ABSTRACT

Involvement of many parties in the production of integrated circuits (ICs) makes the process more vulnerable to tampering. Consequently, IC security has become an important challenge to tackle. One of the threat models in hardware security domain is the insertion of unwanted and malicious hardware components, known as Hardware Trojans (HTs). A malicious attacker can insert a small modification into the functional circuit that can cause havoc in the field. To make the Trojan circuit stealthy, trigger circuits are typically used. The purpose of the trigger circuit is to hide the Trojan activity during post-production testing, and to randomize activation conditions, thereby making it very difficult to diagnose even after failures. Trigger mechanisms for Trojans typically delay and randomize the outcome based on a subset of internal digital signals. While there are many different ways of implementing the trigger mechanisms, charge based mechanisms have gained popularity due to their small size. In this paper, we propose a scheme to ensure that the trigger mechanisms are activated during production testing even if the conditions specified by the malicious attacker are not met. By disabling the mechanism that makes the Trojan stealthy, any of the parametric techniques can be used to detect Trojans at production time. The proposed technique relies on supply pulsing, where an increased potential difference between the gate and bulk of the active transistor in the output stage generates an alternate charge path for an otherwise unreachable capacitor and bypasses the input conditions to the trigger mechanism. SPICE simulations show that our method works well even for the smallest Trojan trigger mechanisms.

Keywords: Analog, Charge, Domain, Trojan, Capacitor, Security, Detection.

Full Text (PDF)