Hardware Trojans are malicious, intentional modifications to an integrated circuit's design or fabrication that can compromise its security, reliability, or functionality. As the IC supply chain becomes increasingly outsourced and globalized, the threat of hardware Trojans has become one of the most pressing concerns in hardware security.
Trojan Taxonomy
Hardware Trojans can be classified along several dimensions:
By Activation Mechanism
- Always-On Trojans: Continuously active, typically leaking information through side channels
- Triggered Trojans: Dormant until a specific condition is met (a rare input sequence, a counter reaching a value, or an external signal)
By Payload
- Information Leakage: Exfiltrating secret keys or sensitive data through covert channels
- Denial of Service: Causing the chip to malfunction or shut down under specific conditions
- Privilege Escalation: Bypassing security mechanisms to gain unauthorized access
- Performance Degradation: Subtly reducing chip reliability or lifetime
By Insertion Point
- Design Phase: Inserted by a rogue designer or through compromised IP cores
- Fabrication Phase: Added by an untrusted foundry through layout modifications
- Testing Phase: Exploiting test infrastructure (e.g., JTAG, scan chains) as attack vectors
Detection Techniques
Logic Testing
Applying test vectors designed to activate potential Trojans and observing outputs for deviations. The challenge: Trojans are specifically designed to avoid activation during normal testing.
Side-Channel Analysis
Measuring power consumption, electromagnetic emissions, or timing characteristics and comparing against a golden (trusted) reference. Statistical techniques like principal component analysis can detect anomalies caused by additional Trojan circuitry.
Formal Methods
Using property checking and equivalence verification to prove that a design satisfies its security specifications. These methods can provide guarantees but face scalability challenges on large designs.
Our Approach: We use Graph Neural Networks (GNNs) to analyze gate-level netlists, learning to distinguish between benign circuit structures and suspicious Trojan-like patterns. Our models generalize across different Trojan types and benchmark circuits.
ML-Based Detection
Machine learning approaches have shown significant promise for Trojan detection:
- Feature-Based Classification: Extracting circuit-level features (testability measures, structural properties) and training classifiers to identify Trojan-infected nets
- GNN-Based Analysis: Representing circuits as graphs and using graph neural networks to learn structural patterns indicative of Trojans
- Anomaly Detection: Training models on Trojan-free designs and flagging circuits that deviate from learned normal behavior
Prevention Strategies
- Split Manufacturing: Fabricating different layers of the chip at different foundries so no single entity sees the complete design
- Logic Locking: Adding key-controlled gates that prevent correct functionality without the secret key
- Obfuscation: Making the design difficult to understand or modify
- Runtime Monitoring: Embedding on-chip monitors that detect anomalous behavior during operation
Open Challenges
Despite significant progress, several challenges remain: detecting ultra-small Trojans that cause minimal side-channel signatures, scaling detection techniques to billion-transistor designs, and developing unified frameworks that combine multiple detection approaches. At ASEEC, we continue to push the boundaries of what's possible with AI-driven Trojan detection and prevention.