Skip to main content

ESCALATION: Leveraging Logic Masking to Facilitate Path-Delay-Based Hardware Trojan Detection Methods


Hardware Trojan (HT), intellectual property (IP) piracy, and overproduction of integrated circuit (IC) are three threats that may happen in untrusted fabrication foundries. HTs are malicious circuitry changes in the IC layout. They affect side-channels (IC parameters) such as path-delay or power consumption. Therefore, HT detection methods based on side-channel analysis have been proposed. They can detect an HT only if its effects on side-channels are significant among the alteration of side-channels, caused by process1 and environment2 variations. IC design modifications at different abstraction levels have been proposed to facilitate HT detection methods after fabrication, such as modifying a circuit to make the paths3 of the circuit more sensitive to HTs. Such modifications are known as design-for-trust (DfTr). In addition, key-based modifications have been proposed to protect IPs/ICs from IP piracy and IC overproduction. This approach is known as masking or obfuscation, and it modifies a circuit such that it does not correctly work without applying a correct key. In this work, we propose a DfTr method based on leveraging the masking approach. It improves HT detection methods based on path-delay analysis. As a matter of fact, the delay of shorter paths varies less than that of longer ones. Therefore, the objective of the proposed DfTr is to generate fake short paths for nets that only belong to long paths. Our layout level experiments show that the proposed DfTr masks the functionality of circuits and, on average, increases the HT detectability of path-delay-based detection methods by 10%.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7


  1. 1.

    ROs generate oscillations and they include an odd number of NOT gates (or gates having an inversion function such as NOR/NAND gates) and feedback that the output of the last NOT gate is fed into the first NOT gate.


  1. 1.

    Mishra P, Tehranipoor M, Bhunia S (2017) Security and trust vulnerabilities in third-party IPs, In Hardware IP security and trust. Springer, Cham, pp 3–14

    Google Scholar 

  2. 2.

    Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., & Sunar, B. (2007). Trojan detection using IC fingerprinting. In Security and privacy, 2007. SP'07. IEEE Symposium on (pp. 296–310). IEEE

  3. 3.

    Li H, Liu Q, Zhang J (2016) A survey of hardware Trojan threat and defense. Integr VLSI J 55:426–437

    Article  Google Scholar 

  4. 4.

    Lecomte M, Fournier J, Maurine P (2017) An on-chip technique to detect hardware Trojans and assist counterfeit identification. IEEE Trans Very Large Scale Integr (VLSI) Syst 25(12):3317–3330

    Article  Google Scholar 

  5. 5.

    Yu Q, Dofe J, Zhang Y, Frey J (2017) Hardware hardening approaches using camouflaging, encryption, and obfuscation. In: Hardware IP security and trust. Springer, Cham, pp 135–163

    Chapter  Google Scholar 

  6. 6.

    Chakraborty RS, Bhunia S (2009) HARPOON: an obfuscation-based SoC design methodology for hardware protection. IEEE Trans Comput Aided Des Integr Circuits Syst 28(10):1493–1502

    Article  Google Scholar 

  7. 7.

    Dofe, J., & Yu, Q. (2017) Novel dynamic state-deflection method for gate-level design obfuscation. IEEE Trans Comput Aided Des Integr Circuits Syst

  8. 8.

    Rajendran, J., Pino, Y., Sinanoglu, O., & Karri, R. (2012) Security analysis of logic obfuscation. In Proceedings of the 49th Annual Design Automation Conference (pp. 83–89). ACM

  9. 9.

    Zhang J (2016) A practical logic obfuscation technique for hardware security. IEEE Trans Very Large Scale Integr (VLSI) Syst 24(3):1193–1197

    Article  Google Scholar 

  10. 10.

    Rajendran J, Zhang H, Zhang C, Rose GS, Pino Y, Sinanoglu O, Karri R (2015) Fault analysis-based logic encryption. IEEE Trans Comput 64(2):410–424

    MathSciNet  Article  MATH  Google Scholar 

  11. 11.

    Plaza SM, Markov IL (2015) Solving the third-shift problem in IC piracy with test-aware logic locking. IEEE Trans Comput Aided Des Integr Circuits Syst 34(6):961–971

    Article  Google Scholar 

  12. 12.

    Yasin M, Rajendran JJ, Sinanoglu O, Karri R (2016) On improving the security of logic locking. IEEE Trans Comput Aided Des Integr Circuits Syst 35(9):1411–1424

    Article  Google Scholar 

  13. 13.

    Dutta RG, Guo X, Jin Y (2017) IP trust: the problem and design/validation-based solution. In: Fundamentals of IP and SoC security. Springer, Cham, pp 49–65

    Chapter  Google Scholar 

  14. 14.

    Samimi, S. M. S., Aerabi, E., Nejat, A., Fazeli, M., Hely, D., & Beroulle, V. (2016). High output hamming-distance achievement by a greedy logic masking approach. In East-West Design & Test Symposium (EWDTS), 2016 I.E. (pp. 1–4). IEEE

  15. 15.

    Colombier B, Bossuet L, Hély D (2017) Logic modification-based IP protection methods: an overview and a proposal, In Foundations of hardware IP protection. Springer, Cham, pp 37–64

    Google Scholar 

  16. 16.

