Hardware Trojan Detection Schemes Using Path Delay and Side-Channel Analysis

  • Farimah Farahmandi
  • Yuanwen Huang
  • Prabhat Mishra


Power-side channel attacks use the amount of power consumption and transient/dynamic current leakage to attack the design. A device like an oscilloscope can be used to collect power traces, and those traces are statistically analyzed using correlation analysis to derive secret information of the design. Therefore, it is very important to develop automated security validation methods that can identify power side-channel leakage. We need to detect the parts of a design that is responsible for power side-channel leakage in an automated fashion. Chapter  10 presents techniques to detect these vulnerabilities.

Hardware Trojans are malicious changes in the electronic device that adds or removes functionality or reduces reliability of an integrated circuit, printed circuit board, or system. This chapter describes the threat model of semiconductor supply chain, vulnerabilities, and impact of Trojan attacks. We cover hardware Trojan insertion of the semiconductor, its vulnerabilities into integrated circuits and their impact, strategies and constraints on the detection methods designed to detect Trojans at RTL/gate level, layout or (GDSII). This chapter surveys the state of the art on hardware Trojan detection methods that analyze side channels, e.g., delay and power analysis. We describe the requirements of path-delay-based methods and then summarize a wide range of proposed approaches of delay and power analysis and evaluate their strengths and weaknesses.


  1. 1.
    J. Aarestad, D. Acharyya, R. Rad, J. Plusquellic, Detecting Trojans though leakage current analysis using multiple supply pad IDDQs. Trans. Inf. Forensics Secur. 5(4), 893–904 (2010)CrossRefGoogle Scholar
  2. 2.
    D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan detection using IC finger-printing, in Symposium on Security and Privacy (2007), pp. 296–310Google Scholar
  3. 3.
    M. Banga, M. Hsiao, A region based approach for the detection of hardware Trojans, in Work-shop on Hardware-Oriented Security and Trust (2008), pp. 40–47Google Scholar
  4. 4.
    M. Banga, M. Hsiao, A novel sustained vector technique for the detection of hardware Trojans, in International Conference on VLSI Design (2009), pp. 327–332Google Scholar
  5. 5.
    M. Banga, M. Chandrasekar, L. Fang, M. Hsiao, Guided test generation for isolation and detection of embedded Trojans in ICs, in Great Lakes Symposium on VLSI (2008), pp. 363–366Google Scholar
  6. 6.
    M. Beaumont, B. Hopkins, T. Newby, Hardware Trojans - prevention, detection, counter-measures (Department of Defense, Australian Government, Canberra, 2011)Google Scholar
  7. 7.
    S. Bhunia, M. Tehranipoor (eds.), Hardware Trojan War: Attacks, Myths, and Defenses (Springer, Berlin, 2018)Google Scholar
  8. 8.
    S. Bhunia, M. Abramovici, D. Agrawal, P. Bradley, M.S. Hsiao, J. Plusquellic, M. Tehranipoor, Protection against hardware Trojan attacks: towards a comprehensive solution. Des. Test 30(3), 6–17 (2013)Google Scholar
  9. 9.
    S. Bhunia, M. Hsiao, M. Banga, S. Narasimhan, Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE 102(8), 1229–1247 (2014)CrossRefGoogle Scholar
  10. 10.
    M. Bushnell, V.D. Agrawal, Essentials of electronic testing for digital, memory, and mixed signal VLSI circuits, vol. 17 (Springer, Basel, 2000)Google Scholar
  11. 11.
    J.L. Carter, V.S. Iyengar, B.K. Rosen, Efficient test coverage determination for delay faults, in International Test Conference (1987), pp. 418–427Google Scholar
  12. 12.
    B. Cha, S.K. Gupta, Efficient Trojan detection via calibration of process variations, in Asian Test Symposium (2012)Google Scholar
  13. 13.
