CN111460529B - Hardware Trojan detection and positioning method and system - Google Patents

Hardware Trojan detection and positioning method and system Download PDF

Info

Publication number
CN111460529B
CN111460529B CN202010184947.8A CN202010184947A CN111460529B CN 111460529 B CN111460529 B CN 111460529B CN 202010184947 A CN202010184947 A CN 202010184947A CN 111460529 B CN111460529 B CN 111460529B
Authority
CN
China
Prior art keywords
chip
electromagnetic radiation
electromagnetic
hardware trojan
signals
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010184947.8A
Other languages
Chinese (zh)
Other versions
CN111460529A (en
Inventor
侯波
王力纬
恩云飞
雷登云
黄云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronic Product Reliability and Environmental Testing Research Institute
Original Assignee
China Electronic Product Reliability and Environmental Testing Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Electronic Product Reliability and Environmental Testing Research Institute filed Critical China Electronic Product Reliability and Environmental Testing Research Institute
Priority to CN202010184947.8A priority Critical patent/CN111460529B/en
Publication of CN111460529A publication Critical patent/CN111460529A/en
Application granted granted Critical
Publication of CN111460529B publication Critical patent/CN111460529B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01RMEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
    • G01R31/00Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
    • G01R31/28Testing of electronic circuits, e.g. by signal tracer
    • G01R31/2851Testing of integrated circuits [IC]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2411Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on the proximity to a decision surface, e.g. support vector machines

Abstract

The invention relates to a hardware Trojan detection and positioning method and a system, wherein the method comprises the following steps: applying an excitation signal; the method comprises inputting square wave signal at clock input end of chip to be tested, applying working voltage V between power supply input end and ground wire DD The method comprises the steps of carrying out a first treatment on the surface of the Detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals; acquiring electromagnetic data of each region of a normal chip, comparing the electromagnetic radiation signals of each region with the electromagnetic data, and judging that the chip to be detected has no hardware Trojan if the electromagnetic radiation signals of each region do not exceed the upper limit and the lower limit of the electromagnetic data; if areas with electromagnetic radiation signals exceeding the upper limit and the lower limit exist, judging that hardware Trojan horse exists in the areas; the electromagnetic data are obtained by testing electromagnetic radiation of a normal chip under the excitation signal. The invention can effectively improve the detection rate of the hardware Trojan horse.

