Trojan detection based on delay variations measured using a high-precision, low-overhead embedded test structure

The horizontal dissemination of the chip fabrication industry has raised new concerns over Integrated Circuit (IC) Trust, in particular, the threat of malicious functionality, i.e., a Hardware Trojan, that is added by an adversary to an IC. In this paper, we propose the use of a high-precision, low-overhead embedded test structure for measuring path delays to detect the delay anomalies introduced by hardware Trojans. The proposed test structure, called REBEL, is minimally invasive to the design as it leverages the existing scan structures. In this work, we integrate REBEL into a structural description of a pipelined Floating Point Unit. Trojan emulation circuits, designed to model internal wire loads introduced by a hardware Trojan, are inserted into the design at multiple places. The emulation cell incorporates an analog control pin to allow a variety of hardware Trojan loading scenarios to be investigated. We evaluate the detection sensitivity of REBEL for detecting hardware Trojans using regression analysis and hardware data collected from 62 copies of the chip fabricated in 90nm CMOS technology.