Hardware Trojan detection has emerged as a critical challenge to ensure security and trustworthiness of integrated circuits. A vast majority of research efforts in this area has utilized side-channel analysis for Trojan detection. Functional test generation for logic testing is a promising alternative but it may not be helpful if a Trojan cannot be fully activated or the Trojan effect cannot be propagated to the observable outputs. Side-channel analysis, on the other hand, can achieve significantly higher detection coverage for Trojans of all types/sizes, since it does not require activation/propagation of an unknown Trojan. However, they have often limited effectiveness due to poor detection sensitivity under large process variations and small Trojan footprint in side-channel signature. In this paper, we address this critical problem through a novel side-channel-aware test generation approach, based on a concept of Multiple Excitation of Rare Switching (MERS), that can significantly increase Trojan detection sensitivity. The paper makes several important contributions: i) it presents in detail the statistical test generation method, which can generate high-quality testset for creating high relative activity in arbitrary Trojan instances; ii) it analyzes the effectiveness of generated testset in terms of Trojan coverage; and iii) it describes two judicious reordering methods can further tune the testset and greatly improve the side channel sensitivity. Simulation results demonstrate that the tests generated by MERS can significantly increase the Trojans sensitivity, thereby making Trojan detection effective using side-channel analysis.
INTRODUCTION
Hardware Trojan attacks relate to malicious modifications in the design of Integrated Circuits (ICs) at different stages of the design or fabrication process [1] . An adversary can introduce these modifications in a design in order to cause disruption in normal functional behavior and/or to leak secret information from a chip during operation in field. With the emerging trend of increased globalization of IC design and fabrication process and consequently reduced control on these steps by a trusted chip manufacturer, ICs are becoming increasingly vulnerable to these attacks. Since the threat of hardware Trojan in the form of a malicious implant in a design came into light about a decade ago through an US Department of Defense announcement [2] , it has triggered wide array of research activities in threat analysis as well as design/validation solutions to evaluate this threat and protect against it. Hardware Trojan attacks are also being increasingly recognized in the semiconductor industry as a serious security concern.
A Trojan is expected to be covert and difficult to detect, i.e. an intelligent adversary will likely insert a Trojan circuit in a way that evades detection during post-manufacturing functional/parametric testing, but manifests itself during long hour of in-field operation. This can be achieved by externally triggering its operation or by making it dependent on rare circuit conditions inside an IC. The condition of Trojan activation as commonly referred to as trigger condition, which can be purely combinational or sequential, i.e. related to the clock or a sequence of rare events in the state elements (e.g. flip-flops of registers). The internal circuit nodes affected by a Trojan activation are referred to as payload of a Trojan. Fig. 1 shows some example Trojan circuits including a combinational and a sequential Trojan. For example, a Trojan circuit could be triggered only when a data bus attains a unique rare value or when the number of times it attains the rare value equals to a particular count. The malicious effects of Trojan payloads can range from passive, such as leakage of secret information to altering the original functionality of the chip in a critical or destructive fashion.
Protection against hardware Trojan attacks can be accomplished in two broad ways: (1) design-for-security (DfS) techniques that make Trojan insertion difficult or make a Trojan easily detectable through post-silicon testing; and (2) manufacturing test approaches that aim at detecting an arbitrary Trojan by observing its effect into a circuit's operational behavior. The first class of techniques, primarily relies on different types of hardening approaches -e.g. insertion of dummy cells into empty spaces in a circuit layout; or key-based obfuscation of a design that make malicious alteration by an adversary provably hard. DfS techniques, however, come at the cost of additional design, verification, and test time, as well as additional design overhead. For example, key-based obfuscation, even though is capable of providing high level of robustness against Trojan attacks, come at a cost of 10% or more area overhead [3] . More importantly, design solutions, however, only work for new designs and not legacy designs, and hence has limited applicability. Hence, efficient test/validation approaches that can provide high level of confidence regarding IC trustworthiness in presence of Trojan threat provides an attractive solution to the IC manufacturers.
