CN110598399A - Hardware Trojan horse detection device and method based on weak same path - Google Patents

Abstract

The invention belongs to the field of integrated circuit hardware Trojan detection methods. In order to quickly and effectively detect delay information on weakly identical paths, reduce the complexity and cost of chip detection, and remove the influence of process deviations, the present invention is based on the hardware Trojans of weakly identical paths. The detection device and method, the steps are as follows: 1) perform static timing analysis on the layout of the integrated circuit, and determine the path and delay information: 2) set the weak identical path delay threshold, analyze and determine the weak identical path set R: 3) analyze the weak identical path Sensitivity, screening weak identical path sets: 4) Implant multi-loop on-chip delay Trojan self-detection structure to analyze effectiveness: 5) Test the delay information of the paths after chip fabrication; 6) Measure the difference between the delay information Contrast and determine the path of the suspected implanted Trojan. The present invention is mainly applied to the occasion of integrated circuit design and manufacture.

Description

Hardware Trojan Detection Device and Method Based on Weak Same Path

technical field

The invention belongs to the field of integrated circuit hardware Trojan horse detection methods, in particular to a hardware Trojan horse detection method based on weak identical paths.

Background technique

Integrated Circuits (IC), as the core of various electronic products in life, have been widely used in various aspects such as mobile communication, satellite communication, aerospace and so on. To produce a qualified chip roughly requires four links: integrated circuit design, manufacturing, testing and packaging. Because the cost of completing each link is very expensive, and the technical system is very large and complex, each link is separated and carried out independently of each other. Therefore, the chips used by users are more likely to be implanted by hardware hackers into Trojan horses during the manufacturing process, which will cause chip security issues. These security problems are mainly manifested in increasing chip power consumption, stealing user information, and paralyzing the chip. The implantation of hardware Trojans is a serious challenge to the field of information security. Therefore, it is very necessary to carry out research on the detection method of integrated circuit hardware Trojans.

Hardware Trojan detection methods mainly include failure analysis, logic testing and side channel analysis. Failure analysis is a destructive physical detection method. It uses an electron microscope to extract the published graph structure to extract the netlist, and compares the netlist to determine whether there is a Trojan horse. This is the most direct and accurate detection method. However, as the scale of integrated circuits increases, this approach requires high-precision microscopes as well as high-precision matching reticles, and the larger the circuit scale, the greater the effort required for mechanical grinding or other processing. Therefore, this method is only suitable for sampling inspection of a small number of chips, and it is difficult to test large-scale circuits in batches. The logic test mainly judges whether the pure circuit has been tampered by whether the output result of the test vector at the output interface is consistent with the design expectation. The accuracy of this detection method is high, but the disadvantage is that for large-scale circuits, it is difficult to activate the payload part of the Trojan circuit during testing. Side channel analysis technology uses the side channel information of the pure circuit and the circuit under test to distinguish whether the circuit under test contains Trojan horses. The side channel analysis technology has low cost and fast detection speed, and has gradually become the mainstream of hardware Trojan horse detection methods. Side channel information includes power consumption, electromagnetic, path delay, light and temperature, etc. Compared with other side channel information, path delay information has the advantages of not requiring hardware Trojan horse activation, less affected by process deviation, and containing location information. Path delay-based hardware Trojan detection technology has received extensive attention.

Path delay-based side-channel analysis techniques measure path delay information by inserting shadow registers or time-to-digital converters in the chip. The delay information of the original circuit is compared with the delay information of the circuit under test to detect the Trojan. Since there are many circuit paths in the chip, implanting shadow registers or time-to-digital converters will significantly increase the chip area and increase power consumption. In addition, the side-channel analysis technology needs to measure the delay information of the original circuit as the golden model. The process of establishing the golden model is very complicated, which increases the detection cost of hardware Trojans.

Therefore, the present invention proposes a hardware Trojan detection method based on the weak identical path, which selects the weak identical path of the circuit as the path to be detected according to the application background of the circuit. Insert a multi-loop on-chip delay Trojan self-detection structure in a blank area of the chip. In the test phase, the hardware Trojan detection is realized by collecting the delay information of the multi-loop on-chip delay Trojan self-detection structure and comparing it with the preset delay information. The method compares the difference of path delay information in the same chip, which can effectively reduce the influence of process deviation on the measurement results. In addition, this method does not need to establish a golden model, which reduces the complexity and detection cost of hardware Trojan detection, and ensures the integration of The safety of the circuit in the application stage has certain practical significance and application value.

