Trojan Detection in Digital Systems Using Current Sensing of Pulse Propagation in Logic Gates


Outsourcing of chip manufacturing to untrusted foundries and using third party IPs in design, have opened the possibility of inserting malicious hardware Trojans into the circuit. As excitation of Trojan is extremely rare, it is almost impossible to detect Trojans with functional logic testing. We need to detect Trojans without actually activating it (side channel analysis). Hardware Trojan circuit get inputs from low transition probability nodes of the original circuit. Tapping of these nodes for creating Trojan inputs increase capacitive load at those nodes. We have developed a very high resolution pulse propagation technique to capture this extra capacitance at Trojan affected nodes. This technique provides 20-25X higher diagnostic resolution than path delay analysis in the presence of significant manufacturing process variation. Pulse propagation based Trojan detection is independent of logic depth in the path. As the logic depth increases other state of the art Trojan detection schemes loses accuracy. Though the scheme appears simple, it is not so straight forward to generate and apply the pulse inputs on chip at the desired locations and capture them at designated locations with high accuracy in presence of high fan out nodes in the design. We have developed a very high resolution current sensing scheme to detect pulse propagation through logic gates. A single sensor can sense pulse at multiple locations. The entire scheme of pulse based Trojan detection has been integrated into JTAG boundary scan scheme with minimal area overhead to provide a complete solution for Hardware Trojans.

2016 17th International Symposium on Quality Electronic Design (ISQED)