Detecting Hardware Trojans in Cryptography Devices Using Machine Learning

Hardware Trojans (HTs) pose a serious threat to integrated circuit (IC) security. Detection of HTs is extremely challenging due to their stealthy nature. Side-channel analysis techniques have emerged as promising approaches for HT detection by observing anomalies in physical parameters like power or delay. More recently, machine learning (ML) methods have been explored to enhance the accuracy and efficiency of side-channel based HT detection. Background: This paper presents a novel approach using machine learning techniques to detect stealthy hardware Trojans through side-channel analysis. Hardware Trojans, malicious modifications inserted into integrated circuits during manufacturing, pose significant threats to the integrity and security of electronic systems. Traditional methods of detecting these Trojans often rely on known signatures or specific patterns, making them ineffective against subtle and sophisticated attacks. Method: This paper provides a comprehensive review of research advancements in applying ML for side-channel based HT detection. First, an overview of HT attacks, their classification, threat models and detection challenges is presented. Next, various side-channel parameters like power, temperature, delay and electromagnetic emanations used for HT detection are discussed along with their merits and demerits. Furthermore, the application of supervised, unsupervised and semi-supervised ML algorithms for automated feature extraction and intelligent decision making is elucidated in detail. Result: Specifically, the data collection strategies, feature extraction techniques, ML models and performance evaluation metrics adopted in existing literature are critically reviewed. In addition, the limitations of current approaches and promising future research directions like on-chip ML implementation, hierarchical ML and explainable ML models tailored for HT detection are highlighted. Conclusion: Case studies on benchmark circuits are also presented to demonstrate the efficacy of ML-based side-channel HT detection methods. Through an extensive literature review and incisive analysis, this paper provides contemporary insights on the advancement of ML techniques to enable robust side-channel based HT detection for securing next-generation ICs.

Traditional learning-based approaches for runtime hardware Trojan (HT) detection require complex and expensive on-chip data acquisition frameworks, and thus incur high area and power overhead. To address these challenges, we propose to leverage the power correlation between the executing instructions of a microprocessor to establish a machine learning (ML)-based runtime HT detection framework, called MacLeR. To reduce the overhead of data acquisition, we propose a single power-port current acquisition block using current sensors in time-division multiplexing, which increases accuracy while incurring reduced area overhead. We have implemented a practical solution by analyzing multiple HT benchmarks inserted in the RTL of a system-on-chip (SoC) consisting of four LEON3 processors integrated with other IPs, such as vga_lcd, RSA, AES, Ethernet, and memory controllers. Our experimental results show that compared to state-of-the-art HT detection techniques, MacLeR achieves 10% better HT detection accuracy (i.e., 96.256%) while incurring a 7× reduction in area and power overhead (i.e., 0.025% of the area of the SoC and <; 0.07% of the power of the SoC). In addition, we also analyze the impact of process variation (PV) and aging on the extracted power profiles and the HT detection accuracy of MacLeR. Our analysis shows that variations in fine-grained power profiles due to the HTs are significantly higher compared to the variations in fine-grained power profiles caused by the PVs and aging effects. Moreover, our analysis demonstrates that on average, the HT detection accuracy drops in MacLeR is less than 1% and 9% when considering only PV and PV with worst case aging, respectively, which is ≈10× less than in the case of the state-of-the-art ML-based HT detection technique.

