Trojan Detection in Digital Systems Using Current Sensing of Pulse Propagation in Logic Gates

Trojan Detection in Digital Systems Using Current Sensing of Pulse Propagation in

Logic Gates

Sabyasachi Deyati, Barry J. Muldrey, Abhijit Chatterjee

Electrical & Computer Engineering, Georgia Institute of Technology, Atlanta Georgia 30332 USA

e-mail: [email protected], [email protected], [email protected]

Abstract Outsourcing of chip manufacturing to untrusted foundries and

using third party IPs in design, have opened the possibility of

inserting malicious hardware Trojans into the circuit. As

excitation of Trojan is extremely rare, it is almost impossible to

detect Trojans with functional logic testing. We need to detect

Trojans without actually activating it (side channel analysis).

Hardware Trojan circuit get inputs from low transition

probability nodes of the original circuit. Tapping of these nodes

for creating Trojan inputs increase capacitive load at those

nodes. We have developed a very high resolution pulse

propagation technique to capture this extra capacitance at

Trojan affected nodes. This technique provides 20-25X higher

diagnostic resolution than path delay analysis in the presence of

significant manufacturing process variation. Pulse propagation

based Trojan detection is independent of logic depth in the path.

As the logic depth increases other state of the art Trojan

detection schemes loses accuracy. Though the scheme appears

simple, it is not so straight forward to generate and apply the

pulse inputs on chip at the desired locations and capture them

at designated locations with high accuracy in presence of high

fan out nodes in the design. We have developed a very high

resolution current sensing scheme to detect pulse propagation

through logic gates. A single sensor can sense pulse at multiple

locations. The entire scheme of pulse based Trojan detection

has been integrated into JTAG boundary scan scheme with

minimal area overhead to provide a complete solution for

Hardware Trojans.

Keywords— Hardware Security; Hardware Trojan Detection;

Hardware Intrusion Detection;

1. Introduction Increasing complexity in Integrated Circuit (IC) manufacturing

process is becoming very intense and costly. The whole

manufacturing chain is split into separate verticals each handled

by an expert team in order to bring down the cost of production

and timely delivery of ICs to the market. These specialized

teams may be located geographically in different countries and

may run by various organizations. Outsourcing of IC

manufacturing poses the threat of maliciously adding extra

circuitry (Hardware Trojans) in the design to cause malfunction

in controlled way. The plausible adverse effects of hardware

Trojans are i) exfiltration of data and security keys (both

software and hardware) ii) malfunctioning of critical electronic

systems (avionics, self-driven cars) and many more [1, 2]. An

insider can add these hardware Trojans (HTs) at various levels

of manufacturing process (RTL design phase, silicon

manufacturing phase). These HTs are stealthily inserted into

original circuit in such a way that they don’t show up in

conventional testing and validation of ICs. Occurrence of

Trojan activation is extremely rare event and thus sieve through

functionality testing of ICs. It is rightly pointed out in [1] that

specialized mechanisms (DFT) must be designed into hardware

to detect, diagnose malicious insertion of hardware Trojans into

a design.

State of the art, the most accurate way of checking existence

of HTs is to delayer chip and compare it with actual intended

physical design for every layer. This is extremely labor

intensive, costly and require optical imaging tools and CAD

tools to check difference between intended and actual

implementation of the design. There is a high need to check the

malicious insertion of Trojans in nondestructive and cost

effective way. Mainly there are two ways to check for HTs i)

by actually triggering the Trojan ii) side channel analysis

(detecting presence of Trojans by measuring some proxy

parameters, delay, power etc.). Discussion on various state of

the art hardware Trojan detection scheme and their drawbacks

are as follows:

A. Reduced Trojan Activation Time

Hardware Trojan activation is rare occurrence and hence not

detected in traditional functional logic testing. Presumably the

Trojan circuit inputs are coming from very low transition

probability nodes in the original logic circuit. In [3-5] authors

have tried to artificially increase the transitional probability of

those nodes with few extra gates to catch anomalous activities

in the circuit. Even if we identify k probable Trojan nodes in

the circuit, we do not know beforehand which combination of

those will actually trigger the Trojan, and if it is sequential

Trojan then the problem turns more intense and complexity

becomes many fold. For a combinational Trojan we have to

check all possible 2𝑘 combinations. This makes Trojan

detection extremely slow and infeasible. In this paper we are

proposing a technique to identify Trojans in less than k

combinations for k probable Trojan nodes.

