Trojan Detection in Digital Systems Using Current Sensing of Pulse Propagation in Logic Gates
-
Upload
sabyasachi -
Category
Documents
-
view
3 -
download
0
description
Transcript of Trojan Detection in Digital Systems Using Current Sensing of Pulse Propagation in Logic Gates
Trojan Detection in Digital Systems Using Current Sensing of Pulse Propagation in
Logic Gates
Sabyasachi Deyati, Barry J. Muldrey, Abhijit Chatterjee
Electrical & Computer Engineering, Georgia Institute of Technology, Atlanta Georgia 30332 USA
e-mail: [email protected], [email protected], [email protected]
Abstract Outsourcing of chip manufacturing to untrusted foundries and
using third party IPs in design, have opened the possibility of
inserting malicious hardware Trojans into the circuit. As
excitation of Trojan is extremely rare, it is almost impossible to
detect Trojans with functional logic testing. We need to detect
Trojans without actually activating it (side channel analysis).
Hardware Trojan circuit get inputs from low transition
probability nodes of the original circuit. Tapping of these nodes
for creating Trojan inputs increase capacitive load at those
nodes. We have developed a very high resolution pulse
propagation technique to capture this extra capacitance at
Trojan affected nodes. This technique provides 20-25X higher
diagnostic resolution than path delay analysis in the presence of
significant manufacturing process variation. Pulse propagation
based Trojan detection is independent of logic depth in the path.
As the logic depth increases other state of the art Trojan
detection schemes loses accuracy. Though the scheme appears
simple, it is not so straight forward to generate and apply the
pulse inputs on chip at the desired locations and capture them
at designated locations with high accuracy in presence of high
fan out nodes in the design. We have developed a very high
resolution current sensing scheme to detect pulse propagation
through logic gates. A single sensor can sense pulse at multiple
locations. The entire scheme of pulse based Trojan detection
has been integrated into JTAG boundary scan scheme with
minimal area overhead to provide a complete solution for
Hardware Trojans.
Keywords— Hardware Security; Hardware Trojan Detection;
Hardware Intrusion Detection;
1. Introduction Increasing complexity in Integrated Circuit (IC) manufacturing
process is becoming very intense and costly. The whole
manufacturing chain is split into separate verticals each handled
by an expert team in order to bring down the cost of production
and timely delivery of ICs to the market. These specialized
teams may be located geographically in different countries and
may run by various organizations. Outsourcing of IC
manufacturing poses the threat of maliciously adding extra
circuitry (Hardware Trojans) in the design to cause malfunction
in controlled way. The plausible adverse effects of hardware
Trojans are i) exfiltration of data and security keys (both
software and hardware) ii) malfunctioning of critical electronic
systems (avionics, self-driven cars) and many more [1, 2]. An
insider can add these hardware Trojans (HTs) at various levels
of manufacturing process (RTL design phase, silicon
manufacturing phase). These HTs are stealthily inserted into
original circuit in such a way that they don’t show up in
conventional testing and validation of ICs. Occurrence of
Trojan activation is extremely rare event and thus sieve through
functionality testing of ICs. It is rightly pointed out in [1] that
specialized mechanisms (DFT) must be designed into hardware
to detect, diagnose malicious insertion of hardware Trojans into
a design.
State of the art, the most accurate way of checking existence
of HTs is to delayer chip and compare it with actual intended
physical design for every layer. This is extremely labor
intensive, costly and require optical imaging tools and CAD
tools to check difference between intended and actual
implementation of the design. There is a high need to check the
malicious insertion of Trojans in nondestructive and cost
effective way. Mainly there are two ways to check for HTs i)
by actually triggering the Trojan ii) side channel analysis
(detecting presence of Trojans by measuring some proxy
parameters, delay, power etc.). Discussion on various state of
the art hardware Trojan detection scheme and their drawbacks
are as follows:
A. Reduced Trojan Activation Time
Hardware Trojan activation is rare occurrence and hence not
detected in traditional functional logic testing. Presumably the
Trojan circuit inputs are coming from very low transition
probability nodes in the original logic circuit. In [3-5] authors
have tried to artificially increase the transitional probability of
those nodes with few extra gates to catch anomalous activities
in the circuit. Even if we identify k probable Trojan nodes in
the circuit, we do not know beforehand which combination of
those will actually trigger the Trojan, and if it is sequential
Trojan then the problem turns more intense and complexity
becomes many fold. For a combinational Trojan we have to
check all possible 2𝑘 combinations. This makes Trojan
detection extremely slow and infeasible. In this paper we are
proposing a technique to identify Trojans in less than k
combinations for k probable Trojan nodes.
