CN103698687A - Method and system for processing signals of hardware Trojan detection in integrated circuit - Google Patents

Abstract

The invention provides a method and a system for processing signals of hardware Trojan detection in an integrated circuit. The method comprises the following steps of obtaining at least two bypass signals of the to-be-detected integrated circuit; respectively extracting a time domain feature and a frequency domain feature from each bypass signal, and enabling the time domain feature and the frequency domain feature of each bypass signal corresponding to the to-be-detected integrated circuit to form an n-dimension feature vector; converting the n-dimension feature vector into a hardware Trojan risk index by a preset conversion method, wherein the hardware Trojan risk index is used for featuring the degree of the risk of the hardware Trojan in the integrated circuit; comparing the hardware Trojan risk index of the to-be-detected integrated circuit with the preset risk index threshold value, and judging if the hardware Trojan exists in the to-be-detected integrated circuit according to the comparison result. The method and the system have the advantage that the hardware Trojan of the integrated circuit can be detected according to the bypass signals of a plurality of integrated circuits, so the safety of the integrated circuit is improved.

Description

Signal processing method and system thereof that in integrated circuit, hardware wooden horse detects

Technical field

The present invention relates to the technical field that integrated circuit detects, particularly relate to the signal processing method that in a kind of integrated circuit, hardware wooden horse detects, and the signal processing system that in a kind of integrated circuit, hardware wooden horse detects.

Background technology

Globalization due to semiconductor industry, caused design process and the manufacture process of integrated circuit to be separated from each other, this business model has greatly weakened IC(integrated circuit, being integrated circuit) design side is for the control of manufacture process, makes integrated circuit in the fabrication phase, more and more easily suffer opponent's destruction and malicious modification.Opponent can add some extra malice circuit (being also referred to as " hardware wooden horse ") in the manufacture process of IC in chip, after once these hardware wooden horses are triggered, can destroy or destruction system, to opponent, disclose secrets to information or secret provides key etc., this chip that is applied to the security sensitive fields such as financial infrastructure, communications and transportation to those has brought great potential safety hazard.

Because hardware wooden horse has disguise, and dirigibility is very large while realizing, and causes the verification technique of traditional design phase and the measuring technology of fabrication phase all can not directly be used to hardware wooden horse and detects, and makes the detection of hardware wooden horse extremely difficult.

Summary of the invention

Problem that can not detection hardware wooden horse for existing ic test technique, the present invention proposes signal processing method and the system thereof that in a kind of integrated circuit, hardware wooden horse detects, can to the hardware wooden horse of integrated circuit, detect according to the by-passing signal of integrated circuit, improve the security of integrated circuit.

The signal processing method that in integrated circuit, hardware wooden horse detects, comprises the following steps:

Obtain at least two by-passing signals of to-be-measured integrated circuit;

By-passing signal described in each is extracted respectively to temporal signatures and frequency domain character, the temporal signatures of by-passing signal described in corresponding each of described to-be-measured integrated circuit and frequency domain character are formed to n dimensional feature vector, wherein, the concrete numerical value of n is determined by the number of the by-passing signal obtaining and corresponding temporal signatures and the number of frequency domain character;

Described n dimensional feature vector is converted to and characterizes the hardware wooden horse risk index that has the risk size of hardware wooden horse in integrated circuit according to default conversion regime;

The hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value are compared, according to comparative result, judge whether described to-be-measured integrated circuit exists hardware wooden horse.

The signal processing system that in integrated circuit, hardware wooden horse detects, comprising:

By-passing signal acquisition module, for obtaining at least two by-passing signals of to-be-measured integrated circuit;

Characteristic extracting module, for by-passing signal described in each is extracted respectively to temporal signatures and frequency domain character, the temporal signatures of by-passing signal described in corresponding each of described to-be-measured integrated circuit and frequency domain character are formed to n dimensional feature vector, wherein, the concrete numerical value of n is determined by the number of the by-passing signal obtaining and corresponding temporal signatures and the number of frequency domain character;

Risk index computing module, for converting described n dimensional feature vector to characterize the hardware wooden horse risk index that integrated circuit exists the risk size of hardware wooden horse to according to default conversion regime;

Judge module, for the hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value are compared, judges according to comparative result whether described to-be-measured integrated circuit exists hardware wooden horse.