(1) References

[1]Cha B,Gupta S K.[IEEE Conference Publications Design Automationand Test in Europe-Grenoble,France(2013.03.18-2013.03.22)]Design,Automation&Test in Europe Conference&Exhibition(DATE),2013-Trojan Detection via DelayMeasurements: ANew Approach to Select Paths and Vectors to MaximizeEffectiveness and Minimize Cost[J].2013:1265-1270.

[2] Lamech C, Plusquellic J. Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure [C]//IEEE International Symposium on Hardware-oriented Security&Trust.IEEE, 2012.

[3]Exurville I, Zussa,Rigaud JB et al.Resilient hardware Trojansdetection based on path delay measurements[C]//IEEE International Symposiumon Hardware Oriented Security&Trust.IEEE,2015.

[4]Hao X,Saiyu R.Hardware Trojan detection by timing measurement:Theory and implementation[J].Microelectronics Journal,2018,77:16-25.

[5] Xiao K, Zhang X, Tehranipoor M.A Clock Sweeping Technique for Detecting Hardware Trojans Impacting Circuits Delay[J].IEEE Design&Test,2013,30(2):26-34.

SUMMARY OF THE INVENTION

In order to overcome the deficiencies of the prior art, the present invention aims to propose a multi-loop on-chip delay Trojan self-detection structure based on the weak identical path, which can quickly and effectively detect the delay information on the weak identical path, and compare it with the simulation results. For comparison, there is no need to establish a golden model, which reduces the complexity and cost of chip inspection, and removes the influence of process deviation by comparing the difference in path delay. For this reason, the technical solution adopted by the present invention is a hardware Trojan detection method based on weak identical paths, and the steps are as follows:

1) Perform static timing analysis on the layout of the integrated circuit to determine the path and delay information:

Perform static timing analysis on the circuit layout, extract the netlist of the circuit layout, analyze and filter out all path information, and finally determine the delay information t of each path;

2) Set the weak identical path delay threshold, analyze and determine the weak identical path set R:

Read out the path and delay information in the netlist, and filter out several paths with the delay information difference within a certain range according to the set path delay threshold, and determine them as the weakly identical path set R={li _i , t _i }, i=1, 2, 3..., _{li in the set represents the path, and t i represents} the delay corresponding to the path;

3) Analyze the sensitivity of weakly identical paths, and screen the set of weakly identical paths:

According to the application background of the circuit, the security attributes of the circuit paths are divided, and the sensitive paths of the circuit are determined according to the security level, and the weakly identical path set that matches it is selected centrally to form the weakly identical sensitive path set R1={l _k ,t _k } , _k =1, 2, 3..., lk represents the sensitive path in the set, and t _k represents the delay corresponding to the path;

4) Implant the multi-loop on-chip delay Trojan self-detection structure to analyze the effectiveness:

In the blank area of the circuit, implant a multi-loop on-chip delay Trojan self-detection structure, and evaluate the effectiveness of the implanted self-detection structure through simulation to determine whether the circuit can effectively output delay information;

5) Test the delay information of the path after the chip is fabricated:

Use the implanted multi-loop on-chip delay Trojan self-detection structure to test the delay information t _k ' on the selected weakly identical path set, and obtain the difference Δt' of the delay information;

6) Compare the difference between the delay information and determine the path of the suspected Trojan horse implantation:

The difference Δt of the delay information obtained through the netlist before chip fabrication is compared with the difference Δt' of the weak identical path delay information obtained through the on-chip self-checking structure after fabrication, and the path suspected of implanting a Trojan is determined.

Multi-loop on-chip delay Trojan self-detection structure includes: multi-frequency signal generation module, NAND gate n1, multiplexer MU1, NOT gate n2, NOT gate n3 to form loop L1, NAND gate n4, multiplexer MU1 , NOT gate n2, NOT gate n3, NOT gate n5, NOT gate n6 form a loop L2, NAND gate n7, multiplexer MU1, NOT gate n2, NOT gate n3, NOT gate n5, NOT gate n6, NOT gate n8 and NOT gate n9 form a loop L3; input level signals through the input terminals EN1, EN2, EN3 of NAND gates n1, n4, n7, and select the conducting loop through the multiplexer MU1, because the three loops are gated The delay time is different, so selecting different loops will generate signals of different frequencies at point A of the output terminal A of the multiplexer MU1, which is the detection signal;

For the weak identical paths formed by multiple circuits to be tested, the detection signal is implanted into the corresponding position of the circuit to be tested through the transmission gates TH1, TH2...THm, THn. When the circuit to be tested is working normally, the transmission gate is closed; In the state, the transmission gate is turned on, and the detection signal is transmitted on the weak same path;

The path selection module selects two weak identical paths that need to be tested through the multiplexer MU2, and transmits the test signal output by the test path to the XOR gate. The XOR gate XORs the signals on the two paths and outputs it through the XOR gate. The width of the high-level signal is obtained, and the difference of the path transmission time is obtained.

