojans of all forms and sizes. Finally, the approach canalso be combined with design for security approaches toimprove test time and Trojan detection coverage.

ACKNOWLEDGMENTS

The work was funded by the US Department of Defensegrant FA-8650-08-1-7859.

REFERENCES

[1] DARPA, “TRUST in Integrated Circuits (TIC),” http://www.darpa.mil/MTO/solicitations/baa07-24, 2007.

[2] S. Adee, “The Hunt for the Kill Switch,” IEEE Spectrum, vol. 45,no. 5, pp. 34-39, May 2008.

[3] M. Abramovici and P. Bradley, “Integrated Circuit Security—NewThreats and Solutions,” Proc. Fifth Ann. Workshop Cyber Securityand Information Intelligence Research, pp. 1-3, 2009.


Fig. 19. Trojan coverage improvement due to observable test pointinsertion (5 and 10).

TABLE 3Trojan Coverage for ISCAS-85 Benchmark Circuits

Fig. 20. Complementary nature of MERO and side-channel analysis forTrojan detection coverage.

[4] S. King et al., “Designing and Implementing Malicious Hard-ware,” Proc. First Usenix Workshop Large-Scale Exploits and EmergentThreats, 2008.

[5] F. Wolff et al., “Towards Trojan-Free Trusted ICs: ProblemAnalysis and Detection Scheme,” Proc. Conf. Design, Automation,and Test in Europe, pp. 1362-1365, 2008.

[6] R.S. Chakraborty et al., “MERO: A Statistical Approach forHardware Trojan Detection,” Proc. 11th Int’l Workshop Crypto-graphic Hardware and Embedded Systems, 2009.

[7] L. Lin, W. Burleson, and C. Parr, “MOLES: Malicious Off-ChipLeakage Enabled by Side-Channels,” Proc. IEEE/ACM Int’l Conf.Computer-Aided Design, 2009.

[8] R.S. Chakraborty, S. Narasimhan, and S. Bhunia, “HardwareTrojan: Threats and Emerging Solutions,” Proc. IEEE Int’l High-Level Design Verification and Test Workshop, 2009.

[9] M. Tehranipoor and F. Koushanfar, “A Survey of HardwareTrojan Taxonomy and Detection,” IEEE Design and Test ofComputers, vol. 27, no. 1, pp. 10-25, Jan./Feb. 2010.

[10] R. Karri, J. Rajendran, K. Rosenfeld, and M. Tehranipoor, “TowardTrusted Hardware: Identifying and Classifying Hardware Tro-jans,” Computer, vol. 44, no. 7, pp. 66-74, 2011.

[11] D. Agrawal et al., “Trojan Detection Using IC Fingerprinting,”Proc. IEEE Symp. Security and Privacy, pp. 296-310, 2007.

[12] M. Banga and M.S. Hsiao, “A Region Based Approach for theIdentification of Hardware Trojans,” Proc. IEEE Int’l WorkshopHardware-Oriented Security and Trust, pp. 40-47, 2008.

[13] R. Rad, J. Plusquellic, and M. Tehranipoor, “A Sensitivity Analysisof Power Signal Methods for Detecting Hardware Trojans underReal Process and Environmental Conditions,” IEEE Trans. VeryLarge Scale Integration Systems, vol. 18, no. 12, pp. 1735-1744, Dec.2010.

[14] J. Aarestad, D. Acharyya, R. Rad, and J. Plusquellic, “DetectingTrojans through Leakage Current Analysis Using Multiple SupplyPad IDDQs,” IEEE Trans. Information Forensics and Security, vol. 5,no. 4, pp. 893-904, Dec. 2010.

[15] H. Salmani, M. Tehranipoor, and J. Plusquellic, “A Layout-AwareApproach for Improving Localized Switching to Detect HardwareTrojans in Integrated Circuits,” Proc. IEEE Intl’l WorkshopInformation Forensics and Security (WIFS ’10), 2010.

[16] S. Narasimhan et al., “Multiple-Parameter Side-Channel Ana-lysis: A Non-Invasive Hardware Trojan Detection Approach,”Proc. IEEE Int’l Symp. Hardware-Oriented Security and Trust,2010.

[17] D. Du, S. Narasimhan, R.S. Chakraborty, and S. Bhunia, “Self-Referencing: A Scalable Side-Channel Approach for HardwareTrojan Detection,” Proc. 12th Int’l Conf. Cryptographic Hardware andEmbedded Systems, 2010.

[18] D. Rai and J. Lach, “Performance of Delay-Based TrojanDetection Techniques under Parameter Variations,” Proc. IEEEInt’l Workshop Hardware-Oriented Security and Trust, pp. 58-65,2009.

