https://doi.org/10.1007/s10836-019-05848-2

An Efficient Technique to Detect Stealthy Hardware TrojansIndependent of the Trigger Size

S. M. Sebt1 · A. Patooghy2 ·H. Beitollahi1

Received: 12 May 2019 / Accepted: 4 December 2019© Springer Science+Business Media, LLC, part of Springer Nature 2019

AbstractDetecting Hardware Trojans (HTs) in digital circuits might be a challenging problem due to the stealthy nature of thesemalicious unwanted guests. The trigger part which is supposed to activate the Trojan under exceptional conditions, is ofteninserted at rare–switched nets of the design to hide them from usual verification tests mechanisms. Existing Trojan detectionmethods straggle in detecting modern Trojans which mostly have exploit multiple-input triggering parts to drive smallpayloads. Addressing such multiple-input triggering circuitries needs wise activation mechanisms with a reasonable time-complexity to serve as a feasible solution for large commercial designs. In this paper we present an algorithm which analysesfan-in and fan-out cones along with the Hardware Trojan susceptibility of the most suspicions nets of gate-level designsto find subsets of them which could most probably activate an inserted HT. Then a fast test vector generation algorithm isproposed to excite as many susceptible nets as possible for achieving the multiple nets excitation requirement. The resultsof applying the proposed algorithms on the TRIT and trust-hub benchmark suites show an average of 89% HT detectioncoverage while the required maximum run time is much smaller than the previous state of the art methods.

Keywords Hardware Trojan detection · Test vector generation · Multiple net excitation

1 Introduction

Since the past decade, hardware trustworthiness has beenbecoming a serious challenge specially for decentralizedIC design and manufacturing process. Insertion of extramalicious circuitries, which are commonly referred to asHardware Trojans (HTs), is one of the most important trustchallenges in the design and manufacturing of digital ICs[2]. A wide variety of HTs investigated in the literature[2, 11] follow the basic design style of trigger/payload i.e.,the trigger parts detects a specified condition and activatesthe payload part for real malfunctioning [11]. A hardware

Responsible Editor: M. Hsiao

� H. Beitollahibeitollahi@iust.ac.ir

A. Patooghyapatooghy@uca.edu

1 Department of Computer Engineering, Iran Universityof Science & Technology, Tehran, Iran

2 Department of Computer Science, University of CentralArkansas, Conway, AR 72035, USA

Trojan may aim at leaking secret information or denyingan expected functionality of the chip. To remain undis-covered in the course of chip test/verification steps, HTsare normally inserted at low switching nets of the designwhich cuase them to remain dormant until the trigger partgenerates the activation signal [1, 11]. As a result testmethods are not able to detect possible HTs in a designand customized methods are needed to activate/detect theHTs [2, 20, 22, 23]. In general, HT detection methods areeither based on side channel analysis (SCA) or logic test-ing methods [11]. The SCA-based methods try to detecta possibly inserted HT by investigating the IC’s physicalcharacteristics, e.g., sunk current, power dissipation, ther-mal profile, etc. However, side channel impacts of the HTsmay be too small that makes their detection very hard, forexample side channel impacts of process variation in nano-sclae chips raise a high rate of false-negative detection inthe SCA-based methods [1]. More importantly, SCA-basedmethods are only applicable on the fabricated chips i.e.,they have to have either a golden (HT-free) chip as a refer-ence model or a group of the same chips to be able to do adiscrimination [23].

Unlike the SCA-based methods, most of logic testingmethods target IC designs prior to the fabrication steps

Journal of Electronic Testing (2019) 35:839–852

/ Published online: 18 ece 2019D mber

by investigating HT effects on the functional propertiesof the design [23]. Since HTs are mostly inserted atlow switching nets of the design to remain undiscovered,test-based methods check low-switching nets as potentialcandidates for HT insertion. To find rare switched netsin gate-level designs, several researchers have utilized theswitching probability analysis method which estimates theprobability of having logical ‘0’ or ‘1’ in every circuit net[3, 14, 16]. Then, the switching probability of a circuit net(Pt ) is calculated as P0 × P1 [16]. This analysis assumesidentical switching probability for all inputs of the designwhich means that input bits of the design are assumed tobe independent i.e., P0 = P1 = 0.5. This unrealisticassumption is the source of inaccuracy that limits thatapplicability of the probability analysis method in real worldICs in which input data is correlated [17].

Some other researchers have tried to find possible HTs bydoubting in and finding unused parts of the design. This isdone in FANCI [21] by evaluating the input/output relationfor different modules of the design using a parameter namedControl Value (CV). Having a low CV for a specific part ofa module means that the specific part does not have enoughcontribution in producing outputs of the module, so it isnot a normal part. To find unused nets, VeriTrust [24] haveinvestigated un-activated Sum Of Products (SOP)/ProductOf Sums (POS) extracted by forming Karnaugh map duringverification tests. A tool named HatCH is presented in[9] which aims at extracting functional specification of anIP core using functional testing to find a list of unusedwires. These methods need truth table / K-Map analyses tofind the suspicious nets which impose huge computationsand induce high time complexities that degrade theirefficiency for commercial designs with hundreds of inputs/outputs.

To overcome the above mentioned challenges, in ourprevious research [17], we developed a gate-level HardwareTrojan Susceptibility (HTS) metrics along with a netclassifier method named Hardware Trojan SusceptibilityAssessments (HTSA). Instead of switching probability,our metrics of interest are inspired from the SCOAPcontrollability and observabilty parameters [8] with sub-linear computational complexity. Although nets extractedby HTSA are highly suspicious to be connected to anHT payload, a mechanism is still needed to answer thefollowing major questions, Is there any HT in my design?Where?

The contributions of this paper are listed as follows:

– An algorithm is presented to analyze characteristics ofthe susceptible nets extracted by the HTSA method.This is important to better perform simultaneousexcitation for detection of modern HTs which aremainly multi-excitation logics [22].

– A net excitation method is presented which couldrapidly excite multiple nets together. This method isused to excite all nets of a subset together.