The characteristics and beneficial effects of the present invention are:

(1) The present invention performs hardware Trojan detection based on path delay information, compares the delay information of the path after tape-out with the simulation results before tape-out, does not need to measure the delay information of the original circuit, and reduces the complexity of hardware Trojan detection.

(2) The present invention compares the difference between the delay information of the weak same path before and after the tape-out of the same chip, which effectively avoids the influence of the process deviation in the tape-out process on the test result, and improves the accuracy of hardware Trojan detection. Spend.

(3) The present invention proposes a multi-loop on-chip delay Trojan self-detection structure, which can realize rapid detection of several weakly identical paths, without repeatedly implanting multiple identical detection circuits in the circuit, saving circuit area, Reduced costs.

Description of drawings:

Figure 1 Trojan detection flow chart.

Figure 2 Multi-loop on-chip delay Trojan self-detection structure.

Figure 3 Weak identical paths.

Figure 4. Weak identical pathways after implantation of Trojan horses.

Timing information of points A, B, C, and D in Figure 5.

Detailed ways

The traditional path-based hardware Trojan detection method needs to measure and compare the delay information of a large number of original circuits, the detection efficiency is low, the cost is high, and there are process deviations in the manufacturing process, resulting in a deviation between the actual value of the path delay and the theoretical value, which is seriously reduced. the accuracy of Trojan detection. Aiming at the problem that Trojans are easily implanted in the chip manufacturing process, the present invention proposes a multi-loop on-chip delay Trojan self-detection structure based on weak identical paths, which can quickly and effectively detect delay information on weak identical paths. Compared with the simulation results, there is no need to establish a golden model, which reduces the complexity and cost of chip inspection. By comparing the difference in path delay, the influence of process deviation is removed.

The side-channel hardware Trojan detection technology is a technology to determine whether a hardware Trojan is implanted in the circuit by collecting and comparing the side-channel information of the circuit, such as power consumption, electromagnetic, circuit delay, etc. Compared with the hardware Trojan detection based on electromagnetic and power consumption information, the advantages of the hardware Trojan detection technology based on delay information are that it does not need to activate the Trojan in the circuit, is less affected by process deviation, and contains location information. Even if the implanted Trojan horse in the circuit is not activated, the delay information on the implanted path changes significantly.

The complete technical scheme of the present invention is shown in Figure 1 and explained as follows:

1) Perform static timing analysis on the layout of the integrated circuit to determine the path and delay information:

Perform static timing analysis on the circuit layout, extract the netlist of the circuit layout, analyze and filter out all path information, and finally determine the delay information t of each path.

2) Set the weak identical path delay threshold, analyze and determine the weak identical path set R:

Read out the path and delay information in the netlist, and filter out several paths with the delay information difference within a certain range according to the set path delay threshold, and determine them as the weakly identical path set R={li _i , t _i }, i=1, 2, 3..., _{li in the set represents a path, and t i represents} the delay corresponding to the path.

3) Analyze the sensitivity of weakly identical paths, and screen the set of weakly identical paths:

According to the application background of the circuit, the security attributes of the circuit paths are divided, and the sensitive paths of the circuit are determined according to the security level, and the weakly identical path set that matches it is selected centrally to form the weakly identical sensitive path set R1={l _k ,t _k } , _k =1, 2, 3..., lk represents a sensitive path in the set, and t _k represents the delay corresponding to the path.

4) Implant the multi-loop on-chip delay Trojan self-detection structure to analyze the effectiveness:

In the blank area of the circuit, implant the multi-loop on-chip delay Trojan self-detection structure as shown in Figure 2, and evaluate the effectiveness of the implanted self-detection structure through simulation to determine whether the circuit can effectively output delay information .

5) Test the delay information of the path after the chip is fabricated:

Using the implanted multi-loop on-chip delay Trojan self-detection structure, the delay information t _k ' on the selected weakly identical path set is tested, and the difference value Δt' of the delay information is obtained.

6) Compare the difference between the delay information and determine the path of the suspected Trojan horse implantation:

The difference Δt of the delay information obtained through the netlist before chip fabrication is compared with the difference Δt' of the weak identical path delay information obtained through the on-chip self-checking structure after fabrication, and the path suspected of implanting a Trojan is determined.

