Trigger Identification Using Difference-Amplified Controllability and Dynamic Transition Probability for Hardware Trojan Detection

To remain dormant in the validation and manufacturing test, Trojans tend to have at least one trigger signal at the gate-level netlist with a very low transition probability. Our paper exploits this stealthy nature of trigger signals to detect Trojans using static and dynamic transition probabilities. The proposed trigger identification is a reference-free scheme, and no prior knowledge of a Trojan-free design is required. First, we reveal the relation between combinational 0/1-controllability and 0/1-probability and propose a static transition probability analysis based on our proposed difference-amplified controllability, which can be easily obtained by the Sandia Controllability/Observability Analysis Program. The k-means clustering method is adopted for potential trigger classification to extend the scalability and adaptability to different circuit sizes. Second, we propose to utilize the transition probability of a dynamic simulation for correction of the results. Experiments show that the proposed detection scheme can obtain a 0% false negative rate and a maximum 11.7% false positive rate on Trust-HUB benchmarks.