TAAL: Tampering Attack on Any Key-based Logic Locked Circuits by Jain, Ayush et al.
1TAAL: Tampering Attack on Any Key-based Logic
Locked Circuits
Ayush Jain, Student Member, IEEE, Ziqi Zhou, Student Member, IEEE and Ujjwal Guin, Member, IEEE
Abstract—Due to the globalization of semiconductor manufac-
turing and test processes, the system-on-a-chip (SoC) designers
no longer design the complete SoC and manufacture chips on
their own. This outsourcing of design and manufacturing of
Integrated Circuits (ICs) has resulted in a number of threats,
such as overproduction of ICs, sale of out-of-specification/rejected
ICs, and piracy of Intellectual Properties (IPs). Logic locking
has emerged as a promising defense strategy against the afore-
mentioned threats. However, various attacks pertaining to the
extraction of secret keys have undermined the security of logic
locking techniques. Over the years, researchers have proposed
different techniques to prevent the existing attacks. In this paper,
we propose a novel attack which can break any logic locking
techniques that relies on stored secret key. This proposed TAAL
attack is based on implanting a hardware Trojan in the netlist,
which leaks the secret key to an adversary once activated. As
an untrusted foundry has the capability to extract the netlist of
a design from the layout/mask information, it is feasible for a
malicious foundry to implement such a hardware Trojan. All of
the three types of TAAL attacks can be used for extracting secret
keys. We have introduced the models for both the combinational
and sequential hardware Trojans that evade manufacturing tests
as well. An adversary only needs to choose one hardware Trojan
out of a large set of all possible Trojans to launch the TAAL
attack.
Index Terms—Logic locking, IP Piracy, IC Overproduction,
Hardware Trojans, Tampering
I. INTRODUCTION
The continuous addition of new functionality in a system-
on-a-chip (SoC) has enforced designers to adopt newer and
lower technology nodes to manufacture chips primarily to
reduce overall area and the resultant cost of a chip. Building
and maintaining such a fabrication plant (foundry) requires
a multi-billion dollar investment [1]. As a result, the semi-
conductor industry has moved towards horizontal integration,
where a SoC designer acquires intellectual properties (IPs)
from many different vendors and sends the design to a foundry
for manufacturing, which is generally located offshore.
The hardware layers that were assumed to be trusted, are
no longer true with the outsourcing of IC fabrication in
a globalized and distributed design flow including multiple
entities. Third party IPs, fabrication, and test facilities of chips
represent security threat to the current horizontal integration
of the production. The security threats posed by these entities
include – (i) overproduction of ICs [2]–[8], where an untrusted
foundry fabricates more chips without the consent of the SoC
Ayush Jain, Ziqi Zhou and Ujjwal Guin are with the Department of
Electrical and Computer Engineering, Auburn University, AL, USA (e-mail:
{ayush.jain, ziqi.zhou and ujjwal.guin}@auburn.edu).
designer in order to generate revenue by selling them in the
market, (ii) sale of out-of-specification/rejected ICs [8], [9],
and (iii) IP piracy [10]–[13], where an entity in supply chain
can use, modify and/or sell functional IPs illegally. Over
the years, researchers have proposed different techniques to
prevent the aforementioned attacks and they are IC meter-
ing [2], [3], [5], [14], logic locking [2], [8], [15], hardware
watermarking [16]–[18], and split manufacturing [19], [20].
Logic locking has emerged as one of the promising tech-
nique and gained significant attention from the researchers to
address the different threats emerged from untrusted manufac-
turing. In logic locking, the netlist of a circuit is locked in such
a way that it produces incorrect results unless it is programmed
with a secret key. The locks are generally inserted in the
netlist using XOR gates. Traditional logic locking methods
involved selection of key gate location as random selection [2],
[9], [21], strong interference-based selection [15], and fault-
analysis based selection [22]. Over the years, researchers
have also proposed different attacks to extract the secret
key and thus undermine the locking mechanisms. Boolean
Satisfiability (SAT)-based attacks have demonstrated effective
ways of extracting the secret keys. Countermeasures are also
proposed so that SAT-based attacks become infeasible.
In this paper, we show that any locked circuits where the
secret key is stored in an on-chip memory, even if tamper-
proof, can be broken. We present this attack as TAAL:
Tampering Attack on Any Locked circuits that use key-based
logic locking. This attack can defeat the security measures
provided from any existing logic locking methods. We believe
that we are the first to show that any key-based logic locked
circuits can be exploited by inserting a hardware Trojan in
the netlist. The contributions of this paper are described as
follows:
• We propose a novel attack based on malicious modifica-
tions of the netlist to target any key-based locked circuit.
The attack approach is to tamper the locked netlist in
order to extract the secret key information. Once the valid
key information is extracted out from an activated IC,
an untrusted foundry can unlock any number of chips,
and sell overproduced and defective chips in the market.
As this attack is applicable to any key-based locked
circuits, an adversary can undermine any secure solu-
tions proposed so far to prevent overproduction, sourcing
defective/out-of-spec chips, and IP piracy.
• We present three types of TAAL attacks that extract the
secret key differently using hardware Trojans placed at
different locations in the netlist. T1 type TAAL attack
directly leaks the secret key to the primary output once
ar
X
iv
:1
90
9.
07
42
6v
1 
 [c
s.C
R]
  1
6 S
ep
 20
19
2the Trojan is activated (see Figure 2.(a)). On the other
hand, T2 type TAAL and T3 type TAAL attacks rely on the
activation and propagation of the secret key to the primary
output (see Figure 2.(b) and Figure 3 respectively). The
adversary has the freedom of choosing one of these three
types of TAAL attacks implemented using combinational
or sequential hardware Trojans.
• We present a model for the combinational hardware
Trojan, which can be used to launch an attack. The ad-
versary has the freedom of choosing the type of hardware
Trojan, which can be designed in such a way that it
evades manufacturing or production tests and remains
undetected. We define this Trojan as Type-p Trojan, as
it has p trigger inputs. These triggers can come from the
primary inputs and/or internal nodes of a locked circuit.
We show that a very large number of Trojans can be
created and only one such a Trojan can be used by an
adversary. It is practically possible for an SoC designer
to detect all these feasible Trojans using logic tests.
• We also present a model for sequential Trojan, which is
constructed using a combinational one. A state element
(a counter) is added to a combinational Trojan so that it
delivers the payload once it is triggered R times consec-
utively. Note that the trigger inputs for both the Trojans
are same. The combinational Trojan delivers the payload
once it is triggered, on the other hand, a sequential Trojan
needs to be triggered R times consecutively.
The rest of the paper is organized as follows: an introduction
to logic locking along with an overview of different locking
techniques and attacks is provided in Section II. The proposed
attacks based on hardware Trojan to implement the malicious
design modification for the extraction of secret key from any
locked circuit is described in Section III. We provide an
algorithm for designing an Type-p combinational Trojan con-
sidering the set of manufacturing test patterns in Section IV.
The number of valid Trojans along with other factors such
as area overhead and leakage power for several benchmark
circuits are presented in Section V. The future directions are
provided in Section VI. Finally, we conclude our paper in
Section VII.
II. BACKGROUND
The challenges for protecting a circuit against hardware
security threats have been the driving force for the develop-
ment of different techniques to limit the amount of circuit
information that can be recovered by an adversary. Logic
locking has emerged as a field of significant interest from the
researchers, as it can provide a complete protection against IC
overproduction and IP piracy.
The objective of logic locking is to obfuscate the inner
details of the circuit and making it infeasible for an adversary
to reconstruct the original netlist. Logic Locking hides the
functionality of the circuit by inserting additional logic gates
into the original design, which we termed as key gates. In
addition to the original inputs, the locked circuit needs secret
key inputs to key gates from an on-chip tamper-proof memory
(see Figure 1.(a) for details). The correct functionality of the
x1
x2
x3
x4
y
x1
x2
x3
x4
y
k
x1
x2
x3
x4
y
k
1
0
x1
x2
x3
x4
y
(b)
(c) (e)(d)
TM TM TM
k1 k2 k3 k4
Input Output
Locked
 Circuit
Tamper-proof 
Memory
Secret Key (K)
(a)
Figure 1: Different logic locking techniques. (a) A locked
circuit, where the secret key (K) is programmed in a tamper-
proof memory (TM ). (b) Original circuit. (c) XOR-based
locking. (d) MUX-based locking. (e) LUT-based locking.
design is obtained when the key inputs receive the proper
secret key value. Applying invalid key to the key gates would
result in incorrect functionality of the locked design. Note
that for a secure locked circuit, the design details cannot be
recovered using reverse engineering.