    B. Cha, S.K. Gupta, Trojan detection via delay measurements: a new approach to select paths and vectors to maximize effectiveness and minimize cost, in Design, Automation & Test in Europe (2013)Google Scholar
  14. 14.
    R.S. Chakraborty, S. Narasimhan, S. Bhunia, Hardware Trojan: threats and emerging solutions, in International High Level Design Validation and Test Workshop (2009), pp. 166–171Google Scholar
  15. 15.
    R.S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, S. Bhunia, MERO: a statistical approach for hardware Trojan detection, in Workshop on Crytographic Hardware and Embedded Systems (2009), pp. 396–410Google Scholar
  16. 16.
    W. Che, M. Martin, G. Pocklassery, V.K. Kajuluri, F. Saqib, J. Plusquellic, A privacy preserving, mutual PUF-based authentication protocol. Cryptography 1(1) (2016)CrossRefGoogle Scholar
  17. 17.
    M. Chen, P. Mishra, Property learning techniques for efficient generation of directed tests. IEEE Trans. Comput. 60(6), 852–864 (2011)MathSciNetzbMATHCrossRefGoogle Scholar
  18. 18.
    S. Deyati, B.J. Muldrey, A. Singh, A. Chatterjee, High resolution pulse propagation driven trojan detection in digital logic: optimization algorithms and infrastructure, in Asian Test Symposium (2014), pp. 200–205Google Scholar
  19. 19.
    D. Du, S. Narasimhan, R.S. Chakroborty, S. Bhunia, Self-referencing: a scalable side-channel approach for hardware Trojan detection, in Cryptographic Hardware and Embedded Systems (2010), pp. 173–187Google Scholar
  20. 20.
    D. Ernst, S. Das, S. Lee, D. Blaauw, T. Austin, T. Mudge, N.S. Kim, K. Flautneret, Razor:circuit-level correction of timing errors for low-power operation. Micro 24(6), 10–20 (2004)Google Scholar
  21. 21.
    I. Exurville, L. Zussa, J.-B. Rigaud, B. Robisson, Resilient hardware Trojans detection based on path delay measurements, in International Symposium on Hardware-Oriented Security and Trust (2015), pp. 151–156Google Scholar
  22. 22.
    D. Ismari, C. Lamech, S. Bhunia, F. Saqib, J. Plusquellic, On detecting delay anomalies introduced by hardware Trojans, in International Conference on Computer-Aided Design (2016)Google Scholar
  23. 23.
    N. Jacob, D. Merli, J. Heyszl, G. Sigl, Hardware Trojans: current challenges and approaches. IET Comput. Digit. Tech. 8(6), 264–273 (2014)CrossRefGoogle Scholar
  24. 24.
    Y. Jin, Y. Makris, Hardware Trojan detection using path delay fingerprint, in Workshop on Hardware-Oriented Security and Trust (2008), pp. 51–57Google Scholar
  25. 25.
    J. Kalisz, Review of methods for time interval measurements with picosecond resolution. Metrologia 41(1), 17–32 (2003)CrossRefGoogle Scholar
  26. 26.
    D. Karaklajic, J.-M. Schmidt, I. Verbauwhede, Hardware designer’s guide to fault attacks. Trans. VLSI Syst. 21(12), 2295–2306 (2013)CrossRefGoogle Scholar
  27. 27.
    R. Karri, J. Rajendran, K. Rosenfeld, M. Tehranipoor, Trustworthy hardware: identifying and classifying hardware Trojans. Computer 43(10), 39–46 (2010)CrossRefGoogle Scholar
  28. 28.
    P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in Advances in Cryptology (Springer, Berlin, 1999)zbMATHGoogle Scholar
  29. 29.
    C. Lamech, J. Plusquellic, Trojan detection based on delay variations measured using a high precision, low-overhead embedded test structure, in Hardware-Oriented Security and Trust (2012), pp. 75–82Google Scholar
  30. 30.