B. Power Measurement Techniques
The authors proposed IDDQ (steady state) current measurement
at various sites across a chip in [6]. This scheme assumes that a
“golden model” from characterized Trojan free IC is available.
In practice it is difficult to have these “golden models”. In [7]
the authors proposed a technique to increase Trojan activity and
decrease original circuit activity and measure power to discern
between Trojan affected and original ICs. A key issue with this
approach is that a single test vector has to be sustained for 25
clock cycles.
C. Path Delay Measurement Techniques
Jin and Makris [8] come up with a path delay measurement
based scheme where path delays of Trojan free chips are
collected and a signature is constructed based on path delays.
To employ this scheme one needs to know a priory which ICs
are Trojan affected and which are Trojan free for a small
number of ICs. Trojan insertion and detection in SEA ASICs
are discussed in [9]. Detecting hardware Trojans by measuring
path delay becomes infeasible in presence of process variation
as delay increment due to Trojan can be masked by delay due
to process variation. Effect of process variation on path delay
based scheme has been discussed in [10]. Process variation is
not considered with due diligence in [8, 9]. Use of process
monitoring circuits ( tracking systematic/global process
variations) and special calibration technique can be useful for
path delay based Trojan detection techniques[11, 12]. It
requires a lot of ICs to statistically determine presence of
Trojans for technique used in [11, 12].
Key contributions of this research are as follows:
In this paper, a novel very high resolution current sensing of
pulse propagation through logic gates is proposed for hardware
Trojan detection. The main contributions of this paper are:
a) In [13] authors proposed a pulse propagation driven
Trojan detection scheme that can detect increase in
capacitances due to Trojan insertion at internal circuit nodes
of digital logic. Efficacy of the proposed technique is reduced
by high fan out nodes in logic circuit. In this work a current
sensor based pulse detector is proposed which will eradicate
the fan out issues in [13] and will make it a generalized
approach for Trojan detection in digital logic.
b) Instead of using pulse detector at every scan flop we
have developed a sensor which can detect presence of pulse in
multiple paths concurrently.
c) Trojan detection time is linear in this approach as
opposed to exponential in state of the art Trojan detection
schemes [4, 5] by increasing transitional probabilities of
susceptible Trojan nodes.
d) The additional circuitry needed to implement the
proposed scheme can be integrated into existing “at speed scan
test” infrastructure of digital pipeline stage designs.
e) The proposed approach can be easily incorporated
into existing IC design flows.
The rest of the paper is arranged as follows: Section 2
describes the assumed hardware Trojan threat model. Section 3
establishes theory of pulse propagation through a chain of logic
gates. The way pulse propagation can be used for detecting
Trojans is explained in Section 4. Section 5 discusses the
proposed current sensor for pulse propagation detection.
Section 6 discusses the infrastructure required to implement the
pulse propagation based Trojan detection scheme, compatible
with “at speed scan test” of digital FSM and pipeline based
logic circuits. Experimental results and comparison with other
detection techniques are shown in Section 7. Conclusion and
future research directions are discussed in Section 8.
2. Trojan Threat Model Detection of hardware Trojans is predicated on Trojan threat
model that defines how a Trojan can cause malfunction in the
circuit. As described in [14, 15] Trojan payload is the part of
the circuit affected by the Trojan (part of the circuit where logic
value is changed due to Trojan) and the act of causing it to have
incorrect logic values is initiated by a Trojan trigger. Trojan can
be combinatorial or sequential. One example of each is given in
Figure 1. Be it combinatorial or sequential the inputs to the
Trojan trigger circuit is coming from original circuit nodes (low
transitional probability nodes). When an original circuit node is
tapped for Trojan trigger, it experiences an extra capacitance.
Least capacitive tapping would be to use a minimum size
inverter. Even when the Trojan is not activated this capacitance
would be there due to loading of an extra gate (see Figure 2). It
is this extra loading that we aim to detect with unprecedented
high resolution using current sensing of pulse propagation
through logic gates. Gate capacitance of a minimum sized
inverter adds 0.2-1 femto farad capacitance to the tapped signal
node (45nm PTM [16] ). It will be shown in subsequent sections
that in presence of 10% random process variation 880 aF of
extra capacitance can be detected by the proposed pulse
propagation technique.