The reminder of the paper is organized as follows.Section 2 presents our motivation and related works.Section 3 represents the HT activation algorithm. Section 4states a technique to excite the rare-switched nets.Performance evaluation of the algorithm is represented inSection 5 and finally, Section 6 concludes the paper.

2Motivation and RelatedWork

Many researchers have presented test generation algorithmsfor exciting rare switched nets, and as a consequence,activating possible inserted HTs in a circuit [3, 4, 14,25]. MERO [3] uses switching probability model andrandomly generates test vectors to increase the probabilityof simultaneous excitation of nets which are possiblyconnected to an HT trigger circuitry. In [14], authorshave used a similar method to find rare-switched nets,but the excitation mechanism is improved by the use of acombination of genetic algorithm and Boolean Satisfiability[13] to excite hard to test nets. They ensure that the effectsof every excited net will propagate to at-least one primaryoutput of the circuit [14]. Chakraborty et al. [3] and [14]both assume that the number of HT trigger inputs is less thanfour nets which obviously limits the detection capability ofthe mechanisms as an AND gate with 5 inputs could simplywork as the trigger with more than four inputs with verysmall side channel effects. Another common issue in thesemethods is that they consider each subset of the rare netsas a potential trigger set which makes the HT detection avery time consuming process. Other methods like [4] haveassumed that each rare net could individually activate theHT, so they try to sequentially excite rare nets in a loop. Thisassumption decreases the HT detection time but it obviouslydecreases the accuracy of the method as some triggeringconditions need simultaneous excitation of multiple rarenets [6].

To increase the probability of activating HTs by applyingtest vectors, it is important to optimally find a subset ofsuspicious nets which are all together inputs of the HTtrigger. This should be done by investigating these netsfor basic properties of an HT trigger. Recently, HardwareTrojan Susceptibility (HT S) parameters have presented in[17] (see Eqs. 1 and 2 for this aim).

HT S1(Neti) = |CC1(Neti) − CC0(Neti)|Max(CC1(Neti), CC0(Neti))

(1)

HT S2(Neti) = 1

1 + OCR(Neti)(2)

J Electron Test (2019) 35:839–852840

In relation 2 OCR(Neti) is defined as relation 3 [17]:

OCR(Neti) = CO(Neti)

CC1(Neti) + CC0(Neti)(3)

These parameters are based on CC0, CC1 and CO

SCOAP testability parameters [8]. It has been shown in[17] that the switching activity of rare nets with higherHT S2 values are comparably lower than other rare nets.As a result, such low switching nets are potentially betternets for being a trigger signal for an HT-payload [17]. Dueto unknown features of inserted HTs i.e., HT size, HTtype, number of inputs, etc, we cannot assume a certainnumber of inputs for the trigger part. Indeed, a single lowswitching net could individually activate the HT or a coupleof such nets may do it simultaneously. Exciting each smallsubset of low switching nets is not an efficient way sinceit increases the time complexity of the detection algorithm.Instead, further analysis of properties of HT trigger netsare needed to guide us find input nets of the trigger part.To hide an HT from being detected by methods whichflag unused circuit nets [21, 24], attackers often feed theHT trigger circuit by nets far from the HT trigger circuitideally different sequential stages, which their fan-in conesare disjoint. This implies having each input of the HTtrigger circuitry controlled by different sets of the circuitprimary inputs. In this way, the fan-in cone of the HTtrigger net often contains more primary inputs than the otherlow switching nets of the circuit. On the other hand, toreduce the HT detection probability when using logic testingbased mechanisms, attackers try to put the HT payloads onthe circuit enclaves with lower observability which reducesthe malicious effect of the HT payload on the observablepoint (primary outputs) of the circuit [22]. Accordingly, lessnumber of primary outputs is expected to exist in the fan-outcone of an HT trigger circuit than other low switching nets.Following experiment is conducted to verify our analysisregarding fan-in and fan-out cones of an HT trigger signal.In this experiment, a group of benchmark circuit namedTRIT, presented on the trust-hub web site [19], is used.The TRIT (Trojan Insertion Tool) benchmark contains ofcircuits from different combinational and sequential designswhich are infected by random inserted HTs [5]. For thisexperiment, 30 circuits from each of c2670, c3540, c5315,s1423, s13207, s15850 and s35932 designs are selected andthe HTSA method described in [17] is applied to them.For each circuit, the result is a set of nets named MS thatcontains most susceptible nets of that circuit. For each net inMS, a set of the primary inputs in the fan-in cone (FIP ) anda set of primary outputs in the fan-out cone (FOP ) are thenobtained. |FIP | and |FOP | of the most susceptible (MS)nets as well as those for the HT trigger nets, are averagedover 30 circuits of each design and depicted in Fig. 1a andb, respectively.

0

50

100

150

200

c2670 c3540 c5315 s1423 s13207 s15850 s35932

|FIP|_MS|FIP|_HT

0

2

4

6

8

10

12

14

16

c2670 c3540 c5315 s1423 s13207 s15850 s35932

|FOP|_MS|FOP|_HT

Fig. 1 Comparison of average |FIP | a and |FOP | b of the HT triggernets versus |FIP | and |FOP | of the most susceptible nets of the TRITbenchmark circuits

The results in Fig. 1a show a notable difference betweenthe average |FIP | of the nets in MS (|FIPMS |) and |FIP |of the HT trigger nets (|FIPHT |) of the benchmarks. Theresults of Fig. 1b also show that number of primary outputsin fan-out cone of the HT trigger nets (|FOPHT |) aresmaller than the average |FOP | of all other HT susceptiblenets (|FOPMS |). It should be noted that nets in MS set areall highly suspected to be an HT trigger net, so numberof circuit primary outputs in the fan-out cones of thesenets are already small. Among these nets, |FOP | of HTtrigger nets are smaller than |FOP | of others. As minimum|FOP | value of a circuit net is 1, the difference between|FOPHT | and |FOPMS | in some designs is small. Fordesign s35932, |FIPHT | = |FIPMS | and |FOPHT | =|FOPMS |. The reason is that in all circuits of this design,there is only one net in the MS set and that net is the HTtrigger.

To facilitate reading the paper, important abbreviationsdefined in the paper are listed in Table 1.

