Hardware Trojan Threats and Countermeasures Lecture-2 PDF

Summary

This document is a lecture on hardware Trojan threats and countermeasures. It covers the course structure, including live online sessions, asynchronous e-learning, videos, and assessment. The document also includes instructor information and a recap of lecture one. The lecture then goes on to provide an overview of lecture two, showcasing hardware Trojan detection stages with topics such as pre-silicon and post-silicon detection.

Full Transcript

Hardware Trojan Threats
and Countermeasures
A/P Gwee Bah Hwee
Dr Cheng Deruo

© 2021 Nanyang Technological University, Singapore. All Rights Reserved.
 Course Structure
Live Online Sessions (5.5hrs)
– Lecture 1: Introduction to Hardware Trojan and Threats 09:30 - 11:30 on 2nd Nov
– E-consultation 19:30 - 21:00 on 6th Nov
– Lecture 2: Hardware Trojan Detection and Countermeasures 09:30 - 11:30 on 9th Nov
Asynchronous E-learning (5.5hrs)
– A Work Example (will be discussed during E-consultation)
– 3 Videos
A Real-World Hardware Trojan Detection Case Study Across Four Modern CMOS Technology
Generations (15mins)
DFECON 16: Demonstration of Hardware Trojans (18mins)
Hardware Trojans in Wireless Cryptographic Integrated Circuits (71mins)
– A Survey Paper
Ten Years of Hardware Trojans: A Survey From The Attacker's Perspective
Assessment
– Class Participation (10% + 5% + 10%)
– Online Quiz (75%)

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 1
 Instructor Information

Assoc Prof Gwee Bah Hwee, School of EEE, NTU
Email: [email protected]

Dr Cheng Deruo, Temasek Laboratories, NTU
Email: [email protected]

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 2
 Recap on Lecture-1
❖ Security Concerns on Hardware Trojans

❖ Different Types of Hardware Trojans with Examples

❖ Taxonomy of Countermeasures Against Hardware Trojan

❖ Hardware Trojan Detection: Run-time Monitoring

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 3
 Overview of Lecture-2
❖ Hardware Trojan Detection
- Pre-silicon Detection
- Post-silicon Detection
Non-Destructive
Destructive
❖ Hardware Trojan Prevention
- Preventing Insertion
- Facilitating Detection

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 4
 Hardware Trojan
Detection

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 5
 Hardware Trojan Detection Stages

Pre-silicon Stage

Post-silicon Stage

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 6
 Pre-silicon Trojan Detection

IP Vendor System Foundry Chip vendor
Designer or User
Sells soft IP Buys IP Manufactures Receives
cores from IP the final design fabricated
Can insert vendor Can insert chips
Trojan in Can insert Trojan in the
the IP core Trojan in layout before
the final fabrication
design

Pre-Silicon Post-Silicon

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 7
 Pre-silicon Trojan Detection
3rd Party IP (3PIP): Controllability and Observability for Trojan Detection (COTD)
– To verify whether 3PIPs are Trojan-free through Controllability & Observability analysis
– Controllability & Observability analysis
– Controllability: the difficulty of setting a signal line to a required logic value
– Observability: the difficulty of propagating the logic value of the signal line
– Clustering Analysis based on Controllability & Observability
– Signals with high controllability or observability → low testability ×
– Signals with both low controllability and observability √
– Pros: detect Trojans in 3PIP without requiring golden designs
– Cons: COTD analysis can be computationally intensive for large, complex designs

