Microprocessors and Microsystems xxx (2014) xxx–xxx

Contents lists available at ScienceDirect

Microprocessors and Microsystems

journal homepage: www.elsevier .com/locate /micpro

A study on the efficiency of hardware Trojan detection basedon path-delay fingerprinting

http://dx.doi.org/10.1016/j.micpro.2014.01.0030141-9331/� 2014 Elsevier B.V. All rights reserved.

⇑ Corresponding author. Tel./fax: +98 2164542720.E-mail addresses: a.nejat@aut.ac.ir (A. Nejat), shekarian@aut.ac.ir (S.M.H.

Shekarian), szamani@aut.ac.ir (M. Saheb Zamani).1 Tel.: +98 2164545124.

Please cite this article in press as: A. Nejat et al., A study on the efficiency of hardware Trojan detection based on path-delay fingerprinting, MicropMicrosyst. (2014), http://dx.doi.org/10.1016/j.micpro.2014.01.003

Arash Nejat 1, Seyed Mohammd Hossein Shekarian 1, Morteza Saheb Zamani ⇑Department of Computer Engineering and Information Technology, Amirkabir University of Technology, Tehran, Iran

a r t i c l e i n f o

Article history:Available online xxxx

Keywords:Hardware securityHardware Trojan detectionDesign for hardware trustAnalysis of hardware security

a b s t r a c t

Hardware Trojan horses (HTHs) are among the most challenging treats to the security of integratedcircuits. Path-delay fingerprinting has shown to be a promising HTH detection approach. However, pre-vious work in this area incurs a large hardware cost or requires expensive testing techniques. Moreover,the relation between technology mapping and the efficiency of delay-based HTH detection have not yetbeen studied. In this paper, we present a HTH detection method which uses an effective test-vector selec-tion scheme and a path-delay measurement structure. Furthermore, we demonstrate the large impact oftechnology mapping on the effectiveness of delay-based HTH detection. We also show that delay-baseddetection methods are highly scalable. In case of choosing an area-driven design strategy, the averageHTH detection probability of our approach is about 63%, 78% and 90% if false alarm rate is 0%, 2% and16%, respectively. However, with modifications in the technology mapping, the results show improve-ments to 85%, 94% and 99%, at the cost of about 20% area overhead. In addition, the efficiency of ourmethod would not decrease for large benchmarks with thousands of gates.

� 2014 Elsevier B.V. All rights reserved.

1. Introduction

The high cost of silicon chip fabrication has caused most hard-ware manufacturers to outsource the fabrication of their integratedcircuits (ICs) to the third party foundries [1]. These foundries canserve attackers by modifying the circuit’s design or its physicalparameters. These modifications, usually known as hardwareTrojan horses (HTHs), may change the functionality or reliabilityof a chip in a disastrous way [1,2].

HTHs are classified into parametric and functional types.Parametric HTHs are modifications in the characteristics of existingwires and gates while functional HTHs are designed by adding orremoving gates and transistors [1]. The focus of this paper is onthe HTHs of the latter type which usually have more complicatedand damaging behaviors. Moreover, this paper concentrates onthe HTHs which are inserted into the design during the fabricationprocess.

HTHs must be triggered by some internal or external events or asequence of such events, to become operative. A wisely designedHTH is triggered only under rare conditions. For example, the

attacker usually uses a rarely-changed signal which already existsin the original circuit as an input of the HTH and designs the HTHin a way that it is triggered only if that signal changes. For thisreason, HTHs are not usually detectable by conventional testingmethods [1]. Parametric testing or side-channel analysis tech-niques are reported to be more effective for HTH detection. Thesetechniques are based on the fact that even a non-triggered HTHmay change the side-channel properties of the chip [3]. For exam-ple, the HTH may change the power consumed by the circuit, or itmay alter the delay of some paths in the design [1]. The greatestchallenge of these techniques is process variation which may coverthe Trojan effects and limit the scalability of the techniques.

Techniques based on path-delay analysis are among the mostpromising side-channel analysis approaches for HTH detection[4–9]. However, previous efforts in this area are not withoutlimitations. The approach presented in [4] seems to be powerfulin detecting HTHs which contribute to the delay of critical paths.However, employing this technique to detect HTHs that onlychange non-critical path-delays requires a large number of testvectors. Other delay-based HTH detection techniques use delaymeasurement structures [5–9]. Some of these techniques canreduce the difficulties of detecting HTHs on non-critical paths[7–9] but they incur additional hardware cost and design complex-ities. Moreover, these techniques do not benefit from a properdesign strategy and test vector generation.

rocess.