B. Power Measurement Techniques

The authors proposed IDDQ (steady state) current measurement

at various sites across a chip in [6]. This scheme assumes that a

“golden model” from characterized Trojan free IC is available.

In practice it is difficult to have these “golden models”. In [7]

the authors proposed a technique to increase Trojan activity and

decrease original circuit activity and measure power to discern

mailto:[email protected]

mailto:[email protected]

between Trojan affected and original ICs. A key issue with this

approach is that a single test vector has to be sustained for 25

clock cycles.

C. Path Delay Measurement Techniques

Jin and Makris [8] come up with a path delay measurement

based scheme where path delays of Trojan free chips are

collected and a signature is constructed based on path delays.

To employ this scheme one needs to know a priory which ICs

are Trojan affected and which are Trojan free for a small

number of ICs. Trojan insertion and detection in SEA ASICs

are discussed in [9]. Detecting hardware Trojans by measuring

path delay becomes infeasible in presence of process variation

as delay increment due to Trojan can be masked by delay due

to process variation. Effect of process variation on path delay

based scheme has been discussed in [10]. Process variation is

not considered with due diligence in [8, 9]. Use of process

monitoring circuits ( tracking systematic/global process

variations) and special calibration technique can be useful for

path delay based Trojan detection techniques[11, 12]. It

requires a lot of ICs to statistically determine presence of

Trojans for technique used in [11, 12].

Key contributions of this research are as follows:

In this paper, a novel very high resolution current sensing of

pulse propagation through logic gates is proposed for hardware

Trojan detection. The main contributions of this paper are:

a) In [13] authors proposed a pulse propagation driven

Trojan detection scheme that can detect increase in

capacitances due to Trojan insertion at internal circuit nodes

of digital logic. Efficacy of the proposed technique is reduced

by high fan out nodes in logic circuit. In this work a current

sensor based pulse detector is proposed which will eradicate

the fan out issues in [13] and will make it a generalized

approach for Trojan detection in digital logic.

b) Instead of using pulse detector at every scan flop we

have developed a sensor which can detect presence of pulse in

multiple paths concurrently.

c) Trojan detection time is linear in this approach as

opposed to exponential in state of the art Trojan detection

schemes [4, 5] by increasing transitional probabilities of

susceptible Trojan nodes.

d) The additional circuitry needed to implement the

proposed scheme can be integrated into existing “at speed scan

test” infrastructure of digital pipeline stage designs.

e) The proposed approach can be easily incorporated

into existing IC design flows.

The rest of the paper is arranged as follows: Section 2

describes the assumed hardware Trojan threat model. Section 3

establishes theory of pulse propagation through a chain of logic

gates. The way pulse propagation can be used for detecting

Trojans is explained in Section 4. Section 5 discusses the

proposed current sensor for pulse propagation detection.

Section 6 discusses the infrastructure required to implement the

pulse propagation based Trojan detection scheme, compatible

with “at speed scan test” of digital FSM and pipeline based

logic circuits. Experimental results and comparison with other

detection techniques are shown in Section 7. Conclusion and

future research directions are discussed in Section 8.

2. Trojan Threat Model Detection of hardware Trojans is predicated on Trojan threat

model that defines how a Trojan can cause malfunction in the

circuit. As described in [14, 15] Trojan payload is the part of

the circuit affected by the Trojan (part of the circuit where logic

value is changed due to Trojan) and the act of causing it to have

incorrect logic values is initiated by a Trojan trigger. Trojan can

be combinatorial or sequential. One example of each is given in

Figure 1. Be it combinatorial or sequential the inputs to the

Trojan trigger circuit is coming from original circuit nodes (low

transitional probability nodes). When an original circuit node is

tapped for Trojan trigger, it experiences an extra capacitance.

Least capacitive tapping would be to use a minimum size

inverter. Even when the Trojan is not activated this capacitance

would be there due to loading of an extra gate (see Figure 2). It

is this extra loading that we aim to detect with unprecedented

high resolution using current sensing of pulse propagation

through logic gates. Gate capacitance of a minimum sized

inverter adds 0.2-1 femto farad capacitance to the tapped signal

node (45nm PTM [16] ). It will be shown in subsequent sections

that in presence of 10% random process variation 880 aF of

extra capacitance can be detected by the proposed pulse

propagation technique.