Description

Hardware Trojan detection and positioning method and system
Technical Field
The invention relates to circuit testing, in particular to a hardware Trojan detection and positioning method and a hardware Trojan detection and positioning system.
Background
The integrated circuit (Integrated Circuit) is provided, the global evolution of the IC) industry and the Foundry (Foundry) model have led to the distribution of integrated circuit industry chains that were previously located within a country to various locations around the world. In addition, to shorten the integrated circuit design cycle, the widespread use of third party IP (3 PIP) and integrated circuit design automation (Electric Design Automation, EDA) tools in integrated circuit designs has led to the integrated circuit industry chain not being fully controllable, and malicious attackers may implant malicious circuits in the integrated circuits/chips, such malicious circuits being referred to as "hardware trojans". A hardware Trojan is a malicious circuit that is implanted into an integrated circuit to perform a specific function, as shown in fig. 1, which is a link in the industry of integrated circuits and in which the hardware Trojan may be implanted.
A hardware Trojan is a circuit structure that is implanted during the design and manufacture of an integrated circuit and is activated during operation of the circuit. Compared with the software Trojan horse which can be cleared through the antivirus software, the hardware Trojan horse cannot be changed after the IC is manufactured, and the hardware Trojan horse can be cleared only through replacing the IC. Hazard and concealment are fundamental characteristics of hardware trojans. The harm of the hardware Trojan mainly comprises information leakage, service rejection, function change, performance reduction and the like.
Disclosure of Invention
Based on this, it is necessary to provide a hardware Trojan detection and positioning method and system.
A hardware Trojan detection and positioning method comprises the following steps: applying an excitation signal; the method comprises inputting square wave signal at clock input end of chip to be tested, applying working voltage V between power supply input end and ground wire DD The method comprises the steps of carrying out a first treatment on the surface of the Detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals; acquiring electromagnetic data of each region of a normal chip, comparing the electromagnetic radiation signals of each region with the electromagnetic data, and judging that the chip to be detected has no hardware Trojan if the electromagnetic radiation signals of each region do not exceed the upper limit and the lower limit of the electromagnetic data; if areas with electromagnetic radiation signals exceeding the upper limit and the lower limit exist, judging that hardware Trojan horse exists in the areas; the electromagnetic data are obtained by testing electromagnetic radiation of a normal chip under the excitation signal.
In one embodiment, the square wave signal is a square wave voltage digital signal with a constant period and duty cycle.
In one embodiment, the step of detecting the electromagnetic radiation signal of each region of the chip under test under the excitation signal comprises: converting an electromagnetic signal into a voltage signal through an electromagnetic probe; amplifying the voltage signal by an amplifying circuit; and obtaining voltage data changing with time through an oscilloscope.
In one embodiment, the testing of the normal chips for electromagnetic radiation under the stimulus signal is testing a plurality of identical normal chips for electromagnetic radiation under the stimulus signal.
In one embodiment, the testing of the normal chip for electromagnetic radiation under the stimulus signal comprises: calculating the characteristic value of each region data of all the tested normal chips, classifying the characteristic value of each region through a classification support vector machine, and determining a boundary line; the step of comparing the electromagnetic radiation signal of each of the regions with the electromagnetic data comprises: and calculating characteristic values of the electromagnetic radiation signals, if the characteristic values of the electromagnetic radiation signals of each area are in the boundary line, judging that the chip to be detected has no hardware Trojan, and if the areas with the characteristic values of the electromagnetic radiation signals outside the boundary line exist, judging that the areas have the hardware Trojan.
In one embodiment, the testing of the normal chip for electromagnetic radiation under the stimulus signal comprises: obtain multiple identical normal chips and number IC k (k=1, 2,., p), p being the number of chips; each normal chip is divided into an m×n grid and denoted as Net ij (i=1, 2., m; j=1, 2., n); chip-on-chip IC k Applying the excitation signals and testing the electromagnetic radiation signals of each grid to obtain a voltage curve V corresponding to the electromagnetic radiation of each grid ij The method comprises the steps of carrying out a first treatment on the surface of the After all normal chip tests are completed, a voltage curve matrix V is obtained k,ij The method comprises the steps of carrying out a first treatment on the surface of the According to the voltage curve matrix V k,ij Calculating the characteristic value, classifying by a classification support vector machine, and determining the boundary line bd ij
In one embodiment, the step of detecting the electromagnetic radiation signal of each region of the chip under test under the excitation signal comprises: detecting electromagnetic radiation signals of a chip to be detected divided into m×n grids to obtain a voltage curve V corresponding to the electromagnetic radiation of each grid dut,ij According to the voltage curve V dut,ij Calculating the characteristic value E ij The method comprises the steps of carrying out a first treatment on the surface of the The step of comparing the electromagnetic radiation signal of each of the regions with the electromagnetic data is to compareThe characteristic value E ij With the boundary line bd ij A comparison is made.