The invention provides signal processing method and system thereof that in a kind of integrated circuit, hardware wooden horse detects, thereby in integrated circuit testing procedure, realize the detection of hardware wooden horse.By obtaining at least two by-passing signals of to-be-measured integrated circuit and extracting respectively temporal signatures and frequency domain character, the temporal signatures of by-passing signal described in each and frequency domain character are formed to n dimensional feature vector, according to described n dimensional feature vector, calculate and characterize the hardware wooden horse risk index that has the risk size of hardware wooden horse in integrated circuit.The n dimensional feature vector that temporal signatures based on a plurality of by-passing signals and frequency domain character form carries out the detection of hardware wooden horse to described to-be-measured integrated circuit, and testing result accuracy is improved greatly.According to described hardware wooden horse risk index, can judge exactly that the hardware wooden horse of integrated circuit exists risk, improve the security of integrated circuit.

Because the present invention can generate a hardware wooden horse risk index, come subtest personnel to whether existing hardware wooden horse to judge in integrated circuit, make this decision process compared with prior art more directly perceived and objective.In addition the present invention has considered the inherent coupled relation existing between a plurality of by-passing signals of integrated circuit, therefore can improve the detection resolution of hardware wooden horse in test process.

Accompanying drawing explanation

Fig. 1 is the schematic flow sheet of the signal processing method that in integrated circuit of the present invention, hardware wooden horse detects;

Fig. 2 is the to-be-measured integrated circuit chip of the signal processing method acquisition that in integrated circuit of the present invention, hardware wooden horse detects and the behavior contrast schematic diagram of reference integrated circuit chip;

Fig. 3 is the schematic diagram of the hardware wooden horse testing result of the embodiment of signal processing method that in integrated circuit of the present invention, hardware wooden horse detects;

Fig. 4 is the structural representation of the signal processing system that in integrated circuit of the present invention, hardware wooden horse detects.

Embodiment

Refer to Fig. 1, Fig. 1 is the schematic flow sheet of the signal processing method that in integrated circuit of the present invention, hardware wooden horse detects.

The signal processing method that in described integrated circuit, hardware wooden horse detects, comprises the following steps:

S101, obtains at least two by-passing signals of to-be-measured integrated circuit;

S102, by-passing signal described in each is extracted respectively to temporal signatures and frequency domain character, the temporal signatures of by-passing signal described in corresponding each of described to-be-measured integrated circuit and frequency domain character are formed to n dimensional feature vector, wherein, the concrete numerical value of n is determined by the number of the by-passing signal obtaining and corresponding temporal signatures and the number of frequency domain character;

S103, converts described n dimensional feature vector to characterize the hardware wooden horse risk index that has the risk size of hardware wooden horse in integrated circuit to according to default conversion regime;

S104, compares the hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value, according to comparative result, judges whether described to-be-measured integrated circuit exists hardware wooden horse.

The signal processing method that in integrated circuit provided by the invention, hardware wooden horse detects is realized the detection of hardware wooden horse in integrated circuit testing procedure.By obtaining at least two by-passing signals of to-be-measured integrated circuit and extracting respectively temporal signatures and frequency domain character, the temporal signatures of by-passing signal described in each and frequency domain character are formed to n dimensional feature vector, according to described n dimensional feature vector, calculate and characterize the hardware wooden horse risk index that has the risk size of hardware wooden horse in integrated circuit.The n dimensional feature vector that temporal signatures based on a plurality of by-passing signals and frequency domain character form carries out the detection of hardware wooden horse to described to-be-measured integrated circuit, and testing result accuracy is improved greatly.According to described hardware wooden horse risk index, can judge exactly that the hardware wooden horse of integrated circuit exists risk, improve the security of integrated circuit.

In step S101, described to-be-measured integrated circuit is obtained at least two by-passing signals.Described by-passing signal can be by-passing signal corresponding to region that to-be-measured integrated circuit may exist hardware wooden horse, or selects to arrange according to other detection factors.

In a preferred implementation, the by-passing signal of the described to-be-measured integrated circuit of obtaining comprises: the transient current (IDDT) on the power supply pin (VDD) of described to-be-measured integrated circuit and quiescent current signal (IDDQ), and the maximum operation frequency of described to-be-measured integrated circuit (Fmax).

Due to when described by-passing signal is measured, due to the disturbance of measurement environment, understand unavoidably drawing-in system error, therefore measure the raw data obtaining unsatisfactory, directly use and can reduce accuracy of analysis, therefore, in a preferred implementation, to measuring by-passing signal described in each that obtain, carry out Signal Pretreatment.Before data analysis, the raw data collecting is carried out to simple preliminary pre-service and process, thereby guarantee the quality of data, strengthen the reliability of data.