Figure 1: Trojan Models (a) combinatorial Trojan (b) sequential
Trojan
Figure 2: (a) Tapping original circuit node for Trojan inputs (b)
Corressponding equivalent circuit when Trojan is not activated
3. Theory of Pulse Propagation Through Logic Gates
. . . .1 2 3 n
Figure 3: Inverter Chain
In [17, 18] the authors have shown pulse propagation through
logic gates for Single Event Transient (SET) analysis. The
authors have analyzed if a SET pulse can propagate and cause
a logic failure in digital circuits. In this paper the pulse is
deliberately injected to test the Trojan occurrence. The same
analogy of pulse propagation is applicable here and SET pulse
analysis results are leveraged. In this paper all Spice
simulations use 45nm predictive technology [16]. For inverter
chain simulation minimum sized inverters (l=50nm
Wn=100nm Wp=160nm) built with low threshold transistors
(NMOS VTL and PMOS VTL) are used.
A pulse must achieve rail to rail swing (+ve pulse should reach
VDD and a -ve pulse should reach ground) at every stage in
order to propagate through a long chain of logic gates. If this
rail to rail swing is not achieved, the pulse starts deteriorating
progressively from that very stage. If the input pulse rise/fall
time (𝑡𝑟/𝑡𝑓) is lower than the (10 to 90% ) rise/fall (𝜏𝑛 /𝜏𝑝) time
of the gates then minimum pulse width required to propagate a
long chain is 𝜏𝑛 + 𝜏𝑝 [18]. It is found both by numerical
equation solving and Spice simulation that this is a relaxed
constraint. If 𝑡𝑟(𝑡𝑓) < 𝜏𝑝(𝜏𝑛) then the constraint is even more
relaxed. Table 1 is showing two such examples.
Table 1: Minimum Pulse Width Required for Propagation
through the Inverter Chain
tr/tf of Input Pulse
τn τp Min Pulse Width ( Spice Simulation)
Min Pulse Width (Numerical Solution )
1ps 15p 9p 18ps 18ps 6ps 15p 9p 13ps 12ps
Figure 4 is showing two examples a) pulse width is less than
the required width and gradual pulse killing b) pulse width is
above the required pulse width and pulse is propagating through
infinitely long logic chain of inverters. We have mentioned
earlier that a presence of pulse will be detected by sensing
supply current of a logic gate. When a pulse is dying, peak pulse
voltage versus supply current at corresponding inverters are
shown in Figure 5. Both peak current and rms current show
almost linear relationship with peak voltage, corroborate our
idea of detecting a pulse by sensing supply current of a logic
gate.
Figure 4: Pulse Propagation (a) Input pulse width less than the
required minimum width (b) input pulse width greater than the
minimum required pulse width
Figure 5: Peak pulse voltage vs current drawn from power
supply
4. Pulse Propagation Driven Trojan Detection Using
Current Sensing of a Logic Gate
Table 2: Algorithm for implementing pulse detection based
DFS (Design for security)
findTransitionPrb(netlist,random stimuli) /*Stimulate netlist with sufficiently large number of random stimuli to find low transition probability nodes in the circuit*/ 𝑆 = {𝑛𝑖| 𝑇𝑟𝑃𝑟𝑏(𝑛𝑖) < 𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 𝑃𝑟𝑜𝑏𝑎𝑏𝑖𝑙𝑖𝑡𝑦} //select nodes below threshold transitional probability OG=null // null observable gate set For each 𝑛𝑖 ∈ 𝑆 [𝑠𝑡𝑖𝑚𝑢𝑙𝑢𝑠𝑖 , 𝑎𝑐𝑡𝑖𝑣𝑎𝑡𝑖𝑜𝑛 𝑝𝑎𝑡ℎ]=FindStimulusAndActi vationPath(netlist, 𝑛𝑖 ) If( activation path ==NULL) Add an extra scan flop(see Figure 6) [𝑠𝑡𝑖𝑚𝑢𝑙𝑢𝑠𝑖 , 𝑎𝑐𝑡𝑖𝑣𝑎𝑡𝑖𝑜𝑛 𝑝𝑎𝑡ℎ]=FindStimulusAnd ActivationPath(netlist, 𝑛𝑖 ) 𝑜𝑔𝑖 =FindobservableGate(netlist , 𝑛𝑖 , 𝑠𝑡𝑖𝑚𝑢𝑙𝑢𝑠𝑖 ) 𝑂𝐺 = {𝑂𝐺} 𝑈 𝑜𝑔𝑖 Assign 𝑉𝐷𝐷𝑐𝑢𝑟𝑟𝑒𝑛𝑡𝐷𝑒𝑡𝑒𝑐𝑡𝑜𝑟 to gates {OG} Assign VDD to all other gates Synthesize design
Theory of pulse propagation and pulse killing due to extra load
capacitance due to Trojan inputs have been discussed in detail
in previous section. Firstly low transitional probability nodes
are identified by stimulating netlist with sufficiently large
number of random input stimuli. These are the probable Trojan
tapping nodes (Trojan circuit will take input from these nodes).