An efficient multi-parameter approach for FPGA hardware Trojan detection

Hardware Trojan (HT) is a major threat to the security of integrated circuits (ICs). Among various HT detection approaches, side channel analysis (SCA)-based methods have been extensively studied. SCA-based methods try to detect HTs by comparing side channel signatures from circuits under test with those from trusted golden references. The pre-condition for SCA-based HT detection to work is that the testers can collect extra signatures/anomalies introduced by activated HTs. Thus, activation of HTs and amplification of the differences between circuits under test and golden references are the keys to SCA-based HT detection methods. Test vectors are of great importance to the activation of HTs, but existing test generation methods have two major limitations. First, the number of test vectors required to trigger HTs is quite large. Second, the HT circuit’s activities are marginal compared with the whole circuit’s activities. In this article, we propose an optimized test generation methodology to assist SCA-based HT detection. Considering the HTs’ inherent surreptitious nature, inactive nodes with low transition probability are more likely to be selected as HT trigger nodes. Therefore, the correlations between circuit inputs and inactive nodes are first exploited to activate HTs. Then a test reordering process based on the genetic algorithm (GA) is implemented to increase the proportion of the HT circuit’s activities to the whole circuit’s activities. Experiments on 10 selected ISCAS benchmarks, wb_conmax benchmark, and b17 benchmark demonstrate that the number of test vectors required to trigger HTs reduces 28.8% on average compared with the result of MERO and MERS methods. After the test vector reordering process, the proportion of the HT circuit’s activities to the whole circuit’s activities is improved by 95% on average, compared with the result of MERS method.

Over the past 10 years, various Hardware Trojan (HT) detection techniques have been proposed by the research community. However, the development of HT benchmark suites for testing and evaluating HT detection techniques lags behind. The number of HT-infected circuits available in current public HT benchmarks is somewhat limited and the circuits lack diversity in structure. Therefore, this paper proposes a new method to generate HTs using a highly configurable generation platform based on transition probability. The generation platform is highly configurable in terms of the HT trigger condition, trigger type, payload type and in the number and variety of HT-infected circuits that can be generated. In this research the transition probability of netlists is employed to identify rarely activated internal nodes to target for HT insertion rather than functional simulation as utilised in previous research. The authors believe transition probability provides a more realistic reflection of the netlist activity for use in determining the appropriate position for HT insertion. Finally, the generated HT-infected circuits are tested by a machine learning (ML)-based HT detection technique, which is known as Controllability and Observability for HT Detection (COTD). The resulting false positive and false negative rates illustrate the feasibility of the benchmark suite.

Ensuring the security of integrated circuits (ICs) requires reliable detection and precise localization of Hardware Trojans (HTs), which remain challenging due to increasing design complexity and lack of golden references. This paper introduces a machine learning framework that integrates graph-based modeling, Graph Neural Networks (GNNs), and nearest neighbour (NN) enhancement for fast and accurate HT detection at the gate-level netlist without relying on the golden reference. Three different machine learning models are employed in the present work. Case-I uses a decision tree classifier with Principal Component Analysis (PCA) for binary detection of Trojan presence, as a reference model. The decision tree based machine learning model is initially validated against the formal verification method. The decision tree model is only able to identify HT presence without localizing the locations of HT in the circuit. Case-II uses a GNN-based graph-to-graph classification, distinguishing clean netlists from the infected one at sub-graph level (coarse grained). The model is able to map the infected sub-graphs back to the initial netlist circuit for the pinpointing of HTs at sub-graph level. Case-III uses a further simplified model with GNN-based node classification, enabling fine-grained localization of compromised gates in the circuit using only nodes. This model is ideal for pinpointing the exact Trojan locations within large-scale circuits. Subsequently, NN based concept is embedded with GNN models for further enhancing the detection accuracy of Case-II (accuracy improved from 62.8% to 97.7%) and Case-III (accuracy improved from 79.8% to 97.7%). Also, the scalability of the proposed approaches across diverse Trojan types, including combinational, sequential, and state-triggered attacks are validated by experiments carried on Trust-Hub benchmarks and Yosys-generated datasets. Comparative evaluation with state-of-the-art methods demonstrates superior performance, achieving 98.5% precision, 99.1% recall, and 96.7% F1-score, while maintaining computational efficiency. By combining graph structural learning with NN-based contextual refinement, the proposed work delivers a high-performance, architecture-agnostic solution for detecting and localizing hardware Trojans in modern ICs as tested against unknown designs.