3 HT Activation Algorithm

To investigate the circuit under test for variant HTs thatmight be inserted, we should be able to activate HTs withdifferent size and number of trigger inputs. In the mostrecent HTs, multiple susceptible nets should be excited at a

J Electron Test (2019) 35:839–852 841

Table 1 Important abbreviations defined in this paper and theirmeanings

Abbreviation Meaning

HTS Hardware Trojan Susceptibility parameters

HTSA Hardware Trojan Susceptibility Assessment method

HTS1 First Hardware Trojan Susceptibility parameter

HTS2 Second Hardware Trojan Susceptibility parameter

FIP A set of circuit primary inputs in fan-in cone of a net

FOP A set of circuit primary outputs in fan-out cone of a net

MS A set of most HT susceptible nets extracted

by the HTSA

HPV High Priority Value used by the ComputeCost function

HT S1th Threshold value for the HTS1 parameter used

in the HTSA

CRE Conflict Resolving Effort used by the ResolveConflict

algorithm

TIN Total Iteration number of the ExciteHT algorithm

MSE Maximum number of Simultaneously Excited nets

HTAI HT Activation Iteration

HTAT HT Activation Time

time to activate the HT. To address this issue, developmentof an efficient HT activation algorithm that covers widerange of HTs is a necessity. In this section, an HT activationalgorithm called ExciteHT is presented. The pseudo-codeof the algorithm is shown in Algorithm 1. The goal of thisalgorithm is to obtain subsets of low-switching nets whichare potential candidate to activate the possible inserted HT.To do this, our analysis regarding FIP (primary inputs infan-in cone) and FOP (primary outputs in fan-out cone) ofan HT trigger net is utilized.

The core of Algorithm 1 is its While loop which triesto find a subset of MS nets with maximum probability ofHT activation upon excitation. The subset could contain allMS nets or just one of them. The While loop iterates overthe most susceptible (MS) nets until either MS becomesempty, or the HT is detected, or iteration number reaches itsmaximum boundary. In each iteration of this loop (line 5–38), a net with largest second HT Susceptibility parameter(HT S2) is flagged as pivotNet and removed from theMS list. As stated before, such a net is more suspected tobe an HT trigger according to [17]. To speedup the HTdetection, pivotNet should be excited before other MSnets, so the ExciteNet procedure is applied to this net.Upon successful execution of the procedure, a vector isalso generated that excites pivotNet to its rare value (rv)and propagates through the circuit’s primary outputs. If theresult of ExciteNet becomes empty, the current iterationshould be ended, so the algorithm goes to line 5 and selectsanother pivotNet .

If an HT is detected upon exciting the pivotNet , thealgorithm ends, otherwise, other remaining nets in the MSset should be excited simultaneously. To do so, CFIP [i]and CFOP [i] of each remaining net i ∈ MS are obtainedby intersecting sets of the circuit primary inputs in fan-in

J Electron Test (2019) 35:839–852842

cone FIP and circuit primary outputs in fan-out cone FOP

of the pivotNet with the FIP and FOP sets of net i (line18-21). In other words, CFIP [i] and CFOP [i] containcommon nets between FIP and FOP of the net i and FIP

and FOP of the pivotNet , respectively. MS nets are thensorted in the ascending order of their |CFIP | to increase thepriority of nets with lower |CFIP | (number of common FIPmember with the pivotNet) for excitation. In case of equal|CFIP |, a net with higher |CFOP | has higher priority forexcitation. The purpose of the For loop (line 23-33) is toexcite sorted nets one after another. Each net is removedfrom the MS upon a successful excitation. In the For loop,in contrast to the main while loop, the net assignments madeby the previous excitation are kept to allow us find a testvector that can excite not only the net under excitation butalso all other nets that are excited in previous iterations.

The basic idea behind the ExciteHT procedure isdepicted in Fig. 2. In this figure, an HT trigger circuitrywith three inputs is assumed to be inserted into a circuitwith n primary inputs and s primary outputs. Inputs of thetrigger circuitry (T I1, T I2 and T I3) are originated fromdifferent regions of the circuit. In Fig. 2, T I1 is the mostsusceptible net extracted by the HTSA method with thehighest HT S2 value among the most susceptible nets (MS).Based on the previously presented analysis, the FIP of T I1(FIPT I1) is a relatively large set. Accordingly, ExciteHTmarks T I1 as pivotNet in its first iteration. But, as can beseen in Fig. 2, T I1 is not the HT trigger net so it shouldbe excited simultaneously with other inputs of the triggercircuitry to excite the output net of the HT trigger circuitry.Our previously presented analysis regarding primary inputsin fan-in cone (FIP ) and primary outputs in fan-out cone(FOP ) of an HT trigger net is used to find the other inputs

of the HT trigger circuitry. FIP of the HT trigger net isthe union of the FIP sets of its input nets. This meansthat the other inputs of the HT trigger circuitry could befound among the nets which the intersection of their FIP

and the FIPT I1 are relatively small sets. With the samereason, the intersections of FOPT I1 and FOP of such netsshould be relatively large sets. So, assuming that ExciteHTcould generate a test vector for exciting T I1, both T I2and T I3 nets have high priority for exciting simultaneouslywith the T I1 net since CFIPT I2 and the CFIPT I3 areboth relatively small sets and CFOPT I2 and CFOPT I3 arerelatively large sets.

4 Rare-Switched Nets Excitation

As a part of Algorithm 1 described in Section 3, weneed to excite some nets of the circuit and show theirimpacts on the outputs. As the activation probability ofthe extracted set of the most susceptible nets (MS) is verylow, using traditional Automatic test pattern generation(ATPG) methods for exciting these nets reduces overallperformance of the HT detection algorithm [12]. It shouldalso be noted that these methods are not capable of excitingmultiple nets of a circuit with one test pattern, which meansthey lack main requirement of the Algorithm 1. To solvethese issues, we develop an algorithm called the ExciteNetwhich is described in this section. Inputs of this algorithmare a given net w, and the desired value v for the net.Based on the pseudo-code given in Algorithm 2, theexcitation is done by two main steps. The first step (doneby AssignNetValue) tries to find a vector to assign v tow, while the second step (done by PropagateNetValue)

Fig. 2 FIP and FOP analysisin ExciteHT algorithm PI1

PIn

..

