Abstract-Timely detection of Hardware Trojans (HT) has become a major challenge for secure integrated circuits. We present a run-time methodology for HT detection that employs a multiparameter statistical traffic modeling of the communication channel in a given System-on-Chip (SoC). Towards this, it leverages the Hurst exponent, the standard deviation of the injection distribution and hop distribution jointly to accurately identify HT-based online anomalies. At design time, our methodology employs a property specification language to define and embed assertions in the RTL, specifying the correct communication behavior of a given SoC. At runtime, it monitors the anomalies in the communication behavior by checking the execution patterns against these assertions. We evaluate our methodology for detecting HTs in MC8051 microcontrollers. The experimental results show that with the combined analysis of multiple statistical parameters, our methodology is able to detect all the benchmark Trojans (available on trust-hub) inserted in MC8051, which directly or indirectly affect the communicationchannels in SoC.
I. INTRODUCTION
Globalization encourages the use of intellectual property (IP)-based system-on-chip (SoC) designs. However, this trend increases the chances of malicious hardware design intrusions, known as Hardware Trojans (HT), into the modern-day SoCs [1] . Hardware Trojans can lead to several unwanted payloads, i.e., information leakage, change in the timing characteristics, malfunctioning and denial-of-service (DoS) [1] . The effects can be catastrophic, such as system failure and leakage of secret encryption keys (e.g., failure of ice-detection module in the P-8A Poseidon [2] ), making it imperative to develop effective HT detection techniques. Some of the contemporary HT detection techniques utilize the timing [3] [4] , power [5] [6] [7] , current or electromagnetic signals based golden signatures to detect anomalous electrical behavior [8] [9] . However, in case of the third-party-IP based designs, it is nearly impossible to extract the golden signatures. As it may be apparent, that in most of the 3PIP-based SoCs, the facility to integrate the IPs can be trusted (as, shown in Fig. 1 ). On the other hand, it is difficult to guarantee that the IP vendors can be trusted. To address this issue, various IP analysis-based approaches have been proposed to get the golden behavior [10] [11] [12] , [13] [14] but these techniques inherently pose the following limitations: 1) Accuracy of estimated golden behavior: Due to limited access to IPs, they use different estimation algorithms to extract the golden model [15] . However, due to measurement inaccuracies and behavioral estimation they cannot guarantee the accuracy of the golden model. 2) In case of reverse engineering, sensors for golden data extraction cannot encompass all the possible input conditions for larger ICs because of the inherent data loss during the quantization in analog-to-digital conversion [16] . These limitations raise a key research question: How can signature-based HT detection techniques effectively work if an intruder (at foundry) exploits the intricacies of estimation algorithms to insert Trojans that remain dormant during the testing stages [17] ? For example, in an SoC design, some hard or firm IPs may hide Trojans depending on the aging of the chip [18] , and they only get activated during runtime [19] . To address this issue, several runtime detection approaches have been developed which can monitor an SoC for its entire operational lifetime, providing an important last-line of defense [20] [25] . However, most of these techniques are based on side channel analysis (SCA) which require precise calibration for differentiating between the process variations and the intrusion behavior. They also rely on the premise that triggering of payload results in a substantially higher current flow. To avoid the complex requirements of the SCA-based runtime detection HT-techniques, alternative behavior can be used to sniff the abnormalities during runtime. One of the most prominent ones is the communication behavior because, in real-world scenarios, modules are connected via communication channels and therefore most of the intrusions can have a small or big impact on the communication behavior. To verify aforementioned hypothesis, we analyze the communication behavior of an MC8051 microcontroller for the Gaussian and exponential input data distributions, How to exploit these abnormalities in Communication behavior for runtime hardware Trojan detection? 1K 2K 3K 4K 5K 6K 7K 8K 9K 10K   MC8051-T200   1K 2K 3K 4K 5K 6K 7K 8K 9K 10K   MC8051-T400   1K 2K 3K 4K 5K 6K 7K 8K 9K 10K   MC8051-T500   1K 2K 3K 4K 5K 6K 7K 8K 9K 10K   MC8051-T600   1K 2K 3K 4K 5K 6K 7K 8K 9K 10K   MC8051-T700   1K 2K 3K 4K 5K 6K 7K 8K 9K 10K MC8051-T800 1K 2K 3K 4K 5K 6K 7K  8K 9K  10K  1K 2K 3K 4K 5K 6K 7K 8K 9K 10K 1K 2K 3K 4K 5K 6K 7K 8K 9K 10K 1K 2K 3K 4K 5K 6K 7K 8K 9K 10K 1K 2K 3K 4K 5K 6K 7K 8K 9K 10K 1K 2K 3K 4K 5K 6K 7K 8K 9K 10K 1K 2K 3K 4K 5K 6K 7K 8K 9K Fig. 2 : The effects of trust-hub Trojan benchmarks (i.e., MC8051-T200, T300, T400, T500, T600, T700 and T800) on the communication behavior of MC8051 for Gaussian and Exponential input data distributions.