Figure 1: Trojan Models (a) combinatorial Trojan (b) sequential

Trojan

Figure 2: (a) Tapping original circuit node for Trojan inputs (b)

Corressponding equivalent circuit when Trojan is not activated

3. Theory of Pulse Propagation Through Logic Gates

. . . .1 2 3 n

Figure 3: Inverter Chain

In [17, 18] the authors have shown pulse propagation through

logic gates for Single Event Transient (SET) analysis. The

authors have analyzed if a SET pulse can propagate and cause

a logic failure in digital circuits. In this paper the pulse is

deliberately injected to test the Trojan occurrence. The same

analogy of pulse propagation is applicable here and SET pulse

analysis results are leveraged. In this paper all Spice

simulations use 45nm predictive technology [16]. For inverter

chain simulation minimum sized inverters (l=50nm

Wn=100nm Wp=160nm) built with low threshold transistors

(NMOS VTL and PMOS VTL) are used.

A pulse must achieve rail to rail swing (+ve pulse should reach

VDD and a -ve pulse should reach ground) at every stage in

order to propagate through a long chain of logic gates. If this

rail to rail swing is not achieved, the pulse starts deteriorating

progressively from that very stage. If the input pulse rise/fall

time (𝑡𝑟/𝑡𝑓) is lower than the (10 to 90% ) rise/fall (𝜏𝑛 /𝜏𝑝) time

of the gates then minimum pulse width required to propagate a

long chain is 𝜏𝑛 + 𝜏𝑝 [18]. It is found both by numerical

equation solving and Spice simulation that this is a relaxed

constraint. If 𝑡𝑟(𝑡𝑓) < 𝜏𝑝(𝜏𝑛) then the constraint is even more

relaxed. Table 1 is showing two such examples.

Table 1: Minimum Pulse Width Required for Propagation

through the Inverter Chain

tr/tf of Input Pulse

τn τp Min Pulse Width ( Spice Simulation)

Min Pulse Width (Numerical Solution )

1ps 15p 9p 18ps 18ps 6ps 15p 9p 13ps 12ps

Figure 4 is showing two examples a) pulse width is less than

the required width and gradual pulse killing b) pulse width is

above the required pulse width and pulse is propagating through

infinitely long logic chain of inverters. We have mentioned

earlier that a presence of pulse will be detected by sensing

supply current of a logic gate. When a pulse is dying, peak pulse

voltage versus supply current at corresponding inverters are

shown in Figure 5. Both peak current and rms current show

almost linear relationship with peak voltage, corroborate our

idea of detecting a pulse by sensing supply current of a logic

gate.

Figure 4: Pulse Propagation (a) Input pulse width less than the

required minimum width (b) input pulse width greater than the

minimum required pulse width

Figure 5: Peak pulse voltage vs current drawn from power

supply

4. Pulse Propagation Driven Trojan Detection Using

Current Sensing of a Logic Gate

Table 2: Algorithm for implementing pulse detection based

DFS (Design for security)

findTransitionPrb(netlist,random stimuli) /*Stimulate netlist with sufficiently large number of random stimuli to find low transition probability nodes in the circuit*/ 𝑆 = {𝑛𝑖| 𝑇𝑟𝑃𝑟𝑏(𝑛𝑖) < 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 𝑃𝑟𝑜𝑏𝑎𝑏𝑖𝑙𝑖𝑡𝑦} //select nodes below threshold transitional probability OG=null // null observable gate set For each 𝑛𝑖 ∈ 𝑆 [𝑠𝑡𝑖𝑚𝑢𝑙𝑢𝑠𝑖 , 𝑎𝑐𝑡𝑖𝑣𝑎𝑡𝑖𝑜𝑛 𝑝𝑎𝑡ℎ]=FindStimulusAndActi vationPath(netlist, 𝑛𝑖 ) If( activation path ==NULL) Add an extra scan flop(see Figure 6) [𝑠𝑡𝑖𝑚𝑢𝑙𝑢𝑠𝑖 , 𝑎𝑐𝑡𝑖𝑣𝑎𝑡𝑖𝑜𝑛 𝑝𝑎𝑡ℎ]=FindStimulusAnd ActivationPath(netlist, 𝑛𝑖 ) 𝑜𝑔𝑖 =FindobservableGate(netlist , 𝑛𝑖 , 𝑠𝑡𝑖𝑚𝑢𝑙𝑢𝑠𝑖 ) 𝑂𝐺 = {𝑂𝐺} 𝑈 𝑜𝑔𝑖 Assign 𝑉𝐷𝐷𝑐𝑢𝑟𝑟𝑒𝑛𝑡𝐷𝑒𝑡𝑒𝑐𝑡𝑜𝑟 to gates {OG} Assign VDD to all other gates Synthesize design

Theory of pulse propagation and pulse killing due to extra load

capacitance due to Trojan inputs have been discussed in detail

in previous section. Firstly low transitional probability nodes

are identified by stimulating netlist with sufficiently large

number of random input stimuli. These are the probable Trojan

tapping nodes (Trojan circuit will take input from these nodes).