Existing test solutions for hardware Trojan detection can be broadly classified into: 1) logic testing and 2) side-channel analysis approaches. In logic testing approach, directed structural or functional tests are generated to activate rare events in a circuit and propagate the malicious effect of a Trojan in logic values to primary outputs. Such approaches are known to be more effective in detecting ultra-small Trojans (typically a few gates in size) reliably under large process variations. The main challenge with logic testing approaches, however, is the difficulty to trigger a Trojan and observe its effect, particularly the complex sequential Trojans, and the inordinately large number of possible Trojan instances an adversary can exploit. On the other hand, sidechannel analysis approaches depend on measurement and analysis of physical "side-channel" parameters like power signature or path delay of an IC in order to identify a structural change in the design. Such approaches have the advantage that they do not require triggering a malicious change and observing its impact at the primary output. Side-channel analysis (SCA), primarily based on supply current, has been extensively investigated by large number of research groups and various solutions to increase the signal-to-noise (SNR) have been proposed. A disadvantage of SCA arises from the large process variations (e.g. 20X leakage power and 30% delay variations in 180nm technology [4] ) which can potentially mask the minute effect of a Trojan in the measured side-channel parameter.
Even though SCA has shown tremendous promise in detecting unknown Trojans of various types during manufacturing test of an IC, a major issue with SCA is the low detection sensitivity. For a billion transistor modern IC, a Trojan with just a few logic gates would have a minuscule side-channel foot-print, which will require a measurement resolution and dynamic range in an instrument, that is hard to achieve. For example, a delta shift in several nano or pico amp of transient current in ten's of amp of background current, would be practically infeasible to detect even with most precise and expensive instrument. The problem is aggravated by orders of magnitude due to presence of both systematic and random variations in device parameters due to intrinsic process variations.
A solution to the sensitivity problem can be achieved by judicious test generation approach that aims at maximizing the sensitivity for an arbitrary Trojan in unknown circuit location. Through the remainder of the paper, we focus on transient current or power as our side-channel parameter of interest. Some of the concepts however can be applied to other side-channel parameters. To maximize sensitivity of a given Trojan, one needs to amplify activity inside the Trojan circuit and simultaneously minimize the background activity (i.e. activity in the original circuit). However, since the number of possible Trojan instances in a design can be inordinately large, a deterministic test generation method similar to conventional stuck-at fault test generation, cannot work. To address this issue, in this paper, we present a novel test generation framework that can maximize the detection sensitivity for an arbitrary Trojan.
Main Idea and Our Contributions
The goal of our work is to generate efficient test vectors for Trojan detection using side-channel analysis. Functional test can detect Trojan effect only when it is fully triggered and its payload is propagated to the primary outputs, which makes functional test infeasible to detect Trojans in most cases. Side channel analysis can detect well-hidden Trojans by inspecting the side channel signals, for example, transient current in the circuit. If the switching effect introduced by the Trojan circuit is distinguishable, in the presence of process variation, the Trojan will get identified. In this paper we propose a comprehensive test generation framework to assist side channel analysis for hardware Trojan detection.
We use the relative switching of the Trojan with respect to the whole circuit to indicate the sensitivity of the side channel signals. The statistical test patterns can maximize relative Trojan detection sensitivity under any process noise. Process variation is not expected to affect our side channel sensitivity computation since we consider switching activity instead of actual current or power values. The assumptions we have made are similar to the state-of-the-art side-channel analysis based Trojan detection approaches. The proposed method can be combined with any existing process calibration approaches (such as one in [21] or [22] ) to minimize the false positives/negatives and maximize Trojan coverage.
To make side channel analysis successful in detecting Tro-jans, we need to: (1) maximize the switching activity in the Trojan circuit; (2) minimize the switching activity in other parts of the circuit so that the relative switching effect is maximized. The main idea of this paper is to generate high quality test patterns which can achieve these two goals and increase the sensitivity of side channel analysis. The following are the major contributions of this paper: 3. Two reordering methods are proposed to reduce the total switching of the circuit and thus further increase the sensitivity of side channel analysis. First, a simple and low-cost method based on Hamming distance of input vector pairs is introduced to reorder the tests. Next, we develop another simulation based method to more effectively balance switching in rare nodes and the total switching.
Our side-channel based approach is targeted towards detecting unknown Trojans, which means it will remain equally effective even if the adversary is aware of the proposed method. This is due to the following two reasons: (1) the proposed test generation method is statistical in nature -so, unlike conventional deterministic test approaches, it maximizes the activation probability for arbitrary Trojans designed with any trigger condition; and (2) it maximizes the detection sensitivity of unknown Trojans, however "stealthy", by amplifying its effect in side-channel signature. Our simulation platform inserts large number of arbitrary Trojans in a design and shows that the proposed approach is highly effective in detecting them.
