Python Notes for mca i year students osmania university.docx
Â
trojan detection
1. Hardware Trojan Detection
Guided by
Dr. P. Kalpana
Professor
Department of ECE
PSG College of Technology
Presented by
S. Sri Nishith
15MV32
M.E. VLSI Design
3. Objective
⢠The objective is to detect the presence of Trojan in the circuit by analysing power
and delay.
⢠To implement LBIST (Logic Built in Self-Test) in AES core in order to detect the
hardware Trojan by analysing area, power and test coverage.
4. Introduction
⢠Hardware Trojan is a malicious modification of the circuitry of an integrated
circuit.
⢠Extra circuitry added to specified design
â˘can cause malfunction
â˘steal secret information
â˘create backdoor for attack
5. Cont.
⢠The Trojan circuits cannot be easily detected during normal operating conditions
because it triggers at very rare condition.
⢠So Hardware Trojan must be detected in an IC before it is used in various
applications.
6. Trojan detection techniques
⢠To date there are mainly three side channel analysis techniques in hardware Trojan
detection they are
⢠Power measurement technique
⢠Path delay measurement
⢠Physical design based testing
8. Literature survey
1. Nan Li, Gunnar Carlsson, Elena Dubrova, Kim Peters´en âLogic BIST: State-of-
the-Art and Open Problemsâ arXiv:1503.04628v1, 16 Mar 2015.
⢠The following problems need to be addressed to successfully deploy LBIST in the
industrial practice.
⢠LBIST methods which take advantage of multiple identical blocks/cores on a
chip need to be developed. Existing LBIST CAD tools do not exploit this
possibility. For example, to reduce the area overhead of LBIST, the same
pseudo-random test pattern generator can be used for testing identical blocks.
9. Cont.
2. Y.Jinand Y.Makris, âHardware Trojan detection using path delay finger print,â in
Proc. Of the IEEE International Work shop on Hardware-Oriented Security and
Trust (HOST2008), pp.51â57, 2008
⢠Traditional function testing is less effective in detecting Trojan circuit for the
following reasons,
⢠The trigger condition of a Trojan rarely appears.
⢠The harm of Trojan circuits may emerge after a long time after
implementation.
10. Cont.
3. G. Hetherington, T. Fryars, N. Tamarapalli, M. Kassab, A. Hassan, and J. Rajski,
âLogic BIST for large industrial designs: real issues and case studies,â in
Proceedings of International Test Conference (ITCâ1999), pp. 358 â 367, 1999.
⢠LBIST test method is an attractive alternative to ATPG tests which can test an
integrated circuit by its own.
⢠It operates by exercising the circuit logic and then detecting if the logic behaved as
intended using on chip test generator and test response
13. Pulse propagation driven Trojan detection
⢠Pulse propagation driven approach for a generalized logic circuit consists of
following key elements
⢠Pulse sensitization is performed from selected logic circuit input to appropriate
logic circuit output.
⢠Trojan existence is determined by whether the injected pulse reaches the
circuit output using a pulse detector circuit.
14. PULSE DETECTOR
⢠The pulse detector circuit is a carefully sized clocked inverter and is integrated inside
the scan flip-flop circuitry.
30. RESULTS
DESIGN POWER WITHOUT TROJAN POWER WITH TROJAN
8:1 MUX 1.4261mW 2.0907mW
POWER ANALYSIS
DELAY ANALYSIS
DESIGN DELAY WITHOUT TROJAN DELAY WITHTROJAN
8:1 MUX 368.4ps 10.64ns
42. RESULTS
DESIGN POWER WITH TROJAN
Full adder combinational
Trojan
Full adder synchronous
Trojan
2.5353mW
2.8873mW
POWER ANALYSIS
DELAY ANALYSIS DESIGN DELAY WITHTROJAN
Full adder combinational
Trojan
Full adder synchronous
Trojan
20.0ms
1.697ns
43. LBIST Architecture
⢠LBIST is one of the important BIST testing mechanism which is gaining
importance in the various industries due to its unique advantages of automatic
testing of IC with high test coverage.
⢠One of the important point about LBIST is that whenever the system is starting
LBIST could run and checks for the correct signature for the system to work
properly. If the signature mismatches then the system indicates a warning. Hence
LBIST is suited for repeated testing in the field.
44. Cont.
⢠The following Figure shows the typical LBIST system.
Figure1: A typical LBIST system
45. Cont.
⢠A typical LBIST system comprises following:
ď Logic to be tested, or, as is called Circuit under Test (CUT)
ďPRPG (Pseudo-Random Pattern Generator)
ďMISR (Multi-Input Signature Register)
ďLBIST controller
47. Experimental Setup
⢠Tools Used
ďCadence âRTL Compiler
For including LBIST to the Core and measuring area and power
ďCadence -Encounter Test
For measuring the Test Coverage
⢠Benchmark Circuit Used
ď Advanced Encryption System (AES) -128 bit
48. Parameters
⢠Test Coverage :
⢠The Test Coverage (TC) is the percentage of detected faults for all detectable faults,
and gives the most meaningful measure of test pattern quality.
Test Coverage (TC)=Faults Detected / Detectable Faults in Faults list
49. Cont.
⢠Static Faults:
⢠Stuck-a-0 faults &
⢠stuck-a-1 faults
⢠Dynamic Faults:
⢠A delay fault (known as a dynamic or transition fault) models a specific
physical defect at a specific location.
