Biblio

Reconfigurable Scan Networks (RSNs) are a powerful tool for testing and maintenance of embedded systems, since they allow for flexible access to on-chip instrumentation such as built-in self-test and debug modules. RSNs, however, can be also exploited by malicious users as a side-channel in order to gain information about sensitive data or intellectual property and to recover secret keys. Hence, implementing appropriate counter-measures to secure the access to and data integrity of embedded instrumentation is of high importance. In this paper we present a novel hardware and software combined approach to ensure data privacy in IEEE Std 1687 (IJTAG) RSNs. To do so, both a secure IJTAG compliant plug-and-play instrument wrapper and a versatile software toolchain are introduced. The wrapper demonstrates the necessary architectural adaptations required when using a lightweight stream cipher, whereas the software toolchain provides a seamless integration of the testing workflow with stream cipher. The applicability of the method is demonstrated by an FPGA-based implementation. We report on the performance of the developed instrument wrapper, which is empirically shown to have only a small impact on the workflow in terms of hardware overhead, operational costs and test time overhead.

High detection sensitivity in the presence of process variation is a key challenge for hardware Trojan detection through side channel analysis. In this work, we present an efficient Trojan detection approach in the presence of elevated process variations. The detection sensitivity is sharpened by 1) comparing power levels from neighboring regions within the same chip so that the two measured values exhibit a common trend in terms of process variation, and 2) generating test patterns that toggle each cell multiple times to increase Trojan activation probability. Detection sensitivity is analyzed and its effectiveness demonstrated by means of RPD (relative power difference). We evaluate our approach on ISCAS'89 and ITC'99 benchmarks and the AES-128 circuit for both combinational and sequential type Trojans. High detection sensitivity is demonstrated by analysis on RPD under a variety of process variation levels and experiments for Trojan inserted circuits.

Robust Trojans are inserted in outsourced products resulting in security vulnerabilities. Post-silicon testing is done mandatorily to detect such malicious inclusions. Logic testing becomes obsolete for larger circuits with sequential Trojans. For such cases, side channel analysis is an effective approach. The major challenge with the side channel analysis is reduction in hardware Trojan detection sensitivity due to process variation (process variation could lead to false positives and false negatives and it is unavoidable during a manufacturing stage). In this paper Self Referencing method is proposed that measures leakage power of the circuit at four different time windows that hammers the Trojan into triggering and also help to identify/eliminate false positives/false negatives due to process variation.

Timing slacks possibly lead to reliability issues and/or security vulnerabilities, as they may hide small delay defects and malicious circuitries injected during fabrication, namely, hardware Trojans. While possibly harmless immediately after production, small delay defects may trigger reliability problems as the part is being used in field, presenting a significant threat for mission-critical applications. Hardware Trojans remain dormant while the part is tested and validated, but then get activated to launch an attack when the chip is deployed in security-critical applications. In this paper, we take a deeper look into these problems and their underlying reasons, and propose a design technique to maximize the detection of small delay defects as well as the hardware Trojans. The proposed technique eliminates all slacks by judiciously inserting delay units in a small set of locations in the circuit, thereby rendering a simple set of transition fault patterns quite effective in catching parts with small delay defects or Trojans. Experimental results also justify the efficacy of the proposed technique in improving the quality of test while retaining the pattern count and care bit density intact.