Research Of Process Trojan Detection Technology Based On TDC

As the core of modern application equipment,integrated circuits are closely related to national security and people's livelihood.However,the separation of design,manufacturing,packaging,and testing of integrated circuits makes the chip extremely vulnerable to attacks by Hardware Trojans.The implantation of the Hardware Trojan will affect the function,performance or life of the chip,and thus pose a major threat to defense and civilian equipment.Therefore,the research of Hardware Trojan detection technology is of great significance to improve the autonomy,security and credibility of the chip.The subject of this thesis comes from National Key Basic Research Program of China(973project).As a special Hardware Trojan,the Process Trojan can be implanted by modifying the process steps or conditions of the chip manufacturing process.The attack effect of the Trojan is gradually reflected in the use of the chip.Process changes will affect performance parameters such as the threshold voltage of the device,and at the same time exacerbate aging effects such as NBTI,resulting in reliability issues such as accelerated chip aging and reduced performance.Due to the Process Trojan,the threshold voltage of the device will drift significantly,and the change of the threshold voltage will cause the gate delay to change.The accumulation of gate delay changes will cause a measurable change in path delay.Therefore,in this thesis,the Process Trojan detection research is promoted from the process and device level to the circuit level.Combining time digital conversion technology and active detection technology,a TDC-based Process Trojan detection method is designed.By implanting an on-chip delay detection array in a large-scale integrated circuit,the path delay in the key modules of the circuit is tracked and detected.Using TDC,a high-precision time measurement circuit,the path delay is converted into a digital quantity for record analysis,and abnormal changes in path delay data are found,thereby realizing the detection of Process Trojans.First,the effects of Process Trojans on path delay through two aspects is analyzed:uncontrolled processing conditions and uncontrolled masks.The feasibility of Process Trojan detection using path delay is demonstrated,and detection strategies and countermeasures are given.Requirements for testing circuit performance indicators.Further,based on the delay chain TDC and two-step TDC,a circular delay chain type detection circuit and a time amplification type detection circuit are designed.The advantages and disadvantages of the two detection structures are compared by simulation analysis,and finally the circular delay chain type detection structure is determined as a path delay detection circuit.The detection resolution is 10ps,the range can reach 2.8ns,and it is easy to expand.The dead time is less than 2.5ns,and the sampling rate can reach 400MHz.At the same time,considering that the delay-side channel detection method is susceptible to process changes,an A-CD calibration method is proposed for the structural characteristics of the circular delay chain detection circuit,and verified that the calibration method is effective through actual tape-out.In the design,a RISC-V processor is selected as the verification circuit.Under the 55nm process,the overall design and hardware implementation of the on-chip delay detection array are performed.Before detecting the array insertion,the non-critical path in the key module was selected as the detection path by analyzing the attack method of the Process Trojan.A detection circuit is inserted into the netlist of the verification circuit,and a control circuit and a cyclic shift output circuit are designed to jointly implement the design of an on-chip delay detection array.Through the analysis of the results,the area of the detection array inserted in this thesis is about 1000um²,which accounts for 10^-4 orders of magnitude of the verification circuit in this thesis.The power consumption is 0.1m W,accounting for 10^-3orders of magnitude of the verification circuit.In terms of timing,because the insertion of the detection circuit avoids the critical path,the timing cost is 0.Taking into account the actual application requirements,a method of modifying the scale factor is used to simulate the process degradation of the design,which ensures that even when the process deviates from the normal range,the detection array can still work normally to detect the path delay.Finally,according to the design scheme of this thesis,the 55nm MPW tape-out was completed,a board-level test platform was built,and the sample was tested for actual measurement and simulation process changes.The actual measurement results of the sample verify the effectiveness and practicability of the on-chip delay detection circuit and calibration method.In addition,in order to verify whether the detection array has the ability to track the delay variation of the detection path,the process variation is simulated by changing the power supply voltage of the sample,causing the path delay to change,and the sample is tested again.The test results found that the on-chip delay detection array proposed in this thesis can track the change in path delay.Therefore,the TDC-based Process Trojan detection technology proposed in this thesis can detect the abnormal changes in data by using the path delay obtained by the detection even without a reference chip,thereby detecting the Process Trojan.