2 A. Nejat et al. / Microprocessors and Microsystems xxx (2014) xxx–xxx

In this paper, we address the challenges of using path-delaymeasurement to detect HTHs. Our contributions are as follows:

1. A novel HTH detection approach is presented based on pathdelay fingerprinting. The essence of this technique is to testthe delay characteristics at different frequencies. Varying thefrequency can simplify delay measurement in non-criticalpaths. In addition, modified scan chain helps to measure thedelay-paths. Our approach needs hardware redundancy in thestructure of scan flip-flops (SFF) which are already widely usedin ICs for testing various models of faults. An SFF is a flip-flop(FF) with extra scan logic, scan input and scan output whichare used during the test mode to set or fetch the value of that FF.

2. Guidelines are presented for the efficient use of some otherrelated ap-proaches in the literature.

3. HTH detection probabilities on paths are estimated based onpath-delay characteristics. The detection probabilities are alsovalid for any HTH detection technique based on single path-delay fingerprinting if the proposed guidelines are followed.

4. The impact of technology mapping on the delay-based tech-niques is investigated, and design hints are provided to improvethe probability of HTH detection.

5. The scalability of delay-based Trojan detection techniques isstudied and shown as an important score of this methods com-pared to the power-based Trojan detection approaches.

Our experiments are conducted on various ISCAS’89 bench-marks. 90 nm process technology is used because there is closeaccurate information about timing variation in this technology[10]. In case of area-driven technology mapping, the average detec-tion probability of our approach is 63%, 78% and 90% by accepting azero, 2% and 16% false alarm rate, respectively. However, thesedetection probabilities correspondingly improve to 85%, 94% and99% if it is tried to design the circuit with shorter paths due tothe less background variation effects of paths with shorter delay.Our experimental results also show that contrary to the power-based HTH detection techniques, the delay-based approaches areintrinsically scalable.

The rest of this paper is organized as follows: Section 2 intro-duces the previous work. The basic idea of our approach isdescribed in Section 3. The detailed approach is presented inSection 4. Section 5 presents the experimental setup and results.The method used to estimate HTH detection probability is alsoexplained in these sections. Finally, Section 6 concludes the paperand purposes some future works.

2. Previous work

Attackers try to hinder the process of HTH detection by makingthe trigger conditions as rare as possible. Moreover, the HTHswhich only produce analog outputs (e.g., power characteristics)would not be detected even by an exhaustive testing [11]. Hence,it is usually impractical to detect HTHs by using traditional testingmethods. Post-design HTHs may not be detected by reverse engi-neering either, since they may exist only in a portion of fabricatedchips [1]. It is noteworthy that reverse engineering is a destructiveprocess, so it is helpful only when applied on a single chip or asmall fraction of chips. Many efforts have been made in recentyears to develop more convenient methods for HTH detection.

Some test pattern generating approaches are presented in[12–14] to adapt testing techniques for HTH detection. However,these techniques are of limited gain for large circuits. Authors in[3] demonstrated that side-channel analysis is a more efficientapproach for detecting HTHs. This is because even non-triggeredHTHs may change the side-effect characteristics of a chip recogniz-ably. Two of such characteristics are widely used for the purpose of

Please cite this article in press as: A. Nejat et al., A study on the efficiency of haMicrosyst. (2014), http://dx.doi.org/10.1016/j.micpro.2014.01.003

HTH detection, namely, power consumption [3,15] and path-delays[4–9,16,17]. As it is demonstrated in [8,18], analyzing both powerand delay profiles of the circuit is needed to achieve better results.As the focus of this paper is on the path-delay analysis, relatedwork in this area is discussed in the rest of this section.

The first systematic approach for path-delay fingerprinting waspresented in [4]. This approach collects the overall delay character-istics of the whole design by analyzing some genuine chips. Thegenuine chips are assured to be Trojan-free by using invasivetechniques. The data is used as a reference to verify the genuine-ness of other chips. However, HTHs that merely change non-criticalpath-delays can hardly be detected by this technique.

Shadow registers are used in [5,6] for HTH detection. Each sha-dow register is placed next to a register in the design, getting thesame input as that of the original register. The shadow registersare triggered by a shadow clock signal with a controllable phaseoffset. Path-delays can be measured by changing the phase offset.Ring oscillators (ROs) are also employed for HTH detection[7,8,16,17]. ROs can be added to a design in a way that they canmeasure the delay characteristics. The large hardware cost is themain drawback of both structures.

Another delay-based HTH detection approach is introduced in[9], which creates a delay chain by bypassing some of the FFs inthe design. Besides 10% area overhead, this technique suffers fromleaning on the delay analysis of long paths. These long-delay pathsare generated due to the FF bypassing process. As we demonstratein Section 5, long-delay paths may not be qualified candidates forbeing tested for HTHs.