To carry out hardware Trojan detection research based on delay characteristics, it is necessary to comprehensively consider various influencing factors of delay information. The delay on the circuit path consists of the delay of the gate circuit, the delay of the interconnection, and the delay caused by the non-ideal factors. The gate circuit is composed of multiple diodes, triodes, and MOS tubes. Due to the influence of parameters such as inter-electrode capacitance, distributed inductance, and transmission time, the transmission delay is finally caused. The equivalent capacitance and equivalent resistance on the interconnect between the gates will cause the interconnect delay. In addition, in the manufacturing process of the chip, due to the complex process, random errors are inevitably generated, and such process deviations will have a certain impact on the delay information of the integrated circuit chip. Therefore, for the original circuit, the delay on a path is mainly composed of three parts: the gate circuit delay t _C , the interconnection delay t _L , and the process deviation delay t _F . The total path delay is:

t=t _C +t _L +t _F (1)

A hardware Trojan refers to a module maliciously implanted in a chip, which can be exploited by attackers to achieve destructive functions under special conditions. Inserted hardware Trojans may cause information leakage, change circuit function, or even destroy circuit structure. When a hardware Trojan is implanted in a circuit, the hardware Trojan is considered a redundant unit. Due to the influence of gate delay and interconnection delay in the Trojan horse circuit, the delay information on the path will change. The delay information of the path after the hardware Trojan is implanted includes four parts: the gate circuit delay t _C , the interconnection delay t _L , the process deviation delay t _F and the Trojan circuit delay t _T on the path. The total path delay is:

t=t _C +t _L +t _F +t _T (2)

Weakly identical paths refer to a set of paths with approximately the same delay information. As shown in Figure 3, the path through gate circuits g1, g2, g3, and g7 is path A, the path through gate circuits g4, g5, g6, and g7 is path B, and the path through gate circuits g8, g9, g10, g11 for path C. The delay times of path A, path B, and path C are all composed of gate delay on the path, interconnect delay and process deviation delay. Total delay time for path A:

tA = t _CA + t _LA + t _FA (3)

Among them, t _CA is the gate delay on path A, t _LA is the interconnect line delay on path A, and t _FA is the process deviation delay.

Total delay time for path B:

tB = t _CB + t _LB + t _FB (4)

Among them, t _CB is the gate delay on path B, t _LB is the interconnect line delay on path B, and t _FB is the process deviation delay.

Total delay time for path C:

tC = t _CC + t _LC + t _FC (5)

Among them, t _CC is the gate delay on path C, t _LC is the interconnect line delay on path C, and t _FC is the process deviation delay.

The difference between the delay of path A and the delay of path B is:

Δt=(t _CA -t _CB )+(t _LA -t _LB )+(t _FA -t _FB ) (6)

Since the path delay is less affected by process variation, and in the same circuit, the influence of process variation is approximately the same, the term (t _FA -t _FB ) can be ignored. Therefore, the difference between the delay information of the three paths A, B, and C is reflected as the difference between the gate delay and the interconnection delay. When the difference between the delays of the A, B, and C paths is within a certain threshold range , then path A, path B and path C are said to be weakly identical paths.

The reason why the present invention selects the weak identical path for detection is because before the Trojan horse is not implanted, the difference of the delay information of the weak identical path is within a certain threshold range. The difference of time information will change greatly, and it is more convenient to detect the implantation of Trojan horses by using weakly identical paths. As shown in Figure 4, if a Trojan horse structure is implanted on path C, the delay of path C becomes:

t = t _CC + t _LC + t _FC + t _TC (7)

Among them, t _CC is the gate delay on path C, t _LC is the interconnect line delay on path C, t _FC is the process deviation delay, and t _TC is the delay of the Trojan horse structure on path C.

The difference between path C and path A delays becomes:

Δt'=(t _CC -t _CA )+(t _LC -t _LA )+t _TC (8)

where t _CA is the gate delay on path A, and t _LA is the interconnect delay on path A.

When the Trojan is not implanted, the difference between the delay of path C and path A is

Δt=(t _CC -t _CA )+(t _LC -t _LA ) (9)

Since the value of Δt is small, the value of Δt' will be significantly changed relative to the value of Δt after the Trojan horse is implanted.

The multi-loop on-chip delay Trojan self-detection structure proposed by the present invention is shown in Figure 2. In the multi-frequency signal generation module, a NAND gate n1, a multiplexer MU1, a NOT gate n2, and a NOT gate n3 form a loop L1, NAND gate n4, multiplexer MU1, NOT gate n2, NOT gate n3, NOT gate n5, NOT gate n6 form a loop L2, NAND gate n7, multiplexer MU1, NOT gate n2, NOT gate n3, The NOT gate n5, the NOT gate n6, the NOT gate n8, and the NOT gate n9 constitute the loop L3. Input level signals through EN1, EN2, EN3, and select the loop that is turned on through the multiplexer MU1. Since the door-to-door delay time of the three loops is different, selecting different loops will generate signals of different frequencies at point A. The signal is a detection signal.