MC8051 (un-intruded)

# of Packets
in the presence of multiple trust-hub Trojan benchmarks, i.e., MC8051-T200, T300, T400, T500, T600, T700 and T800 [26] . Our analysis in Fig. 2 shows that all the benchmarks have some effects on the communication patterns. 2) Run-time monitoring: To design the run-time monitoring setup, we propose to translate the statistical model of communication behavior into their corresponding property specification language (PSL) assertions (see Sections III-B and III-C ). These assertion are embedded into the RTL description of SoC along with the traffic monitoring units. To evaluate the effectiveness of SIMCom, we implemented a complete SoC with an AMBA bus communication network connecting an MC8051 microcontroller and universal asynchronous receiver/transmitter (UART) modules in VHDL to generate the pre-market test stage communication behavior. The experimental results shows that with the help of multiple parameters, SIMCom is able to detect all MC8051 Trojans which affect the communication, with the help of these assertions. [26] .
B. Paper organization
The rest of the paper is organized as follows: Section II elaborates the proposed methodology based on the statistical traffic modeling of SoC communication network for runtime hardware Trojan detection. For illustration, Section III presents a case study on the AMBA bus communication network, consisting of MC8051 microcontroller and UART. Section IV discusses the detection approaches, attributes, pros and cons of the proposed approach and compares it with the state-of-the-art techniques. Finally, Section V concludes the paper.
II. SIMCOM: STATISTICAL SNIFFING OF COMMUNICATION BEHAVIOR
This section explains our proposed methodology for runtime hardware Trojan detection based on the traffic modeling of SoC communication. Using an appropriate threat model is one of the foremost steps in developing any methodology for detecting intrusions in the domain of hardware security. In this paper, we assume that 3PIP vendors are not trusted and the SoC integration is performed in a trusted facility [27] .
A. SIMCom Methodology
The proposed methodology consists of two major steps as depicted by the dotted rectangles in Fig. 3 . 1) The input packets are generated with respect to the standard spatial injection distribution, e.g., Gaussian distribution. 2) Next, Hurst exponent, at the pre-market test stage, is computed for each communication channel, using the estimation algorithm, given in Algorithm 1. This step is further explained in Section III-A. 3) Then, the extracted traffic model is translated to its corresponding PSL assertions. 4) Finally, the traffic monitoring unit for run-time HT detection is designed. This is achieved by counting the packets for a specific duration and computing the Hurst exponent at run time. Run-time Hardware Trojan Detection: The next step of the proposed methodology is to monitor the run-time traffic of an SoC and to compare it with the extracted pre-market test stage behavior. This step is composed of the following sub-steps: 1) First, the Hurst exponent (H), probability of hop distribution (P ) and standard deviation of input injection distribution (σ) parameters are computed for each communication channel during runtime. Moreover, Algorithm 1 (explained in Section III-A) is used to extract the "H" exponent of the statistical communication behavior during runtime. 2) Then, the extracted statistical communication behavior is verified using the embedded PSL assertions. In this section, we illustrate the effectiveness of SIMCom by applying it on on an SoC with AMBA bus connecting an MC8051 microcontroller and a UART module, as shown in Fig. 4 .
Trojan Benchmark Circuit:
MC8051-T200, T300, T400, T500, T600, T700, T800 Input Packet distribution: Gaussian and Exponential This experimental setup consists of four MC8051 Master modules, which can initiate the communication with the eight slave modules along with two UART modules. The main motivation of choosing the MC8051 microcontroller as our case study is the availability of its ope-source Trojan benchmarks at the trusthub.org [26] . We first obtained the communication behavior of the un-intruded MC8051 while communicating with UART modules. We used this behavior to obtain the corresponding PSL assertions and embed them into the SoC. The key assumption of the experimental setup is that Though all instances of the MC8051 can have the Trojan but Trojan in only one IP module is triggered at a particular time considering a unique sequence happening at run time with very low probability of triggering (almost zero).