The rest of the paper is organized as follows. Section 2 provides overview of hardware Trojan attacks and the broad classes of Trojan detection approaches. Section 3 presents related work in side channel analysis and functional test generation for Trojan detection. Section 4 presents the MERS test generation algorithm and the test reordering algorithms to improve sensitivity of side channel analysis. Section 5 describes the experiment setup and presents results on a set of ISCAS benchmarks with detailed analysis. Section 6 concludes the paper.
BACKGROUND AND PRELIMINARY
In this section we briefly describe the growing threat of hardware Trojan attacks and discuss two broad classes of Trojan detection approaches.
Hardware Trojan Attacks
Malicious modification of IC at different stages of its life cycle, known as hardware Trojan attacks, is an impending threat in the electronics industry. Increased reliance on third party hardware intellectual property (IP) blocks and design automation tools in the IC design flow as well as outsourcing of design/fabrication steps to external parties due to economic reasons are rapidly increasing the vulnerability to Trojan attacks. An adversary can mount such an attack with an objective to cause in-field operational failure or to leak secret information from inside a chip -e.g. the key in a cryptographic IC. Recent investigations have shown that an intelligent adversary can insert tiny Trojans of numerous forms and sizes into a million-transistor design, which can easily evade conventional manufacturing test that is not designed to isolate the stealthy Trojan attacks.
Depending on their mode of operation and structure, hardware Trojans can be grouped into several broad classes. A common classification of Trojans [1] [7] is based on the activation mechanism (referred as Trojan trigger ) and the effect on the circuit functionality (referred as Trojan payload ). Trojans can be both combinationally and sequentially triggered. Typically, an adversary would choose an extremely rare activation condition so that it is highly unlikely for the Trojan to trigger during conventional manufacturing test. Sequentially triggered Trojans (the so-called "time bombs"), on the other hand, are activated by the occurrence of a sequence, or after a period of continuous operation. The simplest sequential Trojans are synchronous stand-alone counters, which trigger a malfunction on reaching a particular count. The trigger mechanism can also be analog in nature, whereby on-chip sensors are used to trigger a malfunction. For example, the Trojan gets activated when the temperature of a particular region of the IC exceeds a threshold [1] . Trojans can also be classified based on their payload mechanisms into two main classes -digital and analog. Digital payload Trojans can either affect the logic values at chosen internal payload nodes, or can modify the contents of memory locations. Analog payload Trojans, on the other hand, affect circuit parameters such as performance, power and noise margin.
Trojan Detection Approaches
Detecting hardware Trojan instances in an IC before it is used in an electronic system is of paramount importance. Even though DfS approaches that aim at hardening a design with respect to Trojan insertion or facilitating Trojan detection during manufacturing test are being actively researched [3] , they have several major limitations: (1) they cannot provide provably robust defense against all forms of Trojan attacks; (2) they often incur unacceptable design overhead; and (3) they cannot be applied to legacy designs, which is difficult to change for incorporating DfS features. Hence, a Trojan detection step for trust validation during post-silicon manufacturing test is becoming crucial to isolate ICs affected with Trojans.
It is worth noting that conventional post-manufacturing test using functional / structural test patterns performs poorly to reliably detect hardware Trojans. This is because manufacturing test generation and application aim at detecting manufacturing defects with well-characterized behavior and model that cause deviation from functional or parametric specifications. They do not aim at detecting additional functionalities incorporated by a Trojan or deviation in circuit behavior triggered by rare events. Hence, conventional testing methods typically provide poor Trojan detection capability, as observed by researchers [5] . Destructive test-ing of a chip by de-packaging, de-metallization and microphotography based reverse-engineering is highly expensive (in time and cost) and not a feasible solution because an attacker may selectively insert Trojan into a small subset of the manufactured ICs [8] .