[19] Y. Jin and Y. Makris, “Hardware Trojan Detection Using PathDelay Fingerprint,” Proc. IEEE Int’l Workshop Hardware-OrientedSecurity and Trust, pp. 51-57, 2008.

[20] S. Borkar et al., “Parameter Variations and Impact on Circuits andMicro-Architecture,” Proc. Design Automation Conf., pp. 338-342,2003.

[21] P. Yang, E. Hocevar, P. Cox, C. Machala, and P. Chatterjee, “AnIntegrated and Efficient Approach for MOS VLSI Statistical CircuitDesign,” IEEE Trans. Computer-Aided Design of Integrated Circuitsand Systems, vol. 5, no. 1, pp. 5-14, Jan. 1986.

[22] A. Keshavarzi et al., “Multiple-Parameter CMOS IC Testing withIncreased Sensitivity for IDDQ,” IEEE Trans. Very Large ScaleIntegration Systems, vol. 11, no. 5, pp. 863-870, Oct. 2003.

[23] www.opencores.org, 2013.

[24] S. Jha and S.K. Jha, “Randomization Based Probabilistic Approachto Detect Trojan Circuits,” Proc. IEEE 11th High Assurance SystemsEng. Symp., pp. 117-124, 2008.

[25] R.S. Chakraborty, S. Paul, and S. Bhunia, “On-Demand Transpar-ency for Improving Hardware Trojan Detectability,” Proc. IEEEInt’l Workshop Hardware-Oriented Security and Trust, pp. 48-50,2008.

[26] D. McIntyre, F. Wolff, C. Papachristou, S. Bhunia, and D. Weyer,“Dynamic Evaluation of Hardware Trust,” Proc. IEEE Int’lWorkshop Hardware-Oriented Security and Trust, 2009.

[27] G. Bloom et al., “Providing Secure Execution Environments with aLast Line of Defense against Trojan Circuit Attacks,” Computersand Security, vol. 28, no. 7, pp. 660-669, 2009.

[28] M. Banga and M.S. Hsiao, “A Novel Sustained Vector Techniquefor the Detection of Hardware Trojans,” Proc. 22nd Int’l Conf. VLSIDesign, 2009.

[29] M. Potkonjak, A. Nahapetian, M. Nelson, and T. Massey,“Hardware Trojan Horse Detection Using Gate-Level Character-ization,” Proc. Design Automation Conf., 2009.

[30] Y. Alkabani and F. Koushanfar, “Consistency-Based Characteriza-tion for IC Trojan Detection,” Proc. Int’l Conf. Computer-AidedDesign, 2009.

[31] T. Sakurai and A.R. Newton, “Alpha-Power Law MOSFET Modeland Its Applications to CMOS Inverter Delay and OtherFormulas,” IEEE J. Solid State Circuits, vol. 25, no. 2, pp. 584-594,Apr. 1990.

[32] A. Papoulis and S.U. Pillai, Probability, Random Variables, andStochastic Processes, fourth ed. McGraw-Hill, 2002.

[33] I. Pomeranz and S.M. Reddy, “A Measure of Quality forn-Detection Test Sets,” IEEE. Trans. Computers, vol. 53, no. 11,pp. 1497-1503, Nov. 2004.

[34] “Predictive Technology Model,” http://ptm.asu.edu/, 2013.[35] S. Paul, H. Mahmoodi, and S. Bhunia, “Low-Overhead Fmax

Calibration at Multiple Operating Points Using Delay SensitivityBased Path Selection,” ACM Trans. Design Automation of ElectronicSystems, vol. 15, no. 2, article 19, Feb. 2010.

Seetharam Narasimhan received the BE(Hons) degree from Jadavpur University, Kolk-ata, India, in 2006 and the PhD degree incomputer engineering from the Case WesternReserve University, Cleveland, Ohio, in 2012.He served as a summer intern at BroadcomCorp., Tempe, Arizona, in 2010. He currentlyworks as a security researcher in the SecurityCenter of Excellence at Intel Corp., Hillsboro,Oregon. His current research interests include

the algorithm-architecture-circuit codesign for bioimplantable neuralinterface systems and hardware security. He is a member of the IEEE.

Dongdong Du received the BE (Hons) degreefrom the Northeastern University, China, in2005 and the MS degree from the CaseWestern Reserve University, Cleveland, Ohio,in 2010. He is currently working as a qualityassurance technical specialist in Hyland Soft-ware, Westlake, Ohio. His research interestsinclude hardware Trojan detection.