In [13] the authors have used pulse propagation based Trojan
detection. The above mention technique does not take into
account fan out problem in pulse propagation. If a pulse is so
chosen (pulse width) that it would go unaffected through
maximum k fan out nodes, and in the path if it encounters any
higher fan out node (>k) then the pulse will get killed. At higher
fan out node, pulse experience an extra capacitive load that kills
the pulse. So inside the circuit if we are testing presence of
Trojan at a specific node of fan out k, then pulse cannot be
applied from input through a path where fan out is greater than
k at any one node. Similarly in [13] the authors proposed to
detect the pulse at the output scan flop, which is also not
possible in presence of high fan out in logic circuit. And all the
scan flops would require pulse capturing capability. In this
work a single current detector is sufficient to detect presence of
Trojans in 100’s of paths. One such example is shown in Figure
6, where nodes m and n are Trojan probable nodes. A pulse can
be applied to node m from primary input but cannot be applied
to node n as there are no path from primary input to node n with
max fan out of 1. For such nodes we have used one extra scan
flop in scan chain (as shown in Figure 6) similar to the approach
used in [5] to artificially increase transitional probability. From
node n there is no path to take this pulse at the output, on the
basis of above mentioned fan out issue. If we observe supply
current of gate “X” then we would be able to detect presence
(or absence) of pulse at node n.
Figure 6: Finding current observation point and pulse
application point for a given node (a) original circuit (b)
modified circuit to incorporate Trojan detection DFT
Table 3: Algorithm of finding observable gate for a
corresponding low transition probability node
FindobservableGate(netlist, 𝑛, 𝑠𝑡𝑖𝑚𝑢𝑙𝑢𝑠 ) {nodevalues}=circuitSimulator(netlist,stimulus) f= fan out of node n {P}= Traverse netlist graph from node n towards output and track pulse till it reaches output or a higher fan out (>f) node /* netlist is a unidirectional graph where logic gates are nodes and connections are links */ 𝑃𝑙𝑜𝑛𝑔𝑒𝑠𝑡 =For all path listed in {P} find the longest path og= last gate of 𝑃𝑙𝑜𝑛𝑔𝑒𝑠𝑡 Return(og)
We have shown in previous section and will further show in
experimental result section that under extreme process variation
(+- 10 % random Vt change in ss, ff, nominal process corners)
the proposed current detection technique can detect presence of
a pulse in any one of 100 observation gates if these is a pulse
propagation through any one of them (see Figure 9). For
stimulus generation and path activation we have used a
PODEM[19] like algorithm. We do not kill PODEM after
finding one stimulus and one activation path, we keep on
running it to get all possible stimulus and corresponding
activation paths. For finding pulse application point and current
observation point (see Table 2 and Table 3) we choose the best
path and corresponding stimulus from PODEM output.
5. Current Sensor
Figure 7: Pulse propagation current sensor
Figure 8 : Current Sensor Simulation Result
As it is explained earlier that if a pulse propagates through a
logic gate then it sinks current from power supply. Weaker the
pulse is, lesser is the current drawn from supply. The peak
current difference when a pulse is propagating versus it is not
propagating is of the orders of 100 to 1000. Figure 7 is showing
the current sensor used to detect the peak current difference.
Rsense converts the supply current for observables gates to a
corresponding voltage. This voltage is amplified by the
Differential amplifier. Value of Rsense is so chosen that even
at maximum current drawing condition voltage droop is not
significant (voltage droop is 0.001 volt at maximum current
drawing condition).Two peak voltage detectors are used to
detect peak voltages, one at +ve cycle of the clock and the other
at –ve cycle of the clock. Pulse input is applied at –ve cycle of
the clock. So V1 is the peak voltage due to quiescent current of
the observable gates and V2 is the peak voltage due to pulse
propagation through any one of the observable gates. Switches
S1 & S2 become transparent in +ve and –ve cycle of the clock
respectively. One simulation with 20ps current pulse (on
amplitude 1 µA, off amplitude 10nA) is shown in Figure 8 to
illustrate the operation of the peak current sensor. Clear pulse
is used to drain the charges stored in peak detector capacitor to
make it ready for next clock cycle test. The comparator goes to
logic high when V1 goes above V2 by 50mv. This 50mv is kept
as a guard band for process variation.
