The intellectual property (IP) blocks are designed by hundreds of IP vendors distributed across the world. Such IPs cannot be assumed trusted as hardware Trojans can be maliciously inserted into them and could be used in military, financial and other critical applications. It is extremely difficult to detect Trojans in third-party IPs (3PIPs) simply with conventional verification methods as well as methods developed for detecting Trojans in fabricated ICs. This paper first discusses the difficulties to detect Trojans in 3PIPs. Then a complementary flow is presented to verify the presence of Trojans in 3PIPs by identifying suspicious signals (SS) with formal verification, coverage analysis, removing redundant circuit, sequential automatic test pattern generation (ATPG), and equivalence theorems. Experimental results, shown in the paper for detecting many Trojans inserted into RS232 circuit, demonstrate the efficiency of the flow.
[1]
Andrew Piziali,et al.
Functional verification coverage measurement and analysis
,
2004
.
[2]
Pablo Sanchez,et al.
Formal meaning of coverage metrics in simulation-based hardware design verification
,
2005,
Tenth IEEE International High-Level Design Validation and Test Workshop, 2005..
[3]
Farinaz Koushanfar,et al.
Extended abstract: Designer’s hardware Trojan horse
,
2008,
2008 IEEE International Workshop on Hardware-Oriented Security and Trust.
[4]
Michael S. Hsiao,et al.
Trusted RTL: Trojan detection methodology in pre-silicon designs
,
2010,
2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).