Existing Trojan detection approaches fall into two major classes: (a)functional testing based, and (b) side-channel analysis based. Most Trojan detection techniques proposed in the literature are characterized by their efficiency in detecting particular classes of Trojan. These approaches typically fail to provide high confidence in detecting an inserted Trojan of arbitrary operating mode. The enormous variety of Trojans and the inordinately large Trojan population that might be present in a circuit makes it difficult to devise deterministic test patterns for them. The functional testing based Trojan detection approaches [5] aim to trigger rare events at internal nodes in the circuit to activate Trojans and then compare the obtained output logic values of the circuit with the expected golden values of the IC. On the other hand, the side-channel analysis based Trojan detection approaches [9] [12] [19] are based on observing the effect of an inserted Trojan on a physical parameter such as circuit transient current, power consumption or path delay, and then comparing it with the pre-characterized golden value for a Trojan-free IC (or a model of the IC). If the observed value of the measured parameter differs by more than a threshold from the golden value, the presence of a Trojan is suspected. Both classes of Trojan detection techniques have their relative pros and cons. The main challenge for functional testing based Trojan detection approaches is the enormously large Trojan design space, which makes complete enumeration and test generation for all feasible Trojan instances in a moderately-sized circuit computationally infeasible. This makes it extremely difficult to guarantee that an arbitrary inserted Trojan would be activated, cause circuit malfunction and thus get detected during the test application phase. On the other hand, the advantage of the side-channel analysis based approaches lies in the fact that even if the Trojan circuit does not cause observable malfunction in the circuit during test, the presence of the extra circuitry can be reflected in the measured side-channel parameter. Further, such techniques are suitable for arbitrarily complex Trojans because they do not need to make any assumption about the mode of operation of an inserted Trojan. However, the main challenges associated with side-channel analysis are large process variation and design marginality induced effects in modern nanometer technologies [1] , and measurement noise, which can mask the effect of an inserted Trojan circuit, especially for small Trojans.
RELATED WORK
The underlying assumption for Trojan insertion is that an adversary is fully aware of the design functionality and therefore can hide the Trojan in a hard-to-find place. The adversary may use very rare internal transitions to trigger the Trojan, and it may be impossible to detect (due to exponential state space) during traditional testing and validation. One way to address this issue is to obfuscate [3] or encrypt [14] the design such that the adversary cannot figure out the actual functionality and therefore cannot insert the Trojan in a covert manner. Unfortunately, smart attacker can effectively bypass both obfuscation [15] and encryption [16] [13] . The basic idea is to find a side-channel signature (if the Trojan activated) that is different from the normal signature. Unfortunately, these approaches are susceptible to thermal and process variations. Therefore, it would be difficult to detect small combinational Trojans.
One promising direction to overcome process variation is to generate functional test patterns that are likely to activate the Trojans. These approaches rely on the fact that an adversary will choose a trigger condition for the Trojan using a set of rare nodes. Various approaches tried to maximize the rare node activation to increase the likelihood of activating Trojans. Some approaches [18] [19] use the designfor-test (DFT) infrastructure (such as additional scan flipflop) to increase the transition probability of low-transition nets. MERO [5] takes the advantage of N-detect test [20] to maximize the trigger coverage by activating the rare nodes. The test generation ensures that each of the nodes gets activated to their rare values for at least N times. They have shown that if N is sufficiently large, a Trojan with trigger conditions from these rare nodes, will be highly likely to be activated by the generated test set. Saha et al. [6] improves the test pattern generation of MERO by using genetic algorithm and boolean satisfiability, which could more effectively propagate the payload of possible Trojan candidates. However, these functional test generation approaches are not designed for side-channel analysis. Direct application of these test generation approaches for side-channel analysis would not be best for improving side-channel sensitivity for Trojan detection. The objective of increasing side-channel sensitivity is very different from the ones in both MERO as well as its enhanced version by Saha et al. Unlike these existing approaches, a side-channel aware test generation approach, as proposed in our paper, requires maximizing switching activity in an unknown Trojan circuit while minimizing the background switching.
Instead of aiming on finding a vector to activate a set of rare nodes, we focus on creating a set of vector pairs to maximize switching in rare nodes. Our algorithm creates multiple excitation of rare switching which is important in making side-channel based Trojan detection effective. Moreover, we also try to simultaneously minimize the background switching to maximize the relative switching.
MERS METHODOLOGY
In this section, we present the proposed methodology for side-channel aware test generation in detail. The methodology is based on the concept of statistically maximizing the switching activity in all the rarely triggered circuit nodes.
The effectiveness of a test pattern for side channel analysis is measured in two ways: (1) the ability to create most switching inside a Trojan or to activate a Trojan; (2) the ability to create high Trojan-to-circuit switching. We measure DeltaSwitch as the switching introduced by the Trojan, which is the difference of number of switches between the golden circuit and the Trojan-infected circuit. We measure RelativeSwitch as the ratio of DeltaSwitch to the total number of switches (TotalSwitch) in the golden circuit. An effective test vector should be capable of creating large DeltaSwitch, and more importantly it should create large RelativeSwitch, as it is directly related to the sensitivity for side channel analysis.