6. Integrating the Current Sensing Approach in
Traditional Scan Chain for Digital Pipeline
Systems
Figure 9: Integrating Pulse Propagation Current Detector with
scan chain
1 0 P
Scanned in Input 0 1 0 1
0 0 1 0Scanned in Pulse Control
Circuit Input 0 1 P 1
Logic High Logic Low Pulse
Figure 10: Scanned in values and circuit input
The proposed pulse propagation current sensing based Trojan
detection scheme can easily be incorporated into traditional
scan chain available in the digital system for scan testing. A
pictorial representation of such a system for pipeline scanning
is shown in Figure 9. Similar integration is possible for
boundary scanning systems also. One extra scan flop is used in
every pipeline to detect existence of Trojan in the previous
pipeline logic stage. A single pulse generator is shared among
all the scan flops of a pipeline stage. It can be shared among
multiple pipelines provided different types of pulses are not
used simultaneously by two different pipeline stages. As shown
in Figure 9, input to a logic circuit can be a scanned in value or
a pulse form the pulse generator depending on scanned in pulse
control value. A pulse is applied to the circuit if scanned in
pulse control value is logic 1 (See Figure 10 for explanation). It
is to be noted that a parallel scan chain is used to scan in pulse
control values. In reality these extra flip-flops may not be
required. Shadow flip-flop in a scan flip-flop can be used to
scan in these pulse control values.
7. Experimental Results Table 4 : Comparison of scan cycles required to detect a
Trojan (* ThPr : Threshold Transitional Probability)
ISCAS 85 Bench Mark Circuit
Thpr # nodes below ThPr
Scan cycles required to detect any Trojan from these nodes This Work
[5]
C432 1e-3 8 8 1.7e7 C880 1e-3 7 7 1.6e6 C1355 1.5e-3 15 15 4.7e39
Figure 11: Monte Carlo Simulation (a) Path Delay (b)
Comparator Voltage of Current Sensor
It is mentioned in previous sections that activation of a Trojan
is very rare event of occurrence and nature, location of Trojan
in a circuit is not known a priori. Detecting Trojan with
actuating it, is an expensive proposition always. In this
approach, k low transition probability nodes are identified as
probable Trojan nodes and transition probability of those k
nodes are increased artificially.to reduce Trojan activation time.
Let’s assume after increasing transition probability the
respective transition probabilities are 𝑝0𝑖 𝑎𝑛𝑑 𝑝1𝑖. Then Trojan
activation time would be ∏ min (𝑝0𝑖 , 𝑝1𝑖)𝑘𝑖=1 . The scheme
proposed in this work can detect Trojans in k cycles. The
improvement in Trojan activation time is exponential. Table 4
is showing this example for three ISCAS bench mark circuits.
To compare pulse technique with delay based techniques we
took a random path from c432 netlist and created 4000 process
instance of it (+- 20 % random Vt variation in ss, ff and tt
corners) out of which 2000 were Trojan affected. Monte Carlo
simulation (Figure 11) on those 4000 instances show 24.6 %
miss prediction in delay measurement as opposed to 10.9 %
miss prediction in pulse based scheme. No process statistics
were involved in this measurement to have a fair comparison.
Knowledge of process statistics will help both the techniques.
8. Conclusions and Future Work
In this work the authors have explained how Trojan attack at
probable low transition probability nodes in a digital logic
system can be detected by using high resolution pulse input and
detecting the presence (or absence) of the pulse with an inbuilt
supply current sensor. The entire Trojan detection scheme can
be very easily integrated with traditional JTAG boundary scan
or pipeline scan chain testing system prevailing in the design.
Inclusion of Trojan detection scheme into scan chain has
minimal effects in terms of area and power. Advantage of the
proposed pulse killing technique over other (delay monitoring,
artificially increasing transition probability during logic
testing) state of the art Trojan detection schemes have been
compared and efficacy of this technique over the other
mentioned techniques have been established.
9. Acknowledgment This research was supported by NSF under Grant CNS
1441754 and by SRC under GRC Task 2555.001.
10. References
[1] D. S. Board. (Feb 2005, "Task Force On HIGH
PERFORMANCE MICROCHIP SUPPLY".