.

TI3TI2TI1

PO1

POs

..

.

HT triggercircuitry

TI1 Fan in cone

TI2 Fan in cone

TI3 Fan in cone

TI1 Fan out cone

CFIP

TI2

CFIP

TI3

CFOP

TI3

CFOP

TI2

HT Payload

HT trigger net

J Electron Test (2019) 35:839–852 843

propagates effects of the assignment to at-least one primaryoutput of the circuit.

Inspired from the similar algorithms in the testabilitycontext [7], the AssignNetValue (Algorithm 3) assignsvalues to the primary inputs of the circuit in such away that the value of intermediary net w is determinedas v. The procedure runs recursively until it reaches theprimary inputs of the circuit or it fails. In each run, aset of assignments named IAw is obtained by performingbackward implication [7, 10] on input net w with respectto value v. Each member of IAw is a set containing one ormore task(s) in form of tuples (j , p) that in which value p

should be assigned to the input j of the gate driving w. Thepurposes of the first and second loops of AssignNetValueare to select an assignment and a task of that assignment,respectively. To complete the excitation of net w, all task(s)of the selected assignment should be done successfully. Atask (j , p) of an assignment is considered done once one ofthe following conditions is met:

– Input j is a circuit primary input which has not beenassigned a value yet (line 16).

– Value p is already assigned to input j (line 7).– AssignNetValue cannot find a vector for assigning

value p to input j (line 19).

On failure of an assignment task, the selected assignmentis failed and the next assignment in IAw is selected if exists(lines 9 and 21). If IAw has no more assignment untried, theprocedure returns failure (lines 13 and 26).

For multi-excitation purpose, the AssignNetValue shouldbe able to find vectors to excite a net while other netshave been already excited. To do so, AssignNetValue takesthe advantages of an innovative cost computation functionalong with a conflict resolver algorithm. When more thanone assignments exist in IAw, the cost of each assignmentis calculated and assignments are sorted in ascendingorder of their cost. For a task (j , v), the cost of taskassignment (Cj,v) is obtained using a piece-wise functionnamed ComputeCost defined as follow:

Cj,v =

⎧⎪⎪⎪⎪⎪⎨

⎪⎪⎪⎪⎪⎩

{0 HPV = v∞ HPV �= v

HPV is assigned to j

{CC0

MaxCC0 + |FIP |j#of P Is

v = 0CC1

MaxCC1 + |FIP |j#of P Is

v = 1Otherwise

(4)

As can be seen in relation 4, the ComputeCost functionconsists of two rules. The first is used when the net is underconflict resolving which is explained later in this section.When a task is executed for the first time, the second rule of(Cj,v) is utilized which consists of two main parts. The firstis CCX

MaxCCX(X = 1 / 0), which belongs to [0, 1] and shows

the hardness of assigning (1/0) to net j . A very close to 1value shows the high hardness of assigning (1/0) to the net

J Electron Test (2019) 35:839–852844

and vice versa. The second is|FIP |j#of P Is

which is also belongsto [0, 1]. This part shows the maximum number of the circuitprimary inputs which might be assigned a value during theexecution of task (j, v). Higher values of |FIP |j denotehigher probability of conflict since some of the circuit PIsin |FIP |j might have been assigned a value previously.Hence, lower values of (Cj,v) denote faster task executionand lower probability of conflict.

When the assigned value of a net is un-equal to thedesired value of an assignment task and no other un-tried assignment set exists in IAw, the ResolveConflictprocedure is applied to that net. The procedure aims tofind the cause of the previously assigned value, remove itand finally find another assignment (if exist) which couldchange (or clear) the current value of net w. Algorithm 4 isshown below.

In each iteration of theWhile loop, ResolveConflict findstask (j, p) which is the cause of the currently assigned value(Cf V al) of Cf Net . In the first iteration, Cf Net is theinput net of the algorithm (w). (j, p) is obviously a memberof the assignment set of net O (IAO ), the output net of

the gate which drives by Cf Net . If IAO contains morethan one assignment, the current assignment is removedfrom the circuit by clearing the circuit net values which areassigned during execution of the tasks of this assignment.Next, a value named High Priority Value (HPV ) is assignedto the Cf Net . The high priority value (HPV ) is set to v

denoting that the value v should be assigned to the Cf Net

with high priority. Afterwards, the re-assignment procedureof net O starts. This time, as Cf Net has been assigneda high priority value (HPV ), the cost of tasks with v �=HPV is ∞ for this net. The AssignNetValue procedureselects an assignment with minimum cost which means thatthe selected assignment does not contain a task which itsdesired value un-equals to HPV of Cf Net . On successfulexecution of the re-assignment process, the value of Cf Net

is changed and the procedure returns success. On failure,the deleted assignment is re-assigned to Cf Net and thevalue of this net remains unchanged. In such conditions, theprocedure tries to repeat the process on nets with higherlogical depth hoping that the re-assignment process of thesenets affects the value of conflicting net. Figure 3 depicts thebasis of the conflict resolving process.

In Fig. 3, values of nets f, e, c and b are assigned by netse, c, b and a, respectively. Assume that a conflict occurs onnet f. The first re-assignment procedure is executed on net e.On failure, net c is re-assigned and then net b. The processcontinues until the value of the conflicting net changes; noother net is found for re-assignment or ResolveEff ort

reaches zero.During the execution of AssignNetValue, circuit nets

which are in the fan-in cone of the input net are assigneda value. To check if the result of the excitation couldpropagate to the circuit outputs or not, the vector found byAssignNetValue should be applied to the circuit. The valueof each net of the circuit is then found which could be 0, 1 orX. An X denotes that the net value is not important and doesnot affect the excitation process. After that, the procedure ofPropagateNetValue is executed to propagate the effect ofthe assignment process to at-least one primary output of thecircuit (Algorithm 5).