    C. Lamech, J. Aarestad, J. Plusquellic, R.M. Rad, K. Agarwal, REBEL and TDC: embedded test structures for regional delay measurements, in International Conference on Computer- Aided Design (2011), pp. 170–177Google Scholar
  31. 31.
    J. Li, J. Lach, Negative-skewed shadow registers for at-speed delay variation characterization, in International Conference on Computer Design (2007), pp. 354–359Google Scholar
  32. 32.
    J. Li, J. Lach, At-speed delay characterization for ic authentication and Trojan horse detection, in Workshop on Hardware-Oriented Security and Trust (2008), pp. 8–14Google Scholar
  33. 33.
    M. Li, A. Davoodi, M. Tehranipoor, A sensor-assisted self-authentication framework for hardware Trojan detection, in Design, Automation & Test in Europe Conference (2012)Google Scholar
  34. 34.
    C.J. Lin, S.M. Reddy, On delay fault testing in logic circuits. Trans. Comput.-Aid Des. CAD 6(5), 694–703 (1987)Google Scholar
  35. 35.
    J.-J. Liou, K.-T. Cheng, D.A. Mukherjee, Path selection for delay testing of deep sub-micron de-vices using statistical performance sensitivity analysis, in VLSI Test Symposium (2000)Google Scholar
  36. 36.
    Y. Liu, K. Huang, Y. Makris, Hardware Trojan detection through golden chip-free statistical side-channel fingerprinting, in Design Automation Conference (2014), pp. 1–6Google Scholar
  37. 37.
    E. Love, Y. Jin, Y. Makris, Proof-carrying hardware intellectual property: a pathway to trust-ed module acquisition. Trans. Inf. Forensics Secur. 7(1), 25–40 (2012)CrossRefGoogle Scholar
  38. 38.
    A.K. Majhi, V.D. Agrawal, Delay fault models and coverage, in International Conference on VLSI Design (1998)Google Scholar
  39. 39.
    Y.K. Malaiya, R. Narayanaswamy, Modeling and testing for timing faults in synchronous sequential circuits. Des. Test Comput. 1(4), 62–74 (1984)CrossRefGoogle Scholar
  40. 40.
    S.R. Nassif, Design for variability in DSM technologies, in International Symposium on Quality Electronic Design (2000)Google Scholar
  41. 41.
    S. Narasimhan, D. Du, R.S. Chakraborty, S. Paul, F. Wolff, C. Papachristou, K. Roy, S. Bhunia, Multiple-parameter side-channel analysis: a non-invasive hardware trojan detection approach, in International Symposium on Hardware-Oriented Security and Trust (IEEE, Anaheim, 2010), pp. 13–18Google Scholar
  42. 42.
    M. Potkonjak, A. Nahapetian, M. Nelson, T. Massey, Hardware Trojan horse detection using gate-level characterization, in Design Automation Conference (2009), pp. 688–693Google Scholar
  43. 43.
    R. Rad, J. Plusquellic, M. Tehranipoor, Sensitivity analysis to hardware Trojans using power supply transient signals, in Workshop on Hardware-Oriented Security and Trust (2008), pp. 3–7Google Scholar
  44. 44.
    D. Rai, J. Lach, Performance of delay-based Trojan detection techniques under parameter variations, in International Workshop Hardware-Oriented Security and Trust, 2009, pp. 58–65Google Scholar
  45. 45.
    J. Rajendran, V. Jyothi, O. Sinanoglu, R. Karri, Design and analysis of ring oscillator-based de-sign-for-trust technique, in VLSI Test Symposium (2011), pp. 105–110Google Scholar
  46. 46.
    J. Rajendran, O. Sinanoglu, R. Karri, Is split manufacturing secure?, in Proceedings of IEEE Design, Automation and Test in Europe Conference & Exhibition (DATE), 2013, Grenoble, France, 18–22 March (2013), pp. 1259–1264Google Scholar
  47. 47.
    H. Salmani, M. Tehranipoor, Vulnerabilities analysis of a circuit layout to hardware trojan insertion, in IEEE Transactions on Information Forensics and Security (2016)Google Scholar
  48. 48.