The present application also provides another hardware Trojan horse detection and positioning method, which replaces the voltage applied between the power input terminal and the ground wire in the step of applying the excitation signal in any of the foregoing embodiments with a second square wave signal, wherein the high voltage of the second square wave signal is the working voltage V DD The low voltage is 0 volts.
A hardware Trojan detection and positioning system comprising: the excitation module is used for inputting square wave signals to the clock input end of the chip to be detected, and applying working voltage between the power input end and the ground wire; the electromagnetic field detection module is used for detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals; the Trojan horse judging module is used for acquiring electromagnetic data of each area of a normal chip, comparing the electromagnetic radiation signals of each area with the electromagnetic data, and judging that the chip to be detected has no hardware Trojan horse if the electromagnetic radiation signals of each area do not exceed the upper limit and the lower limit of the electromagnetic data; if areas with electromagnetic radiation signals exceeding the upper limit and the lower limit exist, judging that hardware Trojan horse exists in the areas; the electromagnetic data are obtained by testing electromagnetic radiation of a normal chip under the excitation signal.
A hardware Trojan detection and positioning system comprising: the excitation module is used for inputting a first square wave signal at the clock input end of the chip to be detected, applying a second square wave signal between the power input end and the ground wire, wherein the high voltage of the second square wave signal is working voltage V DD The low voltage is 0 volt; the electromagnetic field detection module is used for detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals; the Trojan horse judging module is used for acquiring electromagnetic data of each area of a normal chip, comparing the electromagnetic radiation signals of each area with the electromagnetic data, and judging that the chip to be detected has no hardware Trojan horse if the electromagnetic radiation signals of each area do not exceed the upper limit and the lower limit of the electromagnetic data; if there is the area where the electromagnetic radiation signal exceeds the upper and lower limits, judgingDetermining that hardware trojans exist in the areas; the electromagnetic data are obtained by testing electromagnetic radiation of a normal chip under the excitation signal.
According to the hardware Trojan detection and positioning method and system, the square wave signal is input into the clock input end of the chip to be detected by utilizing the principle that the hardware Trojan needs to be connected to the chip clock network, and the electromagnetic radiation signal of each area of the chip under excitation is collected and compared with the electromagnetic data of each area of the normal chip. Because the chip to be detected and the normal chip use the same excitation signal, the logic gate and the metal interconnection line of the hardware Trojan connected to the chip clock network can inevitably bring the change of the electromagnetic field, so that whether each area of the chip to be detected has the hardware Trojan can be judged by comparison. The method and the system for detecting and positioning the hardware Trojan can effectively improve the detection rate of the hardware Trojan, do not damage a chip to be detected, and can detect the chip containing the hardware Trojan circuit before the chip is used in the system so as to ensure the safety of the system.
Drawings
For a better description and illustration of embodiments and/or examples of those inventions disclosed herein, reference may be made to one or more of the accompanying drawings. Additional details or examples used to describe the drawings should not be construed as limiting the scope of the disclosed invention, the presently described embodiments and/or examples, and any of the presently understood modes of carrying out the invention.
FIG. 1 is a schematic diagram of an integrated circuit industry chain and a hardware Trojan horse that may be implanted;
FIG. 2 is a schematic diagram of current and magnetic field distribution of metal interconnect lines;
FIG. 3 is a schematic diagram of an on-chip clock network;
FIG. 4 is a schematic diagram of an on-chip clock network after hardware trojans are implanted;
FIG. 5 is a schematic diagram of the detection principle of the present application;
FIG. 6 is a flow chart of a method for hardware Trojan detection and positioning in one embodiment;
FIG. 7 is a schematic diagram of hardware Trojan detection in one embodiment;
FIG. 8 is a flow chart of sub-steps of step S120 in one embodiment.
Detailed Description
In order that the invention may be readily understood, a more complete description of the invention will be rendered by reference to the appended drawings. Preferred embodiments of the present invention are shown in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
It will be understood that when an element or layer is referred to as being "on," "adjacent," "connected to," or "coupled to" another element or layer, it can be directly on, adjacent, connected, or coupled to the other element or layer, or intervening elements or layers may be present. In contrast, when an element is referred to as being "directly on," "directly adjacent to," "directly connected to," or "directly coupled to" another element or layer, there are no intervening elements or layers present. It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements, components, regions, layers and/or sections, these elements, components, regions, layers and/or sections should not be limited by these terms. These terms are only used to distinguish one element, component, region, layer or section from another element, component, region, layer or section. Thus, a first element, component, region, layer or section discussed below could be termed a second element, component, region, layer or section without departing from the teachings of the present invention.
