Research On Hardware Trojan Detection Technology For Chip Design Phase

Integrated circuits are subject to various forms of malicious tampering.This kind of circuit that can change design functions and lead to leakage of core information and denial of service is called hardware Trojans.Hardware Trojans take various forms.Every aspect of chip design and manufacturing may be invaded by hardware Trojans,which poses a great threat to chip security.At this stage in the world,the hardware Trojan detection technology is mainly oriented to the manufacturing phase.However,the widespread application of third-party IP cores makes it easier to implant Trojans in the chip design phase.Therefore,this paper starts the research on the hardware Trojan detection technology for the chip design phase.This paper first studied and implemented a hardware Trojan detection method based on code coverage.The targeted objects are RTL level hardware Trojans.Through this method,18 benchmark circuits on the Trust-Hub website were tested.The detection success rate can reach over 94%.The leaked hardware Trojan based on AES is designed.The expected function of the Trojan is implemented through FPGA and the detection of code coverage to this Trojan is failed.This confirmed that the detection method of code coverage is sensitive to code writing style.In order to further improve the security of the chip design phase,the hardware Trojan detection technology based on static Boolean function analysis and dynamic logic test are mainly studied.Both are used as an important supplementary measure for code coverage detection.The targeted objects are hardware Trojans embedded in the gate level netlist.The detection method based on the static Boolean function analysis determines whether it is a Trojan signal by marking the input signal that has a“very weak influence”on the output.This method can effectively locate the Trojan data path of the RS232benchmark circuit of the Trust-Hub website.The results show that this method can help designers to exclude more than 90%of the normal function signals and maintain false positive rates below 10%.In the dynamic logic test method,because the hardware Trojan trigger circuit is often embedded in the node with very low probability of transition,this paper optimizes the ATPG technology to only perform stuck-at fault detection on the nodes with very low transition probability in the circuit.The results of the study indicate that this method can effectively locate the hardware Trojan with a transition probability of 7.44×10^-9 in the ISCAS'89 circuit.Compared with the traditional ATPG method,the method in this paper can greatly increase the trigger probability of the hardware Trojan.The ratio of the trigger time of the test vector to the total simulation time increases by 91.3%.