fe

cb

a

d

g

1

2

3

4

Fig. 3 SelectedCf Nets in iterations of the ResolveConflict algorithm

J Electron Test (2019) 35:839–852 845

PropagateNetValue recursively runs until it reaches acircuit primary output or it fails. In each run, all fan-outsof input net w are first sorted in the ascending order oftheir CO. A loop then iterates over fan-outs to find a fan-out fi which could propagate the effect of excitation ofnet w. To propagate the effect of excitation through a fan-out fi , the procedure finds the gate which is connected

to fi (G) and tries to assign non-controlling values to allinputs of that gate, except the one connected to fi . AControlling value on a gate input is defined as a value whichdetermines the output of a gate independent of the valueson the other inputs [13]. If an input is already assigneda controlling value or the AssignNetValue procedure failsto assign a non-controlling value to an input, the selectedfan-out is rejected and the loop continues. If gate G doesnot have a controlling value i.e. it is an XOR or XNORgate or all of its inputs (except the one connected to fi)are assigned a non-controlling value, PropagateNetValueis recursively applied to the output net of gate G (O).The algorithm returns failure if no fan-out is found forpropagation.

5 Experimental Results Analysis

To evaluate the efficiency and the performance of theproposed method, all proposed algorithms along with theHT susceptibility assessment (HTSA) method [17], wereimplemented in C++. We gathered the benchmark circuitsfrom two sources i) Trust-Hub gate-level circuits which areinserted functional HTs [15, 18] and ii) the same TRITdesigns which are used for the experiments of the sectionII. All sequential circuits are converted to full scan mode.For each TRIT designs, extracted parameters are averagedover the selected 30 circuits of that design. Experiments areconducted using a 3 GHz Intel core i5 processor and in anon-parallel configuration.

5.1 HT Activation Efficiency

To evaluate the efficiency of our proposed algorithm, themost HT susceptible nets of the benchmark circuits arefirst extracted by the HT susceptibility assessment (HTSA)method. The extracted nets i.e., the MS set, are thenpassed to the ExciteHT algorithm to find the exact HTtrigger net. HT S1th is the threshold value for the firsthardware trojan susceptibility parameter used in the HTSA.Experiments which were done in [17] show that to extract

Table 2 The results of applying the proposed method to the TRIT designs

Design name # Of gates |MS|avg |E|avg T INavg MSEavg HT AI1avg HT AT 1avg(s) HT AI2avg HT AT 2avg(s) γ

c2670 770 5 4.9 1.93 3.9 2 0.004 N/A N/A 0.9

c3540 1134 23.2 21.7 10.16 5.7 5 0.301 1

c5315 1743 17.16 17 5.33 5.96 3 0.094 0.8

s1423 750 4.1 3.93 2.03 2.9 1 < 0.001 2.69 < 0.001 0.93

s13207 4.2k 34.6 34.43 10.53 16.2 3 0.109 7.3 0.268 0.76

s15850 5K 40.06 39.93 5 23.56 3 0.194 10.4 0.612 0.93

s35932 13.6K 1.36 1.36 1.16 1.2 1 0.003 3.55 0.012 0.90

J Electron Test (2019) 35:839–852846

Table 3 The results of applying the proposed method to the Trust-Hub gate-level benchmarks

Circuit # Of gates # Of trigger |MS| |E| T IN MSE HT AI HT AT (s)

RS232-T1200 500 12 2 2 1 2 1 < 0.001

RS232-T1300 500 6 2 2 1 2 1 <0.001

RS232-T1600 500 9 2 2 1 2 1 <0.001

s35932-T100 13.1K 13 4 3 2 3 1 0.22

s35932-T200 131K 12 2 2 1 2 1 0.06

s38417-T100 13.7K 11 19 19 5 8 1 0.08

s38417-T200 13.7K 11 20 20 4 11 1 0.11

s38584-T200 18K 9 93 90 10 46 7 8.5

s38584-T300 18K 9 44 43 5 31 2 3.8

wb conmax-T100 41K 11 25 25 8 7 1 0.58

EthernetMAC10GE-T700 194K 12 109 104 17 47 4 195.2

EthernetMAC10GE-T710 194K 12 111 106 16 53 4 221.8

EthernetMAC10GE-T720 194K 12 109 105 16 47 4 196.1

EthernetMAC10GE-T730 194K 12 110 106 18 46 4 197.14

net with activation probability below 0.01 (which moreappropriate for inserting HT triggers), HT S1th is betterto set to 0.9. So, in below experiments HT S1th = 0.9.The conflict resolving effort (CRE) parameter, used by theResolveConf lict procedure is set to 12 and the iterationcount of the ExciteHT algorithm is set to no limit . Thereason for this is that some TRIT designs contain morethan one HT and we want to maximize the probability ofdetecting all inserted HTs in these designs. We also want

0.00

0.20

0.40

0.60

0.80

1.00

1.20

c2670 c3540 c5315 s1423 s13207 s15850 s35932

Aver

age

Design

1000K Random vectorsProposed method

0

10

20

30

40

50

60

c2670 c3540 c5315 s1423 s15850 s35932

Aver

gae

HTA

T(s)

Design

1000K Random vectorsProposed method

Fig. 4 Comparison of the results of 1000K random vectors with ourmethod, a γ , b Average HT activation Time (HT AT )

to obtain maximum running time of our proposed method(investigated in Section 5.3), so, the iteration count of theExciteHT algorithm should not be limited. The results forthe TRIT designs and Trust-Hub circuits are presented inTables 2 and 3, respectively.