Spatially relative terms, such as "under," "below," "beneath," "under," "above," "over," and the like, may be used herein for ease of description to describe one element or feature's relationship to another element or feature as illustrated in the figures. It will be understood that the spatially relative terms are intended to encompass different orientations of the device in use and operation in addition to the orientation depicted in the figures. For example, if the device in the figures is turned over, elements or features described as "under" or "beneath" other elements would then be oriented "on" the other elements or features. Thus, the exemplary terms "below" and "under" may include both an upper and a lower orientation. The device may be otherwise oriented (rotated 90 degrees or other orientations) and the spatially relative descriptors used herein interpreted accordingly.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes any and all combinations of the associated listed items.
It should be understood that although the steps in the embodiments of the present application are not necessarily performed sequentially in the order indicated by the step numbers. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in various embodiments may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the sub-steps or stages of other steps or steps.
An exemplary method for detecting hardware Trojan is to apply a test vector to a chip to enable the chip to enter a working state, test an electromagnetic field on the surface of the chip, and detect the hardware Trojan by comparing the magnetic fields of an original chip and a chip to be detected. The method needs to apply a test vector to the chip, the test vector needs to activate the hardware Trojan, and in fact, the hardware Trojan is extremely difficult to activate due to the characteristic of high concealment of the hardware Trojan, so that the method is not strong in practicability and cannot be detected for the hardware Trojan which is difficult to activate.
Another exemplary method of detecting hardware Trojan is to detect using quiescent current of multiple power pads (pads) in a chip. The method utilizes a power network across the chip to simultaneously measure quiescent current (IDDQ) across multiple power pads connected to the power network for hardware Trojan detection. In particular, four power pads (PP 00, PP01, PP11, PP 10) on the chip are connected to the global current source as well as the local current source through physical switches. The Trojan horse analog source table provides power signals for Trojan horse. The physical switch switches between the global current source table and the local current source table. One of the four power pads is connected with the local current source table in turn, while the other three are connected with the global current source table, and the current is measured to perform hardware Trojan detection. If a hardware Trojan is implanted near one of the power supply pads, a larger quiescent current will appear on the power supply pad, the hardware Trojan can be detected by adopting the method, and the detection sensitivity of the hardware Trojan is improved by combining a power supply signal calibration technology and a test vector noise reduction technology. The method detects a hardware Trojan by simultaneously testing the quiescent current on a power pad connected to a power network. However, after the chip is packaged, a plurality of power supplies are connected together, so that the test cannot be performed on the plurality of power supplies respectively, the quiescent current value is often very small, the precision requirement on the current detection equipment is high, and the test cost is high. In addition, the method cannot realize positioning of the hardware Trojan horse.
The inventive principles of this application are presented as follows:
the integrated circuit is composed of MOS tubes and metal interconnection wires, wherein the metal interconnection wires are used for interconnection between the MOS tubes. When a varying current is passed through the metal interconnect, a magnetic field is generated, as shown in fig. 2. The magnitude and direction of the magnetic field is related to the magnitude and direction of the current on the metal interconnect lines.
The clock (clk) network in an integrated circuit is made up of driving logic gates and metal interconnect lines, which are spread throughout the chip, making up the clock network, as shown in fig. 3. Triangles in fig. 3 represent driving logic gates.
When a malicious attacker implants a hardware Trojan in the chip, the hardware Trojan needs to be connected to the clock network, as shown in fig. 4, which brings about the change of the clock network, and the added driving logic and metal interconnection wires bring about the layout and current change, so that the magnetic field at the part is necessarily changed.
Based on the principle that the clock network changes and then the magnetic field of the chip changes caused by the hardware Trojan, the schematic diagram provided by the application is shown in fig. 5. The method comprises the steps of applying square wave signals to a clock end of a chip, detecting the magnetic field of each point on the surface of the chip through an electromagnetic probe, obtaining voltage curves through oscilloscope testing, and respectively obtaining the voltage curves of each point on the surface of an original chip (i.e. the chip without a hardware Trojan) and the surface of the hardware Trojan chip.
FIG. 6 is a flowchart of a method for detecting and locating a hardware Trojan horse according to an embodiment, which includes the following steps:
s110, applying an excitation signal.
Square wave signals are input to the clock input end of the chip to be detected, and working voltage V is applied between the power input end and the ground wire DD . In one embodiment, the square wave signal is a square wave voltage digital signal with a period and a duty cycle that remain unchanged. The clock input end inputs square wave signals, so that the working state of the chip can be kept stable, and the electromagnetic radiation signals can be conveniently distinguishedIs a variation of (c).