Described Signal Pretreatment in present embodiment mainly comprises two steps:

According to the type of described by-passing signal, select corresponding window function to carry out windowing break-in operation to described by-passing signal;

And/or, according to the type of by-passing signal, select corresponding frequency filtering to carry out filtering to described by-passing signal.

For windowing, block, due to the by-passing signal of the to-be-measured integrated circuit measuring course long (as IDDT signal etc.) often, therefore before carrying out signal processing, need to block.Block exactly the signal times of endless there to be the window function of limit for width, the lobe error in this process is relevant with the secondary lobe of window function frequency spectrum, by selecting the smoother window function in two ends, just can reduce lobe error.Conventional window function comprises at present: Hanning window, hamming code window, Gaussian window, quarter window etc.

For filtering: process by filtering, can remove unconcerned frequency content in input signal, remain with the frequency content of use, such as for quiescent current (IDDQ) signal, its low-frequency component is most important, and radio-frequency component can be removed simultaneously.Conventional filter type comprises S filter, Kalman filter, sef-adapting filter etc.

Above-mentioned windowing is blocked in the detailed process with filtering can need to carry out the setting of window function and frequency filtering according to detecting, and it will not go into details herein.For the detection demand of certain concrete hardware wooden horse, selection need to be weighed in above-mentioned multiple window function and wave filter, to determine a kind of of the most applicable current detection demand.

After pre-service, described in each, the live part of the measurement data of by-passing signal is retained, thereby can carry out next step feature selecting.

In step S102, to completing pretreated data, extract the feature on its time domain and frequency domain, form proper vector.

The temporal signatures that by-passing signal described in each is extracted respectively comprises with the next item down or multinomial:

Average: $\mathrm{\μ}=\frac{1}{N}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{x}_k;$

Root-mean-square value: $\mathrm{RMS}=\sqrt{\frac{1}{N}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{x_k}^2};$

Variance: ${\mathrm{\σ}}^2=\frac{1}{2}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{(x_k-\mathrm{\μ})}^2;$

Skewness: $\frac{1}{{\mathrm{N\σ}}^3}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{(x_k-\mathrm{\μ})}^3;$

Kurtosis: $\frac{1}{{\mathrm{N\σ}}^4}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{(x_k-\mathrm{\μ})}^4;$

Crest factor:

And auto-correlation: $R_x\left(n\right)=\frac{1}{N}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{x}_k{x}_{k+n};$

Wherein, x _kbe described by-passing signal along the value of time shaft, N is hits.

And the frequency domain character that by-passing signal described in each is extracted respectively comprises:

Discrete Fourier transformation:

wherein, x(n) be described by-passing signal, k=1,2 ..., N.

To the by-passing signal of each concern, can calculate according to above-mentioned computing formula their time domain and frequency domain character, thereby finally form the proper vector of n dimension, and the number of the concrete numerical value of n and the number of the by-passing signal obtaining and the frequency-domain and time-domain feature chosen is relevant.

In step S103, described n dimensional feature vector is converted to and characterizes the hardware wooden horse risk index that has the risk size of hardware wooden horse in integrated circuit according to default conversion regime.

In a preferred implementation, the conversion regime of described hardware wooden horse risk index is:

The Gaussian Mixture of the Gaussian Mixture distribution of the n dimensional feature vector of described to-be-measured integrated circuit and reference vector is distributed and carries out L2 distance calculating method according to following formula:

‖H(x)·G(x)‖ _L2＝∫H(x)G(x)dx

Wherein, H(x) being the n dimensional feature vector of described to-be-measured integrated circuit, is G(x) described reference vector; Described reference vector consists of the by-passing signal of the known integrated circuit without hardware wooden horse and temporal signatures thereof, frequency domain character;

Calculate according to the following formula described hardware wooden horse risk index:

$\mathrm{RI}=1-\frac{{\left|\right|H\left(x\right)\·G\left(x\right)\left|\right|}_{L2}}{{\left|\right|H\left(x\right)\left|\right|}_{L2}{\left|\right|G\left(x\right)\left|\right|}_{L2}};$

Wherein: RI is described hardware wooden horse risk index,

In present embodiment, the L2 distance calculating method based between two different probability distribution generates this hardware wooden horse risk index.The value of this index is positioned in [0,1] interval, and larger the representative in integrated circuit of its numerical value exists the risk of hardware wooden horse larger, and it can be used as evaluates the objective judgement index that whether has hardware wooden horse in integrated circuit.