H. Salmani, “COTD: Reference-Free Hardware Trojan Detection and Recovery Based on Controllability and Observability in Gate-Level Netlist,” IEEE Transactions on Information Forensics and Security, 2017.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 8
 Pre-silicon Trojan Detection
Functional Simulation and Testing
– To run simulations on the IC design using various input patterns to verify it behaves as
intended under different conditions.
– Pros:
– Identify Trojans that impact the IC’s functionality by observing unexpected outputs.
– Designers can simulate a range of functional scenarios and conditions.
– Cons:
– Cannot exhaustively cover all possible input scenarios, so Trojans might escape detection.
– Developing a comprehensive set of test patterns can be time-consuming and challenging.
– Trojans designed to activate under extremely specific or rare conditions may not trigger.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 9
 Pre-silicon Trojan Detection
Formal Verification
– To verify that an IC’s design adheres strictly to its specification and behaves exactly as
expected. Logical discrepancies or deviations could indicate a Trojan.
– Pros:
– Thorough verification to ensure no Trojan in the verified sections.
– Analyzes the logic instead of relying on test patterns.
– Cons:
– Struggles with large, complex designs.
– Requires substantial computation power and time, especially for large-scale designs.
– Focuses on logical structures, so it may overlook subtle analog-based Trojans.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 10
 Pre-silicon Trojan Detection
Code Analysis and Review
– To inspect the HDL/RTL code manually or using automated tools to find suspicious
structures, control paths, or unusual code patterns that could indicate potential Trojans.
– Pros:
– Can focus on suspect areas in the design.
– Automated tools can quickly flag anomalies.
– Cons:
– Code reviews of large and complex designs are labor-intensive.
– Effectiveness largely depends on the experience and thoroughness of the reviewers.
– Automated tools may produce many false positives, requiring further review.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 11
 Pre-silicon Trojan Detection
Structural Analysis
– To inspect the design’s physical and structural properties, looking for unexpected or
abnormal elements such as redundant gates, control logic, or atypical connectivity
patterns.
– Pros:
– Useful for identifying redundant or suspicious gates and routes.
– Does not require functional testing and can often cover the entire design layout.
– Cons:
– May not detect Trojans that manipulate functional behavior but not structural properties
(timing or power parameters).
– Effectiveness is dependent on having a trusted baseline or reference design.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 12
 Post-silicon Trojan Detection

IP Vendor System Foundry Chip vendor
Designer or User
Sells soft IP Buys IP Manufactures Receives
cores from IP the final design fabricated
Can insert vendor Can insert chips
Trojan in Can insert Trojan in the
the IP core Trojan in layout before
the final fabrication
design

Pre-Silicon Post-Silicon

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 13
 Post-silicon Trojan Detection
❖ Non-destructive
- Run-time Monitoring (Lecture-1)
- Logical Testing
- Side-Channel Analysis (SCA)

❖ Destructive
- Reverse Engineering
Image-based
Netlist-based

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 14
 Post-silicon Trojan Detection:
Logical Testing
❖ Functional Testing
- Bruce-force Analysis
- Automatic Test Pattern Generation (ATPG)

❖ Statistical Testing
- Random Testing
- Multiple Extraction of Rare Occurrence

❖ Formal Verification
❖ Machine-Learning

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 15
 Post-silicon Trojan Detection:
Logical Testing – Functional Testing
The basic steps involve

1) Understanding Hardware Trojan: Hardware Trojan’s activation conditions,
potential triggers, expected behavior and its possible vulnerabilities

2) Test Vector Generation: Activation of Hardware Trojan based on a wide
range of potential inputs and trigger conditions

3) Fault Simulation: Checking the response (based on observable “faults”)

4) Trojan Detection: Analyzing the abnormal behaviors

5) Test Coverage Analysis: Assessing the effective of the generated test Test Vector
vectors

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 16
 Post-silicon Trojan Detection:
Logical Testing – Statistical Testing
The basic steps involve:

1) Understanding Trojan: Trojan’s activation conditions, potential triggers, expected behavior and its
possible vulnerabilities

2) Test Vector Generation: Activation of Hardware trojan based on a wide range of potential inputs
and trigger conditions

3) Fault Simulation: Checking the response (based on observable “faults”)