Coping with the problem of malicious third-party vendors implanting Hardware Trojan (HT) in the circuit design stage, this paper proposes a hybrid-mode gate-level hardware Trojan detection platform based on the XGBoost algorithm. This detection platform is composed of multi-level HT localization and circuit structure based HT detection. Each wire of the circuit is regarded as a node in multi-level HT localization, and static characteristics of nodes are analysed, combining with dynamic detection to locate HT. The network structure features of the circuit are extracted in modular HT structure detection, aiming to identify HT accurately and rapidly. The hybrid-mode HT detection platform can efficiently meet various detection requirements, such as HT localization or rapid and accurate HT detection. The experiment results on Trust-Hub benchmark show that the multi-level localization can achieve 94.0% location accuracy, and the modular HT structure detection accuracy can achieve 100%. The modular HT structure detection is about four times as fast as the multi-level HT localization on feature extraction. Therefore, multi-level localization and modular HT structure detection can be respectively or cooperatively applied for specific HT detection issues, which proves that the proposed hybrid-mode gate-level HT detection scheme is practical and effective.

Due to the globalization of the Integrated Circuit manufacturing industry and wide use of third party IP in the modern SoCs has opened the backdoor for Hardware Trojan insertion. The detection of Hardware Trojan is challenging because of its very rare activation mechanism and unpredictable change in the functionality of the system. This paper proposes a new hardware Trojan detection scheme using power analysis and experiments the insertion and detection of hardware Trojan using existing scan chain efficiently in ISCAS'89 benchmark circuits.

The increasing concern about the security and reliability of abroad manufactured integrated circuits (ICs) has attracted academia and industries to develop hardware Trojan (HT) detection approaches. This article presents an efficient integrated HT detection technique based on evaluating changes in the integrated parasitic capacitors. The HT detection circuit consists of a capacitively coupled, low-power, low-noise, operational transconductance amplifier (OTA), which can detect capacitance fluctuations in the range of 10 aF. The HT detection circuit consumes <inline-formula> <tex-math notation="LaTeX">$5.88~\mu \text {W}$ </tex-math></inline-formula> from 1.8-V power supply in 180-nm CMOS technology. The detection method is based on clustering the IC and monitoring each cluster&#x2019;s flag. The flag set circuit is designed to sense parasitic capacitance and change its status based on it. The proposed technique can detect the HT circuit before the activation of the IC. Moreover, this technique shows very promising results in detecting HTs with zero-delay effect, which is a challenging issue in the conventional delay-based side-channel signal analysis method. More significantly, the proposed method does not require a golden IC for HT detection and can detect the HT using simulation-based data. The proposed method creates a recognizable difference detection signal between the capacitive behavior of an infected and a pure IC. This results in a high confidence level in the proposed detection method. The proposed idea is implemented on ISCAS&#x2019;85 benchmark circuits, and the detection outcomes and the statistical simulations are presented.

The hardware, software, and the data present in any electronic system predominantly determine the system's security. Just like software, hardware is equally prone to attacks leading to malfunction. Altering the circuit design via different techniques to create a secret channel that maliciously affects the functionality of the system is called Hardware Trojan (HT) insertion and can cause significant harm. Therefore, it is necessary to efficiently detect the presence of Hardware Trojans in any system. This paper presents the use of a well known Hardware Trojan detection technique called Side-Channel Analysis (SCA) to detect Trojans in encryption modules like AES and RSA. The availability of a golden circuit to compare against the Circuit Under Test (CUT) is assumed to detect Trojans through side-channel analysis. For the same, Xilinx Vivado is used to program the Intellectual Properties (IPs) on the Nexys 4 DDR FPGA. It is shown that the above- mentioned technique is not accurate in certain cases especially when the size of the Trojan is not large enough. So, an alternative technique is proposed that uses machine learning algorithms - that provide an accuracy of at least 93.06% while using the side channel data-sets, thereby significantly increasing the Trojan detection accuracy.