[2] C. J. G. N. M.S. Anderson, K.K. Yiu, "Towards
Countering the Rise of the Silicon Trojan," C. C. C. a. I.
Division, Ed., ed: Defence Science and Technology
Organisation, Dec 2008.
[3] F. Wolff, C. Papachristou, S. Bhunia, and R. S.
Chakraborty, "Towards Trojan-Free Trusted ICs: Problem
Analysis and Detection Scheme," in Design, Automation
and Test in Europe, 2008. DATE '08, 2008, pp. 1362-
1365.
[4] H. Salmani, M. Tehranipoor, and J. Plusquellic, "A Novel
Technique for Improving Hardware Trojan Detection and
Reducing Trojan Activation Time," Very Large Scale
Integration (VLSI) Systems, IEEE Transactions on, vol.
20, pp. 112-125, 2012.
[5] H. Salmani, M. Tehranipoor, and J. Plusquellic, "New
design strategy for improving hardware Trojan detection
and reducing Trojan activation time," in Hardware-
Oriented Security and Trust, 2009. HOST '09. IEEE
International Workshop on, 2009, pp. 66-73.
[6] J. Aarestad, D. Acharyya, R. Rad, and J. Plusquellic,
"Detecting Trojans Through Leakage Current Analysis
Using Multiple Supply Pad IDDQ" Information Forensics
and Security, IEEE Transactions on, vol. 5, pp. 893-904,
2010.
[7] M. Banga and M. S. Hsiao, "A Novel Sustained Vector
Technique for the Detection of Hardware Trojans," in
VLSI Design, 2009 22nd International Conference on,
2009, pp. 327-332.
[8] J. Yier and Y. Makris, "Hardware Trojan detection using
path delay fingerprint," in Hardware-Oriented Security
and Trust, 2008. HOST 2008. IEEE International
Workshop on, 2008, pp. 51-57.
[9] P. Kumar and R. Srinivasan, "Detection of hardware
Trojan in SEA using path delay," in Electrical,
Electronics and Computer Science (SCEECS), 2014 IEEE
Students' Conference on, 2014, pp. 1-6.
[10] D. Rai and J. Lach, "Performance of delay-based Trojan
detection techniques under parameter variations," in
Hardware-Oriented Security and Trust, 2009. HOST '09.
IEEE International Workshop on, 2009, pp. 58-65.
[11] C. Byeongju and S. K. Gupta, "Efficient Trojan Detection
via Calibration of Process Variations," in Test Symposium
(ATS), 2012 IEEE 21st Asian, 2012, pp. 355-361.
[12] B. Cha and S. K. Gupta, "Trojan detection via delay
measurements: A new approach to select paths and
vectors to maximize effectiveness and minimize cost," in
Design, Automation & Test in Europe Conference &
Exhibition (DATE), 2013, 2013, pp. 1265-1270.
[13] S. Deyati, B. J. Muldrey, A. Singh, and A. Chatterjee,
"High Resolution Pulse Propagation Driven Trojan
Detection in Digital Logic: Optimization Algorithms and
Infrastructure," in Test Symposium (ATS), 2014 IEEE
23rd Asian, 2014, pp. 200-205.
[14] R. S. Chakraborty, S. Narasimhan, and S. Bhunia,
"Hardware Trojan: Threats and emerging solutions," in
High Level Design Validation and Test Workshop, 2009.
HLDVT 2009. IEEE International, 2009, pp. 166-171.
[15] S. Narasimhan, D. Dongdong, R. S. Chakraborty, S. Paul,
F. Wolff, C. Papachristou, et al., "Multiple-parameter
side-channel analysis: A non-invasive hardware Trojan
detection approach," in Hardware-Oriented Security and
Trust (HOST), 2010 IEEE International Symposium on,
2010, pp. 13-18.
[16] "http:/ptm.asu.edu."
[17] X. Gili, S. Barcelo, S. A. Bota, and J. Segura, "Analytical
Modeling of Single Event Transients Propagation in
Combinational Logic Gates," Nuclear Science, IEEE
Transactions on, vol. 59, pp. 971-979, 2012.
[18] L. W. Massengill and P. W. Tuinenga, "Single-Event
Transient Pulse Propagation in Digital CMOS," Nuclear
Science, IEEE Transactions on, vol. 55, pp. 2861-2871,
2008.
[19] P. Goel and B. C. Rosales, "PODEM-X: An Automatic
Test Generation System for VLSI Logic Structures," in
Design Automation, 1981. 18th Conference on, 1981, pp.
260-268.