The major challenges for generating high-quality test vectors are as follows: (1) we are not sure of the location where the Trojan is inserted in the circuit; (2) the Trojan is stealthy and has very low activity when it is not triggered. These characteristics have made random tests not effective in magnifying the side channel signal for Trojan detection. Fig. 2 shows two example Trojan instances. The 4-trigger Trojan will only be activated by the rare combination 1011 and the 8-trigger Trojan will only be activated by the rare combination 10110011. If the possibility of each rare node to take its rare value is 0.1, the probability to have these two Trojans fully triggered is 10 −4 and 10 −8 , respectively. Our test generation approach (MERS) is based on creating a set of test vectors for each candidate rare node individually to have rare switching multiple (at least N ) times. Our approach utilizes the principle of N -detect [20] tests to increase the likelihood of partially or fully activating a Trojan. MERS can generate a high-quality testset for these rare nodes individually to have rare switching for N times. If N is sufficiently large, a Trojan with triggering conditions from these rare nodes is likely to have high switching activity even though it might not be fully activated.
Multiple Excitation of Rare Switching
The basic idea of MERS is that if we can make a rare node switch N times where N is sufficiently large, it significantly 
11:
Simulate the circuit with vector pair (tp, vj)
12:
Count the number of rare switches (RS)
13:
Set v j = vj 14: for each bit in v j do
15:
Mutate the bit and re-simulate the circuit with vector pair (tp, v j )
16:
Count the number of rare switches (R S ) 17: if R S > RS then Update Si for all nodes in R due to vector v j
22:
if v j increases Si for at least one rare node then
23:
Add the mutated vector v j to T
24:
Set tp = v j 25:
if Si ≥ N for all nodes in R then
27:
Break 28: end 29: end 30: return MERS test patterns T improves the chance of switching in a Trojan associated with that rare node. The rare switching in our algorithm specially refers to a rare node switching from its non-rare value to its rare value. The reason to choose this criteria is twofold: (1) it is more difficult to switch from non-rare to rare value than from rare to non-rare value; (2) it defines the switching between the previous vector and the current vector, and it usually helps to create an extra switching between the current vector and the next vector. This will increase the probability of switching of a Trojan which has rare nodes as its trigger conditions. Our approach is also applicable to sequential Trojans, which requires the rare condition to occur a certain number of times to be fully triggered.
Algorithm 1 shows the steps of MERS to generate high quality tests for creating switching in rare nodes, so as to assist side channel analysis for hardware Trojan detection. The algorithm is fed with the golden circuit netlist, the list of random test patterns (V ) and a list of rare nodes (R) (which is obtained by random vector based circuit simulation beforehand). First, we simulate each random pattern and count the number of rare nodes (RV ) that take their rare values. We sort the random patterns in descending order of RV , which means that the vector with ability to activate the most number of rare nodes goes first. Next, we initialize the rare switching counter Si for each rare node to 0. In the next step, we mutate vectors from the random pattern set to generate high quality tests. We mutate the current vector one bit at a time and we accept the mutated bit only if the mutated vector can increase the number of nodes to have rare switching. In this step, only those rare nodes with RS < N are considered. The mutation process repeats until each rare node has achieved at least N rare switches. The output of the test generation process is a compact set that improves the switching capability in rare nodes, compared to random patterns. The complexity of the algorithm is O(n * m), where n is the total number of test vectors mutated during the process, and m is the number of bits in primary inputs. The runtime to generate MERS tests can be found in Table 1 .
The testset generated by MERS is expected to be very effective in increasing the likelihood of rare nodes to switch and thus increasing the activities in Trojans. In other words, MERS testset is capable of maximizing the DeltaSwitch (the numerator in Equation 1). MERS testset is already a very high quality testset in terms of criteria for DeltaSwitch. However, MERS testset also creates more switching in other parts of the circuit, when it is making efforts to switch rare nodes. This characteristic of increased TotalSwitch would be further illustrated in the Section 5. In order to maximize relative switching, we need to have TotalSwitch in control as well. In the following subsections, we propose two methods to tune the MERS testset, so that it can: (1) still be effective for DeltaSwitch, (2) reduce TotalSwitch and improve the effectiveness for RelativeSwitch. The first method is a heuristic approach based on hamming distance of test vectors, which can reduce the total switching. The second one is simulation based, in which we try to balance the rare switching and the total switching while we explore all the candidate vectors.
