Abstract-The proliferation of third-party silicon manufacturing has increased the vulnerability of integrated circuits to malicious insertion of hardware for the purpose of leaking secret information or even rendering the circuits useless while deployed in the field. A key goal is to detect the presence of such circuits before they are activated for subversive reasons. One way to achieve this is to detect the presence of parasitic loads on internal nodes of a victim circuit. However, such detection becomes difficult in the presence of normal process variations of the silicon manufacturing process itself. In this work, we show how high-resolution detection of parasitic loads on internal circuit nodes can be achieved using a combination of test stimulus design and design-for-Trojan detection techniques. We illustrate our ideas on digital as well as analog/mixedsignal circuits and point to directions for future research.
I. INTRODUCTION
In order to reduce the cost of integrated circuit (IC) manufacturing and to meet aggressive time to market goals, IC design and manufacturing has been split into several vertical domains. Each specialized vertical domain (e.g. design verification) is handled by a separate team, across different organizations and geographical areas. Use of third party IPs in System on Chip (SoC) designs has become ubiquitous. The diversity in the IC manufacturing chain across various organizations and use of third party IPs has opened up the possibility of insertion or modification of hardware in such ICs for malicious reasons. The major motives behind malicious tampering of ICs are as follows: i) leaking secret information from the IC, breaching security of the system where the IC is deployed and ii) malicious disruption of the functions performed by the IC while deployed in the field, either temporarily or with permanent effects.
There are numerous motives for incorporating malicious hardware Trojans (HTs) into ICs. These include: i) incorporating extra circuitry to alter the logic value of an internal circuit node in response to a predefined input trigger condition, ii) changing the dopant level of certain gates in the design to defeat optical inspection mechanisms while compromising system level security [1] and iii) accelerating wear out mechanisms in victim ICs (reliability Trojan) [2] .
Though the majority of research has focused on digital HTs, insidious insertion of HTs in analog circuits is also possible, by: i) designing circuits such as oscillators to have more than one stable operating point (depending on initial starting conditions) and triggering an unacceptable operating mode using a stealthy hardware Trojan to cause system malfunction [3] , ii) enabling a circuit to leak secret information through side channel methods, exploiting design margins of analog/RF circuits [4] .
In general, Trojans are designed in such a way that their activation is a rare event. It is almost impossible to trigger a Trojan and detect it during functional manufacture test. However, it is possible to detect passive Trojans based on how they load internal circuits nodes of a victim circuit, either in a capacitive or resistive manner. In this paper, we explore the various dimensions as well as limitations of such an approach and show how the envelope of passive Trojan detection can be pushed using intelligent test stimulus generation algorithms combined with supporting on-chip hardware infrastructure for Trojan detection.
II. PRIOR WORK

Hardware Trojan detection for digital circuits:
HT detection techniques for digital circuits are based on mainly: i) Trojan activation time reduction [5] [6] [7] , ii) power measurement [8] [9] [10] [11] and iii) path delay measurement [12] [13] [14] . As hardware Trojans are mostly dormant, any artificially directed logic activation boosting will not be very effective to trigger it as the nature, location and manifestation of hardware Trojans are generally unknown. Side channel signature analysis (such as power, supply current, path delays) requires the use of signatures from trusted ICs for comparison purposes to train learning algorithms to differentiate between "good" and "bad" signatures. In the presence of large process variations, such signature differentiation becomes extremely difficult as the worst case delay or leakage current values of a digital circuit can easily mask the additional delay or leakage current incurred by a hardware Trojan. In this paper we discuss a high resolution pulse propagation based Trojan detection technique for digital systems that is resilient to the effects of large process variations on the detectability of Trojans inserted into the design.
Hardware Trojan detection for analog/RF circuits:
It is possible to design analog circuits with multiple stable operating points that can be reached from different circuit initial conditions (such as initial voltage values of capacitors). Driving the circuit to an undesirable operating condition using an externally triggered hardware Trojan can result in overall circuit malfunction. In [3] , the authors have shown an example of a Wien bridge oscillator where altering the initial charge stored in feedback capacitors determines the final equilibrium state of the oscillator. A Trojan can control the initial charge of a capacitor and thereby cause circuit malfunction. In this context, identification and removal of Trojan states in a positive feedback analog circuit using Homotopy methods has been investigated in [15, 16] .
In [4] , the authors have shown a concurrent Trojan detection technique that continuously monitors the side channel finger print of a wireless transmitter using an on-chip neural network. The neural network classifier is trained during testing using side channel fingerprints of trusted ICs. Systematic variations of the transmitted signal within acceptable signal guardbands (very hard to detect during manufacture test) are detected and flagged to reveal secret leakage of information to third party wireless receivers.
