Hardware Trojan: Threats and Emerging Solutions

(Invited Paper)
Rajat Subhra Chakraborty, Seetharam Narasimhan and Swarup Bhunia
Dept. of Electrical Engineering and Computer Science
Case Western Reserve University
Cleveland, Ohio, USA
E-mail: {rsc22, sxn124, skb21}@case.edu

Abstract—Malicious modification of hardware during design

or fabrication has emerged as a major security concern. Such
tampering (also referred to as Hardware Trojan) causes an
integrated circuit (IC) to have altered functional behavior, poten-
tially with disastrous consequences in safety-critical applications.
Conventional design-time verification and post-manufacturing
testing cannot be readily extended to detect hardware Trojans
due to their stealthy nature, inordinately large number of possible
instances and large variety in structure and operating mode. In Fig. 1. Vulnerable steps of a modern IC life cycle [3].
this paper, we analyze the threat posed by hardware Trojans and
the methods of deterring them. We present a Trojan taxonomy,
models of Trojan operations and a review of the state-of-the-art
Trojan prevention and detection techniques. Next, we discuss the by comparing its functionality or circuit characteristics with
major challenges associated with this security concern and future a golden version of the IC [20-28]. However, existing state-
research needs to address them. of-the-art approaches do not allow destructive verification of
Index Terms—Hardware Trojan; Design for Security; ICs to be scalable [6]. Moreover, as pointed out in [3], it is
possible for the adversary to insert Trojans in only some ICs on
I. I NTRODUCTION a wafer, not the entire population, which limits the usefulness
Hardware security to ensure Trust in ICs has emerged as of a destructive approach.
an important research topic in recent years. Economic reasons Traditional post-manufacturing logic testing is not suitable
dictate that most of the modern ICs are manufactured in off- for detecting hardware Trojans. This is due to the stealthy
shore fabrication facilities [1]. Moreover, modern IC design nature of hardware Trojans and inordinately vast spectrum of
often involves intellectual property (IP) cores supplied by possible Trojan instances an adversary can employ. Typically,
third-party vendors, outsourced design and test services as the adversary would design a Trojan that triggers a malfunction
well as electronic design automation (EDA) software tools only under rare circuit conditions in order to evade detection.
supplied by different vendors. Such a business model has, to Due to the finite size of the testset, the rare condition for
a large extent, relinquished the control that IC design houses activation of the Trojan might not be realized during the
had over the design and manufacture of ICs making them testing period, especially if the Trojan acts as a sequential
vulnerable to different security attacks. Fig. 1 illustrates the state machine or “time-bomb” [7]. On the other hand, the
level of trust at different steps of a typical IC life-cycle [3]. techniques for detecting Trojans by comparison of the “side-
Each party associated with the design and manufacture of channel parameters” such as power trace or delay [22-26]
an IC can be a potential adversary who inserts malicious are limited by the large process-variation effect in nanoscale
modifications, referred as Hardware Trojans [2-5]. Concern IC technologies, reduced detection sensitivity for ultra-small
about this vulnerability of ICs and the resultant compromise Trojans and measurement noise [22].
of security has been expressed globally [2-4], especially since In the next section, we give classification, models and
several unexplained military mishaps are attributed to the examples of different Hardware Trojans. We then present a
presence of malicious hardware Trojans [5, 30-31]. survey of the emerging techniques of Trojan detection. Finally,
Ideally, any undesired modification made to an IC should we discuss the major challenges in the field of Trojan detection
be detectable by pre-silicon verification/simulation and post- and describe future research directions.
silicon testing. However, pre-silicon verification or simulation
II. T ROJAN TAXONOMY AND E XAMPLES
requires a golden model of the entire IC. This might not be
always available, especially for IP based designs where IPs can Different methods of classifying hardware Trojans based on
come from third-party vendors. Besides, a large multi-module various characteristics have been proposed. In [27], the authors
design is usually not amenable to exhaustive verification [6]. propose a simple classification of Trojans – combinational
Post-silicon, the design can be verified either through destruc- (whose activation depends on the occurrence of a particular
tive de-packaging and reverse-engineering of the IC [3], or condition at certain internal nodes of the circuit) and sequential

978-1-4244-4823-4/09/$25.00 ©2009 IEEE 166

 (a) Combinationally triggered Trojan

(b) Synchronous counter (“time-bomb”) Trojan

Fig. 2. Trojan taxonomy based on trigger and payload mechanisms.