Different logic locking methods were devised over the years
and can be categorized into three different categories. First,
XOR-based logic locking, shown in Figure 1.(c), have received
much attention due to its simplicity. In this technique, a set of
XOR or XNOR gates are inserted as key gates [2], [8], [9],
[15], [21], [23]–[26]. The secret key is stored in tamper-proof
memory (TM), and connections are made from TM to the key
gates. Second, in MUX-based logic locking technique [27],
[28], multiplexers (MUX) are inserted so that one of its
input is correct, which is the original net of the circuit. The
other input of the MUX is incorrect, which is a dummy net
randomly selected from the netlist. This technique is shown
in Figure 1.(d). The select signal of the MUX is associated
with the key bit from the tamper-proof memory. The correct
signal goes through the MUX upon applying valid key value,
otherwise incorrect signal propagates in the netlist. Third, in
LUT-based logic locking, [7], [29], [30], shown in Figure 1.(e),
a look-up table with several key inputs is used to lock the
netlist. The LUTs replace a combinational logic in the design
making it difficult to predict the output as it depends on several
different key values.
The research community has proposed several attacks to
exploit the security vulnerability on a logic locked circuit. Sub-
ramanyan et al. [31] first showed that a locked circuit can be
broken using Boolean Satisfiability (SAT) analysis. The SAT
attack algorithm, attributed as oracle-guided attack, requires a
locked netlist, which can be recovered using reverse engineer-
ing and functional chip with a valid key stored/programmed
in its tamper-proof memory. In this attack, an adversary can
query an activated chip and observe the response. Note that
SAT attack requires an access to the internal nodes of circuit
through the scan chains, which is common in today’s netlist
for implementing Design-for-Testability (DFT) [32]. The SAT
attack works iteratively to eliminate incorrect key values from
the key space using distinguishing input patters (DIPs). A DIP
3is defined as an input pattern for which two sets of hypothesis
keys produce complementary results. By comparing these with
the output of an unlocked chip, one set of hypothesis keys
is discarded. The SAT attack works efficiently as it discards
multiple hypothesis keys in one iteration.
Thereafter, researchers have focused on improving and
developing locking techniques to be resilient against the SAT
attack. Subsequent work in this direction involved Anti-SAT
[23], [33], SARLock [24], TTLock [25], SFLL [26], design-
for-security (DFS) architecture [8], [9], [21]. These proposed
techniques use one-point functions. SARlock inverts the output
of the circuit for one input pattern corresponding to one
incorrect key. This input pattern differ for different incorrect
keys. Anti-SAT involves two complementary external logic
circuits which are supplied with the same key values and same
inputs. The output of these two circuits converge into a AND
gate whose output is always 0 for the correct key applied,
else, it may be 1 that leads to corrupted internal node value
in the original netlist to produce incorrect outputs. Anti-SAT,
initially, was proven vulnerable to the signal probability skew
(SPS) [24] attack and removal/bypass attack [34]. SARLock
was broken by Double DIP attack [35], Approximate SAT
attack [36] and removal/bypass attack [34].
Due to limitations of SARlock, Yasin et al. developed an
improved version of this design and referred as TTLock [25],
where the original design itself is modified to produce cor-
rupted/inverted results upon applying incorrect key. However,
TTLock provided protection only for single input pattern so to
provide more flexibility in the number of protected input pat-
terns, stripped functionality based logic locking (SFLL) [26]
was proposed. The design is no longer same as the original
design due to stripped parts of the functionality resulting
in erroneous output. A separate restore unit is responsible
for removing this error in the output supplying correct key
values to it. However, Subramanyan et al. has shown recently
that SFLL can be defeated through FALL attack [37]. The
attack is build on 3 primary steps, namely, structural analy-
sis, functional analysis and key confirmation. The structural
analysis is performed to identify the gates that are output of
cube stripping function in SFLL. After identification of these
candidate gates, the functional analysis targets the property of
cube stripping functions, which results in a set of potential
key values. Finally, the key confirmation algorithm identifies
the correct key from the set of potential key values.
As the SAT-attack is based on the availability of accessing
the internal states of a circuit through the scan chains, Guin
et al. proposed placing multiple flip-flops capturing signals
controlled by different key bits at the same level of the parallel
scan chains, which were used in current test compression
methodologies [8]. However, a vulnerability existed in this
design, when an adversary performs multi-cycle tests, such
as delay tests (transition delay faults and path delay faults)
[32]. This leads to the necessity for developing a new design-
for-security (DFS) architecture to prevent leaking of the key
during any manufacturing tests [9], [21]. This design prevents
scanning out the internal states of a design after a chip is being
activated and the keys are programmed/stored in the circuit. To
the best of our knowledge, this is the only existing solution
today, which prevents SAT-based attacks as no attacks have
been reported so far.
Apart from SAT based attacks, probing attacks [38] have
also shown serious threat to the security of logic locking,
where an attacker makes contact with the probes at signal
wires in order to extract sensitive information, mainly, the se-
cret key. With the help of focused ion beam (FIB), a powerful
circuit editing tool that can mill and deposit material with
nanoscale precision, an attacker can circumvent protection
mechanisms and reach wires carrying sensitive information.
However, the countermeasures reflect the complexity of shield-
structure and nanopyramid structures as the defense, making
it difficult to perform these attacks [39], [40].
III. PROPOSED TAAL ATTACK FOR EXTRACTING SECRET
KEYS
The general hardware security strategy adopted for design-
ing and manufacturing a circuit involves a logic locking, where
a chip is unlocked by storing a secret key in the tamper-
proof memory. As this secret key is same for all the chips
manufactured with the same design, finding this key from
one chip undermine the security resulted from logic locking.
We show that an adversary can easily extract the key for
a chip using our proposed TAAL attacks, which are built
on tampering through malicious modification by inserting a
hardware Trojan to a locked circuit. In this section, we will
present three types of TAAL attacks.
A. Adversarial Model
The adversarial model is given to clearly define the ca-
pabilities and intentions of an attacker. In this model, the
attacker (adversary) is assumed to be an untrusted foundry
and possesses the following:
• The attacker has access to the locked netlist of a circuit.
An untrusted foundry has the access to all the layout
information, which can be extracted from the GDSII or
OASIS file. The netlist can be reconstructed from the
layout using reverse engineering with advanced techno-
logical tools [41].
• The attacker has the capability to determine the location
of the tamper-proof memory. It can also find the location
of key gates in a netlist, as it can easily trace the route
of the other input of the key gate to the tamper-proof
memory.
• The attacker has the capability to tamper a netlist for its
malicious intentions through inserting additional circuitry,
commonly known as hardware Trojans, about which the
SoC designer is unaware.
• The attacker has access to all the manufacturing test
(e.g. stuck-at-fault, SAF) patterns. It is common that the
production tests are performed at the foundry.
B. T1 Type TAAL Attack
The T1 type TAAL attack is the simplest attack among the
other two types, which will be introduced in the successive
sections. This attack is beneficial for the attacker who does
4x3
x5
x2
x1
x4
1
0
y
K
G1
G2
G3
G4
(a)
(b)
T
k
MUX 
(P)
n2
n4
n3
n1
x3
x5
x2
x1
x4
1
0
y
K
G1
G2
G3
G4
T
k
MUX 
(P)
n2
n4
n3
n1
Figure 2: (a) T1 type TAAL attack, where a Type-3 combina-
tional Trojan is inserted for key extraction directly from the
connection between key gate and tamper-proof memory, (b)
T2 type TAAL attack, where a Type-3 combinational Trojan is
inserted for the secret key extraction.
not intend to gain knowledge regarding the security measures
implemented for the circuit. The hardware Trojan assists in
extracting out the secret key directly from the tamper-proof
memory.