Hamming Distance based Reordering
If two consecutive input vectors have the same values in most bits, it is very possible that the internal nodes will also have a lot of values in common. A simple heuristic to reduce total switching in circuit is to have similar input vectors. We use the Hamming distance between two vectors to represent the similarity. Algorithm 2 shows our approach to reorder the testset by Hamming distance. The algorithm is a greedy approach to explore all candidate vectors and take the best one in terms of Hamming distance. We first check the Hamming distances between the previous vector and all the remaining vectors, then we select the vector which has the minimum Hamming distance as the next vector. The time complexity of Algorithm 2 is O(n 2 ), where n is the testset size. Fortunately, it is of low cost to calculate the Hamming distance between two input vectors. The actual run-time is very short because n (number of test patterns produced by MERS) is small, in the order of tens of thousands. 
for all remaining tests tj in Torig do 7: if min dist > hamming dist(tp, tj) then 8: min dist = hamming dist(tp, tj) 9: best idx = j Add t best idx to the end of T hamm
13:
Remove t best idx from Torig 
for all remaining tests tj in Torig do
7:
Simulate the circuit with vector pair (tp, tj)
8:
Count the number of RareSwitch and TotalSwitch
9:
prof it = C * RareSwitch − T otalSwitch Add t best idx to the end of Tsim
16:
Remove t best idx from Torig
17:
Update tp = t best idx 18: end 19: return Tsim
Simulation based Reordering
The reordering problem to improve the relative switching is actually a multi-objective optimization problem: maximize the DeltaSwitch and minimize the T otalSwitch as in Equation 1 . We do not know the DeltaSwitch, because the location and type of the Trojan is unknown. However, rare switching between two vectors is a good indicator for DeltaSwitch, which means a large number of rare switching would imply a large DeltaSwitch in Trojan. We redefine the optimization goal as to maximize the rare switching and minimize the total switching at the same time between vector pairs. We formalize the problem as shown in Equation 2. We need to explore the best weights to balance between the two objectives:
We propose an approach as shown in Algorithm 3 based on real simulation of the test vectors to maximize the combined objective. We introduce a concept of prof it to indicate the fitness of a test vector to follow the previous test vector. prof it is defined as (C * RareSwitch−T otalSwitch), where C is the ratio of two weights w1 and w2. It is meant to maximize the rare switching (activity in Trojan circuits) and minimize the total switching of the whole circuit. In the experiment section, we will explore different weight ratios and check the influence of weight ratios on side channel sensitivity.
Algorithm 3 shows our approach to tune the testset by simulation with prof it as a reordering criterion. By exhaustively checking the prof it between the previous vector and all the remaining vectors, we select the vector which has the maximum prof it as the next following vector. The time complexity of Algorithm 3 is O(n 2 ), where n is the test length. However, it is much slower than Algorithm 2, because it is time-consuming to simulate input vector pairs and calculate prof it. 
EXPERIMENTS

Experimental setup
The test generation framework, including the MERS core algorithms and the evaluation framework, is implemented using C. As shown in Fig. 3 , the test generation framework can simulate circuit netlists, generate MERS testset, further tune the testset, and evaluate the effectiveness of testsets on random Trojans. We evaluated our approach on a subset of ISCAS-85 and ISCAS-89 benchmark circuits. The sequential circuits are converted into full scan mode. We also implemented the MERO [5] approach with parameter N of 1000 for comparison. We did our experiments on a server with AMD Opteron Processor 6378 (2.4GHz). The runtime for different benchmarks and different methods is shown in Table 1 . The table also shows the number of rare nodes in each benchmark. We used 0.1 as the rare threshold to select rare nodes. 
Evaluation Criteria
When applying a testset to a circuit with Trojan, there are four criteria to evaluate the effectiveness of the testset:
• AvgDeltaSwitch: the average delta switch when applying the testset on this Trojan-infected circuit.
• MaxDeltaSwitch: the maximum delta switch when applying the testset.
• AvgRelativeSwitch: the average relative switch when applying the testset.
• MaxRelativeSwitch: the maximum relative switch when applying the testset. We choose this criterion as the Side Channel Sensitivity because this directly determines whether a Trojan can be detected through side-channel analysis.
AvgDeltaSwitch and MaxDeltaSwitch reflect the activity in Trojan, and AvgRelativeSwitch as MaxRelativeSwitch reflect the sensitivity of the side channel signal in detecting the Trojan.
