Cryptographic Hardware and Embedded Systems, CHES 2010

Volume 6225 of the series Lecture Notes in Computer Science pp 173-187

Self-referencing: A Scalable Side-Channel Approach for Hardware Trojan Detection

  • Dongdong DuAffiliated withLancaster UniversityCase Western Reserve University
  • , Seetharam NarasimhanAffiliated withLancaster UniversityCase Western Reserve University
  • , Rajat Subhra ChakrabortyAffiliated withLancaster UniversityCase Western Reserve University
  • , Swarup BhuniaAffiliated withLancaster UniversityCase Western Reserve University


Malicious modification of integrated circuits (ICs) in untrusted foundry, referred to as “Hardware Trojan”, has emerged as a serious security threat. While side-channel analysis has been reported as an effective approach to detect hardware Trojans, increasing process variations in nanoscale technologies pose a major challenge, since process noise can easily mask the Trojan effect on a measured side-channel parameter, such as supply current. Besides, existing side-channel approaches suffer from reduced Trojan detection sensitivity with increasing design size. In this paper, we propose a novel scalable side-channel approach, named self-referencing, along with associated vector generation algorithm to improve the Hardware Trojan detection sensitivity under large process variations. It compares transient current signature of one region of an IC with that of another, thereby nullifying the effect of process noise by exploiting spatial correlation across regions in terms of process variations. To amplify the Trojan effect on supply current, we propose a region-based vector generation approach, which divides a circuit-under-test (CUT) into several regions and for each region, finds the test vectors which induce maximum activity in that region, while minimizing the activity in other regions. We show that the proposed side-channel approach is scalable with respect to both amount of process variations and design size. The approach is validated with both simulation and measurement results using an FPGA-based test setup for large designs including a 32-bit DLX processor core (~105 transistors). Results shows that our approach can find ultra-small (<0.01% area) Trojans under large process variations of up to ± 20% shift in transistor threshold voltage.


hardware Trojan side-channel analysis self-referencing