In this embodiment, the excitation signal is applied except for the application of an operating voltage V between the power input terminal and ground DD In addition, only square wave signals need to be input at the clock input terminal, and no signals need to be input at other input terminals of the chip, namely no signals need to be input at all input terminals to purposely activate the hardware Trojan horse.
S120, detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals.
In one embodiment, the chip to be inspected is divided into m×n grids, the electromagnetic radiation signals of the grids are measured, and the electromagnetic radiation signals of each grid are recorded separately.
S130, acquiring electromagnetic data of each area of the normal chip, comparing the electromagnetic data with electromagnetic radiation signals of the chip to be detected, and judging whether Trojan horse exists or not.
The electromagnetic data of the normal chip (i.e. the original chip) is obtained by testing the normal chip for electromagnetic radiation under the excitation signal. In one embodiment, a normal chip is equally divided into m n grids, the electromagnetic radiation of each grid is tested and recorded as electromagnetic data, and the upper and lower limits of each grid electromagnetic data are defined according to conventional methods. Comparing the electromagnetic radiation signals of the chip to be detected of each grid with the electromagnetic data of the normal chip, and if the electromagnetic radiation signals of each grid do not exceed the upper limit and the lower limit of the electromagnetic data, judging that the chip to be detected has no hardware Trojan horse; if grids with electromagnetic radiation signals exceeding the upper limit and the lower limit exist, determining that hardware Trojan horse exists in the grids.
According to the hardware Trojan detection and positioning method, by utilizing the principle that the hardware Trojan needs to be connected to a chip clock network, square wave signals are input into the clock input end of the chip to be detected, electromagnetic radiation signals of each area of the chip under excitation are collected, and electromagnetic data of each area of the normal chip are compared. Because the chip to be detected and the normal chip use the same excitation signal, the logic gate and the metal interconnection line of the hardware Trojan connected to the chip clock network can inevitably bring the change of the electromagnetic field, so that whether each area of the chip to be detected has the hardware Trojan can be judged by comparison. The method for detecting and positioning the hardware Trojan can effectively improve the detection rate of the hardware Trojan, does not damage a chip to be detected, can detect the chip containing the hardware Trojan circuit before the chip is used in a system, and ensures the safety of the system because the corresponding electromagnetic radiation signal can be generated no matter whether the hardware Trojan is activated or not after the excitation signal is applied.
FIG. 7 is a schematic diagram of hardware Trojan detection in one embodiment. In this embodiment, step S120 includes the following steps (refer to fig. 8) when each area is detected:
s122, converting the electromagnetic signals into voltage signals through the electromagnetic probe.
And placing an electromagnetic probe above the currently detected chip grid, and collecting electromagnetic radiation signals of the area. The electromagnetic probe converts the magnetic field into a voltage signal.
S124, amplifying the voltage signal by an amplifying circuit.
Because the electromagnetic radiation signals collected by the electromagnetic probe are weak, the voltage signals converted by the electromagnetic signals can be amplified through the amplifying circuit, and the electromagnetic radiation signals can be conveniently observed through the oscilloscope.
And S126, obtaining voltage data changing with time through an oscilloscope.
The voltage data may be sent to a data analysis module for analysis and the mean value calculated, etc.
In one embodiment, the normal chip data obtained in step S130 is obtained by testing a plurality of identical normal chips for electromagnetic radiation under the excitation signal. It will be appreciated that these normal chips should be the same model as the chip to be inspected.
In one embodiment, step S130 is to classify the electromagnetic data using a Support Vector Machine (SVM) and determine the boundary line as the upper and lower limits. Specifically, the step of acquiring electromagnetic data of each region of the normal chip in step S130 includes: and calculating the characteristic value of each area data of all the tested normal chips, classifying the characteristic value of each area through a classification support vector machine (one class SVM), and determining the boundary line. The step of comparing the electromagnetic radiation signal of each region with the electromagnetic data in step S130 includes: and calculating characteristic values of the electromagnetic radiation signals, if the characteristic values of the electromagnetic radiation signals of each area are in the boundary line, judging that the chip to be detected has no hardware Trojan, and if the areas with the electromagnetic radiation signals outside the boundary line exist, judging that the areas have the hardware Trojan. In this embodiment, a classification support vector machine is adopted, and a normal chip is used instead of a chip containing Trojan to train to obtain electromagnetic data, so that different types of hardware Trojan can be detected.
How to acquire electromagnetic data of each area of the normal chip in step S130 is described below by a specific embodiment:
s231, obtaining a plurality of identical normal chips and numbering as IC k (k=1, 2, once again, p), p is the number of chips.
S232, dividing each normal chip into m multiplied by n grids and recording as Net ij (i=1,2,...,m;j=1,2,...,n)。
S233, for chip IC k Applying excitation signals, and testing electromagnetic radiation signals of each grid to obtain a voltage curve V corresponding to the electromagnetic radiation of each grid ij . Wherein the excitation signal is on-chip IC k Square wave signal is input to clock input terminal of chip IC k Applying an operating voltage V between the power supply input terminal and ground DD