The key step that described hardware wooden horse risk index generates can be understood as: take the by-passing signal data of the known integrated circuit (IC) chip without hardware wooden horse (i.e. " reference chip ") and at that time, frequency domain character is references object, assigns these features as " normal behaviour "; The by-passing signal data of to-be-measured integrated circuit chip and at that time, frequency domain character is as " current behavior "; The proper vector distribution situation of " current behavior " and the proper vector distribution situation of " normal behaviour " are contrasted, and the overlapping part between distributing based on these two Gaussian Mixture is carried out the risk index of computing hardware wooden horse.Fig. 2 shows that the behavior that has provided to-be-measured integrated circuit chip is the schematic diagram that how to depart from the behavior of reference integrated circuit chip.

For two mutual overlapping Gaussian distribution, L2 between them distance can be according to formula: ‖ H (x) G (x) ‖ _l2=∫ H (x) G (x) dx calculates.Thereby can calculate described hardware wooden horse risk index accurately by the L2 distance between two Gaussian distribution, improve the accuracy of the hardware wooden horse detection of integrated circuit (IC) chip.

In step S104, the hardware wooden horse risk index (RI) of to-be-measured integrated circuit chip and predefined threshold value are compared, thereby realize the detection of hardware wooden horse.

Concrete grammar can be: the hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value are compared, if higher than described risk index threshold value, judge that described to-be-measured integrated circuit exists hardware wooden horse, otherwise, judge that described to-be-measured integrated circuit does not exist hardware wooden horse.

By the processing of step S101～S103, obtain after the hardware wooden horse risk index RI value of to-be-measured integrated circuit chip, itself and predefined RI threshold value can be compared to (power level that is detected as that this threshold value generally reaches according to expectation is determined), judge whether the former exceeds RI threshold value: if the RI value of to-be-measured integrated circuit chip exceeds threshold value, show to exist in to-be-measured integrated circuit chip hardware wooden horse, otherwise just show in to-be-measured integrated circuit chip without hardware wooden horse; And RI value is higher, show to exist in to-be-measured integrated circuit chip the risk of hardware wooden horse just larger, whether testing staff need decide in its sole discretion can accept this risk level.

Fig. 3 has provided an example that hardware wooden horse detects.In the figure, have 32 to-be-measured integrated circuit chips, wherein the RI value of 5 has exceeded threshold value (0.7), and being therefore judged to be inside exists hardware wooden horse; And all the other RI values of 27 are all smaller, far below threshold value, being therefore judged to be inside there is not hardware wooden horse.

The invention provides a kind of by-passing signal to integrated circuit and process, thus in integrated circuit testing procedure for realizing the method for the detection of hardware wooden horse.Whether the method compared with prior art, can generate a hardware wooden horse risk index and come subtest personnel to existing hardware wooden horse to judge in integrated circuit, makes this decision process compared with prior art more directly perceived and objective.In addition the present invention has also considered the inherent coupled relation existing between a plurality of by-passing signals of integrated circuit, therefore can improve the detection resolution of hardware wooden horse in test process.

Although above in conjunction with process flow diagram, invention has been described, the present invention is not limited to above-mentioned embodiment, for example:

The Signal Pretreatment of mentioning in step S101 of the present invention, except above-mentioned " windowing is blocked ", " filtering ", can also comprise the Signal Pre-Processing Method such as " wavelet analysis ", " Wavelet Envelope Analysis ", with still realizing object of the present invention after alternative " windowing is blocked " of above describing of these signal processing methods, " filtering ".

The hardware wooden horse risk index generating in step S103 of the present invention, except the above-mentioned L2 distance calculating method based between two different probability Gaussian distribution generates the mode of this hardware wooden horse risk index, can also use the methods such as " minimum quantization error (MQE) based in Self-organizing Maps (SOM) ", " based on neural network ", " based on fuzzy logic " to generate hardware wooden horse risk index.After substituting above-mentioned " the L2 distance calculating method based between two different probability Gaussian distribution generates this hardware wooden horse risk index " by these methods, still can realize object of the present invention.

The preferred embodiment of the present invention also has following advantage:

The by-passing signal data that collect are carried out to Signal Pretreatment, thereby only intercept significant by-passing signal time series, and unconcerned frequency content in filtered signal; The proper vector of by-passing signal data is converted to one and characterizes the numerical value (i.e. " hardware wooden horse risk index ") that has the risk size of hardware wooden horse in integrated circuit; The hardware wooden horse risk index of chip to be measured and predefined threshold value are compared, thereby realize the detection of hardware wooden horse.