(whose activation depends on the occurrence of a specific

sequence of rare logic values at internal nodes). In [8], the
authors classify Trojans based on three attributes: physical,
activation and action. Some classifications (e.g. [7, 24]) are (c) Asynchronous counter Trojan
based on the activation mechanisms (referred as Trojan trig-
ger) and the part of the circuit or the functionality affected
by the activation of the Trojan (referred as Trojan payload).
In this paper, we follow and expand the Trojan taxonomy
proposed in [7], where the Trojans are classified based on
their trigger and payload mechanisms, as shown in Fig. 2. (d) Hybrid counter Trojan
The trigger mechanisms can be of two types: digital and
analog. Digitally triggered Trojans can again be classified
into combinational and sequential types. Fig. 3(a) shows an
example of a combinationally triggered Trojan where the
occurrence of the condition A = 0, B = 0 at the trigger nodes
(e) Analog Trojan triggered based on logic value
A and B causes a payload node C to have an incorrect value at
Cmodif ied . Typically, an adversary would choose an extremely
rare activation condition so that it is very unlikely for the
Trojan to trigger during conventional manufacturing test.
Sequentially triggered Trojans (the so-called time bombs),
on the other hand, are activated by the occurrence of a
sequence, or a period of continuous operation. The simplest se-
quential Trojans are synchronous stand-alone counters, which
trigger a malfunction on reaching a particular count. Fig. 3(b) (f) Analog Trojan triggered based on circuit activity [9]
shows a synchronous k-bit counter which activates when the
Fig. 3. Examples of Trojans with various trigger mechanisms.
count reaches 2k−1, by modifying the node ER to an incorrect
value at node ER? . An asynchronous version is shown in
Fig. 3(c), where the count is increased not by the clock, but
by a rising transition at the output of an AND gate with on-chip sensors are used to trigger a malfunction. Fig. 3(e)
inputs p and q. The trigger mechanism can also be hybrid, shows an example of an analog trigger mechanism where
where the counts of both a synchronous and an asynchronous the inserted capacitance is charged through the resistor if the
counter simultaneously determine the Trojan trigger condition, condition q1 = 1, q2 = 1 is satisfied, and discharged otherwise,
as shown in Fig. 3(d). Note that more complex state machines causing the logic threshold to be crossed after a large number
of different types and sizes can be used to generate the trigger of cycles. A different analog Trojan trigger mechanism (see
condition based on a sequence of rare events. In general, it Fig. 3(f)) was proposed in [9], where higher circuit activity
is more challenging to detect sequential Trojans using con- and the resultant rise of temperature was used to trigger the
ventional test generation and application, because it requires malfunction, through a pair of ring oscillators and a counter.
satisfying a sequence of rare conditions at internal circuit Trojans can also be classified based on their payload
nodes to activate them. The number of such sequential trigger mechanisms into two main classes - digital and analog.
conditions for arbitrary Trojan instances can be unmanageably Digital Trojans can either affect the logic values at chosen
large for a deterministic logic testing approach. internal payload nodes, or can modify the contents of memory
The trigger-mechanism can also be analog in nature, where locations. Analog payload Trojans, on the other hand, affect

167
 (a) (b)

Fig. 4. Examples of analog payload Trojans.