To ensure the hardware security of integrated circuits, especially considering third-party IP cores (3PIP cores) application in SoC design, a novel Hardware Trojan (HT) detection scheme aimed to Register Transfer Level (RTL) Description is proposed in this paper. By analyzing the structural and signal characteristics of RTL design for suspicious circuits, a mathematical model of RTL nodes is constructed to achieve numeric features relevant to HT and available for Machine Learning (ML). Then a ML classifier for a certain category of circuits is trained by Random Forest algorithm and numerical features are extracted. 22 circuits are applied to training and 22 circuits to detecting in experiments, the results show that the average HT detection rate of our proposed detection method can reach 99.93%.

Hardware Trojan detection by timing measurement: Theory and implementation

Several hardware Trojan (HT) detection techniques are available today to ensure the security of hardware systems. However, the existing pre-silicon HT detection techniques have problems such as difficulties in capturing HT path features and poor applicability. To address these challenges, this paper proposes a gate-level HT detection scheme based on a deep learning model. We parse the circuit gate-level netlist and develop an algorithm to extract circuit path sentences based on the signal propagation rule. Path sentences consisting of gate names are extracted as experimental datasets. We apply the theory of natural language processing (NLP) to the task of HT detection and use three neural networks to filter the length of path sentences. Then, based on the deep learning model text convolutional neural network (TextCNN), we propose PS-TextCNN for HT detection. Our approach is verified on seven benchmark circuits of the RS232-series and eight benchmark circuits of the s-series. We achieve an average true positive rate (TPR) of 88.9%. The TPR of the RS232-series reaches a high score of 99.5%. The TPR of the s-series is 79.5%, which is significantly higher than that of the existing gate-level HT detection techniques.

Offshore fabrication, assembling and packaging challenge chip security, as original chip designs may be tampered by malicious insertions, known as hardware Trojans (HTs). HT detection is imperative to guarantee the chip performance and safety. Existing HT detection methods have limited capability to detect small-scale HTs and are further challenged by the increased process variation. To increase HT detection sensitivity and reduce chip authorization time, we propose to exploit the inherent feature of differential cascade voltage switch logic (DCVSL) to detect HTs at runtime. In normal operation, a system implemented with DCVSL always produces complementary logic values in internal nets and final outputs. Noncomplementary values on inputs and internal nets in DCVSL systems potentially result in abnormal power behavior and even system failures. By examining special power characteristics of DCVSL systems upon HT insertion, we can detect HTs, even if the HT size is small. Simulation results show that the proposed method achieves up to 100% HT detection rate. The evaluation on ISCAS benchmark circuits shows that the proposed method obtains a HT detection rate in the range of 66% to 98%.

Existing Hardware Trojan (HT) detection methods face several critical limitations: logic testing struggles with scalability and coverage for large designs, side-channel analysis requires golden reference chips, and formal verification methods suffer from state-space explosion. The emergence of Large Language Models (LLMs) offers a promising new direction for HT detection by leveraging their natural language understanding and reasoning capabilities. For the first time, this paper explores the potential of general-purpose LLMs in detecting various HTs inserted in Register Transfer Level (RTL) designs, including SRAM, AES, and UART modules. We propose a novel tool for this goal that systematically assesses state-of-the-art LLMs (GPT-4o, Gemini 1.5 Pro, and Llama 3.1) in detecting HTs without prior fine-tuning. To address potential training data bias, the tool implements perturbation techniques, <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">i.e</i>., variable name obfuscation, and design restructuring, that make the cases more sophisticated for the used LLMs. Our experimental evaluation demonstrates perfect HT detection rates by GPT-4o and Gemini 1.5 Pro in baseline scenarios (100%/100% precision/recall), with both models achieving better trigger line coverage (TLC: 0.82-0.98) than payload line coverage (PLC: 0.32-0.46). Under code perturbation, while Gemini 1.5 Pro maintains perfect detection performance (100%/100%), GPT-4o (100%/85.7%) and Llama 3.1 (66.7%/85.7%) show some degradation in detection rates, and all models experience decreased accuracy in localizing both triggers and payloads. This paper validates the potential of LLM approaches for hardware security applications, highlighting areas for future improvement.