    Chakraborty RS, Bhunia S (2011) Security against hardware Trojan attacks using key-based design obfuscation. J Electron Test 27(6):767–785

    Article  Google Scholar 

  17. 17.

    Nejat, A., Hely, D., & Beroulle, V. (2016) How logic masking can improve path delay analysis for Hardware Trojan detection. In Computer Design (ICCD), 2016 I.E. 34th International Conference on (pp. 424–427). IEEE

  18. 18.

    Shekarian SMH, Zamani MS (2015) Improving hardware Trojan detection by retiming. Microprocess Microsyst 39(3):145–156

    Article  Google Scholar 

  19. 19.

    Nejat A, Shekarian SMH, Zamani MS (2014) A study on the efficiency of hardware Trojan detection based on path-delay fingerprinting. Microprocess Microsyst 38(3):246–252

    Article  Google Scholar 

  20. 20.

    Cha, B., & Gupta, S. K. (2013). Trojan detection via delay measurements: a new approach to select paths and vectors to maximize effectiveness and minimize cost. In Proceedings of the conference on design, automation and test in Europe (pp. 1265–1270). EDA Consortium

  21. 21.

    Hoque T, Narasimhan S, Wang X, Mal-Sarkar S, Bhunia S (2017) Golden-free hardware Trojan detection with high sensitivity under process noise. J Electron Test 33(1):107–124

    Article  Google Scholar 

  22. 22.

    Jin, Y., & Makris, Y. (2008). Hardware Trojan detection using path delay fingerprint. In Hardware-oriented security and trust, 2008. HOST 2008. IEEE International Workshop on (pp. 51–57). IEEE

  23. 23.

    Rai, D., & Lach, J. (2009) Performance of delay-based Trojan detection techniques under parameter variations. In Hardware-oriented security and trust, 2009. HOST'09. IEEE International Workshop on (pp. 58–65). IEEE

  24. 24.

    Blaauw D, Chopra K, Srivastava A, Scheffer L (2008) Statistical timing analysis: from basic principles to state of the art. IEEE Trans Comput Aided Des Integr Circuits Syst 27(4):589–607

    Article  Google Scholar 

  25. 25.

    Ferraiuolo, A., Zhang, X., & Tehranipoor, M. (2012) Experimental analysis of a ring oscillator network for hardware Trojan detection in a 90nm ASIC. In Proceedings of the International Conference on Computer-Aided Design (pp. 37–42). ACM

  26. 26.

    Lamech, C., & Plusquellic, J. (2012) Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure. In Hardware-Oriented Security and Trust (HOST), 2012 I.E. International Symposium on (pp. 75–82). IEEE

  27. 27.

    Roy JA, Koushanfar F, Markov IL (2010) Ending piracy of integrated circuits. Computer 43(10):30–38

    Article  Google Scholar 

  28. 28.

    Dupuis, S., Ba, P. S., Di Natale, G., Flottes, M. L., & Rouzeyre, B. (2014) A novel hardware logic encryption technique for thwarting illegal overproduction and hardware trojans. In On-Line Testing Symposium (IOLTS), 2014 I.E. 20th International (pp. 49–54). IEEE

  29. 29.

    Samimi, M. S., Aerabi, E., Kazemi, Z., Fazeli, M., & Patooghy, A. (2016). Hardware enlightening: nowhere to hide your hardware Trojans!. In On-Line Testing and Robust System Design (IOLTS), 2016 I.E. 22nd International Symposium on (pp. 251–256). IEEE

  30. 30.

    Russell SJ, Norvig P, Canny JF, Malik JM, Edwards DD (2003) Artificial intelligence: a modern approach (Vol. 2, No. 9). Prentice hall, Upper Saddle River

    Google Scholar 

  31. 31.

    Pang LT, Qian K, Spanos CJ, Nikolic B (2009) Measurement and analysis of variability in 45 nm strained-Si CMOS technology. IEEE J Solid State Circuits 44(8):2233–2243

    Article  Google Scholar 

  32. 32.

    The ISCAS-85 Benchmark Circuits. [Online]. Available:

  33. 33.

    The ISCAS-85 Benchmark Circuits. [Online]. Available:

  34. 34.

    Verific Design Automation Inc., [Online]. Available:

  35. 35.

    Synopsys Design Compiler, [Online]. Available:

  36. 36.

    Cadence SOC Encounter, [Online]. Available:

  37. 37.

    NanGate—The Standard Cell Library Optimization Company, [Online]. Available:

Download references

Author information



Corresponding author

Correspondence to Arash Nejat.

Additional information

1It is the variation of some transistor characteristics, such as channel length and oxide thickness, that happens during IC manufacturing.

2It is the variation of circuit operating environments, such as temperature and supply voltage, while the circuit is working.

3One path starts from a primary input or flip-flop and ends to a primary output or flip-flop.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Nejat, A., Hely, D. & Beroulle, V. ESCALATION: Leveraging Logic Masking to Facilitate Path-Delay-Based Hardware Trojan Detection Methods. J Hardw Syst Secur 2, 83–96 (2018).

Download citation


  • Hardware security
  • Design-for-trust
  • Logic masking
  • Hardware Trojan detection
  • IP/IC piracy