Abstract-Driven by cheaper fabrication facilities around the world, IC design houses are increasingly outsourcing the fabrication of their ICs. This poses the risk of intellectual property loss and to the possibility of design modifications and insertion of Trojans for sinister purposes. We present a Trojan modeling and test generation techniques for small and large Trojans. The quality of the generated test set is evaluated in term of its ability to detect modeled and un-modeled Trojans. We show experimentally that the derived tests detect all injected detectable Trojans.
A. Introduction
Trojan designs are a cause of great concern for anyone using ICs in their electronics. A major cause of this concern is that designs are not screened for Trojans during the manufacturing test process. In fact, manufacturing tests are not designed to deal with Trojans but may accidentally detect some injected Trojans. There is a pressing need to devise hardware Trojan modeling and detection tools to help screen and protect against design tempering to safeguard electronics infrastructure.
B. Problem Specification and Assumptions
In Fig. 1 a design specification is sent to an unsecured manufacturing facility to make a packaged IC. The IC may be Trojan. It is expected, for security reasons, to detect Trojan IC. To do this, we propose a Trojan model and a test methodology. Key advantages of our approach are: (1) it fits seamlessly within the normal design flow; (2) it uses existing ATPG tools; (3) the Trojan circuit description is compatible with existing tools; (4) it can deal with any design without direct modifications to the IC design process; (5) it can be applied to all ICs uniformly; and (6) it can deal with small and large Trojans. Fig. 2 shows a Trojan circuit inserted into a circuit design. The inserted Trojan circuit is a random circuit with unknown functionality, number of inputs and number of outputs. The Trojan circuit receives its inputs (TPI) and clock (TCLK) from the main circuit and feeds its primary outputs (TPO) back to the main circuit. Fig. 3 shows 4-in/1-out Trojan. Hard to detect Trojans are small and consist of small number of added devices. For these Trojans we assume that the number of TPI,TPO <= k=10. Trojan inputs are nets that are close to the Trojan output net. The closeness is measured by the number of gate distance in Fig. 4 graph. The Trojan function can be either combinational or sequential. The sequential depth is based on the size (K) of applicable input sequence length.
C. Trojan Circuit Modeling

D. Experimental Results
ATPG for sequential Trojans with K=3 is shown in Fig. 5 . The circuits in this figure are combinational/fullscan sequential circuits. Fig. 6 shows results for the case when a sequential Trojans is injected in sequential circuits. In all cases, the number of detected Trojans is much larger than the number of redundant Trojans. However, the number of redundant Trojans is also very large. This enforces our earlier observation that design knowledge is crucial for inserting detectable and very hard-to-detect Trojans. In Fig. 6 , the number of dropped Trojans is low compared to the redundant or detectable Trojans. We injected un-modeled Trojans and we were able to detect them using the generated test set.
E. Conclusion
We presented a Trojan model and a test generation procedure for small and large Trojans. Both sequential and combinational Trojans were considered. The quality of the generated test set was evaluated using its ability to detect un-modeled Trojans. 