S234, repeating the steps S231-S233, and obtaining a voltage curve matrix V after all the normal chips are tested k,ij
S235, according to the voltage curve matrix V k,ij Calculating characteristic value (which may be average value, variance, etc.), classifying by a classification support vector machine, and determining boundary line bd ij The method comprises the steps of carrying out a first treatment on the surface of the For each mesh, the boundary line matrix bd= { BD ij }(i=1,2,...,m;j=1,2,...,n)。
Accordingly, step S120 includes: detecting electromagnetic radiation signals of a chip to be detected divided into m×n grids to obtain a voltage curve V corresponding to the electromagnetic radiation of each grid dut,ij Then according to the voltage curve V dut,ij Calculating the characteristic value E ij The method comprises the steps of carrying out a first treatment on the surface of the Wherein the characteristic value E is calculated ij The items and methods of (a) are the same as those of step S235.
Accordingly, the step of comparing electromagnetic radiation signals of each region with electromagnetic data in step S130 is to compare each mesh Net ij Characteristic value E of (2) ij And boundary line bd ij Comparing if each Net is ij Characteristic value E of (2) ij Are all at the boundary line bd ij If the chip to be detected has no hardware Trojan horse, judging that the chip to be detected has no hardware Trojan horse; if there is a characteristic value E of the electromagnetic radiation signal ij At the boundary line bd ij And (5) judging that the grids have hardware Trojan horse.
Based on the hardware Trojan detection and positioning method of any one of the above embodiments, the present application provides a hardware Trojan detection and positioning system correspondingly, including:
the excitation module is used for inputting square wave signals to the clock input end of the chip to be detected, and applying working voltage between the power input end and the ground wire;
the electromagnetic field detection module is used for detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals;
the Trojan horse judging module is used for acquiring electromagnetic data of each area of a normal chip, comparing the electromagnetic radiation signals of each area with the electromagnetic data, and judging that the chip to be detected has no hardware Trojan horse if the electromagnetic radiation signals of each area do not exceed the upper limit and the lower limit of the electromagnetic data; if areas with electromagnetic radiation signals exceeding the upper limit and the lower limit exist, judging that hardware Trojan horse exists in the areas; the electromagnetic data are obtained by testing electromagnetic radiation of a normal chip under the excitation signal.
The present application also proposes another hardware Trojan detection and positioning method, which is different from any of the above embodiments in that, in step S110, a signal input between a power input terminal and a ground of a chip to be tested is detected by a stable DC working voltage V DD Is replaced by a second square wave signal with a high voltage of the working voltage V DD The low voltage is 0. Similarly, the normal core obtained in step S130The electromagnetic data of each area of the chip is also to replace the signal input between the power input end and the ground wire of the normal chip in the excitation signal with a second square wave signal.
Based on the hardware Trojan detection and positioning method, the application also provides another hardware Trojan detection and positioning system, which comprises:
the excitation module is used for inputting a first square wave signal at the clock input end of the chip to be detected, applying a second square wave signal between the power input end and the ground wire, wherein the high voltage of the second square wave signal is working voltage V DD The low voltage is 0 volt;
the electromagnetic field detection module is used for detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals;
the Trojan horse judging module is used for acquiring electromagnetic data of each area of a normal chip, comparing the electromagnetic radiation signals of each area with the electromagnetic data, and judging that the chip to be detected has no hardware Trojan horse if the electromagnetic radiation signals of each area do not exceed the upper limit and the lower limit of the electromagnetic data; if areas with electromagnetic radiation signals exceeding the upper limit and the lower limit exist, judging that hardware Trojan horse exists in the areas; the electromagnetic data are obtained by testing electromagnetic radiation of a normal chip under the excitation signal.
The hardware Trojan detection and positioning method and system utilize the principle that the hardware Trojan must be connected to a chip clock network, input square wave signals at the clock input end of the chip to be detected, collect electromagnetic radiation signals of each area of the chip under excitation, and compare the electromagnetic radiation signals with electromagnetic data of each area of a normal chip. Because the chip to be detected and the normal chip use the same excitation signal, the logic gate and the metal interconnection line of the hardware Trojan connected to the chip clock network can inevitably bring the change of the electromagnetic field, so that whether each area of the chip to be detected has the hardware Trojan can be judged by comparison. The method and the system for detecting and positioning the hardware Trojan can effectively improve the detection rate of the hardware Trojan, do not damage a chip to be detected, and can detect the chip containing the hardware Trojan circuit before the chip is used in the system so as to ensure the safety of the system.
Those skilled in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a non-volatile computer readable storage medium, and where the program, when executed, may include processes in the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the invention, which are described in detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.