Figure 2.(a) shows the proposed modification to launch T1
type TAAL attack. A Type-3 combinational Trojan (see details
in Section IV-A) is designed and inserted in the netlist. A
3-input AND gate serves as the trigger and denoted as T ,
whereas, the 2-input multiplexer delivers the payload to the
primary output. One input of the multiplexer is the original
output of the locked netlist. The other input is connected to
the line formed between the key gate (K) and the tamper-
proof memory as a part of logic locking. Under normal
operation for any activated chip, the multiplexer propagates
the correct circuit functionality at the output. Once the Trojan
gets activated, the output of AND gate becomes 1, which
leads to the extraction of secret key through the multiplexer at
the output. Note that the required number of multiplexers to
extract the complete secret key is dependent on the key size.
The T1 type TAAL attack is very effective as it does
not require any knowledge of the circuit netlist. This attack
can also be applied to any logic locking techniques without
knowing its implementation details as it directly leaks the
key to the primary output. As there are no secure measures
undertaken in logic locking to protect the connection between
the key gates and the tamper-proof memory, any locked circuit
can be vulnerable for this attack. Note that an adversary
can select any hardware Trojans (combinational or sequential
Trojans) of its choice, and one can find the implementation
details in Section IV.
C. T2 Type TAAL Attack
Instead of extracting the key directly to the primary output,
an adversary can propagate it to the output. In T1 type TAAL
Attack, once the Trojan is activated, the raw key values are
transferred to primary output, which can raise a suspicion
of a design being tampered. T2 type TAAL Attack primarily
addresses this shortcomings of T1 type attack, by incorporating
logic values in the key, which can easily be separated.
The attack involves tampering a netlist with a Type-3
combinational Trojan. The trigger is constructed using a 3-
input AND gate and the payload is delivered to the primary
output of the circuit using a 2-input MUX. An adversary can
choose a net, whose logic value is impacted by the key gate
for the MUX input. In Figure 2.(b), net n4 is selected as the
MUX input. One can also select n2, however, n3 cannot be
selected. The key gate is considered as XOR gate having inputs
as secret key (k) and G1 gate output. In order to propagate
secret key at the output of key gate (K), G1 output needs
to be specified (either 0 or 1). If n1 = 0, the output of the
key gate will be k, otherwise it will be k. Since net n4 is
selected for key extraction, input x3 also plays a significant
role in key propagation as the complementary value at net n2
can propagate to n4 only when x3=1. To launch this attack, an
adversary needs to perform the circuit analysis to sensitize the
key. This attack requires an adversary to monitor input pattern
to extract the correct key. An adversary extracts k1 when
[x1 x2 x3] = [0 0 1] and k otherwise, keeping x3 fixed to logic
1, in the example provided in Figure 2.(b). This attack shows
the flexibility to identify individual key gate and target secret
key through key propagation from consecutive node selection.
The dependency of this attack on primary inputs increases the
efficiency of T2 type attack where only the adversary has the
knowledge about the logical values of these inputs.
D. T3 Type TAAL Attack
A locked netlist typically consists of a large number (e.g.,
128) of key gates, the effect of one key may affect the
propagation of an another key to the primary output. A secure
logic locking technique can also insert keys in such a way
that an adversary cannot propagate the key information to
output using manufacturing tests [15] .In such scenarios, T2
type TAAL attack may be ineffective to extract the key. T3
type TAAL attack is proposed to addresses this limitation
encountered for T2 type attack.
Figure 3.(a) shows the locked netlist, where the propagation
of the key (k1) is prevented by inserting another key (k2).
The output of G3 cannot be uniquely determined unless an
adversary knows either k1 or k2 and T2 type attack will fail to
determine either k1 or k2. It is thus necessary to help propagate
one key and then determine the other. Figure 3.(b) shows our
proposed T3 type TAAL attack, where net n5 is selected to
deliver the payload.
Figure 3.(b) shows the implantation of T3 type TAAL attack
using a Type-3 combinational Trojan. The trigger part for the
Trojan can be designed a 3-input AND gate and payload
is delivered through 2-input MUX as before. The key (k1)
propagation requires setting the node n5 to 1 so that the signal
5k1
k2
x5
x2
x1
x4
1
0
y
1
K1
K2
G1
G2
G3
G4
T
n1
n2
n3
n4
k1
k2
x5
x2
x1
x4 y
K1
K2
G1
G2
G3
G4
n1
n2
n3
n4
x3 n5
x3
n5
(a)
(b)
P
k1
k2
x5
x2
x4 y
K1
K2
G1
G2
G3
G4
T
n1
n2
n3
n4x3 n5
(c)
P
x1
Figure 3: (a) Original netlist with k2 inserted to prevent the
propagation of k1, (b) T3 type TAAL attack with a Type-3
combinational Trojan with payload as multiplexer (MUX), and
(c) OR gate.
value at node n2 can propagate through G3. The other input
of the MUX is directly connected to VDD, which is equivalent
to logic 1.
To propagate the key k1 at node n2, the other input of
the key gate (K1) needs to be specified. Let us assume that
n1 = 0, which results [x1 x2] = [0 0], and the output of key
gate (K1) will be k1. When the Trigger condition is met, the
output of the AND gate becomes 1, and logic 1 is delivered
at input of G3 through the MUX. At this point, the Trojan
activation nullifies the effect of key value k2 at the output of
G3. The signal at n4 will be k1. Finally, setting node n3 at
logic 1 will expose the key at the output, y. As a result, input
pattern [x1 x2 x3 x4 x5] = [0 0 X 1 1] will expose the key
k1 at the output. Once the value of k1 is known, an adversary
can perform the signal propagation analysis to find the value
of k2. Similarly, the payload MUX can be replaced with a
OR gate as shown in Figure 3.(c), the attack works in exactly
the same manner where triggering of Trojan would force the
output of the paylaod OR gate to logic 1 irrespective of its
other input which will assist in propagating the key value k1
or k1 at the primary output depending on the primary input
values as discussed above.
The attacks are explained using a combinational Trojan for
the simplicity of understanding. All the attacks proposed can
also be implemented using any Type-p sequential Trojan which
delivers at its targeted payload once the Trojan is activated R
times. The design details for a sequential Trojan is discussed
in Section IV-B.
IV. DESIGN OF HARDWARE TROJANS FOR TAAL ATTACKS
A hardware Trojan can be described as intentional mod-
ifications in the original netlist of a design for malicious
purposes [42]–[46]. A Trojan can be inserted into a circuit
during its design or manufacturing stages. In this paper, we
only consider a Trojan, inserted by an untrusted foundry,
which is relevant to logic locking (see adversarial model in
Section III-A). As logic locking was proposed to address
the treat from an untrusted foundry, it can practically thwart
the locking mechanism by obtaining the secret key through
inserting a hardware Trojan in the design.
A complete hardware Trojan classification can be found
in [13]. In this paper, we only consider combinational and
sequential hardware Trojans to demonstrate the attack. A com-
binational hardware Trojan generally comprises of a trigger
and a payload, the detailed modeling can be found in [47]. On
the other hand, sequential Trojans have a state element along
with the trigger and payload [46]. Any Trojans can be activated
through trigger inputs, which can be taken from the primary
inputs and/or internal nodes of a circuit, so that manufacturing
test patterns cannot trigger a Trojan and remains undetected.
The trigger can be implemented as an AND gate. When a
Trojan is activated, the output of this AND gate becomes 1
and it delivers the payload (selection input of the multiplexer
shown in Figures 2-3) to the circuit to leak the secret key.
The trigger can also be any logic function which provides 1
when activated. Note that a combinational Trojan manifests its
effects upon availability of the trigger inputs and effects the
original netlist at the payload, on the other hand, sequential
Trojan shows its effect after the occurrence of a sequence or
a period of time upon triggered.