In [13] the authors have used pulse propagation based Trojan

detection. The above mention technique does not take into

account fan out problem in pulse propagation. If a pulse is so

chosen (pulse width) that it would go unaffected through

maximum k fan out nodes, and in the path if it encounters any

higher fan out node (>k) then the pulse will get killed. At higher

fan out node, pulse experience an extra capacitive load that kills

the pulse. So inside the circuit if we are testing presence of

Trojan at a specific node of fan out k, then pulse cannot be

applied from input through a path where fan out is greater than

k at any one node. Similarly in [13] the authors proposed to

detect the pulse at the output scan flop, which is also not

possible in presence of high fan out in logic circuit. And all the

scan flops would require pulse capturing capability. In this

work a single current detector is sufficient to detect presence of

Trojans in 100’s of paths. One such example is shown in Figure

6, where nodes m and n are Trojan probable nodes. A pulse can

be applied to node m from primary input but cannot be applied

to node n as there are no path from primary input to node n with

max fan out of 1. For such nodes we have used one extra scan

flop in scan chain (as shown in Figure 6) similar to the approach

used in [5] to artificially increase transitional probability. From

node n there is no path to take this pulse at the output, on the

basis of above mentioned fan out issue. If we observe supply

current of gate “X” then we would be able to detect presence

(or absence) of pulse at node n.

Figure 6: Finding current observation point and pulse

application point for a given node (a) original circuit (b)

modified circuit to incorporate Trojan detection DFT

Table 3: Algorithm of finding observable gate for a

corresponding low transition probability node

FindobservableGate(netlist, 𝑛, 𝑠𝑡𝑖𝑚𝑢𝑙𝑢𝑠 ) {nodevalues}=circuitSimulator(netlist,stimulus) f= fan out of node n {P}= Traverse netlist graph from node n towards output and track pulse till it reaches output or a higher fan out (>f) node /* netlist is a unidirectional graph where logic gates are nodes and connections are links */ 𝑃𝑙𝑜𝑛𝑔𝑒𝑠𝑡 =For all path listed in {P} find the longest path og= last gate of 𝑃𝑙𝑜𝑛𝑔𝑒𝑠𝑡 Return(og)

We have shown in previous section and will further show in

experimental result section that under extreme process variation

(+- 10 % random Vt change in ss, ff, nominal process corners)

the proposed current detection technique can detect presence of

a pulse in any one of 100 observation gates if these is a pulse

propagation through any one of them (see Figure 9). For

stimulus generation and path activation we have used a

PODEM[19] like algorithm. We do not kill PODEM after

finding one stimulus and one activation path, we keep on

running it to get all possible stimulus and corresponding

activation paths. For finding pulse application point and current

observation point (see Table 2 and Table 3) we choose the best

path and corresponding stimulus from PODEM output.

5. Current Sensor

Figure 7: Pulse propagation current sensor

Figure 8 : Current Sensor Simulation Result

As it is explained earlier that if a pulse propagates through a

logic gate then it sinks current from power supply. Weaker the

pulse is, lesser is the current drawn from supply. The peak

current difference when a pulse is propagating versus it is not

propagating is of the orders of 100 to 1000. Figure 7 is showing

the current sensor used to detect the peak current difference.

Rsense converts the supply current for observables gates to a

corresponding voltage. This voltage is amplified by the

Differential amplifier. Value of Rsense is so chosen that even

at maximum current drawing condition voltage droop is not

significant (voltage droop is 0.001 volt at maximum current

drawing condition).Two peak voltage detectors are used to

detect peak voltages, one at +ve cycle of the clock and the other

at –ve cycle of the clock. Pulse input is applied at –ve cycle of

the clock. So V1 is the peak voltage due to quiescent current of

the observable gates and V2 is the peak voltage due to pulse

propagation through any one of the observable gates. Switches

S1 & S2 become transparent in +ve and –ve cycle of the clock

respectively. One simulation with 20ps current pulse (on

amplitude 1 µA, off amplitude 10nA) is shown in Figure 8 to

illustrate the operation of the peak current sensor. Clear pulse

is used to drain the charges stored in peak detector capacitor to

make it ready for next clock cycle test. The comparator goes to

logic high when V1 goes above V2 by 50mv. This 50mv is kept

as a guard band for process variation.