    H. Salmani, M. Tehranipoor, J. Plusquellic, A layout-aware approach for improving localized switching to detect hardware Trojans in integrated circuits, in International Workshop on In-formation Forensics and Security (2010)Google Scholar
  49. 49.
    H. Salmani, M. Tehranipoor, J. Plusquellic, A novel technique for improving hardware Trojan detection and reducing Trojan activation time. Trans. VLSI Syst. 20(1), 112–125 (2012)CrossRefGoogle Scholar
  50. 50.
    J. Soden, R. Anderson, C. Henderson, Failure analysis tools and techniques - magic, mystery, and science, in International Test Conference, Lecture Series II “Practical Aspects of IC Diagnosis and Failure Analysis: A Walk through the Process” (1996), pp. 1–11Google Scholar
  51. 51.
    G.L. Smith, Model for delay faults based upon paths, in International Test Conference (1985), pp. 342–349Google Scholar
  52. 52.
    M. Tehranipoor, F. Koushanfar, A survey of hardware Trojan taxonomy and detection. IEEE Des. Test Comput. 27(1), 10–25 (2010)CrossRefGoogle Scholar
  53. 53.
    M. Tehranipoor, C. Wang (eds.), Introduction to Hardware Security and Trust. Springer, New York (2011)Google Scholar
  54. 54.
    X. Wang, M. Tehranipoor, J. Plusquellic, Detecting malicious inclusions in secure hardware: challenges and solutions, in International Workshop on Hardware-Oriented Security and Trust (2008), pp. 15–19Google Scholar
  55. 55.
    X. Wang, M. Tehranipoor, R. Datta, Path-RO: a novel on-chip critical path delay measurement under process variations, in International Conference on Computer-Aided Design (2008)Google Scholar
  56. 56.
    S. Wei, M. Potkonjak, Malicious circuitry detection using fast timing characterization via test points, in Symposium on Hardware-Oriented Security and Trust (2013)Google Scholar
  57. 57.
    S. Wei, K. Li, F. Koushanfar, M. Potkonjak, Provably complete hardware Trojan detection using test point insertion, in International Conference on Computer-Aided Design (2012), pp. 569–576Google Scholar
  58. 58.
    I. Wilcox, F. Saqib, J. Plusquellic, GDS-II Trojan detection using multiple supply pad VDD and GND IDDQs in ASIC functional units, in International Symposium on Hardware-Oriented Security and Trust (2015)Google Scholar
  59. 59.
    F. Wolff, C. Papachristou, S. Bhunia, R.S. Chakraborty, Towards Trojan-free trusted ICs: problem analysis and detection scheme, in Design, Automation and Test in Europe (2008)CrossRefGoogle Scholar
  60. 60.
    K. Xiao, X. Zhang, M. Tehranipoor, A clock sweeping technique for detecting hardware Trojans impacting circuits delay. Des. Test 30(2), 26–34 (2013)Google Scholar
  61. 61.
    K. Xiao, D. Forte, Y. Jin, R. Karri, S. Bhunia, M. Tehranipoor, Hardware Trojans: lessons learned after one decade of research. ACM Trans. Des. Autom. Electron. Syst. 22(1), 6:1–6:23 (2016)CrossRefGoogle Scholar
  62. 62.
    N. Yoshimizu, Hardware Trojan detection by symmetry breaking in path delays, in International Symposium on Hardware-Oriented Security and Trust (2014), pp. 107–111Google Scholar
  63. 63.
    X. Zhang, M. Tehranipoor, RON: an on-chip ring oscillator network for hardware Trojan detection, in Design and Test in Europe (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Farimah Farahmandi
    • 1
  • Yuanwen Huang
    • 2
  • Prabhat Mishra
    • 1
  1. 1.University of FloridaGainesvilleUSA
  2. 2.GoogleMountain ViewUSA

Personalised recommendations