A. Pre-Market Test Stage Traffic Model of MC8051
For obtaining this behavior, we implemented the MC8051 microcontroller in VHDL and synthesized it for Spartan 6 (xc6slx45) 1 FPGA device . The communication behavior is extracted by measuring the number of packets for specific duration and computing the required traffic model parameters, H, P and σ. This phase of our methodology is divided into the following steps:
1) The first step is to extract the communication model. We developed the model by injecting the packets using the Gausian distribution, as shown in Fig. 4 . This probability distribution not only reflects the actual traffic very well, but it also incorporates the environmental and process variations [29] . In our experimental setup, all the master modules, i.e., MC8051s, inject packets into the SoC. The value of σ of MC8051 for the first 10,000 clock cycles is kept as 18.844 and maintained it over the 100,000 clock cycles, as shown in Fig. 5b . Its average value over the 100,000 clock cycles is mentioned in column "σ" under "T000 (Without Trojan)" of Table I . 2) Afterwards we need to identify the number of modules that a particular master can access through the bus. In this case study, we assume that every MC8051 can communicate with all the slave modules (n = 8). However, for some specific instruction sets, MC8051 does not communicate with all the slave modules. For example, the instructions that requires the UART communication module only. In our setup, there are only "two" slaves that are using the UART communication modules. Therefore, the acceptance probability (p) for this case study must be greater than 0.125 as shown in Fig. 5 . Its average value over the 100,000 clock cycles is indicated in column "P " under "T000 (Without Trojan)" of Table I. 3) The last step in obtaining the communication model is to estimate the Hurst exponent for MC8051. For this, we have developed Algorithm 1, which counts the number of packet for a specific duration and estimates the Hurst exponent (H). In Algorithm 1, a counter (np), is used to count the number of packets for a specific bin size; for this case study its value is 100 clock cycles. The counting is done 100 times to find the maximum (np max ) and minimum (np min ) number of packets in 100 clock cycles. However, for larger number of clock cycles, the memory requirement for storing these parameters is very high. Therefore, to reduce the memory requirement, we divided the whole duration into 100 equal parts. For example in Algorithm 1, the total time duration is 10,000 clock cycles and we divided into 100 smaller time duration. For each duration, the number of packets is calculated, which is stored in a variable array np[0 : 99] to compute its overall range (np max −np min ) and average ( np 0 + np 1 + .. + np 99 100 ). Finally, the Hurst exponent is computed by averaging out the obtained values. We repeated these steps for 10 times, i.e. the 10,000 clock cycles data is stored in one array and then the whole process is repeated 9 times to get an overall H exponent for 100,000 clock cycles. This value is tabulated as 0.692 in the column "H" under "T000" (without Trojan) of Table I . 1 Since the overall SoC fits into this small FPGA, there was no need to use a bigger FPGA chip. We target a low-cost SoC, for which Spartan 6 suffices the need. 
Algorithm 1 Pseudo-code of Hurst Exponent Estimation
B. Translation into PSL Assertions
We analyzed the extracted pre-market test stage communication model of the AMBA bus, and translated it into the following PSL assertions based on the traffic model parameters, H, P and σ: 1) P Assertion: It states that, over the specific number of clock cycles, the acceptance probability (P ) for a particular module must be equal to the value of acceptance probability (P ) to the obtained communication behavior, as shown in Assertion I.
always (P[1:100K] == P_design) (I)
Moreover, the acceptance probability (P ) for a particular architecture must be within the prescribed limits. The maximum and the minimum values of P are obtained as (P max = 1 n − 1 ) and (P min = 1 r − 1 ), respectively, where n and r represent the number of modules that each module can communicate with, and the number of modules that a particular instruction set/application need to communicate with, respectively. This is elaborated in Assertion II: T000  T200  T300  T400  T500  T600  T700   0   10   20   30   0  2  4  6  8  10   T000  T200  T300  T400  T500  T600  T700 Few of the Trojan impact on Hurst Exponent is dependent on the input data distribution (i.e., Gaussian or Exponential).
Hop distribution is useful for such Trojan benchmarks that temporarily or permanently block the communication. : Runtime Impact Analysis of implemented HTs (i.e., MC8051-T200, T300, T400, T500, T600, T700, T800) on the statistical model (H, P , σ) of the implemented case study for 100,000 clock cycles T000  T200  T300  T400  T500  T600  T700  T800   0   4   8   12   16   20   T000  T200  T300  T400  T500  T600  T700  T800 Label B and E: Hop probability parameter is useful to detect such Trojans that blocks the communication channel. 3) H Assertion: This assertion ensures that over a specific number of clock cycles, the Hurst exponent (H) for a particular module must be equal to value of H obtained at pre-market test stage.
In order to incorporate the environmental changes and process variation, we introduce the 5% variation cap on the H, P , σ.