A. Design for a Combinational Hardware Trojan
The primary purpose of a hardware Trojan, once activated,
is to modify the original functionality of a circuit to leak
the secret key, which is unknown to the SoC designer. It is
absolutely necessary that the Trojan must not get activated
during scan-based structural or functional tests. In other words,
the circuit should not come across any condition during tests
that activates the trigger, which can lead to its detection. In
this paper, we present a step-by-step process for designing a
combinational hardware Trojan, initially presented in [47], for
a locked netlist.
A hardware Trojan can be described based on its trigger
inputs, and can be defined as Type-p Trojan when it has p
trigger inputs. The trigger inputs can be selected from primary
6inputs and/or internal nodes, which are not affected by the key
gates. If such a node selected as a trigger input, an adversary
cannot activate a Trojan as it does not know this secret key,
and thus the internal signal value for an activation pattern. We
call this pattern as hardware Trojan activation pattern (HTAP).
The payload of the Trojan (a MUX) can be delivered to a
location described in Figures 4 for launching our proposed
TAAL attack.
Let us determine the number of Trojans, one can insert in
a design to extract the secret key. This is basically a selection
problem, where an adversary selects p nodes as the trigger
inputs from N nodes of a circuit so that the Trojan is not
activated during the manufacturing/production tests. The value
of N can be determined based on the following equation:
N = PI +G+ F −M (1)
where,
PI : Number of primary inputs
G : Number of gates
F : Number of fanout branches
M : Number of lines impacted by the
key gates
An upper bound of all possible Type-p Trojans (ATp) can
be given by:
ATp =
(
N
p
)
× 2p (2)
The right hand side of Equation 2 constitutes of two
products. The first one represents all possible combinations
to select p lines from N. The second one denotes the trigger
combinations, as one line can be applied directly or inverted
to the trigger input. Note that the actual number of Trojans
(denoted as V Tp) can be less than ATp as few of them can
be detected by the manufacturing test patterns (e.g., stuck-at
fault patterns), and few may not be triggered from the primary
inputs. However, for a reasonable size circuit, ATp and V Tp
are comparable.
Figure 4 shows an example of TAAL: T1 type using a Type-
4 Trojan inserted in the netlist. The circuit has five primary
inputs (PI). The SoC designer can generate test patterns con-
sidering the key as input (the pattern generation is described
in detail in [9], [21]. To detect all the stuck-at faults (SAFs),
seven test patterns (e.g., P = {P1, P2, . . . , P7}) are required
and they are generated using Synopsys TetraMax [48] ATPG
tool. To avoid a Trojan being activated by these manufacturing
test patterns, the trigger of the Trojan must remain quiet for
all these input patterns. A hardware Trojan activation pattern
is selected, where HTAP = (X 0 0 1 1 0)T /∈ P . As the
logic values of nodes n2, n4, and n5 are impacted by the key,
k, these nodes are excluded in designing the Trojan. If one
of these nodes are selected, an adversary may not activate the
trigger as it does not know the key value. The upper bound
of all possible Type-4 Trojans (AT4) can be given by
AT4 =
(
7
4
)
× 24 = 560 (3)
where, N = 5 + 5− 3 = 7.
x3
x5
x2
x1
x4
1
0
y
kG1
G2
G3
G4
T
k
Hardware Trojan activation pattern (HTAP)
SAF test patterns (P)
n1
n2
n4
n3
n5
MUX 
(P)
X
0
0
1
1
0
 P7  P6  P5  P4  P3  P2  P1
1   0   0   1   0   1   1
1   0   1   1   0   0   1
0   1   1   0   0   0   1
1   1   0   0   1   0   1
1   1   1   0   1   1   1
1   1   1   1   1   0   1
k
x1
x2
x3
x4
x5
(a)
(b)
Figure 4: Design for a combinational hardware Trojan that
evades manufacturing tests. (a) A combinational circuit with
a Type-4 Trojan. (b) Stuck-at fault (SAF) test patterns for
manufacturing tests. The hardware Trojan activation pattern
(HTAP) is [x1 x2 x3 x4 x5] = [0 0 1 1 0] while treating the
key input as unknown (X).
Out of these 560 possible Trojans 188 will be detected by
the test patterns P . The remaining 372 will be treated as valid
Trojans, and an adversary can select one of them. In Figure
4, x1, x2, x3 and n3 are selected as the trigger. Similarly,
one can also design other types (Type-1 through Type-6) of
Trojans to launch TAAL attacks. Note that the Trojan needs
to be quiet during normal operations, so that no functional
errors are observed at the primary output. An adversary can
select rare nodes, whose value do not become identical with
trigger pattern very often under continuous/normal operation
of the IC, for the trigger inputs while designing a Trojan. One
can perform controllability and observability analysis [32] to
find such rare nodes, and then select them as the trigger inputs.
However, we do not include such analysis, as including of rare
nodes in the trigger for a sequential hardware Trojan is not a
hard requirement. In this paper, a sequential Trojan is modelled
using a combinational Trojan that needs to be triggered R
times consecutively.
To design a combinational hardware Trojan, an automated
process is developed. Algorithm 1 provides steps to be fol-
lowed for designing a Type-p Trojan that eludes activation
during the manufacturing test. The inputs of the algorithm are
locked netlist(C), M production/manufacturing test patterns
(P = {P1, P2, . . . , PM}) and the Trojan type (p). The al-
gorithm results the hardware Trojan activation pattern (HTAP)
and the trigger inputs. Initially, it reads the Trojan-free locked
netlist (C) and the set of manufacturing test patterns (P ) (Lines
1-2). Logic simulation is performed using these patterns, and
7Algorithm 1: Design of Type-p Trojan
input : Locked Netlist (C), test pattern set (P ), Type-p
Trojan
output: Hardware Trojan activation pattern (HTAP),
Trigger inputs (T )
1 Read the locked netlist (C);
2 Read production test patterns (P );
3 Perform logic simulation using P to form a matrix (A)
of all the internal node values;
4 Select a hardware Trojan activation pattern (HTAP ),
where HTAP 6∈ P ;
5 Perform logic simulation using HTAP and form a
matrix (H) of all the internal node values;
6 Select p random nodes that are not affected by the key
gates of C for the trigger inputs;
7 Construct a new matrix Ap that corresponds to the
trigger locations for all test patterns;
8 Construct a new vector Hp that corresponds to the
trigger locations for HTAP ;
9 if Hp /∈ Ap then
10 Choose selected p nodes as trigger, T ;
11 else
12 Discard selected p nodes, as it would activate the
Trojan during tests;
13 Go to Step 6;
14 end
15 Report HTAP and T ;
store the internal node values in a matrix, A (Line 3). It is
not necessary to store the nodes those are impacted by the
key gates, as their values will be unknown (Xs) during the
simulation. Note that A is a N×M matrix. A hardware Trojan
activation pattern of an adversary’s choice is selected (Line 4).
Similarly, matrix H is formed as the result of logic simulation
using HTAP (Line 5). Here, H is a N × 1 vector. To select
the trigger inputs, one can select p random nodes that are not
affected by the key gates of the locked circuit (Line 6). To
perform the search whether the trigger values are presented in
the production set, matrix Ap and vector Hp are constructed
(Lines 7-8). If Hp is not in Ap, the trigger (T ) is selected (Line
10), otherwise drop the selected p locations as the Trojan will
be activated during the production tests (Lines 12-13) and new
p locations are selected (Line 6). Finally, the algorithm reports
HTAP and T (Line 15).
B. Design for a Sequential Hardware Trojan
A sequential Trojan modifies the functionality of a circuit
until a specified time has elapsed after the trigger condition
is satisfied. However, in this paper we designed a sequential
Trojan that needs to be triggered R times to deliver the
payload. We designed a sequential Trojan in this way, so that
it can be modelled using a combinational Trojan, described in
detail in the previous section.