In the weak identical path module, multiple weak identical paths of the original circuit are displayed, and the detection circuit is implanted into the corresponding position of the original circuit through the transmission gates TH1, TH2...THm, THn. When the original circuit works normally, the transmission gate is closed; when it is in the test state, the transmission gate is turned on, and the detection signal is transmitted on the weak same path.

The path selection module selects two weak identical paths to be tested through the multiplexer MU2, and transmits the test signal output by the test path to the XOR gate. The XOR gate XORs the signals on the two paths. Since the transmission time of the square wave signal on the path is different, the difference of the path transmission time can be obtained by the width of the high-level signal output by the XOR gate. In Figure 2, the timing diagram of points A, B, C, and D is shown in Figure 5, where the signal at point A is the test signal generated by the ring oscillator, the signals at points B and C are the test signals output by the weak same path, and the signal at point D The signal is an XORed signal. In the waveform of point D, Δt' is the difference between the weak identical path delay information.

Claims (2)

1. a hardware Trojan detection method based on weak identical path, is characterized in that, step is as follows: 1) Perform static timing analysis on the layout of the integrated circuit to determine the path and delay information: Perform static timing analysis on the circuit layout, extract the netlist of the circuit layout, analyze and filter out all path information, and finally determine the delay information t of each path; 2) Set the weak identical path delay threshold, analyze and determine the weak identical path set R: Read out the path and delay information in the netlist, and filter out several paths with the delay information difference within a certain range according to the set path delay threshold, and determine them as the weakly identical path set R={li _i , t _i }, i=1, 2, 3..., _{li in the set represents the path, and t i represents} the delay corresponding to the path; 3) Analyze the sensitivity of weakly identical paths, and screen the set of weakly identical paths: According to the application background of the circuit, the security attributes of the circuit paths are divided, and the sensitive paths of the circuit are determined according to the security level, and the weakly identical path set that matches it is selected centrally to form the weakly identical sensitive path set R1={l _k ,t _k } , _k =1, 2, 3..., lk represents the sensitive path in the set, and t _k represents the delay corresponding to the path; 4) Implant the multi-loop on-chip delay Trojan self-detection structure to analyze the effectiveness: In the blank area of the circuit, implant a multi-loop on-chip delay Trojan self-detection structure, and evaluate the effectiveness of the implanted self-detection structure through simulation to determine whether the circuit can effectively output delay information; 5) Test the delay information of the path after the chip is fabricated: Use the implanted multi-loop on-chip delay Trojan self-detection structure to test the delay information t _k ' on the selected weakly identical path set, and obtain the difference Δt' of the delay information; 6) Compare the difference between the delay information and determine the path of the suspected Trojan horse implantation: The difference Δt of the delay information obtained through the netlist before chip fabrication is compared with the difference Δt' of the weak identical path delay information obtained through the on-chip self-checking structure after fabrication, and the path suspected of implanting a Trojan is determined. 2. A multi-loop on-chip delay Trojan self-detection structure is characterized in that, comprising: a multi-frequency signal generation module, a NAND gate n1, a multiplexer MU1, a NOT gate n2, and a NOT gate n3 to form a loop L1, and NOT gate n4, multiplexer MU1, NOT gate n2, NOT gate n3, NOT gate n5, NOT gate n6 form a loop L2, NAND gate n7, multiplexer MU1, NOT gate n2, NOT gate n3, NOT gate Gate n5, NOT gate n6, NOT gate n8, NOT gate n9 form a loop L3; input level signals through the input terminals EN1, EN2, EN3 of NAND gates n1, n4, n7, and select conduction through the multiplexer MU1 Because the door-to-door delay time of the three loops is different, selecting different loops will generate signals of different frequencies at point A of the output terminal A of the multiplexer MU1, and this signal is the detection signal; For the weak identical paths formed by multiple circuits to be tested, the detection signal is implanted into the corresponding position of the circuit to be tested through the transmission gates TH1, TH2...THm, THn. When the circuit to be tested is working normally, the transmission gate is closed; In the state, the transmission gate is turned on, and the detection signal is transmitted on the weak same path; The path selection module selects two weak identical paths that need to be tested through the multiplexer MU2, and transmits the test signal output by the test path to the XOR gate. The XOR gate XORs the signals on the two paths and outputs it through the XOR gate. The width of the high-level signal is obtained, and the difference of the path transmission time is obtained.