3. The basic idea

An intelligent attacker tries to avoid adding an HTH on criticalpaths (paths with the largest delay). Otherwise, changes in thetiming characteristics of the circuit would be simply identifiable.However, changes in the delay of non-critical paths would beunrecognizable by using conventional timing test approaches.

The main idea of the proposed approach is to test the circuit atproper frequencies. Each path is tested at a clock cycle with a per-iod equal to the delay of the path under test. We name this clockcycle as zero-slack clock cycle. The slack of a path becomes zero atits corresponding zero-slack clock cycle unless an HTH increasesthe path-delay. Consequently, the HTH is mapped into a path-delayfault, i.e. a fault that causes the propagation delay of a path toincrease beyond its expected value [19]. Now, an SFF can beemployed to monitor the path outputs. As in delay-fault test tech-niques [15], one pair of test vectors must be produced for path-delay fault as well as HTH testing in our approach. The two testvectors are chosen in a way that they cause two complementaryvalues at the output of the path. As a result, these vectors cangenerate a desirable transition in the target path and propagatethe transition to the SFFs. If the delay of a path increases due tothe HTH, the correct value cannot pass the path during the zero-slack clock cycle and the SFF will have incorrect value. This issueis illustrated by an example in Fig. 1.

In this figure, it is assumed that all the gates have 1-unit delayand the delay of interconnects is negligible. The critical path has a3-unit delay, so the minimum allowed clock period is 3 units. Theattacker is assumed to connect an HTH (the colored gate) to theoutput of gate G3. The connections of the trigger circuit to the ori-ginal circuit are neglected in this figure. The delay of the bold pathis increased by 1 unit due to the existence of the HTH. Thisadditional delay is not recognizable by at-speed testing unless azero-slack clock cycle (here, a clock cycle with a period of 1 unit)makes the bold path sensitive as the critical path.

In summary, our approach maps the chip delay characteristicsto observable functional behaviors. The Trojan detection technique

rdware Trojan detection based on path-delay fingerprinting, Microprocess.

Fig. 1. An HTH-infected circuit.

A. Nejat et al. / Microprocessors and Microsystems xxx (2014) xxx–xxx 3

presented in [5,6] uses a similar strategy, but it incurs more hard-ware overhead compared to the approach we propose in Section 4.Moreover, our technique uses an efficient path selection attitude.While theoretically all HTHs can be detected by our approach,the following challenges arise in real world situations:

1. Process variation is a hard challenge in the HTH detection meth-ods based on side channel analysis. The timing violations maybe resulted from the process variation, and not by the HTHeffects. For improving the Trojan detection, it is necessary todecrease the masking effects of the process variation.

2. There are many non-critical paths in the circuit that would nothave a delay longer than the delay of the critical path even afteradding an HTH. Testing of all such paths is impractical. How-ever, the nets in the design are the real elementary componentswhich may be affected by the HTHs. Therefore, for each net inthe design, only one of its covering paths must be tested forHTH. However, many candidate paths exist in the circuit forsome of the nets.

3. Path-delay measurement is very difficult in new technologies.

In general, HTH effects are more observable when the back-ground effect is small. Our preliminary experiments show thatthe same rule is true for path-delays. In other words, HTH delaysare likely to be more observable on a short-delay path. In addition,we use this rule to select appropriate paths for the testing process.As it is demonstrated in Section 5, our experiments confirm thehigh efficiency of this path selection scheme. In Section 5, we showthat synthesizing a circuit with shorter paths increases the HTHdetection probability.

4. The proposed approach

4.1. The HTH Detection Algorithm

An HTH detection approach based on using multiple frequen-cies is pre-sented in this section. The approach proceeds as follows:

1. For each net in the circuit, the minimum-delay path whichcovers that net is selected. If the vectors for testing path-delay-fault in the selected path are not found, the nextminimum-delay candidate path that crosses the net is selectedfor testing the path-delay fault. This process is repeated till atestable path is found.

