Self-referencing: A Scalable Side-Channel Approach for Hardware Trojan Detection
- Cite this paper as:
- Du D., Narasimhan S., Chakraborty R.S., Bhunia S. (2010) Self-referencing: A Scalable Side-Channel Approach for Hardware Trojan Detection. In: Mangard S., Standaert FX. (eds) Cryptographic Hardware and Embedded Systems, CHES 2010. CHES 2010. Lecture Notes in Computer Science, vol 6225. Springer, Berlin, Heidelberg
Malicious modification of integrated circuits (ICs) in untrusted foundry, referred to as “Hardware Trojan”, has emerged as a serious security threat. While side-channel analysis has been reported as an effective approach to detect hardware Trojans, increasing process variations in nanoscale technologies pose a major challenge, since process noise can easily mask the Trojan effect on a measured side-channel parameter, such as supply current. Besides, existing side-channel approaches suffer from reduced Trojan detection sensitivity with increasing design size. In this paper, we propose a novel scalable side-channel approach, named self-referencing, along with associated vector generation algorithm to improve the Hardware Trojan detection sensitivity under large process variations. It compares transient current signature of one region of an IC with that of another, thereby nullifying the effect of process noise by exploiting spatial correlation across regions in terms of process variations. To amplify the Trojan effect on supply current, we propose a region-based vector generation approach, which divides a circuit-under-test (CUT) into several regions and for each region, finds the test vectors which induce maximum activity in that region, while minimizing the activity in other regions. We show that the proposed side-channel approach is scalable with respect to both amount of process variations and design size. The approach is validated with both simulation and measurement results using an FPGA-based test setup for large designs including a 32-bit DLX processor core (~105 transistors). Results shows that our approach can find ultra-small (<0.01% area) Trojans under large process variations of up to ± 20% shift in transistor threshold voltage.