⢠Dynamic faults may model the condition where a data transition is slow to rise
(transition from logical 0 to logical 1), or slow to fall (transition from logical 1
to logical 0).
50. Results
⢠The results for the AES Trojan free and AES Trojan inserted circuits are analysed
for power, area, and test coverage.
Table 1: Area results for AES Trojan free and Trojan inserted
Bench Mark Circuit Area(um)
AES
Trojan free 970477
Trojan inserted 971698
51. Cont.
Bench Mark Circuit Switching power (nW) Leakage power (nW)
AES Trojan free 57750880.22 8414464.17
Trojan inserted 38670689.75 8427960.68
Table 2: Power results for AES Trojan free and Trojan inserted
52. Cont.
Bench Mark Circuit
Test Coverage (%)
LBIST Method
Static Faults Dynamic Faults
AES
Trojan free 86.89 54.54
Trojan inserted 86.81 54.71
Table 3: Coverage results for AES Trojan free and Trojan inserted
53. Conclusion
⢠8:1 mux and full adder circuits are implemented with Trojan and without Trojan
and results are compared between them for both power and area.
⢠The LBIST for AES core for both Trojan free and Trojan inserted circuits and
obtained a high test coverage of 86.89% and 86.81% for static fault and 54.54%
and 54.71% for dynamic fault
⢠The LBIST method can be used for detecting Trojans in high levels of System on
Chip testing.
54. References
[1] Mitra, S., McCluskey, E J., Makar, S. (2002). Design for testability and testing of IEEE 1149.1
TAP controller. Proceedings 20th IEEE VLSI Test Symposium (VTSâ02), pages 247-252.
2] Janusz Rajski, Katarzyna Radecka, Jerzy Tyszer. (1997). Arithmetic Built-In Self-Test for DSP
Cores. IEEE Transactions On Computer-Aided Design Of Integrated Circuits AndSystems.16(11):1-
7.
[3] Tobias Strauch. (2012). Single Cycle Access Structure for Logic Test. IEEE Transactions On Very
Large Scale Integration Systems. 20(5):878 â 891.
[4] Kedarnath J. Balakrishnan, and Nur A. Touba. (2006). Improving Linear Test Data Compression.
IEEE Transactions On Very Large Scale Integration Systems. 14(11):1227-1237.
[5] J. Rajski, J. Tyszer, M. Kassab, and N. Mukherjee, âEmbedded deterministic test,â IEEE
Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 23, pp. 776 â 792,
May 2004.
55. Cont.
[6] G. Hetherington, T. Fryars, N. Tamarapalli, M. Kassab, A. Hassan, and J. Rajski, âLogic BIST for
large industrial designs: real issues and case studies,â in Proceedings of International Test Conference
(ITCâ1999), pp. 358 â 367, 1999.
[7] Alex Baumgarten, Michael Steffen, Matthew Clausman, Joseph Zambreno, "A case study in
hardware Trojan design and implementation," International Journal of Information Security, Volume
10, Issue 1, pp. 1â14, 2011.
[8] Y.Jin and Y.Markis âHardware trojan detection using path delay fingerprintâ, IEEE intl. workshop
on Hardware oriented security and trust, pp.51-57,2008.
[9] Kurt Rosenfeld and Ramesh Karri. (2011). Security-Aware SoC Test Access Mechanism. IEEE
29th VLSI Test Symposium (VTS), pages 100-104.
[10] Luke pierce and Spyros Tragoudas. (2011) Multilevel Secure JTAG Architecture. IEEE 17th
International On-Line Symposium, pages 208-209.
[11] Nan Li, Gunnar Carlsson, Elena Dubrova, Kim Peters´en âLogic BIST: State-of-the-Art and Open
Problemsâ arXiv:1503.04628v1 [cs.AR] 16 Mar 2015
56. Cont.
[12] S. Deyati, B. J. Muldrey, A. Singh, and A. Chatterjee, "High Resolution Pulse Propagation Driven Trojan
Detection in Digital Logic: Optimization Algorithms and Infrastructure," in Test Symposium (ATS), 2014 IEEE
23rd Asian, 2014, pp. 200-205.
[13] M. Banga and M. S. Hsiao, "A Novel Sustained Vector Technique for the Detection of Hardware Trojans,"
in VLSI Design, 2009 22nd International Conference on, 2009, pp. 327-332.
[14] B. Cha and S. K. Gupta, "Trojan detection via delay measurements: A new approach to select paths and
vectors to maximize effectiveness and minimize cost," in Design, Automation & Test in Europe Conference &
Exhibition (DATE), 2013, 2013, pp. 1265-1270.
[15] F. Wolff, C. Papachristou, S. Bhunia, and R. S. Chakraborty, "Towards Trojan-Free Trusted ICs: Problem
Analysis and Detection Scheme," in Design, Automation and Test in Europe, 2008. DATE '08, 2008, pp. 1362-
1365.
[16] J. Yier and Y. Makris, "Hardware Trojan detection using path delay fingerprint," in HOST 2008., pp. 51-57.
[17] R. S. Chakraborty, S. Narasimhan, and S. Bhunia, "Hardware Trojan: Threats and emerging solutions," in
High Level Design Validation and Test Workshop, 2009. HLDVT 2009. IEEE International, 2009, pp. 166-171.
[18] https://en.wikipedia.org/w/index.php?title=Hardware_Trojan& oldid=740716473