Refer to Fig. 4, Fig. 4 is the structural representation of the signal processing system that in integrated circuit of the present invention, hardware wooden horse detects.

The signal processing system that in described integrated circuit, hardware wooden horse detects, comprising:

By-passing signal acquisition module 10, for obtaining at least two by-passing signals of to-be-measured integrated circuit;

Characteristic extracting module 20, for by-passing signal described in each is extracted respectively to temporal signatures and frequency domain character, the temporal signatures of by-passing signal described in corresponding each of described to-be-measured integrated circuit and frequency domain character are formed to n dimensional feature vector, wherein, the concrete numerical value of n is determined by the number of the by-passing signal obtaining and corresponding temporal signatures and the number of frequency domain character;

Risk index computing module 30, for converting described n dimensional feature vector to characterize the hardware wooden horse risk index that integrated circuit exists the risk size of hardware wooden horse to according to default conversion regime;

Judge module 40, for the hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value are compared, judges according to comparative result whether described to-be-measured integrated circuit exists hardware wooden horse.

The signal processing system that in integrated circuit provided by the invention, hardware wooden horse detects realizes the detection of hardware wooden horse in integrated circuit testing procedure.By obtaining at least two by-passing signals of to-be-measured integrated circuit and extracting respectively temporal signatures and frequency domain character, the temporal signatures of by-passing signal described in each and frequency domain character are formed to n dimensional feature vector, according to described n dimensional feature vector, calculate and characterize the hardware wooden horse risk index that has the risk size of hardware wooden horse in integrated circuit.The n dimensional feature vector that temporal signatures based on a plurality of by-passing signals and frequency domain character form carries out the detection of hardware wooden horse to described to-be-measured integrated circuit, and testing result accuracy is improved greatly.According to described hardware wooden horse risk index, can judge exactly that the hardware wooden horse of integrated circuit exists risk, improve the security of integrated circuit.

Wherein, 10 pairs of described to-be-measured integrated circuit of described by-passing signal acquisition module are obtained at least two by-passing signals.Described by-passing signal can be by-passing signal corresponding to region that to-be-measured integrated circuit may exist hardware wooden horse, or selects to arrange according to other detection factors.

In a preferred implementation, the by-passing signal of the described to-be-measured integrated circuit that described by-passing signal acquisition module 10 obtains comprises: the transient current (IDDT) on the power supply pin (VDD) of described to-be-measured integrated circuit and quiescent current signal (IDDQ), and the maximum operation frequency of described to-be-measured integrated circuit (Fmax).

Due to when described by-passing signal is measured, due to the disturbance of measurement environment, understand unavoidably drawing-in system error, therefore measure the raw data obtaining unsatisfactory, directly use and can reduce accuracy of analysis, therefore, in a preferred implementation, 10 pairs of measurements of described by-passing signal acquisition module obtain each described in by-passing signal carry out Signal Pretreatment.Before data analysis, the raw data collecting is carried out to simple preliminary pre-service and process, thereby guarantee the quality of data, strengthen the reliability of data.

The Signal Pretreatment of described by-passing signal acquisition module 10 mainly comprises:

According to the type of described by-passing signal, select corresponding window function to carry out windowing break-in operation to described by-passing signal;

And/or, according to the type of by-passing signal, select corresponding frequency filtering to carry out filtering to described by-passing signal.

For windowing, block, due to the by-passing signal of the to-be-measured integrated circuit measuring course long (as IDDT signal etc.) often, therefore before carrying out signal processing, need to block.Block exactly the signal times of endless there to be the window function of limit for width, the lobe error in this process is relevant with the secondary lobe of window function frequency spectrum, by selecting the smoother window function in two ends, just can reduce lobe error.Conventional window function comprises at present: Hanning window, hamming code window, Gaussian window, quarter window etc.

For filtering: process by filtering, can remove unconcerned frequency content in input signal, remain with the frequency content of use, such as for quiescent current (IDDQ) signal, its low-frequency component is most important, and radio-frequency component can be removed simultaneously.Conventional filter type comprises S filter, Kalman filter, sef-adapting filter etc.

Above-mentioned windowing is blocked in the concrete mode with filtering can need to carry out the setting of window function and frequency filtering according to detecting, and it will not go into details herein.For the detection demand of certain concrete hardware wooden horse, selection need to be weighed in above-mentioned multiple window function and wave filter, to determine a kind of of the most applicable current detection demand.

Described by-passing signal acquisition module 10 is by by-passing signal is carried out after pre-service, and described in each, the live part of the measurement data of by-passing signal is retained, thereby can carry out next step feature selecting.