As for evaluation of testsets, we would expect a highquality testset to have a good coverage over all possible Trojans. In our experiments, we apply the testset to 1000 randomly inserted Trojan samples and compute these four values for each Trojan instance. We would then take the average of these four metrics, which would reflect the capability of the testset to enable detection of different Trojans through side-channel analysis. The average M axRelativeSwitch would be most suitable for Side Channel Sensitivity evaluation, which is to maximize the sensitivity for an arbitrary Trojan in unknown circuit location. benchmarks. We choose different N to generate MERS testsets, to compare with the Random (10K vectors) testset. For each testset, the box plot shows (minimum, first quartile, median, third quartile, maximum) values of MaxDeltaSwitch of the 1000 Trojan samples. It is clear from these plots that the distribution of MaxDeltaSwitch is constantly improving with increasing N . For c2670, the average MaxDeltaSwitch (as shown by the red lines) can reach 18.67 for MERS (N = 1000), while Random testset can achieve only 12.15. For c3540, the average MaxDeltaSwitch can reach 11.13 for MERS (N = 1000), while for Random testset it is only 9.19. The fact that the quality of MERS tests improves with increasing N is not surprising. It is similar to N -detect tests for stuckat faults, where fault coverage is expected to improve with increasing N . The testset size also increases with N . The sizes of testsets for MERS (N = 10, 20, 50, 100, 200, 500, 1000) are (71, 140, 347, 656, 1262, 3142, 6199) for c2670, and (161, 302, 742, 1441, 2858, 7070, 14250) for c3540. In most of our experiments, we choose a value of N = 1000, which is a good balance between testset quality and testset size. For fair comparison with Random testset, we will only take the first 10K vectors of MERS testset if it is larger than 10K. Fig. 5 shows the average M axDeltaSwitch and the average T otalSwitch of the testsets for 1000 8-trigger Trojan samples for different values of N . For both of the two benchmarks, the average T otalSwitch increases with N as well as the average M axDeltaSwitch. It is obvious that all the MERS testsets have much larger average T otalSwitch, compared with the Random testset. For c2670, the average T otalSwitch for MERS (N = 1000) is 644.9, which is about 1.25X times of that of the Random testset (515.7). For c3540, the average T otalSwitch for MERS (N = 1000) is 808, while Random testset is only 649.2. The insight that we can get from here is that MERS tends to increase the T otalSwitch of the circuit, although it is designed to increase switches in rare nodes. The following subsection will show that the proposed reordering methods would be effective to reduce T otalSwitch and thus increase side channel sensitivity.
Exploration of N
Effect of Increased Total Switching
Effect of Weight Ratio (C)
The effectiveness of the two reordering methods can be observed in Fig. 6 and Fig. 7 . As shown in Fig. 6 , MERS-h can reduce T otalSwitch and thus increase the relative switching (i.e. the Side Channel Sensitivity), compared with the original MERS testset. For MERS-s with different weight ratio C, side channel sensitivity improves steadily with a small C, and then goes down when C is too large. As the weight ratio tries to balance DeltaSwitch and T otalSwitch, a large C will outweigh the influence of T otalSwitch, which will make it less different from the original MERS testset. In the following experiments, we choose the weight ratio as C = 5, as it provides a good balance between the total switching and rare switching. Fig. 7 shows detailed distribution of Side Channel Sensitivity for 1000 8-trigger Trojan samples with different choices of C. The reordering methods are working well to improve Side Channel Sensitivity, which is built on the fact that the original MERS testset is already of high quality in terms of DeltaSwitch, or switching in Trojans. testset. This shows the effectiveness of MERS in creating Trojan activity. Table 3 shows that MERS is also helpful in improving RelativeSwitch. The average AvgRelativeSwitch increased by 158.16%, compared with Random testsets. For average MaxRelativeSwitch (Side Channel Sensitivity), MERS has an average improvement of 18.89%. However, Side Channel Sensitivity values for benchmark c3540 and c6288 are not as good as those of Random testsets. This is due to the fact that MERS testset also increases the total switching, when it is making efforts to cause rare nodes switching. This phenomenon is illustrated and explained in Fig. 5 and Fig.  6 , and this side effect can be improved by the two reordering algorithms as shown in Table 4 and 5.