6. Integrating the Current Sensing Approach in

Traditional Scan Chain for Digital Pipeline

Systems

Figure 9: Integrating Pulse Propagation Current Detector with

scan chain

1 0 P

Scanned in Input 0 1 0 1

0 0 1 0Scanned in Pulse Control

Circuit Input 0 1 P 1

Logic High Logic Low Pulse

Figure 10: Scanned in values and circuit input

The proposed pulse propagation current sensing based Trojan

detection scheme can easily be incorporated into traditional

scan chain available in the digital system for scan testing. A

pictorial representation of such a system for pipeline scanning

is shown in Figure 9. Similar integration is possible for

boundary scanning systems also. One extra scan flop is used in

every pipeline to detect existence of Trojan in the previous

pipeline logic stage. A single pulse generator is shared among

all the scan flops of a pipeline stage. It can be shared among

multiple pipelines provided different types of pulses are not

used simultaneously by two different pipeline stages. As shown

in Figure 9, input to a logic circuit can be a scanned in value or

a pulse form the pulse generator depending on scanned in pulse

control value. A pulse is applied to the circuit if scanned in

pulse control value is logic 1 (See Figure 10 for explanation). It

is to be noted that a parallel scan chain is used to scan in pulse

control values. In reality these extra flip-flops may not be

required. Shadow flip-flop in a scan flip-flop can be used to

scan in these pulse control values.

7. Experimental Results Table 4 : Comparison of scan cycles required to detect a

Trojan (* ThPr : Threshold Transitional Probability)

ISCAS 85 Bench Mark Circuit

Thpr # nodes below ThPr

Scan cycles required to detect any Trojan from these nodes This Work

[5]

C432 1e-3 8 8 1.7e7 C880 1e-3 7 7 1.6e6 C1355 1.5e-3 15 15 4.7e39

Figure 11: Monte Carlo Simulation (a) Path Delay (b)

Comparator Voltage of Current Sensor

It is mentioned in previous sections that activation of a Trojan

is very rare event of occurrence and nature, location of Trojan

in a circuit is not known a priori. Detecting Trojan with

actuating it, is an expensive proposition always. In this

approach, k low transition probability nodes are identified as

probable Trojan nodes and transition probability of those k

nodes are increased artificially.to reduce Trojan activation time.

Let’s assume after increasing transition probability the

respective transition probabilities are 𝑝0𝑖 𝑎𝑛𝑑 𝑝1𝑖. Then Trojan

activation time would be ∏ min (𝑝0𝑖 , 𝑝1𝑖)𝑘𝑖=1 . The scheme

proposed in this work can detect Trojans in k cycles. The

improvement in Trojan activation time is exponential. Table 4

is showing this example for three ISCAS bench mark circuits.

To compare pulse technique with delay based techniques we

took a random path from c432 netlist and created 4000 process

instance of it (+- 20 % random Vt variation in ss, ff and tt

corners) out of which 2000 were Trojan affected. Monte Carlo

simulation (Figure 11) on those 4000 instances show 24.6 %

miss prediction in delay measurement as opposed to 10.9 %

miss prediction in pulse based scheme. No process statistics

were involved in this measurement to have a fair comparison.

Knowledge of process statistics will help both the techniques.

8. Conclusions and Future Work

In this work the authors have explained how Trojan attack at

probable low transition probability nodes in a digital logic

system can be detected by using high resolution pulse input and

detecting the presence (or absence) of the pulse with an inbuilt

supply current sensor. The entire Trojan detection scheme can

be very easily integrated with traditional JTAG boundary scan

or pipeline scan chain testing system prevailing in the design.

Inclusion of Trojan detection scheme into scan chain has

minimal effects in terms of area and power. Advantage of the

proposed pulse killing technique over other (delay monitoring,

artificially increasing transition probability during logic

testing) state of the art Trojan detection schemes have been

compared and efficacy of this technique over the other

mentioned techniques have been established.

9. Acknowledgment This research was supported by NSF under Grant CNS

1441754 and by SRC under GRC Task 2555.001.

10. References

[1] D. S. Board. (Feb 2005, "Task Force On HIGH

PERFORMANCE MICROCHIP SUPPLY".

[2] C. J. G. N. M.S. Anderson, K.K. Yiu, "Towards

Countering the Rise of the Silicon Trojan," C. C. C. a. I.

Division, Ed., ed: Defence Science and Technology

Organisation, Dec 2008.