A sequential Trojan also consists of a trigger and payload
similar to a combinational Trojan. Additionally, the trigger
x3
x5
x2
x1
x4
1
0
y
kG1
G2
G3
G4
T
k
n1
n2
n4
n3
n5
MUX 
(P)
R-bit 
Counter
en
clk
(a)
(b)
S0
S1
S2
SR-1
en/0
en/0
en/0
en/0
en/0
en/1
en/0
en/0
en/0
Figure 5: (a) The netlist of a sequential Trojan with a R-bit
counter, (b) The finite state machine (FSM) of the counter
used in a sequential Trojan.
part contains state elements that ascertain the payload in
future time. In our sequential Trojan design, a R-bit counter
is implemented as the state elements. This counter is enabled
(en) once the trigger condition is fulfilled, i.e., the output of
the p-input AND gate becomes 1. The counter increments by
one unit, every-time the Trojan is triggered using the Trojan
activation pattern (HTAP). The Trojan delivers at the payload
(MUX) only after reaching the maximum count value (R).
The circuit tampered with Sequential Trojan will show the
intended malfunction, key extraction in TAAL attacks, only
upon applying activation pattern successively R-times to the
circuit.
Figure 5.(a) shows the TAAL attack using a sequential
Trojan. The trigger consists of a p-input AND gate and a
R-bit counter. The finite-state machine (FSM) of the counter
is shown in Figure 5.(b).The FSM goes to next states, when
en = 1, otherwise, it returns to the initial state, S0. The
counter produces an output of 1, once en is hold to 1
consecutively R clock cycles, as it takes (R − 1) cycles to
reach SR−1. Note that this sequential Trojan can be modelled
as R number of combinational Trojans. An adversary can also
design a different sequential Trojan, already in the literature,
to launch the TAAL attack. The sequential Trojan increases
the complexity compared to a combinational Trojan as it
manifests its effect to the payload only after sequence of
repeated application of trigger inputs. Only the adversary has
the knowledge regarding the maximum counter value making
it very difficult for detection.
8V. ANALYSIS
The hardware Trojans presented in Section IV pose a unique
challenge to the SoC designers for securing their designs. In
this section, we show that an adversary can implement a Trojan
in a very large number of ways, and it is practically infeasible
to detect all of them with absolute certainty. We choose six
benchmark circuits from ISCAS’85 benchmark suites [49] to
show the complexity of Trojan detection even for these small
benchmark circuits.
Table I shows the design details for different locked bench-
mark circuits. The number of logic gates and key size for
these circuits are shown in Columns 2 and 3, respectively.
The number of key bits are selected in such a way that
the total area overhead does not exceed 5%. However, for
an industrial design with millions of gates, the key gates
will merely add any overhead. Column 4 represents the total
number of nets in these circuits (see Equation 1). The number
of nets that are not affected by key gates is shown in Column
5. Note that these nets cannot be selected for trigger inputs.
The manufacturing test patterns are generated using Synopsys
TetraMax Automatic Test Pattern Generation (ATPG) tool [48]
with targeted 100% fault coverage (Columns 6-7). For C432
benchmark, we insert 30 key gates randomly in the netlist with
160 logic gates. There are 349 nets in the netlist, out of which
233 nets can be selected for Trojan trigger as the remaining
nets are affected by the key gates. The TetraMax ATPG tool
generates 58 stack-at fault patterns and reports 100% fault
coverage. These test patterns will be used by an adversary
to design the Trojans such that they are not activated during
the manufacturing tests. Similar analysis can be performed for
all other benchmark circuits through the details mentioned in
respective rows.
Table II shows the number of combinational hardware Tro-
jans that can be designed to perform TAAL attacks (mentioned
in Section III) for different benchmark circuits. The upper
bound (see Equation 2) for all possible Trojans that can be
inserted in the circuit is denoted in Column 2, 4 and 6. Out of
all possible Trojans, the valid Trojans that will not be detected
during manufacturing tests, are shown in Columns 3, 5 and
7. For C432 benchmark circuit, the total number of Type-2
Trojans is 1.08 × 105, whereas, the number of valid Trojans
is 1.0 × 105. The number of Trojans increases exponentially
with the increase of the Trojan type (p). Note that ATp and
V Tp are in the same order, which gives an adversary to
select a Trojan of its choice from a large collection. It is
worthwhile to mention that an adversary needs to choose
a Trojan whose triggers are selected from the rare nodes
such that it does not get activated during normal operation.
However, it is not necessary to impose this condition for
designing a sequential Trojan, as it is highly unlikely that a
particular trigger condition will arrive R times consecutively
during the normal operation of a chip.
VI. FUTURE RESEARCH DIRECTION FOR SECURE LOGIC
LOCKING
The security of a logic locking technique can be tied
together with the hardware Trojan detection problem. Devel-
oping a SAT-registrant logic locking is not sufficient enough
to prevent IC overproduction or to protect IPs. It is required
to address the detection of Trojans inserted at an untrusted
manufacturing site. Researchers have already proposed dif-
ferent techniques to detect and prevent hardware Trojans.
The detection methods can be grouped into two different
categories, such as, logic testing [50]–[54], and side-channel
analysis [55]–[60]. On the other hand, prevention methods can
be categorized as design-for-trust measures [61]–[65] and split
manufacturing [66]–[68].
Logic testing by applying stimuli to primary inputs (PIs)
and observe responses at primary outputs (POs) can be used
to detect these Trojans [46], [50], [52]–[54], [69]. Decision is
being made whether a chip is tampered with a hardware Trojan
by observing a mismatch between the observed and expected
responses. Note that the accuracy of the detection process does
not depend on the manufacturing process variations. However,
the detection will be extremely difficult as it is practically
impossible to detect all types of combinational Trojans. In
addition, it is not feasible to trigger a sequential Trojan, as it
requires to apply the same trigger pattern at the input R times.
Side channel information, such as, power [70], temper-
ature [71], delay [72], and radiation [73] can be used to
detect a hardware Trojan. These detection methods rely on the
availability of Trojan-free golden circuits for creating Trojan
free signature. It can be very difficult to acquire a golden
sample as all the chips may have Trojans. In addition, process
and environmental variations may mask the side channel
leakage, when a Trojan circuitry is small.
While dedicated towards hardware Trojan detection, re-
searchers propose different measures to prevent a Trojan being
inserted into the design in the first place. These solutions
involved characterization of ring-oscillator [62], shadow regis-
ters [59], and delay elements [74] to detect the delay deviation
caused by hardware Trojans. Reducing the rare signal in the
circuitry is another proposed method for designers to reduce
the risk of being implanted with a Trojan [63], [75]. Cam-
ouflage fill techniques [76], [77] to create indistinguishable
layouts for different gates by adding dummy contacts and
connections can prevent the attacker from extracting a correct
gate-level netlist of a circuit for Trojan insertion. Xiao et al.
proposed to fill all the unused spaces using filler cells so
that an untrusted foundry cannot insert a Trojan [64], [78].
However, this direction still lacks any firm solution as more
emphasis is observed in Trojan detection.
Split Manufacturing can be an effective way to thwart
Hardware Trojan insertion at an untrusted foundry. In split
manufacturing, the production of ICs is carried out in two
different foundries [79]. The design is divided into two parts
– Front End of Line (FEOL) and Back End of Line (BEOL).
An untrusted foundry is provided with the FEOL design,
which contains partial information regarding the design that
requires complex steps for fabricating and involves higher cost.
Fabrication of BEOL does not incorporate complex fabrication
steps and can be done by a smaller trusted foundry. The
untrusted foundry sends the fabricated wafers directly to the
smaller foundry for the complete fabrication. This way the
untrusted foundry can be restricted to make any Trojan based
modification as it does not have the complete information
9Table I: Circuit parameters.
Benchmarks # Gates Key Size (|K|) # Total Lines(N +M ) # Net Lines (N ) # Test Patterns Fault coverage
C432 160 30 349 233 58 100%
C499 202 30 491 226 78 100%
C880 383 30 594 350 86 100%
C1908 880 30 552 223 83 100%
C3540 1669 83 1826 1114 173 100%
C6288 2416 128 5621 1335 77 100%
Table II: Number of hardware Trojans for launching TAAL attacks.