20 pairs of described characteristic extracting module complete pretreated data, extract the feature on its time domain and frequency domain, form proper vector.

The temporal signatures that described characteristic extracting module 20 is extracted respectively by-passing signal described in each comprises with the next item down or multinomial:

Average: $\mathrm{\μ}=\frac{1}{N}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{x}_k;$

Root-mean-square value: $\mathrm{RMS}=\sqrt{\frac{1}{N}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{x_k}^2};$

Variance: ${\mathrm{\σ}}^2=\frac{1}{2}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{(x_k-\mathrm{\μ})}^2;$

Skewness: $\frac{1}{{\mathrm{N\σ}}^3}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{(x_k-\mathrm{\μ})}^3;$

Kurtosis: $\frac{1}{{\mathrm{N\σ}}^4}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{(x_k-\mathrm{\μ})}^4;$

Crest factor:

And auto-correlation: $R_x\left(n\right)=\frac{1}{N}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{x}_k{x}_{k+n};$

Wherein, x _kbe described by-passing signal along the value of time shaft, N is hits.

The frequency domain character that described characteristic extracting module 20 is extracted respectively by-passing signal described in each comprises:

Discrete Fourier transformation:

wherein, x(n) be described by-passing signal, k=1,2 ..., N.

Described characteristic extracting module 20 can calculate according to above-mentioned computing formula their time domain and frequency domain character to the by-passing signal of each concern, thereby finally form the proper vector of n dimension, and the number of the concrete numerical value of n and the number of the by-passing signal obtaining and the frequency-domain and time-domain feature chosen is relevant.

Described risk index computing module 30 converts described n dimensional feature vector to characterize the hardware wooden horse risk index that has the risk size of hardware wooden horse in integrated circuit to according to default conversion regime.

In a preferred implementation, the conversion regime of the hardware wooden horse risk index that described characteristic extracting module 20 generates is:

The Gaussian Mixture of the Gaussian Mixture distribution of the n dimensional feature vector of described to-be-measured integrated circuit and reference vector is distributed and carries out L2 distance calculating method according to following formula:

‖H(x)·G(x)‖ _L2＝∫H(x)G(x)dx

Wherein, H(x) being the n dimensional feature vector of described to-be-measured integrated circuit, is G(x) described reference vector; Described reference vector consists of the by-passing signal of the known integrated circuit without hardware wooden horse and temporal signatures thereof, frequency domain character;

Calculate according to the following formula described hardware wooden horse risk index:

$\mathrm{RI}=1-\frac{{\left|\right|H\left(x\right)\·G\left(x\right)\left|\right|}_{L2}}{{\left|\right|H\left(x\right)\left|\right|}_{L2}{\left|\right|G\left(x\right)\left|\right|}_{L2}};$

Wherein: RI is described hardware wooden horse risk index,

In present embodiment, the L2 distance calculating method of described characteristic extracting module 20 based between two different probability distribution generates this hardware wooden horse risk index.The value of this index is positioned in [0,1] interval, and larger the representative in integrated circuit of its numerical value exists the risk of hardware wooden horse larger, and it can be used as evaluates the objective judgement index that whether has hardware wooden horse in integrated circuit.

Described hardware wooden horse risk index generating mode can be understood as: take the by-passing signal data of the known integrated circuit (IC) chip without hardware wooden horse (i.e. " reference chip ") and at that time, frequency domain character is references object, these features as " normal behaviour "; The by-passing signal data of to-be-measured integrated circuit chip and at that time, frequency domain character is as " current behavior "; The proper vector distribution situation of " current behavior " and the proper vector distribution situation of " normal behaviour " are contrasted, and the overlapping part between distributing based on these two Gaussian Mixture is carried out the risk index of computing hardware wooden horse.

For two mutual overlapping Gaussian distribution, L2 between them distance can be according to formula: ‖ H (x) G (x) ‖ _l2=∫ H (x) G (x) dx calculates.Thereby can calculate described hardware wooden horse risk index accurately by the L2 distance between two Gaussian distribution, improve the accuracy of the hardware wooden horse detection of integrated circuit (IC) chip.

Described judge module 40 compares the hardware wooden horse risk index (RI) of to-be-measured integrated circuit chip and predefined threshold value, thereby realizes the detection of hardware wooden horse.

Particularly, described judge module 40 compares the hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value, if higher than described risk index threshold value, judge that described to-be-measured integrated circuit exists hardware wooden horse, otherwise, judge that described to-be-measured integrated circuit does not exist hardware wooden horse.