Please cite this article in press as: A. Nejat et al., A study on the efficiency of haMicrosyst. (2014), http://dx.doi.org/10.1016/j.micpro.2014.01.003

2. Accurate delay estimation is performed. For delay testing, themaximum expected delay of the selected path must be usedas the testing clock-period. However, enforcing an ultra-highfrequency to the clock signal and propagating this signalthrough the chip may incur difficulties in the real-worldbecause the minimum required rise and fall times of the gatesmay not be met. To overcome this issue, we use a delay-estima-tion structure as shown in Fig. 2(a). The first multiplexer in thisfigure (MUX 1) is the intrinsic multiplexer of the scan flip-flop.The second multiplexer (MUX 2) along with signal DM (Detec-tion Mode) is used in our approach for replacing of the originalclock (CLK) with an extra clock signal (CLKp). Both clock signalshave the same frequencies, but their phase-difference equals tothe expected delay of the path under test. If CLK is replaced byCLKp, a zero-slack clock cycle with legitimate pulse-widths isproduced as it is illustrated in Fig. 2(b). As shown in this figure,the DM signal must be generated in a way that the minimumnegative and positive pulse widths required in the technologyare provided. By the terms minimum negative and positivepulse widths, we mean the minimum time intervals betweenthe falling and rising edges and the rising and falling edgesrespectively. As the frequencies of the two clock signals areequal and both signals work legitimately, there is no need tofurther replacement of CLKp with CLK during the test mode.The resolution of this technique is limited by the skew of thetwo clock signals and can be estimated by using Eq. (1).

rdware

R ¼ t0 þ t1 þ tskew ð1Þ

where t0 and t1 are the minimum applicable negative and positivepulse widths, and tskew is the skew time. All the three parametersare technology-dependent while tskew also depends on the bench-mark and the synthesis algorithms.Fig. 2 illustrates our delay estimation technique by an example. Asshown in this figure, for testing a path with 0.1 ns maximum ex-pected delay, two clock signals with a 0.1 ns phase-difference areused. Consequently, a zero-slack clock pulse is produced and thereis no need to initially produce and propagate a periodic clock signalwith a 10 GHz frequency. If an HTH increases the delay of this path,it will be detected during the zero-slack clock pulse. Paths withother delays can also be simply tested by changing the phase differ-ences of CLK and CLKp (e.g., for a path with 0.2 ns maximumexpected delay, the phase-difference of the two clock signals mustbe equal to 0.2 ns). The switching from CLK to CLKp is performedby a multiplexer.

Trojan detection based on path-delay fingerprinting, Microprocess.

Fig. 2. Path-delay-measurement: (a) structure, and (b) clock handling and signal timing.

Table 1Number of inputs, outputs, FFs, and gates.

Benchmark S713 S1423 S5378 S13207 S35932

Inputs 37 17 35 62 35Outputs 23 5 49 152 320FFs 19 74 179 638 1728Gates 393 657 2779 7951 16065

4 A. Nejat et al. / Microprocessors and Microsystems xxx (2014) xxx–xxx

3. The state of the destination SFF on the path is checked. Anydeviation from the previously known values is interpreted asa Trojan infection.

Our path selection strategy can be employed to improve otherHTH detection techniques based on path-delay fingerprinting(refer to Section 5.4). Furthermore, the proposed approach can beapplied to improve the technique proposed in [4]. If the delaycharacterization is performed at a zero-slack clock cycle (withregard to each path), a more informative convex hull can beconstructed in [4].

5. Experimental results

5.1. Experimental setup

Our experiments are based on introducing the model of HTHsinto benchmarks and try to detect the HTHs by using the proposedapproach. The experiments are conducted on five ISCAS’89 bench-mark circuits in TSMC 90 nm process technology. Table 1 presentsthe size characteristics of the selected benchmarks. The appliedtechnology is chosen, as accurate timing information is availablefor it [10]. The process variation is assumed to have normal distri-bution and a standard deviation of 6.61% [10]. Synopsys tools areused for synthesis and analysis of the circuits. Physical design isnot performed, as we want to estimate the efficiency of ourapproach independent from the effects of physical design process.

Please cite this article in press as: A. Nejat et al., A study on the efficiency of haMicrosyst. (2014), http://dx.doi.org/10.1016/j.micpro.2014.01.003

For modeling Trojans, we focus on the payload part of the HTH.Considering the functional HTHs which are our target cases, thepayload circuit must include at least one gate inserted into anexisting path or one input added to an existing gate. However,our initial experiments show that the delay effect of a second-typepayload gate (i.e., an existing gate with an extra input) is not smal-ler than the delay effects of some first-type Trojan (i.e., addedgates). For example, replacing a 2-input AND gate by a 3-inputone incurs a delay effect similar to that of inserting one 2-inputAND gate before the original 2-input AND gate. As a result, weuse single gates as abstract models of HTHs. The delay effectswhich may be caused due to a trigger circuit or a larger payload cir-cuit are ignored in favor to harden the Trojan detection.

As it is shown in Table 2, 24 different cells are inserted into thedesign as Trojans to study the effects of such HTHs. The function-alities of the cells vary from single 2-input AND and OR gates(AND2 and OR2) to a full-adder (ADDFH). As the trigger input, aproper cell input is chosen, i.e., the input that can keep the HTH

rdware Trojan detection based on path-delay fingerprinting, Microprocess.