Benchmarks
Type-2 Trojan Type-3 Trojan Type-4 Trojan
AT2 V T2 AT3 V T3 AT4 V T4
C432 1.08× 105 1.04× 105 1.66× 107 1.43× 107 1.91× 109 1.34× 109
C499 1.02× 105 0.27× 105 1.52× 107 2.11× 106 1.69× 109 1.21× 108
C880 2.44× 105 2.25× 105 5.67× 107 4.80× 107 9.83× 109 7.35× 109
C1908 0.99× 105 0.96× 105 1.46× 107 1.33× 107 1.60× 109 1.27× 109
C3540 2.48× 106 2.35× 106 1.84× 109 1.57× 109 1.02× 1012 0.74× 1012
C6288 3.56× 106 3.50× 106 3.17× 109 3.00× 109 2.11× 1012 1.82× 1012
regarding the design. However, several attacks undermining
the security achieved through split manufacturing have also
been proposed in past [80]–[82].
Recent research contributions showed that machine learning
and image processing can also be incorporated to detect
hardware Trojans in the chip. Vashistha et al. presented Trojan
scanner [83], which uses a trusted GDSII layout (golden lay-
out) and scanning electron microscope (SEM) images to iden-
tify the malicious modifications made in the netlist during the
manufacturing of a circuit. A unique descriptor for each type
of gate is prepared based on different features using computer
vision algorithms along with machine-learning model of a
golden layout and SEM images of an IC under authentication.
These descriptors, when compared to each other can detect
any modifications either in the form of additional gates or
modified gates which might raise the suspicion for a potential
hardware Trojan. Moreover, Trojan scanner also presents the
trade-off between the accuracy and SEM parameters. The
authors demonstrated the effectiveness of the scheme using
a smart card die as test sample (generally manufactured with
90 nm technology). It is yet to be validated its effectiveness
of detection when a chip is fabricated using recent technology
nodes (10 nm and beyond).
Despite significant research have been performed on de-
tecting hardware Trojans, we still lack efficient and accurate
methods for modeling them and generating tests for their
detection. Once the detection of hardware Trojans is ensured,
an SoC designer can choose a SAT-resistant logic locking to
prevent IC overproduction and IP piracy.
VII. CONCLUSION
In this paper, we have demonstrated the vulnerability of
logic locking techniques through a set of tampering attacks
with hardware Trojans. Three types of proposed TAAL attacks
can defeat any logic locking techniques that rely on storing
the secret key in a tamper-proof memory. In T1 type TAAL
Attack, we showed how an adversary can extract the key from
a locked netlist without knowing the details of logic locking
technique used to protect the circuit. For T2 type and T3
type TAAL attacks, the complexity of detecting an attack has
been improved. Only the attacker has the knowledge about
the specific values that can lead to key extraction, increasing
the identification of a TAAL attack. To launch a TAAL attack,
we develop models for combinational and sequential hardware
Trojans. We also proposed an algorithm to design a hardware
Trojan that cannot be detected by manufacturing tests. The
results depict the range of Trojans that can be selected by an
adversary, which has a very high order of magnitude. Finally,
we describe relevant detection and avoidance strategies for
hardware Trojans to make logic locking secure.
ACKNOWLEDGMENT
This work was supported by the National Science Founda-
tion under grant number CNS-1755733.
REFERENCES
[1] Age Yeh, “Trends in the global IC design service market,” DIGITIMES
Research, 2012.
[2] J. A. Roy, F. Koushanfar, and I. L. Markov, “EPIC: Ending piracy
of integrated circuits,” in Proceedings of the conference on Design,
automation and test in Europe, 2008, pp. 1069–1074.
[3] Y. Alkabani and F. Koushanfar, “Active Hardware Metering for Intellec-
tual Property Protection and Security.” in USENIX security symposium,
2007, pp. 291–306.
[4] R. S. Chakraborty and S. Bhunia, “Hardware protection and authentica-
tion through netlist level obfuscation,” in Proc. of IEEE/ACM Interna-
tional Conference on Computer-Aided Design, 2008, pp. 674–677.
[5] Y. Alkabani, F. Koushanfar, and M. Potkonjak, “Remote activation of
ICs for piracy prevention and digital right management,” in Proc. of
IEEE/ACM int. conf. on Computer-aided design, 2007, pp. 674–677.
[6] J. Huang and J. Lach, “IC activation and user authentication for security-
sensitive systems,” in IEEE International Workshop on Hardware-
Oriented Security and Trust, 2008, pp. 76–80.
[7] A. Baumgarten, A. Tyagi, and J. Zambreno, “Preventing IC piracy
using reconfigurable logic barriers,” IEEE Design & Test of Computers,
vol. 27, no. 1, pp. 66–75, 2010.
[8] U. Guin, Q. Shi, D. Forte, and M. M. Tehranipoor, “FORTIS: a
comprehensive solution for establishing forward trust for protecting
IPs and ICs,” ACM Transactions on Design Automation of Electronic
Systems (TODAES), vol. 21, no. 4, p. 63, 2016.
10
[9] U. Guin, Z. Zhou, and A. Singh, “A novel design-for-security (DFS)
architecture to prevent unauthorized IC overproduction,” in Proc. of the
IEEE VLSI Test Symposium (VTS), 2017, pp. 1–6.
[10] E. Castillo, U. Meyer-Baese, A. Garcı´a, L. Parrilla, and A. Lloris, “IPP@
HDL: efficient intellectual property protection scheme for IP cores,”
IEEE Transactions on Very Large Scale Integration (VLSI) Systems,
vol. 15, no. 5, pp. 578–591, 2007.
[11] M. Tehranipoor and C. Wang, Introduction to hardware security and
trust. Springer Science & Business Media, 2011.
[12] M. M. Tehranipoor, U. Guin, and D. Forte, “Counterfeit integrated
circuits,” in Counterfeit Integrated Circuits. Springer, 2015, pp. 15–36.
[13] S. Bhunia and M. Tehranipoor, Hardware Security: A Hands-on Learn-
ing Approach. Morgan Kaufmann, 2018.
[14] F. Koushanfar and G. Qu, “Hardware metering,” in Proceedings of
Design Automation Conference, 2001, pp. 490–493.
[15] J. Rajendran, Y. Pino, O. Sinanoglu, and R. Karri, “Security analysis
of logic obfuscation,” in Proceedings of Annual Design Automation
Conference, 2012, pp. 83–89.
[16] E. Charbon, “Hierarchical watermarking in IC design,” in Proceedings
of the IEEE Custom Integrated Circuits Conference, 1998, pp. 295–298.
[17] A. B. Kahng, J. Lach, W. H. Mangione-Smith, S. Mantik, I. L. Markov,
M. Potkonjak, P. Tucker, H. Wang, and G. Wolfe, “Constraint-based
watermarking techniques for design IP protection,” IEEE Transactions
on Computer-Aided Design of Integrated Circuits and Systems, vol. 20,
no. 10, pp. 1236–1252, 2001.
[18] G. Qu and M. Potkonjak, Intellectual property protection in VLSI
designs: theory and practice. Springer Science & Business Media,
2007.
[19] R. W. Jarvis and M. G. McIntyre, “Split manufacturing method for
advanced semiconductor circuits,” 2007, uS Patent 7,195,931.
[20] K. Vaidyanathan, R. Liu, E. Sumbul, Q. Zhu, F. Franchetti, and L. Pi-
leggi, “Efficient and secure intellectual property (IP) design with split
fabrication,” in IEEE International Symposium on Hardware-Oriented
Security and Trust (HOST), 2014, pp. 13–18.
[21] U. Guin, Z. Zhou, and A. Singh, “Robust design-for-security architecture
for enabling trust in IC manufacturing and test,” Trans. on Very Large
Scale Integration (VLSI) Systems, vol. 26, no. 5, pp. 818–830, 2018.
[22] J. Rajendran, H. Zhang, C. Zhang, G. S. Rose, Y. Pino, O. Sinanoglu,
and R. Karri, “Fault analysis-based logic encryption,” IEEE Transactions
on computers, vol. 64, no. 2, pp. 410–424, 2015.