In Tables 2 and 3, E is the set of nets which areexcited by the ExciteHT algorithm. In circuits whichsome nets of MS have never been excited during theiterations of the ExciteHT algorithm, |E| < |MS|,otherwise |E| = |MS|. T IN is the total iteration numberof the While loop ofExciteHT algorithm. MSE is themaximum number of nets which are simultaneously excitedby the ExciteHT algorithm. As an example, assume thatExciteHT algorithm iterates 3 times for a given circuitand the number of nets excited together is 5, 7, 2 for theiterations respectively. In this case, MSE is 7 for the circuit.HT AI shows at which iteration the ExciteHT algorithmactivates the inserted HT. Note that for sequential designs of

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

10K 100K 1000K

Aver

age

# Of random vectors

c2670c5315s15850s35932

Fig. 5 Variation of γ when number of random vectors changes from10K to 1000K

J Electron Test (2019) 35:839–852 847

Fig. 6 Average γ : Ourproposed Method vs methodproposed in [14] and randomapproach with 1000K vectors

0

0.2

0.4

0.6

0.8

1

1.2

c2670 c3540 c5315 s15850 s35932Design

GA + SAT [9]Random-1000K vectorsProposed method

the TRIT benchmark (s1423, s13207, s15850 and s35932),13 of 30 selected circuits contains 2 HTs. So, HT AT 1 andHT AT 2 are times which the first and second inserted HTsare activated, respectively. All parameters explained aboveare averaged over 30 circuits of each design of the TRITbenchmark suite.

For each design of the TRIT benchmark, HT detectionaccuracy γ is calculated using relation 5.

γ = T otal number of activated HT s in the circuits of a design

T otal number of HT s in the circuits of that design

(5)

As an example, 13 circuits of the s1423 design contain 2HTs and the remaining circuits contain one HT which is intotal 43 HTs in the design. Among this number, 41 of themis detected that gives γ = 0.93.

According to the results presented in Table 2, in most ofthe circuits, HTs are activated with few iterations (less than5 iterations) of the ExciteHT algorithm. For these circuits,HT activation time (HTAT) is below 0.5s which means thatthe inserted HTs are activated very quick. The closer the |E|

to |MS|, the more number of suspicious nets are activatedduring run time of the algorithm for all of the designs. Formost designs, r = MSEavg

|MS|avg≈ 0.5 shows that in one of

the iterations of ExciteHT, at-least 50% of the MS nets areexcited together. Higher r values increase the probabilityof detecting HTs with the bigger trigger circuitry. For mostdesigns of the TRIT benchmark, γ > 0.9 denotes thatmore than 90% of inserted HTs are activated during theexperiments. As expected, γ of designs with higher averager values are relatively higher than the other designs.

We see the similar results for the Trust-Hub benchmarkcircuits in terms of speed in Table 3 i.e., the average HT acti-vation iteration (HT AI ) is smaller than 3. For more thanhalf of the Trust-Hub circuits, HT activation time(HT AT ) < 1s. Even for big designs like, Ethernet-MAC10GE, the inserted HTs are activated in a acceptabletime (less than 4 minutes). This is achieved due to the pro-posed selection policy of rare-switched nets used in theExciteHT algorithm along with the efficiency of the pro-posed ExciteNet procedure. The results also show thatfor EthernetMAC10GE circuit families of the Trust-Hub

Fig. 7 Variation of γ whenCRE is set to 0, 2, 8, 12

0

0.2

0.4

0.6

0.8

1

1.2

0 2 8 12

Aver

age

CRE

c3540c5315s13207s15850

J Electron Test (2019) 35:839–852848

that the probability of conflict is considerably high in largeand complex designs, which have gates with high fan-outs. In such designs, the HT activation performance of ourproposed method might be decreased and it may fail inactivating some of the inserted HTs.

To compare the HT activation efficiency of randomvector generation approach with our method, 1000Krandom test patterns are applied to the same 30 circuits ofthe TRIT designs and γ and average HT activation timeare obtained for each design. The comparison is depicted inFig. 4a and b.

As can be seen in Fig. 4a, the HT detection accuracy (γ )of random approach is approximately 0.3 of the proposedmethod showing that the proposed method activates muchhigher number of HTs. As an example, for the designs13207, γ = 0 denotes that no HT is activated using therandom method in circuits of this design. According toFig. 4b, the efficiency of the random method is also verypoor compared to our proposed method. In this figure, theaverage HT activation time (HT AT ) for random method is4 times that of the our proposed method on average.

Although the time increase of random approach is linear,it is not the same for γ i.e., we normally do no seelinear increase in γ due to a kind of saturation after someiterations. Figure 5 shows how γ changes when number ofrandom vector changes from 10K to 1000K for 4 of bigTRIT designs. In this figure, γ is averaged over 30 circuitsof each TRIT design.

HT coverage accuracy of the GA+SAT method proposedin [14] and also random vector generation approach arecompared with the accuracy of our proposed method inFig. 6. In this figure, HT S1th and the conflict resolvingeffort (CRE) parameter are the same as previous experi-ment. as stated before, the basic assumption of GA+SATmethod is that HT trigger circuitries are connected to at-most 4 nets of the circuit. This assumption limits detectionaccuracy of this method especially for sequential designslike s15850 and s35935.

5.2 The Effects of Conflict Resolving Effort (CRE)

As explained before, the ResolveConf lict procedure usedby AssignNetV alue iteratively tries to resolve valueconflicts occurred during assigning a rare value to a rare-switched net. The maximum number of iterations done bythis procedure is set to the Conflict Resolving Effort (CRE)parameter. So, changing this parameter affects the detectionaccuracy and efficiency of our proposed method. In Fig. 7,γ is averaged over 30 circuits of 4 TRIT designs c3540,c5315, s13207, s15850 when CRE is set to 0, 2, 8, 12.

When CRE = 0, no conflict resolving effort is doneduring assigning rare values to the corresponding nets whichcauses γ to drop below 0.5 for all of the designs. Even

when CRE = 0, 30% of inserted HTs could be activated bythe proposed method. This is mainly due to the proposedCompueCost function which causes the assignment taskswith minimum conflict to have higher priorities. Differencebetween γ value whenCRE ≥ 8 is small, which means thathigher conflict resolving effort (CRE) values hardly affectsthe detection accuracy of our method. The reason is that theResolveConf lct loop reaches the root of the conflict treeand could not find another alternative to be replaced by theconflicting tasks.

