Research On Hardware Trojan Detection Based On On-chip Self-authentication

Integrated circuits are the core of information technology and play a vital role in the fields of socio-economic development and national security.Driven by economic globalization,in order to accelerate the development of integrated circuits and reduce final costs,most companies usually outsource the mask production and manufacturing of chips to third-party foundries,resulting in inability to fully control the supply chain.Attackers can achieve the purpose of stealing confidential information and tampering with circuit functions through the implantation of hardware Trojans.Therefore,the research on hardware Trojan detection technology is of great significance to improve the independent controllability,independent credibility of integrated circuits and the security of various national information systems.The subject of this thesis comes from the National Key Basic Research Program of China(973 Project).Aiming at the physical layout level hardware Trojan,a hardware Trojan detection method is proposed and a complete detection process is established.The method completes the implantation of the detection structure at the chip design stage.The detection of the hardware Trojan is realized by comparing the output fingerprints of the chip under test and the golden model.The method has the characteristics of low hardware consumption,strong protection,and high detection accuracy.Firstly,the sensitivity of the ring oscillator to the hardware Trojan is investigated.After analyzing the detection principle and detection range of the ring oscillator,the s9234 circuit in the ISCAS89 benchmark circuit is selected as the carrier circuit,and different hardware Trojans are implanted at the physical layout level.The effects of the size and distribution of the hardware Trojan and the distribution structure of the ring oscillator on the sensitivity of the ring oscillator are analyzed through simulation experiments.The experimental results show that the larger the size of the hardware Trojan,the wider the distribution range of the hardware Trojan,and the shorter the distance between the hardware Trojan and the ring oscillator,the more obvious the oscillation frequency of the ring oscillator changes.And the ring oscillator of the decentralized-type distribution structure has higher sensitivity than the IP-type distribution structure.Then,after completing the circuit vulnerability analysis,the following optimization strategies are proposed for the implantation of the detection structure: the ring oscillators of the decentralized-type distribution structure are placed according to the fragile nodes of the circuit to improve the sensitivity to the hardware Trojan;the greedy algorithm is used to reduce the number of filled cells to obtain the optimal layout of the logic function modules,which effectively reduces the consumption of the detection circuit;change the circuit tree structure by reducing the number of cells in the set and adjusting the cell sequence;by reducing the number of cells in the set,adjusting the cell sequence to change the circuit tree structure,and restructuring the logic function modules,the number of redundant gates is effectively reduced and the test coverage is improved.At the same time,a complete hardware Trojan detection process is designed,and the feasibility analysis of detection methods for several common types of physical layout-level hardware Trojans is performed,including removal attacks,scaling attacks,redesign attacks,and input / output module attacks.Finally,the physical implementation and simulation verification of the hardware Trojan detection method are carried out.In the experiment,the s35932 circuit in the ISCAS89 benchmark circuit and OCRA processor of RISC-V open source version are selected as the carrier circuits,and the search for circuit fragile nodes is achieved.After completing the physical design and detection structure implantation according to the optimization strategies,four different types of hardware Trojans are selected and implanted separately.The hardware Trojan detection is realized by comparing the fingerprints of the golden model and the Trojan chip by simulation.And in order to simulate the actual test environment,under the condition of process variation,the algorithms of principal component analysis and advanced outlier analysis are used to complete the separation of the Trojan chip and the golden model.The experimental results show that compared with the traditional hardware Trojan detection methods,the proposed method has the following advantages: the detection structure has lower hardware consumption,which is only 5.17% and 1.56% in the s35932 circuit and OCRA processor,respectively;it has a strong protective effect on the original design,and by filling the cells in the physical layout of the original design,it greatly increases the difficulty of implanting the hardware Trojan;the detection accuracy is high,and under the condition of process variation,the detection method still has a good detection and positioning effect for a hardware Trojan with an area ratio of 0.0325%.