Research On Hardware Trojan Detection Technology Based On Logic Built-in Self-Test

Hardware Trojan is the tiny circuit embedded in chip that makes the function of integrated circuit fail or disclose information during design,manufacture or packaging.With the development of integrated circuits,chips come into all aspect of our lives and play an importment role in aerospace,national defense,finance and communications.Once these chips are inserted into hardware Trojans,it will cause disastrous consequences.Therefore,the research on hardware trojan detection is very urgent and has practical significance.This subject comes from a project of the national ministry.The hardware trojans embedded in the chip during manufacture are researched in this dissertation and a hardware trojan detection structure based on logic built-in self-test is designed.According to the hardware Trojans hidden in low active nodes,the nodes whose flipping probability is lower than the threshold as a possible node of Trojan are researched based on simulation.Scan chains are inserted to increase the flipping probability of the nodes.According to the low effiency of Trojan detection,a pseudo-random test pattern generation module is designed.A compression module is designed.The output reponse of circuit is compressed into a 16-bit signature and compared with the expected signature.By analyzing the Trojan detection algorithm,it is found that the vulnerability in algorithm can be used to avoid the detection.For example,the phase difference in the pattern generated by LFSR can be used to avoid detection.For this reason,a phase shifter is added.Considered the test security issues due to the insertion of the test structure:attackers attack the test structure directly or obtain internal information throurh the test channel.Through a doping injection-based Trojan,the result of comparison module can be modified directly by the attackers.The test pattern generation module and the response compression module can also be attacked,the internal flip-flops can be modified to make the signature of the Trojan circuit same as the expected signature of the Trojan-free circuit.For this reason,a configurable key system is added into the test pattern generation module.According to the insertion of scan chains,internal data of the circuit can be got by switching between function mode and test mode.A fingerprint-baesd scan chain encryption structure is designed to protect the scan chains.Finally,the results of hardware Trojan detection based on LBIST and the proposed security test structure are verified.Simulation results show that:（1）In the structure of logic built-in self-test,by the pseudo-random test pattern generation module,the activation probability of the combined trigger trojan can reach 92.95%and the Trojan comparison time is shortened by 95.21%.The frame structure accounts for 8.6%of the circuit area.（2）Through the fingerprint-based scan chain encryption design,a 10-bit fingerprint is inserted into the circuit,the probability that attacker successfullt guess is only 2^-32.With a configurable LFSR,the probability of an attacker successfully calculation the signature can reach 2^-127.With the phase shifter,the phase difference between the scan chains can reach 534.