Table 2HTH cells types.

HTH

OR2 XNOR3 OAI2BB2 AND2 XNOR2 AOI2BB2OR3 MX4 OAI2BB1 AND3 MX2 AOI2BB1OR4 AO22 OAI2B1 AND4 AO21 AOI2B1XOR3 OA21 OAI2B11 XOR2 OA22 ADDFH

A. Nejat et al. / Microprocessors and Microsystems xxx (2014) xxx–xxx 5

in the idle state. A single NOT gate is not used as an HTH, as it al-ways inverts a value in the circuit and cannot be put in the idlemode. Trojans must be idle in most of their lives, or they wouldbe easily detected with traditional functional/structural tests. Buf-fer gates are not used either, as they are harmless as functionalTrojans.

5.2. HTH detection probability estimation

We calculate the detection probability of each inserted HTHbased on the variation distribution of the delay of the path undertest. The normal distribution is characterized by two parameters;a mean (l) equal to the delay estimated in the absence of the var-iation, and a variance (r) determined by the process variation. Thenormal distribution of an HTH-infected path is shifted due to thedelay introduced by the HTH. The delay distribution of one of thepaths tested in our experiments is illustrated in Fig. 3, before andafter HTH insertion. The HTH is detectable if it increases thepath-delay longer than the maximum delay resulted from the var-iation effects. The reason is that at the frequency corresponding tothe path under test, such a delay prevents loading of the correct va-lue into the output FF. Thus, the HTH detection probability is atleast equal to the area of the shaded region in Fig. 3(a).

The HTH detection probability can be improved at the cost ofincurring a non-zero false alarm rate. Generally, the false alarmrate is the fraction of valid chips which are wrongly reported tobe faulty (HTH-infected in our work) [15]. An example is shownin Fig. 3. In this example, the HTH detection probability and the

Fig. 3. (a) HTH detection probability with zero false alarm rate, and

Table 3HTH detection probability in area driven technology mapping.

Benchmarks S713 S1423 S5378

False alarm rate 0% 2% 16% 0% 2% 16% 0% 2%

MINa 0.71 0.85 0.95 0.45 0.60 0.76 0.34 0.56MAXb 0.96 0.99 1.00 0.72 0.80 0.86 0.74 0.89AVGc 0.83 0.92 0.97 0.56 0.69 0.81 0.51 0.71

a Minimum HTH detection probability.b Maximum HTH detection probability.c Average HTH detection probability.d Average detection probability in the five benchmarks.

Please cite this article in press as: A. Nejat et al., A study on the efficiency of haMicrosyst. (2014), http://dx.doi.org/10.1016/j.micpro.2014.01.003

false alarm rate are equal to the area of the vertically and diago-nally shaded regions, respectively.

5.3. Results

We use the full scan-chain and the delay structure introduced inSection 4. Firstly, the resolution of the technique is estimated byusing Eq. (1) from Section 4. The values of t1 and t0 in this equationare .09 ns and .06 ns respectively according to the technologyinformation. The value of tskew is experimentally chosen to be.025 ns in our most complicated benchmark. As a result, the reso-lution of our technique is estimated as 0.2 ns in our experiments. Inthe next step, the shortest sensitizable path with a delay longerthan 0.2 ns delay is found for each net in the circuit. The detectionprobability of the inserted HTH is then calculated based on theprobability distribution of the delay of the selected path.

In our first experiments, we synthesized the benchmark circuitswith the traditional style of area-driven technology mapping. Thenwe performed a performance-driven technology mapping with amaximum allowed area overhead of 20%. For each benchmarkand for testing each path (selected by the scheme explained in Sec-tion 4), all 24 modeled HTHs introduced in Table 2 are used. Theaverage, minimum, and maximum detection probability of theHTHs for area and performance-driven technology mapping areshown in Tables 3 and 4, respectively.

As it is shown in Table 3, the average detection probability incase of area-driven technology mapping is 63%. By accepting a falsealarm rate of 2% and 16%, the average detection probability is im-proved to 78% and 90%, respectively. Discarding a large percentageof healthy chips may not be acceptable in some application, but thesuspicious chips may be utilized in non-safety–critical applications.

The detection probability would be much better if the designertries to design the circuit with shorter paths. As shown in Table 4,the average detection probability in case of area-constrained per-formance-driven technology mapping is 85%, 94% and 99% byaccepting a false alarm rate of zero, 2% and 16%, respectively. Thisimprovement is obtained, as the background variation effectswould be less in short-delay paths.

(b) HTH detection probability with non-zero false alarm rate.

S13207 S35932 Averaged

16% 0% 2% 16% 0% 2% 16% 0% 2% 16%

0.80 0.38 0.59 0.81 0.50 0.70 0.87 0.48 0.66 0.810.97 0.77 0.89 0.96 0.87 0.95 0.99 0.81 0.90 0.960.89 0.55 0.73 0.89 0.68 0.83 0.94 0.63 0.77 0.90

rdware Trojan detection based on path-delay fingerprinting, Microprocess.

Table 4HTH detection probability in performance driven technology mapping.

Benchmarks S713 S1423 S5378 S13207 S35932 Averaged

False alarm rate 0% 2% 16% 0% 2% 16% 0% 2% 16% 0% 2% 16% 0% 2% 16% 0% 2% 16%

MINa 0.82 0.92 0.98 0.49 0.70 0.88 0.88 0.97 0.99 0.77 0.91 0.98 0.98 1.00 1.00 0.79 0.90 0.97MAXb 0.99 1.00 1.00 0.84 0.94 0.98 1.00 1.00 1.00 0.98 1.00 1.00 1.00 1.00 1.00 0.96 0.99 1.00AVGc 0.89 0.96 0.99 0.59 0.78 0.92 0.94 0.99 1.00 0.85 0.95 0.99 0.99 1.00 1.00 0.85 0.94 0.98

a Minimum HTH detection probability.b Maximum HTH detection probability.c Average HTH detection probability.d Average detection probability in the five benchmarks.

6 A. Nejat et al. / Microprocessors and Microsystems xxx (2014) xxx–xxx

In addition to the considerable effects of technology mappingon the detection probability, another important issue can beconcluded from the results shown in Tables 3 and 4. The HTHdetection probability does not decrease if the size of the target cir-cuit increases. For example, there is a higher chance to detect HTHsin the largest benchmark, S35932, than in most other benchmarks.The reason is that a large number of adequately short paths exist inlarge circuits. Consequently, in regard with the HTH detectionprobability, the delay-based detection techniques are intrinsicallyscalable. It is a great advantage compared to the power-baseddetection techniques which incur hardware overhead (e.g., extrapower pads) to become more scalable [15]. On the other hand,our technique is also scalable in regard to the number of appliedtest vectors which are of the order of the number of nets (andnot paths) as reported in Table 5.

Our experimental results are provided in Table 6 with a differ-ent view-point. This table shows the reduction in the number ofvulnerable nets in the design in case of using the performance-driven technology mapping approach. We define vulnerable netsas the nets with HTH detection probability of less than 90%. Thenumber of vulnerable nets is a criterion of the effort which must

Table 5The number of applied test vectors for the two technology-mapping approaches.

Benchmark Number of applied test vectors

Area-driven synthesis Performance-driven synthesis

s713 291 387s1423 884 1181s5378 2056 2764s13207 3886 4778s35932 12,475 14,354

Table 6Summary of results from two technology mapping.

Benchmark Reduction in the number ofvulnerable points

Performancegain (%)

Areaoverhead(%)

s35932 5517–16 333 22s13207 2078–770 498 12s5378 1169–119 377 23s1423 599–425 329 18s713 45–54 300 19

Table 7Hardware overhead of delay fingerprinting techniques for HTH detection.

s713 (%) s1423 (%)

Area overheadOur technique 24 26Shadow registers 92 99RO-based technique 45 29

Please cite this article in press as: A. Nejat et al., A study on the efficiency of haMicrosyst. (2014), http://dx.doi.org/10.1016/j.micpro.2014.01.003

be performed to increase the trustworthiness of the design. Thearea overhead and the performance gain caused by this technologymapping approach are also presented in Table 6.

5.4. Discussions on the area-overhead of the technique

An accurate comparison between the area overheads of the pro-posed technique and other delay fingerprinting techniques is notstraightforward due to the dependencies of the overhead to thereal-world implementation. However, the hardware overhead ofour detection technique is less than that of other techniques. Similarto our technique, shadow registers presented in [5,6] also require anextra clock line. Moreover, both techniques use equal number of de-lay measurement units if they are designed to achieve equal Trojandetection capabilities. Nevertheless, our delay measurement struc-ture (Fig. 2(a)) is smaller, as it only includes one extra multiplexerfor each target SFF in the design. On the other hand, the techniquepresented in [5,6] requires one extra (shadow) FF for every targetFF and a comparator for comparing the value of the original andthe shadow FFs. A mechanism must also be added for scanningthe comparison result. An XOR can be used as the minimum-sizecomparator. The most cost-efficient scanning mechanism is usingthe original SFFs of the design. By using such a mechanism, one mul-tiplexer is needed to input the comparison results into the SFF.

The second and third rows of Table 7 present the area overheadof our technique and shadow registers (with the above-mentionedimplementation) respectively. The estimations are generated in lo-gic level and routing and clock routing overhead is ignored. How-ever, this overhead is of similar order for both techniques.Moreover, during the experiments, it is assumed that both tech-niques use one delay measurement unit for each FF in the design(i.e., both techniques use a similar path selection scheme). As it isshown in Table 7, using shadow registers is very costly. Actually,authors in [5,6] use a more limited number of shadow FFs. Theyplace the FFs at the end of the paths which include a minimal setthat covers all nodes of the design. However, they lose the benefitof testing short delay paths. We can equally degrade the numberof our delay measurement units (and their overall overhead) byusing the same path selection scheme. Nevertheless, a much moreHTH detection ability is obtained by testing short paths, asdescribed above.

Comparing our technique with RO-based techniques [7,8,16,17]is a little more complicated. RO-based techniques have the advan-tage of using no extra clock line. However, these techniques still

s5378 (%) S13207 (%) S35932 (%)

21 20 1979 75 7326 23 43

rdware Trojan detection based on path-delay fingerprinting, Microprocess.

A. Nejat et al. / Microprocessors and Microsystems xxx (2014) xxx–xxx 7

incur a large overhead. An RO includes an odd number of invertersplaced on a combinational loop. Such a loop is generated by addinga feedback loop into an existing path. As a result, at least one mul-tiplexer is needed for creating each loop in the operational mode[7]. A mechanism for scanning the output of ROs is also required,probably including some extra pins.

Longest paths are chosen in [7] for RO insertion, as such pathscover more nodes. Nonetheless, this leads to a smaller detectionprobability. Again, we assume that ROs are placed on the samepaths chosen by our shortest-path selection scheme to have a faircomparison. Alternatively, we can degrade the number of our delaymeasurement units (and their overall overhead) by using the samepath selection scheme applied in [7]. The last row of Table 7 pre-sents the area overhead of RO-based HTH detection technique.Here, only the overhead of multiplexers are considered and thepotential extra inverters and the scanning hardware/output pins(which probably incur a much larger overhead) are ignored. Theresult shows that using ROs causes a larger area overhead in com-parison with our technique. A more accurate comparison requires afull implementation of both techniques.

6. Conclusion and future work

A new HTH detection approach was presented in this paperbased on path-delay fingerprinting. Our approach incurs less areaoverhead compared to the techniques which use shadow registers,ring-oscillators and the technique proposed in [9]. More impor-tantly, our approach benefits from the reverse relation betweenthe HTH detection probability and the delay of the Trojan-infectedpath. The result would be improved if the path-delays are reducedby using an appropriate synthesis approach. We demonstrated thisconcept by using a performance-driven technology mapping. Fu-ture work includes trying to improve the HTH detection probabilityof delay-based techniques (i.e., to reduce the number of vulnerablenets) with more developed and specific modifications in the designflow.

References

[1] M. Tehranipoor, F. Koushanfar, A survey of hardware trojan taxonomy anddetection, Des. Test Comput. IEEE 27 (2010) 10–25.

[2] J.I. Lieberman, White Paper: National Security Aspects of the Global Migrationof the us Semiconductor Industry, Office of Senator Joseph I. Lieberman,Ranking Member, United States Senate Armed Services Committee,Washington, 2003.

[3] D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan detectionusing ic fingerprinting, in: IEEE Symposium on Security and Privacy, 2007,SP’07, IEEE, 2007, pp. 296–310.

[4] Y. Jin, Y. Makris, Hardware trojan detection using path delay fingerprint, in:IEEE International Workshop on Hardware-Oriented Security and Trust, 2008.HOST 2008, IEEE, 2008, pp. 51–57.

[5] J. Li, J. Lach, At-speed delay characterization for ic authentication and trojanhorse detection, in: IEEE International Workshop on Hardware-OrientedSecurity and Trust, 2008, HOST 2008, IEEE, 2008, pp. 8–14.

[6] D. Rai, J. Lach, Performance of delay-based trojan detection techniques underparameter variations, in: IEEE International Workshop on Hardware-OrientedSecurity and Trust, 2009, HOST’09, IEEE, 2009, pp. 58–65.

[7] J. Rajendran, V. Jyothi, O. Sinanoglu, R. Karri, Design and analysis of ringoscillator based design-for-trust technique, in: 2011 IEEE 29th VLSI TestSymposium (VTS), IEEE, 2011, pp. 105–110.

[8] C. Lamech, R.M. Rad, M. Tehranipoor, J. Plusquellic, An experimental analysis ofpower and delay signal-to-noise requirements for detecting trojans andmethods for achieving the required detection sensitivities, IEEE Trans. Inf.Forensics Secur. 6 (2011) 1170–1179.

[9] C. Lamech, J. Plusquellic, Trojan detection based on delay variations measuredusing a high-precision* low-overhead embedded test structure, in: 2012 IEEEInternational Symposium on Hardware-Oriented Security and Trust (HOST),IEEE, 2012, pp. 75–82.

[10] A. Maiti, J. Casarona, L. McHale, P. Schaumont, A large scale characterization ofro-puf, in: 2010 IEEE International Symposium on Hardware-Oriented Securityand Trust (HOST), IEEE, 2010, pp. 94–99.

Please cite this article in press as: A. Nejat et al., A study on the efficiency of haMicrosyst. (2014), http://dx.doi.org/10.1016/j.micpro.2014.01.003

[11] L. Lin, M. Kasper, T. Güneysu, C. Paar, W. Burleson, Trojan side-channels:Lightweight hardware trojans through side-channel engineering, in:Cryptographic Hardware and Embedded Systems-CHES 2009, Springer, 2009,pp. 382–395.

[12] S. Jha, S.K. Jha, Randomization based probabilistic approach to detect trojancircuits, in: 11th IEEE High Assurance Systems Engineering Symposium, 2008,HASE 2008, IEEE, 2008, pp. 117–124.

[13] F. Wolff, C. Papachristou, S. Bhunia, R.S. Chakraborty, Towards trojan-freetrusted ics: problem analysis and detection scheme, in: Design, Automationand Test in Europe, 2008, DATE’08, IEEE, 2008, pp. 1362–1365.

[14] R.S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, S. Bhunia, Mero: a statisticalapproach for hardware trojan detection, in: Cryptographic Hardware andEmbedded Systems-CHES 2009, Springer, 2009, pp. 396–410.

[15] R. Rad, J. Plusquellic, M. Tehranipoor, A sensitivity analysis of power signalmethods for detecting hardware trojans under real process and environmentalconditions, IEEE Trans. Very Large Scale Integration (VLSI) Syst. 18 (2010)1735–1744.

[16] J. Rajendran, V. Jyothi, R. Karri, Blue team red team approach to hardware trustassessment, in: 2011 IEEE 29th International Conference on Computer Design(ICCD), IEEE, 2011, pp. 285–288.

[17] X. Zhang, N. Tuzzio, M. Tehranipoor, Red team: design of intelligent hardwaretrojans with known defense schemes, in: 2011 IEEE 29th InternationalConference on Computer Design (ICCD), IEEE, 2011, pp. 309–312.

[18] S. Narasimhan, D. Du, R.S. Chakraborty, S. Paul, F. Wolff, C. Papachristou, K.Roy, S. Bhunia, Multiple-parameter side-channel analysis: a non-invasivehardware trojan detection approach, in: 2010 IEEE International Symposiumon Hardware-Oriented Security and Trust (HOST), IEEE, 2010, pp. 13–18.

[19] M. Bushnell, V.D. Agrawal, Essentials of Electronic Testing for Digital, Memory,and Mixed-Signal VLSI Circuits, vol. 17, Springer, 2000.

Arash Nejat received his B.S. degree in computer engi-neering from Allameh Mohaddes Noori Institute ofHigher Education in 2006 and his M.S. degree in com-puter engineering from Amirkabir University of Tech-nology in 2012. He is currently working on hardwaresecurity. His Research interests are hardware security,test and testability, ASIC design felow, embedded sys-tems design, FPGA, fault tolerant and low power design.

Seyed Mohammad Hossein Shekarian received his B.S.degree in computer engineering from Shahid BeheshtiUniversity in 2004 and his M.S. degree in computerengineering from Sharif University of Technology in2007. He is now a Ph.D. candidate at Amirkabir Uni-versity of Technology. He is currently working onhardware security and his other research interestsinclude fault-tolerant computing and low-powerdesign.

Morteza Saheb Zamani received the B.Sc. degree incomputer engineering from Isfahan University ofTechnology, Iran in 1989, and the M.Eng.Sc. and Ph.D.degrees in Computer Engineering from the University ofNew South Wales, Australia in 1992 and 1996, respec-tively. He joined Amirkabir University of Technology in1996 and he is now an associate professor and the headof Computer Engineering and IT department. HisResearch interests are VLSI design, electronic designautomation, biological design automation, quantumcomputing and hardware security.

rdware Trojan detection based on path-delay fingerprinting, Microprocess.