By the processing of above-mentioned modules, obtain after the hardware wooden horse risk index RI value of to-be-measured integrated circuit chip, described judge module 40 can compare (power level that is detected as that this threshold value generally reaches according to expectation is determined) by itself and predefined RI threshold value, judge whether the former exceeds RI threshold value: if the RI value of to-be-measured integrated circuit chip exceeds threshold value, show to exist in to-be-measured integrated circuit chip hardware wooden horse, otherwise just show in to-be-measured integrated circuit chip without hardware wooden horse; And RI value is higher, show to exist in to-be-measured integrated circuit chip the risk of hardware wooden horse just larger, whether testing staff need decide in its sole discretion can accept this risk level.

The invention provides a kind of by-passing signal to integrated circuit and process, thus in integrated circuit testing procedure for realizing the system of the detection of hardware wooden horse.Whether this system compared with prior art, can generate a hardware wooden horse risk index and come subtest personnel to existing hardware wooden horse to judge in integrated circuit, makes this decision process compared with prior art more directly perceived and objective.In addition the present invention has also considered the inherent coupled relation existing between a plurality of by-passing signals of integrated circuit, therefore can improve the detection resolution of hardware wooden horse in test process.

The present invention is not limited to above-mentioned embodiment, for example:

The Signal Pretreatment that described by-passing signal acquisition module 10 carries out, except above-mentioned " windowing is blocked ", " filtering ", can also comprise the Signal Pre-Processing Method such as " wavelet analysis ", " Wavelet Envelope Analysis ", with still realizing object of the present invention after alternative " windowing is blocked " of above describing of these signal processing methods, " filtering ".

The hardware wooden horse risk index that described risk index computing module 30 generates, except the above-mentioned L2 distance calculating method based between two different probability Gaussian distribution generates the mode of this hardware wooden horse risk index, can also use the methods such as " minimum quantization error (MQE) based in Self-organizing Maps (SOM) ", " based on neural network ", " based on fuzzy logic " to generate hardware wooden horse risk index.After substituting above-mentioned " the L2 distance calculating method based between two different probability Gaussian distribution generates this hardware wooden horse risk index " by these methods, still can realize object of the present invention.

The preferred embodiment of the present invention also has following advantage:

The by-passing signal data that collect are carried out to Signal Pretreatment, thereby only intercept significant by-passing signal time series, and unconcerned frequency content in filtered signal; The proper vector of by-passing signal data is converted to one and characterizes the numerical value (i.e. " hardware wooden horse risk index ") that has the risk size of hardware wooden horse in integrated circuit; The hardware wooden horse risk index of chip to be measured and predefined threshold value are compared, thereby realize the detection of hardware wooden horse.

The above embodiment has only expressed several embodiment of the present invention, and it describes comparatively concrete and detailed, but can not therefore be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be as the criterion with claims.

Claims (10)

1. the signal processing method that in integrated circuit, hardware wooden horse detects, is characterized in that, comprises the following steps:

Obtain at least two by-passing signals of to-be-measured integrated circuit;

By-passing signal described in each is extracted respectively to temporal signatures and frequency domain character, the temporal signatures of by-passing signal described in corresponding each of described to-be-measured integrated circuit and frequency domain character are formed to n dimensional feature vector, wherein, the concrete numerical value of n is determined by the number of the by-passing signal obtaining and corresponding temporal signatures and the number of frequency domain character;

Described n dimensional feature vector is converted to and characterizes the hardware wooden horse risk index that has the risk size of hardware wooden horse in integrated circuit according to default conversion regime;

The hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value are compared, according to comparative result, judge whether described to-be-measured integrated circuit exists hardware wooden horse.

2. the signal processing method that in integrated circuit as claimed in claim 1, hardware wooden horse detects, it is characterized in that, the by-passing signal of the described to-be-measured integrated circuit of obtaining comprises: the transient current on the power supply pin of described to-be-measured integrated circuit and quiescent current signal, and the maximum operation frequency of described to-be-measured integrated circuit.

3. the signal processing method that in the integrated circuit as described in claim 1 or 2, hardware wooden horse detects, is characterized in that, before by-passing signal described in each is extracted respectively to temporal signatures and frequency domain character, further carries out following steps:

To obtain each described in by-passing signal carry out Signal Pretreatment.

4. the signal processing method that in integrated circuit as claimed in claim 3, hardware wooden horse detects, is characterized in that, described Signal Pretreatment comprises:

According to the type of described by-passing signal, select corresponding window function to carry out windowing break-in operation to described by-passing signal;

And/or, according to the type of by-passing signal, select corresponding frequency filtering to carry out filtering to described by-passing signal.