[3] F. Wolff, C. Papachristou, S. Bhunia, and R. S.

Chakraborty, "Towards Trojan-Free Trusted ICs: Problem

Analysis and Detection Scheme," in Design, Automation

and Test in Europe, 2008. DATE '08, 2008, pp. 1362-

1365.

[4] H. Salmani, M. Tehranipoor, and J. Plusquellic, "A Novel

Technique for Improving Hardware Trojan Detection and

Reducing Trojan Activation Time," Very Large Scale

Integration (VLSI) Systems, IEEE Transactions on, vol.

20, pp. 112-125, 2012.

[5] H. Salmani, M. Tehranipoor, and J. Plusquellic, "New

design strategy for improving hardware Trojan detection

and reducing Trojan activation time," in Hardware-

Oriented Security and Trust, 2009. HOST '09. IEEE

International Workshop on, 2009, pp. 66-73.

[6] J. Aarestad, D. Acharyya, R. Rad, and J. Plusquellic,

"Detecting Trojans Through Leakage Current Analysis

Using Multiple Supply Pad IDDQ" Information Forensics

and Security, IEEE Transactions on, vol. 5, pp. 893-904,

2010.

[7] M. Banga and M. S. Hsiao, "A Novel Sustained Vector

Technique for the Detection of Hardware Trojans," in

VLSI Design, 2009 22nd International Conference on,

2009, pp. 327-332.

[8] J. Yier and Y. Makris, "Hardware Trojan detection using

path delay fingerprint," in Hardware-Oriented Security

and Trust, 2008. HOST 2008. IEEE International

Workshop on, 2008, pp. 51-57.

[9] P. Kumar and R. Srinivasan, "Detection of hardware

Trojan in SEA using path delay," in Electrical,

Electronics and Computer Science (SCEECS), 2014 IEEE

Students' Conference on, 2014, pp. 1-6.

[10] D. Rai and J. Lach, "Performance of delay-based Trojan

detection techniques under parameter variations," in

Hardware-Oriented Security and Trust, 2009. HOST '09.

IEEE International Workshop on, 2009, pp. 58-65.

[11] C. Byeongju and S. K. Gupta, "Efficient Trojan Detection

via Calibration of Process Variations," in Test Symposium

(ATS), 2012 IEEE 21st Asian, 2012, pp. 355-361.

[12] B. Cha and S. K. Gupta, "Trojan detection via delay

measurements: A new approach to select paths and

vectors to maximize effectiveness and minimize cost," in

Design, Automation & Test in Europe Conference &

Exhibition (DATE), 2013, 2013, pp. 1265-1270.

[13] S. Deyati, B. J. Muldrey, A. Singh, and A. Chatterjee,

"High Resolution Pulse Propagation Driven Trojan

Detection in Digital Logic: Optimization Algorithms and

Infrastructure," in Test Symposium (ATS), 2014 IEEE

23rd Asian, 2014, pp. 200-205.

[14] R. S. Chakraborty, S. Narasimhan, and S. Bhunia,

"Hardware Trojan: Threats and emerging solutions," in

High Level Design Validation and Test Workshop, 2009.

HLDVT 2009. IEEE International, 2009, pp. 166-171.

[15] S. Narasimhan, D. Dongdong, R. S. Chakraborty, S. Paul,

F. Wolff, C. Papachristou, et al., "Multiple-parameter

side-channel analysis: A non-invasive hardware Trojan

detection approach," in Hardware-Oriented Security and

Trust (HOST), 2010 IEEE International Symposium on,

2010, pp. 13-18.

[16] "http:/ptm.asu.edu."

[17] X. Gili, S. Barcelo, S. A. Bota, and J. Segura, "Analytical

Modeling of Single Event Transients Propagation in

Combinational Logic Gates," Nuclear Science, IEEE

Transactions on, vol. 59, pp. 971-979, 2012.

[18] L. W. Massengill and P. W. Tuinenga, "Single-Event

Transient Pulse Propagation in Digital CMOS," Nuclear

Science, IEEE Transactions on, vol. 55, pp. 2861-2871,

2008.

[19] P. Goel and B. C. Rosales, "PODEM-X: An Automatic

Test Generation System for VLSI Logic Structures," in

Design Automation, 1981. 18th Conference on, 1981, pp.

260-268.

Trojan Detection in Digital Systems Using Current Sensing of Pulse Propagation in Logic Gates

Documents

Transcript of Trojan Detection in Digital Systems Using Current Sensing of Pulse Propagation in Logic Gates