4) Trojan Detection: Performing probability equivalence checking

5) Test Coverage Analysis: Assessing the effective of the generated test vectors

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 17
 Post-silicon Trojan Detection:
Logical Testing – Statistical Testing
Random Testing
Trojan-free
Version
Trojan Chip

Random Probability Comparison
Vector (e.g., switching activities)

Reference
Model

Trojan
Version

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 18
 Post-silicon Trojan Detection:
Logical Testing – Statistical Testing
Multiple Excitation of Rare Occurrence (MERO)
The basic concept is to detect rare or low probability internal
nodes, and to derive an optimal set of vectors that can
trigger each of the low probability internal nodes at least N
times.
RO-Finder: functionally simulating a netlist, computing signal
probability at each node and identifying nodes with low
signal probability as rare nodes
MERO: deriving a set of test patterns that is compact
(minimizing test time & cost), while maximizing the Trojan
detection coverage
TrojanSim: determining both Trigger and Trojan coverage
(percentage of Trojan activated & detected) for a given test
set using random sample of Trojan instances

R. S. Chakraborty, et al., “MERO: A Statistical Approach for Hardware Trojan Detection,” in 2009 International Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2009.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 19
 Post-silicon Trojan Detection:
Logical Testing – Statistical Testing
Multiple Excitation of Rare Occurrence (MERO)
Start with golden circuit netlist (without any Trojan), a
random pattern set (V), list of rare nodes (L) & number of
times to activate each node to its rare value (N)
For each random pattern vi in V , count number of nodes
(CR) in L whose rare value is satisfied
Sort vi in decreasing order of CR & and modify each vi by
perturbing one bit at a time
If a modified test pattern increases CR, accept vi’
Count number of times a node encounters a rare value (AR)
for all nodes in L
If vi’ increases AR for at least one node in L, add vi’ to
reduced pattern list (RV)
Repeat the process until each node in L satisfies its rare
value at least N times

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 20
 Post-silicon Trojan Detection:
Logical Testing – Statistical Testing
Multiple Excitation of Rare Occurrence (MERO)

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 21
 Post-silicon Trojan Detection:
Logical Testing – Statistical Testing
Multiple Excitation of Rare Occurrence (MERO)

*q: number of triggering nodes in each Trojan Reduction in test length with MERO
compared to 100K random patterns

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 22
 Post-silicon Trojan Detection:
Logical Testing – Formal Verification

Establish foundational models for basic logic gates
including calculations for key physical parameters,
power, delay, etc.
Convert the IC’s netlist (a description of its gate
interconnections) into a state-space model.
Specify verification properties such as acceptable
power and delay limits.
If there is a Trojan intrusion, the model checker will
detect violation of the specified power or delay
bounds.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 23
 Post-silicon Trojan Detection:
Logical Testing – Machine Learning

Source: C. Dong et al, “A machine-Learning-based hardware trojan detection approach for chips in the Internet of Things,” 2019.
A machine-learning-based hardware-Trojan detection approach for chips in the Internet of Things - Chen Dong, Jinghui Chen, Wenzhong Guo, Jian Zou, 2019 (sagepub.com)

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 24
 Post-silicon Trojan Detection:
Side-Channel Analysis
Limitations of Logical Testing
It is usually not effective in detecting large sequential Trojans because the long sequence of rare
events required to cause all the state transitions leading to payload activation is hard to satisfy.
It is difficult to effectively detect large Hardware Trojans with complex trigger conditions.
It may be simply unable to detect Hardware Trojans which do not alter the logic functionality of the
original circuit.
Pros & Cons of Side-Channel Analysis
SCA approaches indirectly detect the variations in the measurement of observable physical “side-
channel” parameters like power signature or delay of an IC.
SCA approaches do not require the Trojan to be completely activated or its payload to affect circuit
functionality.
Effectiveness of SCA is limited by large intrinsic device parameter variations (process variations).
SCA approaches typically require ‘golden ICs’ to compare the measured values to.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 25
 Post-silicon Trojan Detection:
Side-Channel Analysis
Basic Idea of Side-Channel Analysis