5. the signal processing method that in the integrated circuit as described in claim 1 or 2, hardware wooden horse detects, is characterized in that, the temporal signatures that by-passing signal described in each is extracted respectively comprises with the next item down or multinomial:

Average: $\mathrm{\μ}=\frac{1}{N}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{x}_k;$

Root-mean-square value: $\mathrm{RMS}=\sqrt{\frac{1}{N}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{x_k}^2};$

Variance: ${\mathrm{\σ}}^2=\frac{1}{2}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{(x_k-\mathrm{\μ})}^2;$

Skewness: $\frac{1}{{\mathrm{N\σ}}^3}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{(x_k-\mathrm{\μ})}^3;$

Kurtosis: $\frac{1}{{\mathrm{N\σ}}^4}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{(x_k-\mathrm{\μ})}^4;$

Crest factor:

And auto-correlation: $R_x\left(n\right)=\frac{1}{N}\underset{k=1}{\overset{N}{\mathrm{\Σ}}}{x}_k{x}_{k+n};$

Wherein, x _kbe described by-passing signal along the value of time shaft, N is hits.

6. the signal processing method that in integrated circuit as claimed in claim 5, hardware wooden horse detects, is characterized in that, the frequency domain character that by-passing signal described in each is extracted respectively comprises:

Discrete Fourier transformation:

wherein, x(n) be described by-passing signal, k=1,2 ..., N.

7. the signal processing method that in the integrated circuit as described in claim 1 or 2, hardware wooden horse detects, it is characterized in that, the step that converts described n dimensional feature vector to characterize the risk size that has hardware wooden horse in integrated circuit hardware wooden horse risk index according to default conversion regime comprises:

The Gaussian Mixture of the Gaussian Mixture distribution of the n dimensional feature vector of described to-be-measured integrated circuit and reference vector is distributed and carries out L2 distance calculating method according to following formula:

‖H(x)·G(x)‖ _L2＝∫H(x)G(x)dx

Wherein, H(x) being the n dimensional feature vector of described to-be-measured integrated circuit, is G(x) described reference vector; Described reference vector consists of the by-passing signal of the known integrated circuit without hardware wooden horse and temporal signatures thereof, frequency domain character;

Calculate according to the following formula described hardware wooden horse risk index:

$\mathrm{RI}=1-\frac{{\left|\right|H\left(x\right)\·G\left(x\right)\left|\right|}_{L2}}{{\left|\right|H\left(x\right)\left|\right|}_{L2}{\left|\right|G\left(x\right)\left|\right|}_{L2}};$

Wherein: RI is described hardware wooden horse risk index,

8. the signal processing method that in the integrated circuit as described in claim 1 or 2, hardware wooden horse detects, it is characterized in that, the hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value are compared, according to comparative result, judge whether described to-be-measured integrated circuit exists the step of hardware wooden horse to comprise:

The hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value are compared, if higher than described risk index threshold value, judge that described to-be-measured integrated circuit exists hardware wooden horse, otherwise, judge that described to-be-measured integrated circuit does not exist hardware wooden horse.

9. the signal processing system that in integrated circuit, hardware wooden horse detects, is characterized in that, comprising:

By-passing signal acquisition module, for obtaining at least two by-passing signals of to-be-measured integrated circuit;

Characteristic extracting module, for by-passing signal described in each is extracted respectively to temporal signatures and frequency domain character, the temporal signatures of by-passing signal described in corresponding each of described to-be-measured integrated circuit and frequency domain character are formed to n dimensional feature vector, wherein, the concrete numerical value of n is determined by the number of the by-passing signal obtaining and corresponding temporal signatures and the number of frequency domain character;

Risk index computing module, for converting described n dimensional feature vector to characterize the hardware wooden horse risk index that integrated circuit exists the risk size of hardware wooden horse to according to default conversion regime;

Judge module, for the hardware wooden horse risk index of described to-be-measured integrated circuit and default risk index threshold value are compared, judges according to comparative result whether described to-be-measured integrated circuit exists hardware wooden horse.

10. the signal processing system that in integrated circuit as claimed in claim 9, hardware wooden horse detects, it is characterized in that, the by-passing signal of the described to-be-measured integrated circuit that described by-passing signal acquisition module obtains comprises: the transient current on the power supply pin of described to-be-measured integrated circuit and quiescent current signal, and the maximum operation frequency of described to-be-measured integrated circuit.

Images