C. Run-time Detection and Validation
The last step of the proposed methodology is to embed the translated assertions along with the H, P and σ estimation blocks into the SoC.To illustrate the proposed methodology, we validated it with the MC8051 benchmarks intrusions, available online at trust-hub.org [26] . These intrusions affect different types of communication behavior. Some of them affect the UART communication, other affect the jump based instruction and some intrusions affect the ALU operations, Table I shows the effects of these Trojans. Each row in Table I represents the benchmark Trojans, and the columns describe their effects on different operations. We validated the proposed methodology for the intrusions T300 to T800, because these are all the intrusions that can directly Fig. 5 . The figure depicts the communication behavior with respect to H, σ and P . This run-time analysis exhibits the following key observations:
1 Hurst Exponent: The Trojan benchmarks have a significant impact on the Hurst Exponent but that impact is dependent on the input data distribution (i.e., Gaussian or Exponential). For instance, in Fig. 5 , if the input data distribution is Gaussian, then few of the implemented Trojan benchmarks (i.e., MS8051-T400, T500, and T700) have a significant impact on the Hurst exponent (see: label 1). However, if the input data distribution is exponential, then almost all the HTs have shown the significant impact on the Hurst exponent (see: label 2). 2 Probability of Hop Distribution: All the implemented Trojans have no impact on the probability of hop distribution, except the MC8051-T300 because when it is triggered, it halts a communication channel, as shown in Fig. 5 (see: labels 3 and 4). For instance, MS8051-T500 and T700 replace the valid data with intruded data. However, MC8051-T400 disables interrupt handling, T600 interrupts the jump and T800 manipulates the stack pointer, which indirectly disrupt the input data or respective control modules.
The values of H and σ for MC8051-T300 are "0" because when T300 is triggered, it blocks the UART communication altogether, hence no data traffic flows at all, resulting in the corresponding '0' values for H and sigma.
2) Average Impact Analysis: In order to elaborate the consistency of SIMCom, we have analyzed the average communication behavior of the MC8051-based UART communication network, as shown in Fig. 6 which depicts the communication behavior with respect to H, σ and P . This analysis exhibits the following key observations: 1 Hurst Exponent: The average behavior of proposed statistical model shows that, on the average, all the implemented Trojan benchmarks have a significant impact on the H irrespective of the input data distributions, as shown in Fig. 6 . However, the value of H for MC8051-T300 is "0". Hence, this can be considered as the weakest Trojan for the communicationaware HT detection (see: label A and D). Though it shows that run-time impact of implemented Trojans is more in case of the exponential distribution, in average analysis, this impact is less as compared to the impact on the Gaussian distribution. The reason behind this behavior is that, in the exponential distribution, over the period of time the data rate decreases exponentially. 2 Probability of Hop Distribution: Even in the average-case analysis, all the implemented Trojans have no any impact on the probability of hop distribution, except for the MC8051-T300 as shown in Fig. 6 (see: labels D and E). The reason behind this behavior is that, when this Trojan benchmark gets an activation trigger, it blocks the communication of a channel. 3 Standard Deviation of Injection Distribution: All the implemented Trojans deviates from the original values because all of them affect the input data injection, except the MC8051-T300, as shown in Fig. 6 (see: labels C and F). For instance, MS8051-T500 and T700 replace the valid data with the intruded data. However, the MC8051-T400 disables interrupt handling, the T600 interrupts the jump and the T800 manipulates the stack pointer, which indirectly disrupt the input data or respective control modules. [31] , [32] , as they embed the complete trained ML model in SoC and is comparable to the technique presented in [30] . 4) The proposed technique can be used for any known bus system by adding the H, P and σ measurement blocks and PSL assertions obtained from the pre-market test stage communication behavior.
IV. COMPARISON WITH STATE-OF-THE-ART TECHNIQUES
V. CONCLUSIONS
This paper utilizes a statistical traffic modeling of SoC for sniffing hardware Trojans during runtime. The proposed methodology consists of two major steps: The first step is to extract the pre-market test stage traffic model by computing the three parameters, i.e., Hurst exponent (H), spatial hop distribution (P ) and spatial injection distribution (σ). Then, this extracted behavior is translated to its corresponding PSL assertions, which are embedded into the given SoC along with the blocks which compute the traffic modeling parameters. For illustration purpose, we implemented the un-intruded AMBA bus based SoC consisting of MC8051 and UART in VHDL to extract the pre-market test stage communication behavior. For validation purposes, we used the benchmark intrusions of MC8051. The experimental results show that the proposed methodology is able to detect all MC8051 intrusions that have either direct or indirect effect on the SoC communication network. To the best of our knowledge this is the first time the statistical sniffing of SoC's communication traffic is utilized to detect hardware Trojans in 3PIP modules.