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0 2 4 6 8 10 12 14

HTAT

(s)

HTAI

CRE = 0CRE = 2CRE = 12

0

0.02

0.04

0.06

0.08

0.1

0.12

0.14

0.16

0.18

0 2 4 6 8

HTAT

(s)

HTAI

CRE = 0

CRE = 2

CRE = 12

0

0.05

0.1

0.15

0.2

0.25

0.3

0.35

0.4

0 2 4 6 8 10 12 14

HTAT

(s)

HTAI

CRE = 0CRE = 2CRE = 12

0

0.05

0.1

0.15

0.2

0.25

0.3

0.35

0 1 2 3 4 5 6 7

HTAT

(s)

HTAI

CRE = 0CRE = 2CRE = 12

Fig. 8 Distribution charts for 30 circuits of the designs c3540, c5315,s13207 and s15850

J Electron Test (2019) 35:839–852 849

To investigate the effects of CRE parameter on bothHT activation iteration (HT AI ) and HT activation time(HT AT ) of the designs, distribution charts for 30 circuitsof each design are ploted in Fig. 8a, b, c and d. Every pointon the plots represents an activated HT inserted in a circuitof the corresponding design. x and y characteristics of eachpoint represent HT AI and HT AT for the correspondingactivated HT for CRE = 0, CRE = 2, CRE = 12 in blue,red and black colors respectively.

In Fig. 8a–d, number of black points is higher than thered ones, which are in turns higher than the number of blueones. This confirms the results of Fig. 7. It can be seen thatmost of the black points are placed in the upper part of plotsdenoting that the activation time of these HTs is higher thanthe HT activated when conflict resolving effort (CRE) isequal to 0 and 2. The reason is that when CRE is small (e.g.0 or 2), the algorithm does not try to resolve conflicts thatmight occur during exciting nets. This reduces the detectionaccuracy (negative) and HT activation time (positive). LowCRE choice is good to detect less conflicting HTs faster i.e.,the average HTAT of the activated HTs is lower compared tocases when CRE is set to high values ranging from 8 to 12.Another observation here is that the HT AI does not showtoo much variations once CRE changes.

5.3 Maximum Running Time of the ProposedAlgorithm

As stated before, the ExciteHT algorithm iterates over MSnets of a circuit until either it detects the HT, the numberof iteration reaches its limit, or MS becomes empty. So,the Maximum Running Time (MRT ) of ExciteHT is seenwhen it does not detect any HT in the circuit under test until

MS becomes empty. MRT mainly depends on the numberof nets in the MS and also the needed time for excitingthese nets. According to [17], the MS set of a circuitvaries when threshold value of the first hardware trojansusceptibility parameter (HT S1th) changes. To investigateMRT of the proposed algorithm when HT S1th changes,three sets of experiments are done on the same 30circuits of each TRIT HT inserted design and two largetrust-hub circuits. HT S1th is set to 0.8, 0.85, 0.9 foreach experiment, respectively. In these experiments, theExciteHT algorithm stops only when MS becomes empty.|MS| and MRT are averaged over 30 circuits of each TRITdesign. The results are shown in Fig. 9.

In Fig. 9, the maximum running time (MRT ) of the TRITdesigns drops whenHT S1th increases. In the smaller Trust-Hub benchmarks, the MS set shrinks considerably whenHT S1th increases. However, for larger and more complexdesigns (like two Trust-Hub circuits of Fig. 9 and similarcircuits), the hardness of assigning rare values to rare netsin MS might vary greatly when HT S1th increases. Thisis mainly due to the interval partitioning mechanism ofthe HTSA algorithm which partitions the entire suspicionsinterval and extract unique nets. The rareness and logicaldepth of the extracted nets might vary greatly for differentvalues ofHT S1th. This issue consequently makes assigningrare values to these nets harder.

In Fig. 10, maximum running time of our proposedmethod (with different HT S1th values) is compared with1000K random vector generation and the proposed methodin [14] when applying on 5 ISCAS89 designs (which werealso used by the TRIT benchmark), c2670, c3540, c5315,s15850 and s35932. Instead of the design name, its gatecount is inserted in this figure.

Fig. 9 Variation of theMaximum Running Time(MRT ) of the proposedalgorithm when HT S1th is setto 0.8, 0.85, 0.9

0.001

0.01

0.1

1

10

100

1000

9.058.08.0

MRT

(s)

HTS1th

c3540

c5315

s15850

s35932

wb_conmax_T100

EthernetMAC10GE-T720

J Electron Test (2019) 35:839–852850

Fig. 10 Comparison of theMaximum Running Time(MRT): Our proposed methodvs 1000K Random vectorgeneration and the methodproposed in [14]

0.001

0.01

0.1

1

10

100

1000

10000

100000

1000000

770 1.1K 1.8K 9K 16K

MRT

(s)

# Of gates

ExciteHT, HTS1th = 0.80ExciteHT, HTS1th = 0.85ExciteHT, HTS1th = 0.9Random, 1000K vectorsGA + SAT [9]

The running time of the proposed method in [14] is above11000s for all designs. This is due to basic assumption ofthe authors of this work that each combination of rare nets,with at-most four nets, could be a potential inputs of an HTtrigger circuitry.

6 Conclusion

Detecting possible inserted HTs in a circuit is the main goalof the HT excitation framework presented in this paper. Analgorithm namedExciteHT is proposed which investigatesthe fan-in and fan-out cones along with HT susceptibilityparameters of the most suspicions nets of the circuit, to findsubsets of these nets which are most probably the inputs toan HT trigger circuitry. An efficient net excitation algorithmnamed ExciteNet is used to simultaneously excite thenets of the extracted subsets to their rare values usingand propagate their expiation effect to the circuit outputnets. The results of applying our method to the TRIT andTrust-Hub HT inserted designs show an average of 89%HT detection accuracy denoting more than 50% accuracyimprovement compared to random vector generation evenfor small designs. Innovative analysis of the most suspicionsnets helps the proposed method to find and activate theinserted HTs much faster than the well-known state-of-the-technique.