[23] Y. Xie and A. Srivastava, “Mitigating SAT attack on logic locking,” in
International Conference on Cryptographic Hardware and Embedded
Systems, 2016, pp. 127–146.
[24] M. Yasin, B. Mazumdar, J. J. Rajendran, and O. Sinanoglu, “SARLock:
SAT attack resistant logic locking,” in IEEE International Symposium
on Hardware Oriented Security and Trust (HOST), 2016, pp. 236–241.
[25] M. Yasin, A. Sengupta, B. C. Schafer, Y. Makris, O. Sinanoglu, and
J. J. Rajendran, “What to lock?: Functional and parametric locking,” in
Proc. of Great Lakes Symposium on VLSI, 2017, pp. 351–356.
[26] M. Yasin, A. Sengupta, M. T. Nabeel, M. Ashraf, J. J. Rajendran,
and O. Sinanoglu, “Provably-secure logic locking: From theory to
practice,” in Proceedings of ACM SIGSAC Conference on Computer
and Communications Security, 2017, pp. 1601–1618.
[27] S. M. Plaza and I. L. Markov, “Solving the third-shift problem in IC
piracy with test-aware logic locking,” Trans. on Computer-Aided Design
of Integrated Circuits and Systems, vol. 34, no. 6, pp. 961–971, 2015.
[28] Y.-W. Lee and N. A. Touba, “Improving logic obfuscation via logic cone
analysis,” in Latin-American Test Symposium (LATS), 2015, pp. 1–6.
[29] S. Khaleghi, K. Da Zhao, and W. Rao, “IC piracy prevention via
design withholding and entanglement,” in Asia and South Pacific Design
Automation Conference, 2015, pp. 821–826.
[30] B. Liu and B. Wang, “Embedded reconfigurable logic for ASIC design
obfuscation against supply chain attacks,” in Design, Automation & Test
in Europe Conference & Exhibition (DATE), 2014, pp. 1–6.
[31] P. Subramanyan, S. Ray, and S. Malik, “Evaluating the security of logic
encryption algorithms,” in IEEE International Symposium on Hardware
Oriented Security and Trust (HOST), 2015, pp. 137–143.
[32] M. Bushnell and V. Agrawal, Essentials of electronic testing for digital,
memory and mixed-signal VLSI circuits. Springer Science & Business
Media, 2004, vol. 17.
[33] Y. Xie and A. Srivastava, “Anti-sat: Mitigating sat attack on logic
locking,” IEEE Transactions on Computer-Aided Design of Integrated
Circuits and Systems, vol. 38, no. 2, pp. 199–207, 2019.
[34] X. Xu, B. Shakya, M. M. Tehranipoor, and D. Forte, “Novel bypass
attack and BDD-based tradeoff analysis against all known logic locking
attacks,” in International Conference on Cryptographic Hardware and
Embedded Systems, 2017, pp. 189–210.
[35] Y. Shen and H. Zhou, “Double dip: Re-evaluating security of logic
encryption algorithms,” in Proceedings of the Great Lakes Symposium
on VLSI, 2017, pp. 179–184.
[36] K. Shamsi, M. Li, T. Meade, Z. Zhao, D. Z. Pan, and Y. Jin, “AppSAT:
Approximately deobfuscating integrated circuits,” in Int. Symposium on
Hardware Oriented Security and Trust (HOST), 2017, pp. 95–100.
[37] D. Sirone and P. Subramanyan, “Functional Analysis Attacks on Logic
Locking,” arXiv preprint arXiv:1811.12088, 2018.
[38] H. Wang, D. Forte, M. M. Tehranipoor, and Q. Shi, “Probing attacks on
integrated circuits: Challenges and research opportunities,” IEEE Design
& Test, vol. 34, no. 5, pp. 63–71, 2017.
[39] H. Wang, Q. Shi, D. Forte, and M. M. Tehranipoor, “Probing Assessment
Framework and Evaluation of Antiprobing Solutions,” Transactions on
Very Large Scale Integration (VLSI) Systems, vol. 27, no. 6, pp. 1239–
1252, 2019.
[40] H. Shen, N. Asadizanjani, M. Tehranipoor, and D. Forte, “Nanopyramid:
An Optical Scrambler Against Backside Probing Attacks,” in Proc. Int.
Symposium for Testing and Failure Analysis(ISTFA), 2018, p. 280.
[41] R. Torrance and D. James, “The state-of-the-art in IC reverse engi-
neering,” in International Workshop on Cryptographic Hardware and
Embedded Systems, 2009, pp. 363–381.
[42] S. Adee, “The Hunt for the Kill Switch,” IEEE Spectrum, vol. 45, no. 5,
pp. 34–39, 2008.
[43] M. Tehranipoor and F. Koushanfar, “A Survey of Hardware Trojan
Taxonomy and Detection,” IEEE Design & Test of Computers, vol. 27,
no. 1, 2010.
[44] R. Karri, J. Rajendran, K. Rosenfeld, and M. Tehranipoor, “Trustworthy
Hardware: Identifying and Classifying Hardware Trojans,” Computer,
vol. 43, no. 10, pp. 39–46, 2010.
[45] M. Tehranipoor, H. Salmani, X. Zhang, M. Wang, R. Karri, J. Rajen-
dran, and K. Rosenfeld, “Trustworthy Hardware: Trojan Detection and
Design-for-Trust Challenges,” Computer, vol. 44, no. 7, pp. 66–74, 2011.
[46] S. Bhunia, M. S. Hsiao, M. Banga, and S. Narasimhan, “Hardware
Trojan Attacks: Threat Analysis and Countermeasures,” Proc. IEEE, vol.
102, no. 8, pp. 1229–1247, 2014.
[47] Z. Zhou, U. Guin, and V. D. Agrawal, “Modeling and test generation for
combinational hardware trojans,” in VLSI Test Symposium (VTS), 2018,
pp. 1–6.
[48] “TetraMAX ATPG: Automatic Test Pattern Generation,” synopsys, Inc.,
2017.
[49] D. Bryan, “The ISCAS’85 benchmark circuits and netlist format,” North
Carolina State University, vol. 25, p. 39, 1985.
[50] N. Lesperance, S. Kulkarni, and K.-T. Cheng, “Hardware Trojan de-
tection using exhaustive testing of k-bit subspaces,” in Asia and South
Pacific Design Automation Conference, 2015, pp. 755–760.
[51] A. Waksman, M. Suozzo, and S. Sethumadhavan, “FANCI: identification
of stealthy malicious logic using boolean functional analysis,” in Proc.
ACM SIGSAC conference on Computer & communications security,
2013, pp. 697–708.
[52] R. S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, and S. Bhunia,
“MERO: A statistical approach for hardware Trojan detection,” in
International Workshop on Cryptographic Hardware and Embedded
Systems, 2009, pp. 396–410.
[53] M. Banga and M. S. Hsiao, “Odette: A non-scan design-for-test method-
ology for trojan detection in ICs,” in International Symposium on
Hardware-Oriented Security and Trust, 2011, pp. 18–23.
[54] S. K. Haider, C. Jin, M. Ahmad, D. Shila, O. Khan, and M. van Dijk,
“Advancing the state-of-the-art in hardware trojans detection,” IEEE
Transactions on Dependable and Secure Computing, 2017.
[55] D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar, “Trojan
detection using IC fingerprinting,” in IEEE Symposium on Security and
Privacy, 2007, pp. 296–310.
[56] M. Banga and M. S. Hsiao, “A region based approach for the iden-
tification of hardware Trojans,” in IEEE International Workshop on
Hardware-Oriented Security and Trust, 2008, pp. 40–47.
[57] ——, “A novel sustained vector technique for the detection of hardware
Trojans,” in International conference on VLSI design, 2009, pp. 327–
332.
[58] R. Rad, J. Plusquellic, and M. Tehranipoor, “Sensitivity analysis to
hardware Trojans using power supply transient signals,” in Int. Workshop
on Hardware-Oriented Security and Trust, 2008, pp. 3–7.
[59] J. Li and J. Lach, “At-speed delay characterization for IC authentica-
tion and Trojan horse detection,” in IEEE International Workshop on
Hardware-Oriented Security and Trust, 2008, pp. 8–14.