III. TROJAN DETECTION IN DIGITAL SYSTEMS
As described in [17, 18] , a Trojan payload is the part of the circuit affected by the Trojan (part of the circuit where logic value is changed due to the Trojan) and the act of causing it to have incorrect logic values is initiated by a Trojan trigger. Trojans can be combinational or sequential. An example of each is given in Fig. 1 . Whether combinational or sequential, the inputs to the Trojan trigger circuit are obtained from nodes of the circuit corresponding to low signal transition probability. When an original circuit node is tapped as a Trojan trigger, it experiences extra load capacitance. This load capacitance can be detected even when the Trojan is not activated. However, with existing techniques, only large values of capacitive loads can be detected allowing many Trojans to remain undetected. Trojan detection can be made difficult by an attacker by using minimum sized inverters to tap internal circuit nodes for Trojan activation (See Fig. 2) . The gate capacitance of a minimum sized inverter adds 0.2-1 fF of capacitance to the tapped signal node (45nm PTM [19] ). Such small load capacitance values cannot be detected in the presence of silicon manufacturing process variations. To combat this problem, we propose a novel pulse-propagation technique that allows 880 attofarads of load capacitance to be detected in the presence of (10%) random process variations. To propagate a pulse through a long chain of identical gates, at every gate, the transition swing should be rail to rail i.e. a positive pulse should reach VDD and a negative pulse should reach ground potential in order to perpetuate pulse propagation. If at any intermediate gate, rail to rail swing is not achieved at the gate output, the pulse will attenuate as it progresses through the chain (Fig. 3) and eventually "die". If the input pulse rise/fall time ( / ) is smaller than the (10 to 90% ) rise/fall ( / ) time of a gate then the minimum pulse width required to propagate the pulse through the chain of gates is + [20] . SPICE simulation reveals that this is a greatly relaxed constraint for 45nm technology nodes and below. If ( ) ≪ ( ) then the constraint is even more relaxed. Fig. 4 shows two examples for: (a) a pulse width above the required minimum pulse width for the logic circuit concerned with the pulse propagating indefinitely through a long logic chain of inverters and (b) a pulse width that is less than the required minimum width, resulting in the pulse being "killed" as it progress through the chain of inverters. The presence (or absence) of a pulse propagating through a logic chain can be detected by sensing the supply current of the output logic gate [8] or by using a pulse detector at the output of the chain [21] . If the pulse is propagating through a logic gate then it will draw current ( ) from the power plane and if it is not propagating then it will draw only leakage current ( ) from the power supply. In 45nm PTM [19] , the ratio of / is above 200. For a "dying" pulse, the peak pulse voltage versus supply current at corresponding inverters of the chain of inverters are shown in Fig. 4 . Both peak current and rms current show almost linear relationship with peak voltage. Fig. 5 corroborates the idea of detecting a pulse by sensing supply current of a logic gate. Integration of on-chip pulse generators and pulse detectors into existing scan chain infrastructure to enable Trojan detection has been demonstrated in [21] (voltage sensing based pulse detection) and [8] (current sensing based pulse detection). Table 1 shows a comparison of the minimum capacitive load that can be detected using the proposed pulse propagation techniques vs. existing techniques that rely on path delay measurement. In all the experiments, process variations are introduced by changing the Vt values of the transistors in simulation. It is assumed that the threshold voltage values of each transistor in the design can change by +/-20% with half of the variation (10%) originating from systematic Vt variations and the other half (10%) stemming from random variability effects (the results are easily generalized to larger Vt variability statistics). In order to compare the proposed Trojan detection scheme with path delay measurement based methods, we compute the average value of the Trojan capacitance CTrojan that can be detected using the proposed method with the same for path delay based tests. To do this, we set the Vt values of all transistors to their nominal (average) values and find the value of the capacitance CTrojan at a target gate along the respective pulse-sensitized path that causes the injected pulse to be "killed". The experiment is then repeated by finding the value of the capacitance C * Trojan that causes the delay of the sensitized path to be violated for two cases: (a) where the delay guardband is the cumulative worst-case delay across all the gates in the sensitized path and (b) where the delay guardband is the expected path delay for the specified systematic and random Vt variability statistics. The ratio (C * Trojan/CTrojan) is used to describe the resolution of the proposed Trojan detection scheme in relation to traditional path delay measurement based Trojan detection methods. Results shown in Table 1 1 validate the claim that Trojan detection capability of the proposed scheme is independent of the number of gates in the pulse-sensitized path and also the improvement over delay test grows with the number of gates in the sensitized path. Similar experimental results for a variable-length ripple carry adder (for nodes C1, C2 and C3 of Fig. 6 ) are shown in Table 2 .
IV. TROJAN DETECTION IN ANALOG SYSTEMS
In analog circuits, a key problem is that load capacitances due to injected hardware Trojans can be hard to detect given guardbands in manufacturing tests imposed by nominal manufacturing process variations. In addition, analog victim circuitry, tends to be structurally large in comparison to digital logic in order to avoid process variability effects and meet matching requirements. Therefore, internal nodes tend to have larger inherent cap-to-ground values than the digital systems we have looked at. The problem of Trojan detection is therefore posed as a test stimulus generation problem: design tests that are sensitive to capacitive short-circuit defects of minimum magnitude between internal circuit nodes and ground. This is accomplished by controlling the primary inputs, power supply voltage and loading of the circuit under test and observing only its primary outputs or other observable test nodes. Stimulus optimization experiments were performed on the LNA of Fig.  7 to minimize the values of detectable capacitances on all the nodes shown. Optimization was performed using a genetic algorithm with a cost function that reflected the minimum detectable capacitive load that could be detected for a given candidate test stimulus.
While optimization ran concurrently for all victim nodes, it was assumed that only one node is impacted by the presence of a Trojan at a time. The optimized test stimulus is shown in Fig. 8 and allowed detection of capacitive loads on all the nodes of Fig. 7 , except one, down to the tens of femtofarads. Note that in general, it is possible to modify the circuit structure to enable more efficient detection of Trojans using test generation.
Fig. 8. Optimized transient test stimulus (baseband) V. CONCLUSIONS AND FUTURE WORK
The proposed techniques can be combined with design for Trojan detection algorithms that modify the circuit topology to allow efficient Trojan detection. Future work will focus on combinations of voltage and current measurement algorithms along with the use of outlier detection (learning) algorithms for effective Trojan detection in mixed-signal circuits and systems.