References

1. Bhunia S, Abramovici M, Agrawal D, Bradley P, Hsiao MS,Plusquellic J, Tehranipoor M (2013) Protection against hardwaretrojan attacks: towards a comprehensive solution. IEEE DesignTest 30(3):6–17

2. Bhunia S, Tehranipoor M (2018) Hardware security: a hands-onlearning approach. Morgan Kaufmann, San Mateo

3. Chakraborty RS,Wolff F, Paul S, Papachristou C, Bhunia S (2009)MERO: a statistical approach for hardware trojan detection. In:Cryptographic hardware and embedded systems - CHES, pp 396–410

4. Cruz J, Farahmandi F, Ahmed A, Mishra P (2018) Hardwaretrojan detection using ATPG and model checking. In: 2018 31stinternational conference on VLSI design and 2018 17th inter-national conference on embedded systems (VLSID), pp 91–96

5. Cruz J, Huang Y, Mishra P, Bhunia S (2018) An automatedconfigurable trojan insertion framework for dynamic trust bench-marks. In: 2018 design, automation test in europe conferenceexhibition (DATE), pp 1598–1603

6. Dupuis S, Flottes M, Di Natale G, Rouzeyre B (2018) Protectionagainst hardware trojans with logic testing: proposed solutions andchallenges ahead. IEEE Design Test 35(2):73–90

7. Goel P (1981) An implicit enumeration algorithm to generate testsfor combinational logic circuits. IEEE Trans Comput 3:215–222

8. Goldstein LH, Thigpen EL (1980) SCOAP: sandia controllabil-ity/observability analysis program. In: 17th design automationconference. IEEE, pp 190–196

9. Haider S, Kamran CJ, Ahmad M, Shila DM, Khan O, Dijk MV(2014) Hatch: a formal framework of hardware trojan design anddetection. University of Connecticut, Cryptol. ePrint Arch., Tech.Rep 943

10. Hamzaoglu I, Patel JH (1999) New techniques for deterministictest pattern generation. J Electron Test 5(1):63–73

11. Li H, Liu Q, Zhang J (2016) A survey of hardware trojan threatand defense. Integration 55:426–437

12. Lixiang S, Dejun M, Cao G, Qin M, Blackstone J, Kastner R(2018) Symbolic execution based test-patterns generation algo-rithm for hardware trojan detection. Comput Secur 78:267–280

13. Navabi Z (2011) Digital system test and testable design: usingHDL models and architectures. Springer, US

14. Saha S, Chakraborty RS, Srinivasa Shashank Nuthakki A,Mukhopadhyay D (2015) Improved test pattern generation forhardware trojan detection using genetic algorithm and booleansatisfiability. In: Cryptographic hardware and embedded systems– CHES 2015, pp 577–596

15. Salmani H, Tehranipoor M, Karri R (2013) On design vulner-ability analysis and trust benchmarks development. In: 2013

J Electron Test (2019) 35:839–852 851

IEEE 31st international conference on computer design (ICCD),pp 471–474

16. Salmani H, Tehranipoor M, Plusquellic J (2012) A noveltechnique for improving hardware trojan detection and reducingtrojan activation time. IEEE Transactions on Very Large ScaleIntegration (VLSI) Systems 20(1):112–125

17. Sebt SM, Patooghy A, Beitollahi H, Kinsy M (2018) Circuitenclaves susceptible to hardware trojans insertion at gate-leveldesigns. IET Comput Digital Techn 12(6):251–257

18. Shakya B, He T, Salmani H, Forte D, Bhunia S, TehranipoorM (2017) Benchmarking of hardware trojans and maliciouslyaffected circuits. J Hardware Syst Secur 1(1):85–102

19. Trust-Hub web site, https://www.trust-hub.org20. Voyiatzis AG, Stefanidis KG, Kitsos P (2016) Efficient triggering

of trojan hardware logic. In: 2016 IEEE 19th international sym-posium on design and diagnostics of electronic circuits systems(DDECS), pp 1–6

21. Waksman A, Suozzo M, Sethumadhavan S (2013) FANCI:identification of stealthy malicious logic using boolean functionalanalysis. In: Proceedings of the 2013 ACM SIGSAC conferenceon computer & communications security, pp 697–708

22. Wolff F, Papachristou C, Bhunia S, Chakraborty RS (2008)Towards trojan-free trusted ICs: problem analysis and detectionscheme. In: Proceedings of the conference on design, automationand test in europe, pp 1362–1365

23. Xiao K, Forte D, Jin Y, Karri R, Bhunia S, Tehranipoor M (2016)Hardware trojans: lessons learned after one decade of research.ACM Trans Design Autom Electron Syst (TODAES) 22(1):6–23

24. Zhang J, Yuan F, Wei L, Liu Y, Xu Q (2015) VeriTrust: verifica-tion for hardware trust. IEEE Transactions on Computer-AidedDesign of Integrated Circuits and Systems 34(7):1148–1161

25. Zhou Z, Guin U, Agrawal VD (2018) Modeling and testgeneration for combinational hardware trojans. In: 2018 IEEE36th VLSI test symposium (VTS), pp 1–6

Publisher’s Note Springer Nature remains neutral with regard tojurisdictional claims in published maps and institutional affiliations.

S. M. Sebt received his BSc and MSc degrees from the K.N.TUniversity of Technology and the University of Science andTechnology of Iran in 2010 and 2012, respectively. He is now a PhDcandidate at the School of Computer Engineering of the Universityof Science and Technology of Iran under supervision of Dr. HakemBeitollahi. His research interests include hardware security and trust,secure and dependable computing and cryptographic engineering.

A. Patooghy received his both MS and PhD degrees in ComputerEngineering from Sharif University of Technology in 2006 and 2011,respectively. He is currently with the department of computer scienceof Central Arkansas University, USA. His research interests includenetwork-on-chip (NoC), Test and Testability and hardware security.

H. Beitollahi received his BS degree in Computer Engineering fromUniversity of Tehran, and his MS degree from Sharif Universityof Technology, and the PhD degree from University of Leuven,Belgium in 2002, 2005, and 2012, respectively. He is currentlyan assistant professor and the head of hardware and computerarchitecture branch at the Iran University of Science and Technologyin the School of Computer Engineering. He and his graduatestudents are investigating new architectures, integration techniques,and systems software techniques for reconfigurable computing andreal-time systems. His research interests include real-time systems,fault tolerance and dependability, Hardware security, reconfigurablecomputing, and hardware accelerators.

J Electron Test (2019) 35:839–852852