Rajat Subhra Chakraborty received the BE(Hons) degree in electronics and telecommuni-cation engineering from Jadavpur University,in 2005, and the PhD degree in computerengineering from the Case Western ReserveUniversity Cleveland, Ohio, in 2010. From 2005to 2006, he worked as a CAD software engineerat National Semiconductor, Bengaluru, and inFall 2007, he was a co-op at Advanced MicroDevices, Sunnyvale, California. He is currently

an assistant professor in the Computer Science and EngineeringDepartment, Indian Institute of Technology Kharagpur, India. As agraduate student, he received multiple student awards from the IEEEand the ACM, and an annual award for academic excellence from theCase Western Reserve University in 2009. Part of his PhD researchwork was the subject of a US patent filed by the Case Western ReserveUniversity in 2009. His research interest includes hardware security,including design methodology for hardware IP/IC protection, hardwareTrojan detection/prevention through design and testing, attacks onhardware implementation of cryptographic algorithms, and reversiblewatermarking for digital content protection. He is a member of the IEEE.


Somnath Paul received the BE degree inelectronics and telecommunication engineeringfrom Jadavpur University, Kolkata, India, in 2005and the PhD degree in computer engineeringfrom the Case Western Reserve University,Cleveland, Ohio, in 2011. He was a designengineer with Advanced Micro Devices, Benga-luru, India. He has also held internship positionsat Intel and Qualcomm. He is currently working inthe SoC Design Lab as a part of Integrated

Platforms Research at Intel Corp, Hillsboro, Oregon. His researchinterests include development of novel hardware frameworks forreconfigurable architectures and hardware/software codesign for yieldimprovement in nanoscale technologies. He is a member of the IEEE.

Francis G. Wolff received the undergraduate(summa cum laude) and master’s degrees incomputer and information science with electricalengineering from the Cleveland State Univer-sity, Ohio, and the PhD degree in computerengineering and science from the Case Wes-tern Reserve University, Cleveland, Ohio. Hehas worked in the industry in both embeddedhardware technology design and softwareprogramming, such as Rockwell International

and Pro-Data Corporation. He has been a visiting professor for coursessuch as programming cell phones, object-oriented programming, VLSIand FPGA chip design, and embedded systems. He is currently avisiting associate professor at the Case Western Reserve University,doing research in various technology areas: function specification toRTL validation, hardware Trojans and security, DSP, and reconfigur-able architectures.

Christos A. Papachristou received the PhDdegree in electrical engineering and computerscience from the Johns Hopkins University,Baltimore, Maryland. He is currently a professorat the Department of Electrical Engineering andComputer Science, Case Western ReserveUniversity, Cleveland, Ohio. His research inter-ests include design automation and design fortestability of VLSI systems, microarchitecturedesign and validation, and high-performance

architecture and parallel processing. He is a senior member of the IEEE.

Kaushik Roy received the BTech degree inelectronics and electrical communications en-gineering from the Indian Institute of TechnologyKharagpur, India, and the PhD degree from theElectrical and Computer Engineering Depart-ment, University of Illinois at Urbana-Cham-paign, in 1990. He was with the SemiconductorProcess and Design Center, Texas Instruments,Dallas, where he worked on FPGA architecturedevelopment and low-power circuit design. He is

currently a professor and holds the Roscoe H. George chair in electricaland computer engineering, Purdue University, West Lafayette, Indiana.He is the chief technical advisor of Zenasis Inc. and was a researchvisionary board member of Motorola Laboratories in 2002. His researchinterests include VLSI design/CAD for nanoscale silicon and nonsilicontechnologies, low-power electronics for portable computing and wirelesscommunications, VLSI testing and verification, and reconfigurablecomputing. He is a fellow of the IEEE.

Swarup Bhunia received the BE (Hons) degreefrom Jadavpur University, Kolkata, India, theMTech degree from the Indian Institute ofTechnology Kharagpur, India, and the PhDdegree from Purdue University, Indiana, in2005. He has worked in the semiconductorindustry on RTL synthesis, verification, and low-power design for about three years. Currently,he is an associate professor of electricalengineering and computer science at the Case

Western Reserve University, Cleveland, Ohio. His research interestsinclude the areas of VLSI design, CAD, and test techniques. He is asenior member of the IEEE.

. For more information on this or any other computing topic,please visit our Digital Library at www.computer.org/publications/dlib.


Documents

IEEE TRANSACTIONS ON COMPUTERS, VOL. 62, NO. …swarup.ece.ufl.edu/papers/J/J40.pdf · 2184 IEEE TRANSACTIONS ON COMPUTERS, VOL. 62, NO. 11, ... are synchronous stand-alone counters,