New Testing Procedure for Finding Insertion Sites of Stealthy Hardware Trojans

Hardware Trojans (HTs) are malicious alterations to a circuit. These modifications can be inserted either during the design phase or during the fabrication process. Due to the diversity of Hardware Trojans, detecting and/or locating them are challenging tasks. Numerous approaches have been proposed to address this problem. Methods based on logic testing consist in trying to activate potential HTs and detect erroneous outputs during test. However, HTs are stealthy in nature i.e. mostly inactive unless they are triggered by a very rare condition. The activation of a HT is therefore a major challenge. In this paper, we propose a new testing procedure dedicated to identifying where a possible HT may be easily inserted and generating the test patterns that are able to excite these sites. The selection of the sites is based on the assumption that the HT (i) is triggered by signals with low controllability, (ii) combines them using gates in close proximity in the circuit's layout, and (iii) without introducing new gates in critical paths.