circuit parameters such as performance, power and noise

margin. Fig. 4(a) shows an example where a bridging fault is
introduced using an inserted resistor, while Fig. 4(b) shows an Fig. 5. Trojan detection techniques.
example where the delay of the path is affected by increasing
the capacitive load. Another form of analog payload would
be generation of excess activity in a circuit (similar to that proaches cannot be effective for trust validation in ICs. The
shown in Fig. 3(f)), to accelerate the aging process of an IC proposed non-destructive approaches can again be classified
and shorten its life-span, without affecting its functionality. under two main heads: non-invasive and invasive. The non-
Apart from triggering logic errors in the IC, the Trojan invasive techniques leave the original design unaltered while
can also be designed to assist in software-based attacks like the invasive techniques modify the design to embed features
privilege escalation, login backdoor and password theft [31]. targeted towards Trojan detection.
Two different Trojan payload mechanisms were explored in
the works described in [9-11]. The first is the “information A. Invasive Trojan Detection Techniques
leakage” attack, where secret information is leaked by a Trojan The invasive Trojan detection techniques can again be
via a transmitted radio signal or serial data port interface such classified under two different headings - those which are
as the RS-232-C port. It could also involve side-channel attack directed towards preventing the insertion of Trojans during
where the information is leaked through the power trace [32] design or fabrication of an IC, and those which facilitate
or through thermal radiation or through optical modulation of detection of inserted Trojans using post-manufacturing test.
an output LED [33]. Another type of Trojan payload proposed In [8], it was noted that Trojan insertion depends on the
is that implementing a “Denial of Service” (DoS) attack, which availability of free dead space within an IC layout, since
causes a system functionality to be unavailable. the total area of the die cannot be altered by the adversary.
However, if the adversary is capable of extracting the gate-
III. T ROJAN D ETECTION M ETHODS level netlist from the layout, through logic optimization and
In this section, we describe the state-of-the-art of Trojan better place and route techniques, it might be possible to free-
detection techniques. Fig. 5 shows a classification of existing up space to accommodate the Trojan. A design technique and
Trojan detection techniques. Note that there is no single “silver associated design automation flow are proposed in [12] to
bullet” technique available yet that can be applied to detect prevent effective insertion of Trojans. Here, the original design
all classes of Trojans. Majority of existing techniques address is obfuscated through expansion of the reachable state space
Trojan detection in manufactured ICs and assume the availabil- to make it difficult for an adversary to reverse-engineer the
ity of gate-level golden netlist. Very few investigations have functionality of the circuit and to find the true rare events.
addressed Trojan detection at higher level design descriptions Trojans inserted into a design without considering its true
e.g. register transfer level IP. In [38], a structural checking functional behavior become either invalid (i.e. not triggered in
approach is suggested to verify integrity of third party IP, but normal mode of operation) or easily detectable. The approach
the technique is not easily scalable to large designs [6]. results in 24% improvement in Trojan detection coverage at
The Trojan detection approaches can be classified under less than 10% design overhead.
two main types: destructive and non-destructive. The destruc- Design techniques can also be used to assist in Trojan
tive techniques [36-37] use a sample of the manufactured detection by logic testing or side-channel measurements. Since
ICs which are subject to de-metallization using Chemical an adversary is likely to exploit rare internal node conditions to
Mechanical Polishing (CMP) followed by Scanning Electron construct a Trojan, a design approach that aims at increasing
Microscope (SEM) image re-construction and analysis [3]. their controllability and observability can help in increasing
However, such approaches are extremely expensive and time- Trojan detection coverage. In [13], each module in a design
consuming (destructive analysis of a single chip taking several is modified such that a specific sequence of inputs activates
months) and do not scale well with increase in transistor an embedded FSM in the module which takes it to a special
integration density. Moreover, the results of analyzing a sample mode called the transparent mode (see Fig. 6(a)). In this mode,
cannot be extrapolated to the entire manufactured lot [3]. the controllability and observability of probable Trojan trigger
Since an adversary might affect only a small population of and payload nodes is enhanced and a compacted signature is
the manufactured ICs, destructive reverse engineering ap- presented at the primary outputs, which indicates the presence