Claims (10)

1. The hardware Trojan detection and positioning method is characterized by comprising the following steps:
applying an excitation signal; the applying the excitation signal includes: square wave signals are input to the clock input end of the chip to be detected, and working voltage V is applied between the power input end and the ground wire DD
Detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals;
acquiring electromagnetic data of each region of a normal chip, comparing the electromagnetic radiation signals of each region with the electromagnetic data, and judging that the chip to be detected has no hardware Trojan if the electromagnetic radiation signals of each region do not exceed the upper limit and the lower limit of the electromagnetic data; if areas with electromagnetic radiation signals exceeding the upper limit and the lower limit exist, judging that hardware Trojan horse exists in the areas; the electromagnetic data are obtained by testing electromagnetic radiation of a normal chip under the excitation signal.
2. The hardware Trojan detection and localization method of claim 1, wherein the square wave signal is a square wave voltage digital signal with a constant period and duty cycle.
3. The method of claim 1, wherein the step of detecting electromagnetic radiation signals of each region of the chip under test under the excitation signal comprises:
converting an electromagnetic signal into a voltage signal through an electromagnetic probe;
amplifying the voltage signal by an amplifying circuit;
and obtaining voltage data changing with time through an oscilloscope.
4. A method of detecting and locating hardware trojans according to any of claims 1-3, wherein said testing of normal chips for electromagnetic radiation under said excitation signal is testing a plurality of identical normal chips for electromagnetic radiation under said excitation signal.
5. The method of claim 4, wherein the testing the normal chip for electromagnetic radiation under the excitation signal comprises: calculating the characteristic value of each region data of all the tested normal chips, classifying the characteristic value of each region through a classification support vector machine, and determining a boundary line;
the step of comparing the electromagnetic radiation signal of each of the regions with the electromagnetic data comprises: and calculating characteristic values of the electromagnetic radiation signals, if the characteristic values of the electromagnetic radiation signals of each area are in the boundary line, judging that the chip to be detected has no hardware Trojan, and if the areas with the characteristic values of the electromagnetic radiation signals outside the boundary line exist, judging that the areas have the hardware Trojan.
6. The method of claim 5, wherein the testing the normal chip for electromagnetic radiation under the excitation signal comprises:
obtain multiple identical normal chips and number IC k (k=1, 2,., p), p being the number of chips;
each normal chip is divided into an m×n grid and denoted as Net ij (i=1,2,...,m;j=1,2,...,n);
Chip-on-chip IC k Applying the excitation signals and testing the electromagnetic radiation signals of each grid to obtain a voltage curve V corresponding to the electromagnetic radiation of each grid ij
After all normal chip tests are completed, a voltage curve matrix V is obtained k,ij
According to the voltage curve matrix V k,ij Calculating the characteristic value, classifying by a classification support vector machine, and determining the boundary line bd ij
7. The hardware Trojan detection and positioning method according to claim 6, wherein the hardware Trojan detection and positioning method comprises the steps ofThe step of detecting the electromagnetic radiation signal of each region of the chip to be detected under the excitation signal comprises the following steps: detecting electromagnetic radiation signals of a chip to be detected divided into m×n grids to obtain a voltage curve V corresponding to the electromagnetic radiation of each grid dut,ij According to the voltage curve V dut,ij Calculating the characteristic value E ij
The step of comparing the electromagnetic radiation signal of each of the regions with the electromagnetic data is to compare the characteristic value E ij With the boundary line bd ij A comparison is made.
8. A hardware Trojan detection and positioning system, comprising:
an excitation module for applying an excitation signal; the applying the excitation signal includes: square wave signals are input to the clock input end of the chip to be detected, and working voltage is applied between the power input end and the ground wire;
the electromagnetic field detection module is used for detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals;
the Trojan horse judging module is used for acquiring electromagnetic data of each area of a normal chip, comparing the electromagnetic radiation signals of each area with the electromagnetic data, and judging that the chip to be detected has no hardware Trojan horse if the electromagnetic radiation signals of each area do not exceed the upper limit and the lower limit of the electromagnetic data; if areas with electromagnetic radiation signals exceeding the upper limit and the lower limit exist, judging that hardware Trojan horse exists in the areas; the electromagnetic data are obtained by testing electromagnetic radiation of a normal chip under the excitation signal.
9. A method for detecting and positioning a hardware Trojan horse, characterized in that in the step of applying an excitation signal according to any one of claims 1 to 7, an operating voltage V is applied between a power input terminal and a ground line DD Is replaced by a second square wave signal, the high voltage of the second square wave signal is the working voltage V DD The low voltage is 0 volts.
10. A hardware Trojan detection and positioning system, comprising:
an excitation module for applying an excitation signal; the applying the excitation signal includes: a first square wave signal is input to the clock input end of the chip to be detected, a second square wave signal is applied between the power input end and the ground wire, and the high voltage of the second square wave signal is the working voltage V DD The low voltage is 0 volt;
the electromagnetic field detection module is used for detecting electromagnetic radiation signals of each area of the chip to be detected under the excitation signals;
the Trojan horse judging module is used for acquiring electromagnetic data of each area of a normal chip, comparing the electromagnetic radiation signals of each area with the electromagnetic data, and judging that the chip to be detected has no hardware Trojan horse if the electromagnetic radiation signals of each area do not exceed the upper limit and the lower limit of the electromagnetic data; if areas with electromagnetic radiation signals exceeding the upper limit and the lower limit exist, judging that hardware Trojan horse exists in the areas; the electromagnetic data are obtained by testing electromagnetic radiation of a normal chip under the excitation signal.
CN202010184947.8A 2020-03-17 2020-03-17 Hardware Trojan detection and positioning method and system Active CN111460529B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010184947.8A CN111460529B (en) 2020-03-17 2020-03-17 Hardware Trojan detection and positioning method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010184947.8A CN111460529B (en) 2020-03-17 2020-03-17 Hardware Trojan detection and positioning method and system