[60] Y. Liu, K. Huang, and Y. Makris, “Hardware Trojan detection through
golden chip-free statistical side-channel fingerprinting,” in Proceedings
of Annual Design Automation Conference, 2014, pp. 1–6.
11
[61] R. S. Chakraborty and S. Bhunia, “Security against hardware Trojan
through a novel application of design obfuscation,” in Proc. of Int.
Conference on Computer-Aided Design, 2009, pp. 113–116.
[62] J. Rajendran, V. Jyothi, O. Sinanoglu, and R. Karri, “Design and
analysis of ring oscillator based Design-for-Trust technique,” in VLSI
Test Symposium, 2011, pp. 105–110.
[63] H. Salmani, M. Tehranipoor, and J. Plusquellic, “A Novel Technique for
Improving Hardware Trojan Detection and Reducing Trojan Activation
Time,” IEEE Trans. Very Large Scale Integration Sys., vol. 20, no. 1,
pp. 112–125, 2012.
[64] K. Xiao and M. Tehranipoor, “BISA: Built-in self-authentication for
preventing hardware Trojan insertion,” in Int. symposium on hardware-
oriented security and trust (HOST), 2013, pp. 45–50.
[65] X. T. Ngo, S. Bhasin, J.-L. Danger, S. Guilley, and Z. Najm, “Linear
complementary dual code improvement to strengthen encoded circuit
against hardware Trojan horses,” in IEEE International Symposium on
Hardware Oriented Security and Trust (HOST), 2015, pp. 82–87.
[66] K. Vaidyanathan, B. P. Das, and L. Pileggi, “Detecting reliability
attacks during split fabrication using test-only BEOL stack,” in Design
Automation Conference (DAC), 2014, pp. 1–6.
[67] J. J. Rajendran, O. Sinanoglu, and R. Karri, “Is split manufacturing
secure?” in Proceedings of the Conference on Design, Automation and
Test in Europe, 2013, pp. 1259–1264.
[68] Y. Wang, P. Chen, J. Hu, and J. J. Rajendran, “The cat and mouse
in split manufacturing,” in Proceedings of Annual Design Automation
Conference, 2016, p. 165.
[69] O. Sinanoglu, N. Karimi, J. Rajendran, R. Karri, Y. Jin, K. Huang, and
Y. Makris, “Reconciling the IC Test and Security Dichotomy,” in Proc.
of IEEE European Test Symp., 2013.
[70] S. Wei, S. Meguerdichian, and M.Potkonjak, “Malicious Circuitry De-
tection Using Thermal Conditioning,” Trans. of Information, Forensics
and Security, vol. 6, no. 3, pp. 1136—-1145, 2011.
[71] A. N. Nowroz, K. Hu, F. Koushanfar, and S. Reda, “Novel Techniques
for High-Sensitivity Hardware Trojan Detection Using Thermal and
Power Maps,” Trans. Computer-Aided Design of Integrated Circuits and
Systems, vol. 33, no. 12, pp. 1792–1805, 2014.
[72] Y. Jin and Y. Makris, “Hardware Trojan Detection Using Path Delay
Fingerprint,” in Proc. HOST, 2008, pp. 51—-57.
[73] J. He, Y. Zhao, X. Guo, and Y. Jin, “Hardware trojan detection through
chip-free electromagnetic side-channel statistical analysis,” IEEE Trans-
actions on Very Large Scale Integration (VLSI) Systems, vol. 25, no. 10,
pp. 2939–2948, 2017.
[74] A. Ramdas, S. M. Saeed, and O. Sinanoglu, “Slack removal for enhanced
reliability and trust,” in Int. Conference on Design & Technology of
Integrated Systems in Nanoscale Era (DTIS), 2014, pp. 1–4.
[75] B. Zhou, W. Zhang, S. Thambipillai, and J. Teo, “A low cost acceleration
method for hardware Trojan detection based on fan-out cone analysis,” in
Proceedings of International Conference on Hardware/Software Code-
sign and System Synthesis, 2014, p. 28.
[76] R. P. Cocchi, J. P. Baukus, L. W. Chow, and B. J. Wang, “Circuit
camouflage integration for hardware IP protection,” in Proceedings of
Annual Design Automation Conference, 2014, pp. 1–5.
[77] J. Rajendran, M. Sam, O. Sinanoglu, and R. Karri, “Security analysis of
integrated circuit camouflaging,” in Proc. of ACM SIGSAC conference
on Computer & communications security, 2013, pp. 709–720.
[78] Q. Shi, K. Xiao, D. Forte, and M. M. Tehranipoor, “Obfuscated built-
in self-authentication,” in Hardware Protection through Obfuscation.
Springer, 2017, pp. 263–289.
[79] “Intelligence Advanced Research Projects Activity, “Trusted Integrated
Circuits Program”,” 2011.
[80] J. Magan˜a, D. Shi, J. Melchert, and A. Davoodi, “Are proximity attacks a
threat to the security of split manufacturing of integrated circuits?” IEEE
Transactions on Very Large Scale Integration (VLSI) Systems, vol. 25,
no. 12, pp. 3406–3419, 2017.
[81] Y. Wang, T. Cao, J. Hu, and J. Rajendran, “Front-end-of-line attacks
in split manufacturing,” in IEEE/ACM International Conference on
Computer-Aided Design (ICCAD), 2017, pp. 1–8.
[82] W. Xu, L. Feng, J. J. Rajendran, and J. Hu, “Layout recognition attacks
on split manufacturing,” in Proceedings of Asia and South Pacific Design
Automation Conference, 2019, pp. 45–50.
[83] N. Vashistha, H. Lu, Q. Shi, M. T. Rahman, H. Shen, D. L. Woodard,
N. Asadizanjani, and M. Tehranipoor, “Trojan scanner: Detecting hard-
ware trojans with rapid sem imaging combined with image processing
and machine learning,” in Proc. Int. Symposium for Testing and Failure
Analysis, 2018, p. 256.
Ayush Jain (S’19) received his B.Tech degree from
the Electrical Engineering Department, Pandit Deen-
dayal Petroleum University, Gujarat, India, in 2018.
He is currently pursuing his M.S. Degree at the
Department of Electrical and Computer Engineering,
Auburn University, Auburn, AL, USA. His current
research interests include hardware security, VLSI
design and embedded systems.
Ziqi Zhou (S’17) received the B.E. degree from the
College of Mechanical and Electrical and Engineer-
ing, North China University of Technology, Beijing,
China, in 2012. He is working toward the Ph.D.
degree at the Electrical and Computer Engineering
Department, Auburn University, Auburn, AL, USA.
His current research interests include hardware se-
curity, VLSI design and test, and computer-aided
design of digital systems.
Ujjwal Guin (S’10–M’16) received his PhD de-
gree from the Electrical and Computer Engineering
Department, University of Connecticut, in 2016. He
is currently an Assistant Professor in the Electrical
and Computer Engineering Department of Auburn
University, Auburn, AL, USA. He received his B.E.
degree from the Department of Electronics and
Telecommunication Engineering, Bengal Engineer-
ing and Science University, Howrah, India, in 2004
and his M.S. degree from the Department of Electri-
cal and Computer Engineering, Temple University,
Philadelphia, PA, USA, in 2010. Dr. Guin has developed several on-chip struc-
tures and techniques to improve the security, trustworthiness, and reliability of
integrated circuits. His current research interests include Hardware Security
& Trust, Supply Chain Security, Cybersecurity, and VLSI Design & Test.
He is a co-author of the book Counterfeit Integrated Circuits: Detection and
Avoidance. He has authored several journal articles and refereed conference
papers. He was actively involved in developing a web-based tool, Counterfeit
Defect Coverage Tool (CDC Tool), http://www.sae.org/standardsdev/cdctool/,
to evaluate the effectiveness of different test methods used for counterfeit IC
detection. SAE International has acquired this tool from the University of
Connecticut. He is an active participant in SAE International’s G-19A Test
Laboratory Standards Development Committee. He is a member of both the
IEEE and ACM.