Increase in Trojan Activity
Side Channel Sensitivity Improvement
To this point, we have explored the parameters: N for MERS and C for MERS-s. We choose N = 1000 and C = 5 in the following experiment to compare our proposed schemes with Random testset and MERO. Table 4 and 5 show the improvement of proposed approaches on Side Channel Sensitivity for 4-trigger and 8-trigger Trojans. Table 4 shows that MERS, MERS-h and MERS-s have 10.37%, 138.44% and 152.26% improvement over the Ran- In this section, we explore the impact of different values of N for MERS and observe the effectiveness of MERS to maximize Trojan activity as N increases. We confirm the superiority of MERS testsets over Random testsets in Section 5.6 on creating switching activity in randomly sampled Trojans. We observed that the total switching was also likely to increase while MERS made efforts to maximize rare switching in Trojans. The two reordering methods (MERS-h and MERS-s) successfully had the total switching under control while maintaining the rare switching high. The comparison with Random and MERO testsets shows the effectiveness of our test generation framework in maximizing Side Channel Sensitivity for Trojan detection.
Process Calibration and Multiple-Parameter
Side-Channel Analysis MERS can be combined with existing process calibration approaches [21] [22] [23] to minimize the false positives/negatives and maximize Trojan coverage. Most side-channel analysis based approaches perform process variation calibration by using golden chips at different process corners. This helps us obtain the limiting threshold values, beyond which any chip is classified as Trojan-infected. MERS can simultaneously maximize the switching in Trojan and minimize the background switching, so as to maximize the relative switching. By calibration or reference to that of a golden chip, MERS helps side channel analysis to reduce the intra-die systematic process variations. Moreover, as shown in [23] , various measurable parameters can be used for multiple-parameter sidechannel-based Trojan detection where at least one parameter is affected by the Trojan and other parameters are used to calibrate the process noise. For example, the dynamic current (IDDT ), the quiescent or leakage current (IDDQ) and the maximum operating frequency (Fmax) may be influenced when there is a Trojan. They can serve as side channel references to calibrate process noise. Authors in [23] have shown Trojan and process variation effects on these three variables (IDDT , IDDQ and Fmax). MERS can increase IDDT , which would greatly improve the accuracy of [23] to isolate a Trojan-infected chip in the multiple-parameter space from process induced variations.
Scalability to Large Designs
For a large design, the supply current of a golden chip for a high-activity vector can be very large compared to the additional current consumed by a small Trojan. The variation in the current value due to process noise can also be very large, which would mask the effect of the Trojan on the measured current and create difficulty for accurate Trojan detection. Scalability of MERS to larger designs can be enhanced by combining it with region-based test generation approaches, which segment a circuit into nearly-isolated regions (i.e. with low connectivity between them). In this case, MERS can be applied separately to each region. For example, in case of a processor, MERS can be employed separately to its building blocks, such as, integer execution unit, floating point datapaths, control logic, and result bus logic. MERS can work with schemes proposed in [23] to isolate a region and prevent unwanted switching in independent functional modules by taking advantage of the power gating techniques conventionally used by low-power designs, such as clock gating, supply gating, or operand isolation. MERS can also be applied a more flexible region-based side channel analysis approach proposed in [24] . They perform a functional decomposition to divide a large design into several small blocks or regions, so that they can activate them one region at a time. MERS can be used as the test generation algorithm to generate vectors that maximize the activity within each region. The decision to report a chip as Trojan-infected would be based on the deviation of its region current matrix with respect to the golden chip. Future work will include integration of MERS with region-based circuit partitioning techniques to further enhance its effectiveness and its evaluation on larger industry-standard designs.
CONCLUSIONS
We have presented a framework for statistical test generation, called MERS, which can significantly improve the Trojan detection sensitivity in side-channel analysis based Trojan detection. The approach aims at statistically increasing switching activity in an unknown Trojan to amplify the Trojan effect in presence of large process variations. Such a test generation approach will, in general, be effective for any side-channel analysis approaches that rely on activity in Trojan circuits (e.g. transient current, dynamic power profile, or electromagnetic emanation based methods). Furthermore, MERS is effective for any Trojan forms/sizes, as long as a Trojan is implanted through alterations in a circuit structure -the most dominant mode of Trojan implantation. Our simulation results on a set of benchmark circuits show that the proposed approach can improve the side channel sensitivity by more than 96.61%, compared with random tests for a large set of arbitrary Trojans. It shows that a judicious statistical test generation such as MERS can serve as an essential component in a side-channel Trojan detection approach. Future work will include further improvement in scalability to larger designs and evaluation of MERS with test chip measurements.
ACKNOWLEDGMENTS