168
 be further classified into two main types: run-time and test-
time techniques. The run-time techniques employ an online
monitoring system that tries to detect suspicious activity
during in-field operation, while the test-time techniques are
aimed at detecting Trojan-infected chips before deployment.
(a) On-demand Transparency Scheme [13]
1) Run-time, non-invasive Trojan detection approaches:
In [6], the authors propose the addition of reconfigurable De-
sign for Enabling Security (DEFENSE) logic in a given SoC to
enable real-time functionality monitoring. The checks can be
performed concurrently with the normal circuit operation and
trigger appropriate countermeasures when a deviation from
normal functionality is detected. However, the effectiveness
and the hardware overhead associated with this scheme is
not mentioned in the work. In [17], the authors propose a
novel SoC bus architecture that can detect malicious bus
behaviors associated with Trojan hardware, protect the system
and system bus from them and report the malicious behaviors
(b) Shadow-latch Based Delay Characterization Technique [16] to the system CPU, without loss of bus performance. The
authors report an additional gate-count of about 800 logic gates
Fig. 6. Examples of invasive Trojan detection techniques.
in a four million gate SoC, and negligible delay overhead.
In [18] the authors propose a scheme whereby functionally
or absence of a Trojan. In [15], a design technique termed equivalent software instances are executed on multiple CPU
VITAMIN based on the inversion of the supply voltage of cores, assisted by dynamic distributed software scheduling.
alternate logic levels in an IC is proposed. The logic behavior The sub-task outputs from different cores are compared to
of a gate operating with inverted supply voltage is inverted dynamically evaluate their individual trust-levels, with the
during test mode. As a result, the activity of a rarely activated distributed scheduler undergoing a trust learning procedure for
Trojan circuit is enhanced and it can be detected by comparing multiple runs. The authors show that the scheme is capable of
the power profiles of different ICs. successfully completing jobs in a Trojan infested environment,
In [16], the authors propose a low-overhead “at-speed” with improvement in throughput over successive runs.
delay characterization technique which is capable of detecting A combined hardware-software approach to perform run-
modifications to the circuit, both at run-time and at test-time. time execution monitoring has been proposed in [19, 35].
The path delay characterization is based on the insertion of Here, a simple verifiable “hardware guard” module external
“shadow latches” (see Fig. 6(b)) in the design to capture and to the CPU is considered. The work targets primarily DoS
compare with the data latched by registers in the original and privilege escalation attacks, using periodic checks by the
circuit paths. The test-time measurements are compared to the operating system (OS) which is enhanced with live check
design-time projections and any substantial statistical differ- functionality. The authors report 2.2% average performance
ence indicates malicious design alteration. In [25], this method overhead using SPECint 2006 benchmark programs, but do
was shown to be capable of detecting Trojans in an 8×8 array not report the hardware design overhead.
multiplier circuit under ±20% process variations. A dummy 2) Test-time, non-invasive Trojan detection approaches:
flip-flop insertion technique to increase the trigger probability There are two main classes of testing based approaches for
of Trojans was presented in [29], to aid in the detection of Trojan detection: (a) those based on logic testing, and (b)
Trojans through side-channel techniques. It can also help in those based on the measurement of side-channel parameters
Trojan detection with logic testing by making the malicious such as power, delay, etc. The main advantage of the test-
effect of a Trojan observable at the primary output. time techniques over the run-time techniques is that the test-
Another novel technique proposed in [14] is to use 3-D IC time techniques incur no hardware overhead, while the main
technology to integrate the security mechanisms in a separate disadvantage is the requirement of a “golden” (i.e. Trojan-free)
plane (called the control plane) above an existing plane of manufactured IC or functional model. Run-time methods typ-
circuitry in an IC (called the computation plane). The paper ically involve considerable performance and power overhead,
describes several security mechanisms to be performed by however, they provide the last line of defense and are capable
the control plane; however, it does not discuss the technical of providing 100% confidence in computed results.
challenges and the design overhead. a) Logic testing-based approaches: The main challenge
in a logic testing based approach is the enormously large
B. Non-invasive Trojan Detection Techniques Trojan space, which makes the generation of an exhaustive
In the non-invasive Trojan detection techniques, a Trojan is set of test vectors to detect all possible Trojans computation-
detected by comparing the behavior of the test IC with the ally infeasible. As an example, even with the constraint of
golden IC instance or a golden functional model. They can maximum four trigger nodes and a single payload node, a

169
 (a) Power-Supply Transient Based Trojan Detection [23]
Fig. 7. Logic testing based technique: Impact of N (number of times a rare
point satisfies its rare value) on the trigger/Trojan coverage and test length
for an ISCAS-85 benchmark circuit [20].

small ISCAS-85 benchmark circuit c880 with 451 gates can

have ∼ 109 triggers and ∼ 1011 possible Trojan instances,
respectively. Hence, a statistical approach seems intuitively
more suitable for test vector generation in case of logic testing
based Trojan detection.
A randomization-based technique to probabilistically com-
pare the functionality of the implemented circuit with the (b) Path Delay Fingerprint Technique [24]
design of the circuit is described in [34]. It can also report Fig. 8. Examples of side-channel based Trojan detection techniques.
a fingerprint input pattern to differentiate between the golden
and the Trojan-infested circuit. In [20], a statistical vector
generation approach for Trojan detection has been proposed
that targets generation of an optimal set of test vectors that can on measurement of power-supply transient signal is described
trigger each rare node in a circuit to its rare value multiple in [23], where signals from multiple power ports for several IC
times (N times, where N is a user-specified parameter), similar instances are obtained by a calibration process and subjected
to the concept of N-Detect test [21]. By increasing the toggling to statistical characterization. The technique was capable of
of nodes that are random-pattern resistant, it improves the detecting around 50% of activated Trojans and 30% of inactive
probability of activating a Trojan compared to purely random Trojans in an ISCAS-85 benchmark circuit (see Fig. 8(a)).
patterns. The coverage increases with N, with increasing test In [27], the authors propose a test vector generation ap-
length (see Fig. 7). The procedure achieves an 85% reduction proach to maximize the activity in individual partitions of
in test length compared to a weighted random pattern set, for a circuit, while minimizing the activity of other partitions.
similar Trojan detection coverage. Simulation results assuming a process variation of up to 7.5%
b) Side-channel analysis-based approaches: The side- were able to successfully detect most of the inserted Trojans.
channel analysis based Trojan detection approaches are based In [28], a sustained vector technique for Trojan detection is
on observing the effect of an inserted Trojan on a physical proposed, where each input test vector is repeated multiple
parameter such as circuit current transient, power consumption times to ensure the reduction of extraneous toggles within the
or path delay. The advantage of these approaches lies in the genuine circuit. This technique is shown to magnify the power
fact that even if the Trojan circuit does not cause observable profile difference between the original and the infected circuit
malfunction in the circuit during test, the presence of the by up to thirty times compared to previous approaches.
extra circuitry can be reflected in some side-channel parameter. Path delays of output ports were used as the fingerprint
However, the main challenges associated with side-channel in [24], with extensive characterization for process variations.
analysis are large process variation in modern nanometer The procedure could detect implicit payload Trojans occupy-
technologies and measurement noise, which can mask the ing only 0.13% of the total area under 7.5% process variations
effect of the Trojan circuit, especially for small Trojans. (see Fig. 8(b)), while for explicit payload Trojans occupying
In [22], the authors introduced the concept of IC finger- 0.36% of the total area, the detection rate was 36%. Both path
printing, where each IC instance is associated with a signature, delay and leakage current were considered in a gate-level char-
called a “fingerprint” obtained by measurement of one or more acterization technique proposed in [26], where the detection
side-channel parameters. From the analysis of power traces, problem was formulated as a Linear Programming Problem
used as the IC fingerprint in this work, the authors were able (LPP). The authors show that the technique is capable of
to identify Trojan instances with an equivalent area as small detecting Trojans in ISCAS-85 benchmark circuits with a high
as 0.01% of the total size of the circuit, in the presence of level of confidence; however, the scalability of the technique
±7.5% random parameter variations. Another approach based to large sequential designs is not addressed. Note that major-

170
 TABLE I
A DVANTAGES AND D ISADVANTAGES OF L OGIC T ESTING AND S IDE [6] M. Abramovici and P. Bradley, “Integrated Circuit Security - New Threats
C HANNEL T ROJAN D ETECTION A PPROACHES and Solutions”, CSIIR Workshop, 2009.
[7] F. Wolff et al, “Towards Trojan-Free Trusted ICs: Problem Analysis and
Logic Testing Approach Side–channel Approach Detection Scheme”, DATE, 2008.
[8] X. Wang, M. Tehranipoor and J. Plusquellic, “Detecting Malicious
Pros (a) Effective for small Trojans (a) Effective for large Trojans Inclusions in Secure Hardware: Challenges and Solutions”, HOST, 2008.
(b) Robust under process noise (b) Test generation is easy [9] Z. Chen et al, “Hardware Trojan Designs on BASYS FPGA Board
Cons (a) Test generation is complex (a) Vulnerable to process noise (Virginia Tech)”, CSAW Embedded System Challenge, 2008. [Online].
(b) Large Trojan detection (b) Small Trojan detection Available: http://isis.poly.edu/∼vikram/vt.pdf.
challenging challenging [10] A. Baumgarten et al, “Embedded Systems Challenge (Iowa State Uni-
versity)”, CSAW Embedded System Challenge, 2008. [Online]. Available:
http://isis.poly.edu/∼vikram/iowa state.pdf.
[11] Y. Jin and N. Kupp, “CSAW 2008 Team Report (Yale University)”,
ity of published side-channel approaches provide simulation CSAW Embedded System Challenge, 2008. [Online]. Available: http://isis.
verification results. Process variations, design marginalities poly.edu/∼vikram/yale.pdf.
[12] R.S. Chakraborty and S. Bhunia, “Security against Hardware Trojan
and measurement noise depend on many parameters and are through a Novel Application of Design Obfuscation”, ICCAD, 2009.
hard to model accurately. Hence, it is important to perform [13] R.S. Chakraborty, S. Paul and S. Bhunia, “On-Demand Transparency
hardware validation of a side-channel approach to accurately for Improving Hardware Trojan Detectability”, HOST, 2008.
[14] T. Huffmire et al, “Trustworthy System Security through 3-D Integrated
analyze its detection sensitivity. Hardware”, HOST, 2008.
Table I summarizes the relative advantages and disadvan- [15] M. Banga and M.S. Hsiao, “VITAMIN: Voltage Inversion Technique
tages of logic testing and side-channel approaches for Trojan to Ascertain Malicious Insertions in ICs”, HOST, 2009.
[16] J. Li and J. Lach, “At-Speed Delay Characterization for IC Authenti-
detection. From this table, it is clear that the two approaches cation and Trojan Horse Detection”, HOST, 2008.
have complementary scope in terms of Trojan detection capa- [17] L.W. Kim, J.D. Villasenor and C.K. Koc, “A Trojan-resistant System-
bility. Hence, approaches that combine the best of both worlds on-chip Bus Architecture”, Intl. Conf. on Military Communication, 2009.
[18] D. McIntyre et al, “Dynamic Evaluation of Hardware Trust”, HOST,
can be the most promising in terms of generic Trojan detection 2009.
capability. [19] G. Bloom, B. Narahari and R. Simha, “OS Support for Detecting Trojan
Circuit Attacks”, HOST, 2009.
IV. S UMMARY [20] R.S. Chakraborty et al, “MERO: A Statistical Approach for Hardware
Trojan Detection”, CHES Workshop, 2009.
The issue of hardware Trojans and effective countermea- [21] I. Pomeranz and S.M. Reddy, “A Measure of Quality for n–Detection
sures against them have drawn considerable interest in recent Test Sets”, IEEE. Trans. on Computers, Nov. 2004.
[22] D. Agrawal et al, “Trojan detection using IC fingerprinting”, IEEE
times. In this paper, we have presented a comprehensive study Symp. on Security and Privacy, 2007.
of different Trojan types and discussed emerging methods of [23] R.M. Rad, J. Plusquellic and M. Tehranipoor, “Sensitivity Analysis to
detecting them. Considering the varied nature and size of hard- Hardware Trojans using Power Supply Transient Signals”, HOST, 2008.
[24] Y. Jin and Y. Makris, “Hardware Trojan Detection Using Path Delay
ware Trojans, it is likely that a combination of techniques, both Fingerprint”, HOST, 2008.
during design and test, would be required to provide acceptable [25] D. Rai and J. Lach, “Performance of Delay-Based Trojan Detection
level of security. Design-time approaches would span various Techniques under Parameter Variations”, HOST, 2009.
[26] M. Potkonjak et al, “Hardware Trojan Horse Detection Using Gate-
levels of design descriptions. On the other hand, post-silicon Level Characterization”, DAC, 2009.
validation would require a combination of logic and side- [27] M. Banga and M.S. Hsiao, “A Region Based Approach for the
channel test approaches to cover Trojans of different types and Identification of Hardware Trojans”, HOST, 2008.
[28] M. Banga and M.S. Hsiao, “A Novel Sustained Vector Technique for
sizes under large parameter variations. Major future challenges the Detection of Hardware Trojans”, VLSI Design, 2009.
in this area would include developing detection mechanisms [29] H. Salmani, M. Tehranipoor and J. Plusquellic, “New Design Strategy
for analog Trojans which can implement numerous types of for Improving Hardware Trojan Detection and Reducing Trojan Activa-
tion Time”, HOST, 2009.
activation and observation conditions; an integrated metric to [30] Y. Alkabani and F. Koushanfar, “Designer’s Hardware Trojan Horse”,
quantify the level of trust that combines both design and test HOST, 2008.
time approaches; and an evaluation platform that analyzes [31] S. King et al, “Designing and Implementing Malicious Hardware”,
LEET, 2008.
a design to identify vulnerable regions and the impact of a [32] L. Lin et al, “Trojan Side-Channels: Lightweight Hardware Trojans
design change on the level of achievable trust. through Side-Channel Engineering”, CHES Workshop, 2009.
[33] F. Kiamilev and R. Hoover, “Demonstration of Hardware Trojans”,
R EFERENCES DEFCON 16, 2008.
[34] S. Jha and S.K. Jha, “Randomization Based Probabilistic Approach to
[1] Semiconductor Industry Association (SIA), “Global billings report history Detect Trojan Circuits”, 11th IEEE High Assurance Systems Engineering
(3-month moving average) 1976-March 2009”, 2008. [Online]. Available: Symposium, 2008.
http://www.sia-online.org/galleries/Statistics/GSR1976-March09.xls. [35] G. Bloom et al, “Providing Secure Execution Environments with a
[2] Defense Science Board, “Task force on high performance microchip Last Line of Defense against Trojan Circuit Attacks”, Computers and
supply”, 2005. [Online]. Available: http://www.acq.osd.mil/dsb/reports/ Security, 2009.
200502HPMSReportFinal.pdf. [36] Chipworks, Inc., “Semiconductor Manufacturing - Reverse Engineering
[3] DARPA, “TRUST in Integrated Circuits (TIC) - Proposer Informa- of Semiconductor components, parts and process”. [Online]. Available:
tion Pamphlet”, 2007. [Online]. Available: http://www.darpa.mil/MTO/ http://www.chipworks.com
solicitations/baa07-24/index.html. [37] J.A. Kash, J.C. Tsang and D.R. Knebel, “Method and Apparatus for Re-
[4] Australian Government DoD-DSTO, “Towards Countering the Rise of verse Engineering Integrated Circuits by Monitoring Optical Emission”,
the Silicon Trojan”, 2008. [Online]. Available: http://dspace.dsto.defence. United States Patent Number 6,496,022 B1, 2002.
gov.au/dspace/bitstream/1947/9736/1/DSTO-TR-2220\%20PR.pdf. [38] S. Smith and J. Di, “Detecting Malicious Logic Through Structural
[5] S. Adee, “The Hunt for the Kill Switch”, IEEE Spectrum, May 2008. Checking”, IEEE Region 5 Technical Conference, April 2007.

171