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 26
 Post-silicon Trojan Detection:
Side-Channel Analysis
Basic Idea of Side-Channel Analysis is to establish a proof that “side-channel” info
is shifted due to hidden Hardware Trojans (i.e., not within the normal variations)

(a) Understand the process “Variations” (b) Measure the targeted parameters (c) Analyse the parameter shifts between
based on a Trojan-free design for Trojan-free and Trojanized designs Trojan-free and Trojanized designs

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 27
 Post-silicon Trojan Detection:
Side-Channel Analysis on Delay

Cause: The added parasitic load due to the Hardware Trojan circuit causes longer critical delay
paths.
Challenges: The added delay must be measurable (and beyond the reasonable tolerant range),
otherwise invasive approach may be used for measuring delay path.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 28
 Post-silicon Trojan Detection:
Side-Channel Analysis on Current

Cause: The added Hardware Trojan circuit causes high power (under activation conditions)
Challenges: The triggering conditions may be rare, and the noise may mask the increase of current

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 29
 Post-silicon Trojan Detection:
Side-Channel Analysis on EM

Cause: The added Hardware Trojan circuit causes Electromagnetic (EM) emanation shifted (under
activation conditions) – both amplitude and time
Challenges: The triggering conditions may be rare, and the noise may mask the EM variations.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 30
 Post-silicon Trojan Detection:
Side-Channel Analysis on Multi-parameter

Idea: Leveraging on two or more parameters (e.g., Current vs Delay) to distinguish the Side-
Channel shift due to Trojans

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 31
 Post-silicon Trojan Detection:
Side-Channel Analysis with Self-referencing

Idea: Use supply current signature of one region of the chip as reference to that of another to
eliminate the process noise. Such calibration/referencing is possible due to the spatial correlation
of process variation effect across regions in a chip.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 32
 Post-silicon Trojan Detection:
Side-Channel Analysis with Temporal Self-referencing
Comparing transient current signature of a chip at
two different time windows to isolate Trojan effect

Self-referencing completely eliminates effect of
process variations & need for ‘golden ICs’.

For detecting sequential Trojans only

Leveraging on logic testing approaches for test
vector generation

T. Hoque, S, Narasimhan, X. Wang, S. Mal-Sarkar, and S. Bhunia, “Golden-Free Hardware Trojan Detection with High Sensitivity Under Process Noise,” Journal of Electronic Testing, 2017.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 33
 Post-silicon Trojan Detection:
Side-Channel Analysis with Temporal Self-referencing
Test trial #1: original circuit FSM is excited to go through a
sequence of states SD1, SD2... SDn triggered by specifically
derived test patterns, Vtest, to maximize Trojan activity, and
some Trojan FSM transitions take place.
Another set of test patterns is applied to bring original
circuit FSM back to SD1, whereby Trojan FSM can have
zero or more transitions (ST3 is expected to be different
from ST1).
Test trial #2: Vtest is applied again to excite original circuit
FSM to traverse the same sequence of states, and Trojan
FSM can have certain state transitions from ST3.
Since Trojan FSM starts from two different states in both
test trials, the state transitions & switching activity will be
different, leading to different transient current signature.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 34
 Post-silicon Trojan Detection:
Side-Channel Analysis with Temporal Self-referencing

AES with a malicious off-chip leakage DLX with an FSM Trojan
enabled by side-channels (MOLES) Trojan

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 35
 Post-silicon Trojan Detection:
Reverse Engineering
Packaged IC Decapsulation Delayering

Netlist-based Image-based Imaging
Trojan Detection Trojan Detection

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 36
 Post-silicon Trojan Detection:
Reverse Engineering
Image-based:
Detect Trojans by comparing SEM images of IC under Authentication (IUA) with images of a golden
IC

Usually compare image of the IC substrate(diffusion) layer due to ease of access (backside
imaging) and ease of comparison (simpler shapes).

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 37
 Post-silicon Trojan Detection:
Reverse Engineering
Image-based:
Image discrepancy includes additional/missing elements, inconsistent shape or connectivity.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 38
 Post-silicon Trojan Detection:
Reverse Engineering
Image-based:
Compare SEM images of IUA with layout of golden IC

T. Lin, et al., “SEM2GDS: A Deep-Learning Based Framework To Detect Malicious Modifications In IC Layout,” ISCAS, 2023

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 39
 Post-silicon Trojan Detection:
Reverse Engineering
Image-based:
Compare SEM images of IUA cells with classifiers trained with Trojan-free cells

SEM image to
binary image descriptors

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 40
 Post-silicon Trojan Detection:
Reverse Engineering
Image-based:
Detection performance varies with imaging qualities, chip technologies, area, complexity, etc.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 41
 Post-silicon Trojan Detection:
Reverse Engineering
Image-to-Netlist Recovery:

Interconnects
@ Metal Layers

Standard Cells
@ Poly Layer

Manufactured ICs

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 42
 Post-silicon Trojan Detection:
Reverse Engineering
Image-to-Netlist Recovery:

Cell Annotation Netlist Recovery

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 43
 Post-silicon Trojan Detection:
Reverse Engineering
Netlist-based:
Detect Trojans by identifying unique structural and behavioral/functional features of Trojans.

Graph-representation of Netlist Graph of Different Circuits

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 44
 Post-silicon Trojan Detection:
Reverse Engineering
Netlist-based:
Detect Trojans by identifying unique structural and behavioral/functional features of Trojans.

K. Hasegawa, et al., “Node-wise hardware trojan detection based on graph learning,” arXiv, 2022.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 45
 Hardware Trojan
Mitigation

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 46
 Hardware Trojan Mitigation
Detection methods face major challenges such as rare activating nets, process variations
and measurement noise. A Hardware Trojan is usually difficult to be detected (either via
destructive or non-destructive approach).

A mitigation approach is to make the Hardware Trojan difficult to be inserted or easy to be
detected.

To improve effectiveness of detection methods, ICs should be designed to increase the
difficulties of Trojan insertion and with detection strategies in mind (Design-for-Trust).

Design-for-Trust must be considered as an important design criterion in the design flow of
modern ICs instead of an afterthought.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 47
 Trojan Mitigation: Preventing Insertion
Obfuscation (Logic Locking)
A technique by which the description/structure
of the circuit is modified to intentionally
conceal its functionality.
The technique is based on the argument that
any successful attempt to insert a Hardware
Trojan would require a through understanding
of circuit.
By adopting functional obfuscation technique,
the inserted Hardware Trojan:
may not be able to be trigger (become
ineffective).
may become more vulnerable to logic
testing based Trojan detection.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 48
 Trojan Mitigation: Preventing Insertion
Obfuscation (Logic Locking)
Modifying the state transition function of a
given circuit by expanding its reachable state
space & enabling it to operate in two distinct
modes – the normal mode and the
obfuscated mode
Making it difficult for an adversary to insert
hard-to-detect Trojans by obfuscating the
rareness of internal circuit nodes
Making some inserted Trojans benign by
making them activate only in the obfuscated
mode

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 49
 Trojan Mitigation: Preventing Insertion
Obfuscation (Logic Locking)
Some Trojans become easier to trigger and detect because they make use of circuit nodes with
false signal probability.
Some Trojans become benign because they can never be activated during normal operation of the
circuit.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 50
 Trojan Mitigation: Preventing Insertion
Split Manufacturing
Using advanced untrusted Front
End of Line (FEOL) foundry &
‘older’ trusted Back End of Line
(BEOL) foundry

Designs not compromised with
malicious circuitry & intellectual
property protected

*BEOL: Back End of Line, FEOL: Front End of Line

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 51
 Trojan Mitigation: Preventing Insertion
Split Manufacturing
The adversary in an untrusted foundry will
have full access to FEOL mask-layers, but
not BEOL mask-layers.

The goal of the adversary is to profile the
circuit design to the largest extent possible
while minimizing the Time To Evaluate (TTE).

The goal of the designer is to create a TTE
large enough to discourage profiling efforts
by an adversary while minimizing required
design effort and limiting impact on design
performance.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 52
 Trojan Mitigation: Preventing Insertion
Redundancy
Having two or more sets of “duplicated” hardware, the chance of inserting the same trojan in the
duplicated hardware to have the same trojan effect is rare.

input
Circuit 1

Compare
Output
and
Respond

Circuit 2

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 53
 Trojan Mitigation: Preventing Insertion
Redundancy
– Functional redundancy:
Two circuits are realized differently to perform the same function, e.g., one high-speed circuit
and the other slow-speed circuit
Two circuits have different operation sequence
Two circuits have different layout/floorplan

– Information redundancy:
Data are protected with parity bits
Data (original and/or redundant) are scrambled or even encrypted

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 54
 Trojan Mitigation: Preventing Insertion
Redundancy
Increasing the difficulties for the adversary to find the correct nodes/locations for Hardware Trojan
insertion.

Having the masking effect where one circuit could mask the trojan effects of the other circuits

Having higher probability where the Hardware Trojan may not be activated

Having tamper-evidence feature – allowing for better detection and protection

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 55
 Trojan Mitigation: Facilitating Detection
Transition probability enhancement with
dummy scan flip-flops (dsFF)
Suppose the probabilities of having “1” and “0” at
gate output are P1 and P0, respectively, the
probability of transition from “0” to “1” or “1” to “0”
will be Pt = P1 × P0.
When the probabilities for “1” and “0” of nets
becomes unidirectional, i.e., 𝑃1 ≫ 𝑃0 or 𝑃0 ≫ 𝑃1,
transition probability of the nets rapidly decreases.
Dummy scan flip-flops can be inserted to bring
probabilities of “1” and “0” of nets closer to each
other.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 56
 Trojan Mitigation: Facilitating Detection
Transition probability enhancement with dummy scan flip-flops (dsFF)
If 𝑃1 ≫ 𝑃0, an AND gate is placed after scan flip-flop and Net i restitched through the AND gate to
increase P0.
If 𝑃0 ≫ 𝑃1, an OR gate is used to increase P1.
In normal functional mode, the output of scan flip-flop is supplied by either “0” or “1” depending on
the gate type at the output of scan flip-flop to avoid changing the functionality of Net i.

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 57
 Trojan Mitigation: Facilitating Detection
Transition probability enhancement with dummy scan flip-flops (dsFF)

increase the probability of
generating a transition in
Trojan circuits

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 58
 Trojan Mitigation: Facilitating Detection
Trojan-to-circuit activity (TCA) enhancement
with scan cell reordering Forming scan chains such that scan cells
Trojan-to-circuit activity is the ratio of the number of placed in each region are connected to
transitions inside Trojan to the number of transitions in each other
the entire circuit.
To improve the efficiency of power-based side-channel
signal analysis techniques for detecting hardware
Trojans
To restrict switching activity within a target region while
keeping other regions quiet to reduce total circuit
switching activity & increase TCA
Performing layout-aware scan cell reordering after
Place & Route
No pin or area overhead

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 59
 Trojan Mitigation: Facilitating Detection
Trojan-to-circuit activity (TCA) enhancement with scan cell reordering

Traditional Scan Chain Organization Scan Chain Organization with Layout-Aware Reordering

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 60
 Summary
❖ What have been discussed

- Hardware Trojan Detection

Pre-silicon vs. Post-silicon

Destructive vs. Non-destructive

- Hardware Trojan Mitigation

Preventing Insertion

Facilitating Detection

© 2021 Nanyang Technological University, Singapore. All Rights Reserved. 61