Variation-Aware Hardware Trojan Detection through Power Side-channel Analysis

Fakir Sharif Hossain (1561032)


The outsourcing of numerous stages of the integrated circuit (IC) manufacturing process to foundries over which perfect control and oversight cannot be guaranteed has resulted in the security risk imposed by Hardware Trojans (HT) increasingly assuming realistic dimensions. The purpose of this dissertation is to improve the HT detectability in ICs using power side-channel analysis. An improved detectability depends on the Trojan-to-circuit power that contributes to reduce the process variation effect. Dividing a circuit into multiple partitions and activating one partition while keeping others frozen can boost the detectability by increasing the Trojan-to-circuit power consumption. The partition size and activation of a single partition realized by clock gating deliver heightened detectability with some hardware overhead. In some cases, the Trojan-to-circuit area ratio could be exceedingly small resulting in an inability to distinguish between the possible presence of a Trojan and perturbations due to process variations. A Golden free detection can eliminate inter-die and can reduce intra-die variation effects.

In this dissertation, three HT detection methods have been developed to improve the detectability. The goal have been achieved by reducing process variation effects in the detection threshold and increasing Trojan activation chances. An increased Trojan-to-circuit power consumption has been attained by a fine-grain scan based partitioning in the first proposed Golden IC based method. The partitioning also reduces the inter-die variation effect in the detection threshold due to the sufficiently small partition size. In opposite, to keep partitions adequately small, a significant amount of hardware overhead is required in the design. The additional constraint of Golden IC free detection poses yet another challenge. Reliance on trusted chips might necessitate costly destructive reverse engineering of an IC to reach high accuracy in internal nodes. The production of even a small quantity of Golden ICs necessitates access to a trusted foundry facility furthermore, a quite costly proposition.

These two issues have been addressed in the second proposed method by developing a novel layout-aware clock tree driven circuit partitioning technique which is coupled with an algorithm that selects transition delay fault test patterns that will deliver equal power on partitions. The circuit partitioning through the clock tree results in minimal hardware additions. The proposed equal-power self-referencing technique results in reduction of inter-die variation effects and perturbs the circuit under various activation conditions, thus delivering increased detectability. To get a heightened detectability, the detection threshold has been reduced further in the third proposed method by addressing the intra-die systematic variation effect and by selecting a set of patterns that delivers a full toggling coverage.

The detectability is sharpened by 1) comparing power levels from neighboring regions within the same chip so that the two measured values exhibit a common trend in terms of process variations, and 2) generating test patterns that toggle each cell multiple times to increase Trojan activation probability.

Incorporating three proposed methods, the detectability scale demonstrated that an HT consisting of three gates has been detected successfully with an insignificant hardware overhead. Most cases proposed strategies give higher detectability.