Publications (2)

Publication Number Publication Date
CN111460529A CN111460529A (en) 2020-07-28
CN111460529B true CN111460529B (en) 2023-07-14

Family

ID=71683180

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010184947.8A Active CN111460529B (en) 2020-03-17 2020-03-17 Hardware Trojan detection and positioning method and system

Country Status (1)

Country Link
CN (1) CN111460529B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112649675A (en) * 2020-12-17 2021-04-13 深圳供电局有限公司 PLC (programmable logic controller) anomaly detection method based on electromagnetic side channel
CN117310452B (en) * 2023-11-29 2024-03-26 中国电子产品可靠性与环境试验研究所((工业和信息化部电子第五研究所)(中国赛宝实验室)) Method, device, computer equipment and storage medium for determining electromagnetic signal leakage

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103926522A (en) * 2014-04-08 2014-07-16 工业和信息化部电子第五研究所 Hardware Trojan horse detecting and positioning method and system based on voltage

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017062735A1 (en) * 2015-10-08 2017-04-13 President And Fellows Of Harvard College Ultrahigh resolution dynamic ic chip activity detection for hardware security
CN108828325B (en) * 2018-04-23 2019-07-16 电子科技大学 Hardware Trojan horse detection method based on FPGA Clock Tree electromagnetic radiation field

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103926522A (en) * 2014-04-08 2014-07-16 工业和信息化部电子第五研究所 Hardware Trojan horse detecting and positioning method and system based on voltage

Also Published As

Publication number Publication date
CN111460529A (en) 2020-07-28

Similar Documents

Publication Publication Date Title
CN111460529B (en) Hardware Trojan detection and positioning method and system
Pomeranz et al. Forward-looking fault simulation for improved static compaction
WO2016114267A1 (en) On-chip monitor circuit and semiconductor chip
US8195995B2 (en) Integrated circuit and method of protecting a circuit part of an integrated circuit
Abdallah et al. RF front-end test using built-in sensors
US7415378B2 (en) Methods for analyzing critical defects in analog integrated circuits
US6701477B1 (en) Method for identifying the cause of yield loss in integrated circuit manufacture
WO2007113968A1 (en) Semiconductor integrated circuit testing method and information recording medium
US20120158346A1 (en) Iddq testing of cmos devices
US7516375B2 (en) Methods and systems for repairing an integrated circuit device
Ahmed et al. A novel faster-than-at-speed transition-delay test method considering IR-drop effects
EP1624464A1 (en) Built-in self diagnosis device for a random access memory and method of diagnosing a random access memory
Huang et al. Using fault model relaxation to diagnose real scan chain defects
US6694495B1 (en) Method of analyzing static current test vectors for semiconductor integrated circuits
US8397113B2 (en) Method and system for identifying power defects using test pattern switching activity
OS et al. Architecture for an efficient MBIST using modified march-y algorithms to achieve optimized communication delay and computational speed
Xama et al. Machine learning-based defect coverage boosting of analog circuits under measurement variations
JP2009515161A (en) Integrated circuit test method and test apparatus
CN104599998B (en) A method of electrical property failure analysis is carried out to chip failing
Pomeranz et al. On clustering of undetectable single stuck-at faults and test quality in full-scan circuits
US20110172941A1 (en) Screening apparatus, screening method, and program
Hess et al. Modeling of test structures for efficient online defect monitoring using a digital tester
Tran et al. No trouble found (NTF) customer return analysis
Balachandran et al. Improvement of SRAM-based failure analysis using calibrated Iddq testing
US20060022695A1 (en) Defect monitor for semiconductor manufacturing capable of performing analog resistance measurements

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant