improved test pattern generation for hardware trojan
play

Improved Test Pattern Generation for Hardware Trojan Detection using - PowerPoint PPT Presentation

Aug 16, 2022 •103 likes •1.43k views

Improved Test Pattern Generation for Hardware Trojan Detection using Genetic Algorithm and Boolean Satisfiability Sayandeep Saha , Rajat Subhra Chakraborty Srinivasa Shashank Nuthakki, Anshul and Debdeep Mukhopadhyay Secure Embedded

  1. Logic Testing Based Trojan Detection: Previous Works Chakraborty et.al presented an automatic test pattern generation (ATPG) scheme called MERO ( CHES 2009) [5]. Utilized: Simultaneous activation of rare nodes for triggering . Rare nodes are selected based on a “rareness threshold” ( θ ). N-detect ATPG scheme was proposed: To individually activate a set of rare nodes to their rare values at least N -times. Assumption : Multiple individual activation also increases the probability of simultaneous activation.

  2. Scopes of Improvement Trojan test set : only “hard-to-trigger” Trojans with triggering probability ( P tr ) below 10 − 6 .

  3. Scopes of Improvement Trojan test set : only “hard-to-trigger” Trojans with triggering probability ( P tr ) below 10 − 6 . Best coverage achieved near θ = 0 . 1 for most of the circuits– best operating point .

  4. Scopes of Improvement Trojan test set : only “hard-to-trigger” Trojans with triggering probability ( P tr ) below 10 − 6 . Best coverage achieved near θ = 0 . 1 for most of the circuits– best operating point . Test Coverage of MERO is consistently below 50% for circuit c7552.

  5. Proposed Solutions

  6. Proposed Solutions Simultaneous activation of rare nodes: in a direct manner .

  7. Proposed Solutions Simultaneous activation of rare nodes: in a direct manner . Replacement of the MERO heuristics with a combined Genetic algorithm (GA) and boolean satisfiability (SAT) based scheme.

  8. Proposed Solutions Simultaneous activation of rare nodes: in a direct manner . Replacement of the MERO heuristics with a combined Genetic algorithm (GA) and boolean satisfiability (SAT) based scheme. Refinement of the test set considering the “payload effect” of Trojans: a fault simulation based approach .

  9. Genetic Algorithm and Boolean Satisfiability for ATPG GA in ATPG :

  10. Genetic Algorithm and Boolean Satisfiability for ATPG GA in ATPG : Achieves reasonably good test coverage over the fault list very quickly.

  11. Genetic Algorithm and Boolean Satisfiability for ATPG GA in ATPG : Achieves reasonably good test coverage over the fault list very quickly. Inherently parallel, and rapidly explores search space.

  12. Genetic Algorithm and Boolean Satisfiability for ATPG GA in ATPG : Achieves reasonably good test coverage over the fault list very quickly. Inherently parallel, and rapidly explores search space. Does not guarantee the detection of all possible faults, especially for those which are hard to detect.

  13. Genetic Algorithm and Boolean Satisfiability for ATPG GA in ATPG : Achieves reasonably good test coverage over the fault list very quickly. Inherently parallel, and rapidly explores search space. Does not guarantee the detection of all possible faults, especially for those which are hard to detect. SAT based test generation :

  14. Genetic Algorithm and Boolean Satisfiability for ATPG GA in ATPG : Achieves reasonably good test coverage over the fault list very quickly. Inherently parallel, and rapidly explores search space. Does not guarantee the detection of all possible faults, especially for those which are hard to detect. SAT based test generation : Remarkably useful for hard-to-detect faults.

  15. Genetic Algorithm and Boolean Satisfiability for ATPG GA in ATPG : Achieves reasonably good test coverage over the fault list very quickly. Inherently parallel, and rapidly explores search space. Does not guarantee the detection of all possible faults, especially for those which are hard to detect. SAT based test generation : Remarkably useful for hard-to-detect faults. Targets the faults one by one– incurs higher execution time for large fault lists .

  16. Genetic Algorithm and Boolean Satisfiability for ATPG GA in ATPG : Achieves reasonably good test coverage over the fault list very quickly. Inherently parallel, and rapidly explores search space. Does not guarantee the detection of all possible faults, especially for those which are hard to detect. SAT based test generation : Remarkably useful for hard-to-detect faults. Targets the faults one by one– incurs higher execution time for large fault lists . We combine the “best of both worlds” for GA and SAT.

  17. Proposed Scheme

  18. Proposed Scheme

  19. Phase I: Genetic Algorithm

  20. Phase I: Genetic Algorithm

  21. Phase I: Genetic Algorithm Rare nodes are found using a probabilistic analysis as described in [6].

  22. Phase I: Genetic Algorithm Rare nodes are found using a probabilistic analysis as described in [6]. GA dynamically updates the database with test vectors for each trigger combination.

  23. Phase I: Genetic Algorithm Rare nodes are found using a probabilistic analysis as described in [6]. GA dynamically updates the database with test vectors for each trigger combination.

  24. Phase I: Genetic Algorithm Rare nodes are found using a probabilistic analysis as described in [6]. GA dynamically updates the database with test vectors for each trigger combination. Termination : if either 1000 generations has been reached or a specified # T number of test vectors has been generated.

  25. Phase I: Genetic Algorithm How a SAT Instance is Formed?

  26. Phase I: Genetic Algorithm How a SAT Instance is Formed?

  27. Phase I: Genetic Algorithm

  28. Phase I: Genetic Algorithm Goal 1 An effort to generate test vectors that would activate the most number of sampled trigger combinations.

  29. Phase I: Genetic Algorithm Goal 1 An effort to generate test vectors that would activate the most number of sampled trigger combinations. Goal 2 An effort to generate test vectors for hard-to-trigger combinations.

  30. Phase I: Genetic Algorithm

  31. Phase I: Genetic Algorithm Fitness Function f ( t ) = R count ( t ) + w ∗ I ( t ) (1) f ( t ) : fitness value of a test vector t . R count ( t ) : the number of rare nodes triggered by the test vector t . w : constant scaling factor ( > 1). I ( t ) : relative improvement of the database D due to the test vector t .

  32. Phase I: Genetic Algorithm

  33. Phase I: Genetic Algorithm Relative Improvement I ( t ) = n 2 ( s ) − n 1 ( s ) (2) n 2 ( s ) n 1 ( s ) : number of test patterns in bin s before update n 2 ( s ) : number of test patterns in bin s after update.

  34. Phase I: Genetic Algorithm Crossover and Mutation

  35. Phase I: Genetic Algorithm Crossover and Mutation Two-point binary crossover with probability 0 . 9.

  36. Phase I: Genetic Algorithm Crossover and Mutation Two-point binary crossover with probability 0 . 9. Binary mutation with probability 0 . 05.

  37. Phase I: Genetic Algorithm Crossover and Mutation Two-point binary crossover with probability 0 . 9. Binary mutation with probability 0 . 05. Population size: 200 (combinatorial), 500 (sequential).

  38. Phase I: Genetic Algorithm Crossover and Mutation Two-point binary crossover with probability 0 . 9. Binary mutation with probability 0 . 05. Population size: 200 (combinatorial), 500 (sequential).

  39. Phase II: Solving “Hard-to-Trigger” Patterns using SAT Trojan Database ( D ) with tuples { s, φ } ,where s ∊ S’ (1) { s ,{ t i }}, with s ∊ S Yes Is | S’ |= 0 End (3) { s, { t i } } ,where s ∊ S sat Yes No (2) SAT Engine SAT( s )? s ∊ S unsat No (3) Reject

  40. Phase II: Solving “Hard-to-Trigger” Patterns using SAT Trojan Database ( D ) with tuples { s, φ } ,where s ∊ S’ (1) { s ,{ t i }}, with s ∊ S Yes Is | S’ |= 0 End (3) { s, { t i } } ,where s ∊ S sat Yes No (2) SAT Engine SAT( s )? s ∊ S unsat No (3) Reject

  41. Phase II: Solving “Hard-to-Trigger” Patterns using SAT Trojan Database ( D ) with tuples { s, φ } ,where s ∊ S’ (1) { s ,{ t i }}, with s ∊ S Yes Is | S’ |= 0 End (3) { s, { t i } } ,where s ∊ S sat Yes No (2) SAT Engine SAT( s )? s ∊ S unsat No (3) Reject ′ ⊆ S denotes the set of trigger combinations unresolved S by GA.

  42. Phase II: Solving “Hard-to-Trigger” Patterns using SAT Trojan Database ( D ) with tuples { s, φ } ,where s ∊ S’ (1) { s ,{ t i }}, with s ∊ S Yes Is | S’ |= 0 End (3) { s, { t i } } ,where s ∊ S sat Yes No (2) SAT Engine SAT( s )? s ∊ S unsat No (3) Reject ′ ⊆ S denotes the set of trigger combinations unresolved S by GA. ′ is the set solved by SAT. S sat ⊆ S

  43. Phase II: Solving “Hard-to-Trigger” Patterns using SAT Trojan Database ( D ) with tuples { s, φ } ,where s ∊ S’ (1) { s ,{ t i }}, with s ∊ S Yes Is | S’ |= 0 End (3) { s, { t i } } ,where s ∊ S sat Yes No (2) SAT Engine SAT( s )? s ∊ S unsat No (3) Reject ′ ⊆ S denotes the set of trigger combinations unresolved S by GA. ′ is the set solved by SAT. S sat ⊆ S ′ remains unsolved and gets rejected. S unsat ⊆ S

  44. Phase III: Payload Aware Test Vector Selection

  45. Phase III: Payload Aware Test Vector Selection For a node to be payload:

  46. Phase III: Payload Aware Test Vector Selection For a node to be payload: Necessary condition : topological rank must be higher than the topologically highest node of the trigger combination.

  47. Phase III: Payload Aware Test Vector Selection For a node to be payload: Necessary condition : topological rank must be higher than the topologically highest node of the trigger combination. Not a sufficient condition.

  48. Phase III: Payload Aware Test Vector Selection For a node to be payload: Necessary condition : topological rank must be higher than the topologically highest node of the trigger combination. Not a sufficient condition. In general, a successful Trojan triggering event provides no guarantee regarding its propagation to the primary output to cause functional failure of the circuit.

  49. Phase III: Payload Aware Test Vector Selection

  50. Phase III: Payload Aware Test Vector Selection An Example

  51. Phase III: Payload Aware Test Vector Selection An Example

  52. Phase III: Payload Aware Test Vector Selection An Example Trojan is triggered by an input vector 1111.

  53. Phase III: Payload Aware Test Vector Selection An Example Trojan is triggered by an input vector 1111. Payload-1 (Fig. (b)) has no effect on the output.

  54. Phase III: Payload Aware Test Vector Selection An Example Trojan is triggered by an input vector 1111. Payload-1 (Fig. (b)) has no effect on the output. Payload-2 (Fig. (c)) affects the output.

  55. Phase III: Payload Aware Test Vector Selection

  56. Phase III: Pseudo Test Vector

  57. Phase III: Pseudo Test Vector

  58. Phase III: Pseudo Test Vector For each set of test vectors ( { t s i } ) corresponding to a triggering combination ( s ), we find out the primary input positions which remains static (logic-0 or logic-1).

  59. Phase III: Pseudo Test Vector For each set of test vectors ( { t s i } ) corresponding to a triggering combination ( s ), we find out the primary input positions which remains static (logic-0 or logic-1). Rest of the input positions are marked as “don’t care” (X).

  60. Phase III: Pseudo Test Vector For each set of test vectors ( { t s i } ) corresponding to a triggering combination ( s ), we find out the primary input positions which remains static (logic-0 or logic-1). Rest of the input positions are marked as “don’t care” (X). A 3-value logic simulation is performed with this PTV and values of all internal nodes are noted down (0,1, or X).

  61. Phase III: Payload Aware Test Vector Selection The Fault list F s

  62. Phase III: Payload Aware Test Vector Selection The Fault list F s If the value at that node is 1, consider a stuck-at-zero fault there.

  63. Phase III: Payload Aware Test Vector Selection The Fault list F s If the value at that node is 1, consider a stuck-at-zero fault there. If the value at that node is 0, consider a stuck-at-one fault there.

  64. Phase III: Payload Aware Test Vector Selection The Fault list F s If the value at that node is 1, consider a stuck-at-zero fault there. If the value at that node is 0, consider a stuck-at-one fault there. If the value at that node is X, consider a both stuck-at-one and stuck-at-zero fault at that location.

  65. Phase III: Payload Aware Test Vector Selection

  66. Experimental Results: Setup

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate

HOST Hardware Trojans I ECE 525 Hardware Trojans (HT) What is a hardware Trojan? A deliberate and malicious change to an IC that adds or removes functionality or reduces reliability The modifications may be designed to leak sensitive

394 views • 23 slides
Outline Introduction/ Motivation Preliminaries Circuit, Fault Model, Test Pattern

Outline Introduction/ Motivation Preliminaries Circuit, Fault Model, Test Pattern

Autom atic Test Pattern Generation Rolf Drechsler, Grschwin Fey University of Bremen drechsle@informatik.uni-bremen.de Outline Introduction/ Motivation Preliminaries Circuit, Fault Model, Test Pattern Generation Proof

722 views • 35 slides
HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D.

HOST Hardware Trojans III ECE 525 Seminal Trojan Detection Method D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, B. Sunar, Trojan Detection using IC Fingerprinting, Symposium on Security and Privacy, 2007, pp. 296 - 310 They use noise

543 views • 37 slides
Built-in Self-test November 2, 2012 1 Introduction Test generation and response evaluation

Built-in Self-test November 2, 2012 1 Introduction Test generation and response evaluation

Built-in Self-test November 2, 2012 1 Introduction Test generation and response evaluation done on-chip. Only a few external pins to control BIST operation. Additional hardware overhead. Additional hardware overhead. Offers

718 views • 61 slides
Built-in Self-test October 26, 2011 1 Introduction Test generation and response evaluation

Built-in Self-test October 26, 2011 1 Introduction Test generation and response evaluation

Built-in Self-test October 26, 2011 1 Introduction Test generation and response evaluation done on-chip. Only a few external pins to control BIST operation. Additional hardware overhead. Additional hardware overhead. Offers

628 views • 61 slides
Objectives Fault modeling and simulation Test generation

Objectives Fault modeling and simulation Test generation

Objectives Fault modeling and simulation Test generation Automatic-test-pattern-generation Built-in-self-test BIST architecture Scan and boundary scan Scan chains Digital scan standard Digital system

617 views • 37 slides
VLSI Testing Automatic Test Pattern Generation Virendra Singh Associate Professor C omputer A

VLSI Testing Automatic Test Pattern Generation Virendra Singh Associate Professor C omputer A

VLSI Testing Automatic Test Pattern Generation Virendra Singh Associate Professor C omputer A rchitecture and D ependable S ystems L ab Department of Electrical Engineering Indian Institute of Technology Bombay

1.33k views • 25 slides
VLSI Testing Automatic Test Pattern Generation Virendra Singh Associate Professor C omputer A

VLSI Testing Automatic Test Pattern Generation Virendra Singh Associate Professor C omputer A

VLSI Testing Automatic Test Pattern Generation Virendra Singh Associate Professor C omputer A rchitecture and D ependable S ystems L ab Department of Electrical Engineering Indian Institute of Technology Bombay

389 views • 15 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (11/5/07) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (11/5/07) I E S R C E O V U

VLSI Design Verification and Test Combo ATPG I CMPE 646 ATPG Automatic Test Pattern Generation has several purposes: It can generate test patterns (obviously). It can find redundant circuit logic. It can prove one implementation

336 views • 18 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (9/30/04) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (9/30/04) I E S R C E O V U

VLSI Design Verification and Test Combo ATPG I CMPE 646 ATPG Automatic Test Pattern Generation has several purposes: It can generate test patterns (obviously) It can find redundant circuit logic. It can prove one implementation

311 views • 18 slides
Digital Testing Digital Testing Lecture 9 : Combinational Automatic Test Pattern Automatic

Digital Testing Digital Testing Lecture 9 : Combinational Automatic Test Pattern Automatic

Digital Testing Digital Testing Lecture 9 : Combinational Automatic Test Pattern Automatic Test-Pattern Generation (ATPG) Basics Generation (ATPG) Basics Instructor: Shaahin Hessabi Instructor: Shaahin Hessabi Department of Computer

764 views • 45 slides
Lecture 25 Built-In Self-Testing Pattern Generation and Response Pattern Generation and Response

Lecture 25 Built-In Self-Testing Pattern Generation and Response Pattern Generation and Response

Lecture 25 Built-In Self-Testing Pattern Generation and Response Pattern Generation and Response Compaction Motivation and economics Definitions Definitions Built-in self-testing (BIST) process BIST pattern generation (PG)

535 views • 50 slides
Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel

Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel

Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel X. Ngo, Z. Najm, S. Guilley, S. Bhasin, J.-L.Danger PROOFS14, Busan, South Korea Introduction to HTH and its detection Proposed HTH Detection

429 views • 27 slides
Trojan Horse Zion Maxwell and Kaylie Davis The Trojan horse The Greeks had a war against the

Trojan Horse Zion Maxwell and Kaylie Davis The Trojan horse The Greeks had a war against the

Trojan Horse Zion Maxwell and Kaylie Davis The Trojan horse The Greeks had a war against the Trojans for ten years. The Torjan horse So they build the Trojan horse the Greeks Gene The Trojan horse After they built it they put a

392 views • 5 slides
An improved primal simplex algorithm and column generation for degenerate linear programs

An improved primal simplex algorithm and column generation for degenerate linear programs

An improved primal simplex algorithm and column generation for degenerate linear programs Abdelmoutalib Metrane Ecole Polytechnique and GERAD Montreal Canada Column Generation 2008 Introduction Improved Primal Simplex Column generation

490 views • 35 slides
Symmetric Pattern Based Word Embeddings for Improved Word Similarity Prediction Roy Schwartz + ,

Symmetric Pattern Based Word Embeddings for Improved Word Similarity Prediction Roy Schwartz + ,

Symmetric Pattern Based Word Embeddings for Improved Word Similarity Prediction Roy Schwartz + , Roi Reichart * and Ari Rappoport + + The Hebrew University, * Technion IIT CoNLL 2015 Symmetric Pattern Based Word Embeddings for 2 Improved Word

917 views • 49 slides
Lecture: Genetic Basis of Complex Phenotypes 02-715 Advanced Topics in

Lecture: Genetic Basis of Complex Phenotypes 02-715 Advanced Topics in

Lecture: Genetic Basis of Complex Phenotypes 02-715 Advanced Topics in Computa8onal Genomics Genome Polymorphisms A Human TCGAGGTATTAAC Genealogy The ancestral chromosome From SNPS

490 views • 36 slides
Gene-set analysis and data integration Le Leif if V Vremo leif.varemo@scilifelab.se

Gene-set analysis and data integration Le Leif if V Vremo leif.varemo@scilifelab.se

Gene-set analysis and data integration Le Leif if V Vremo leif.varemo@scilifelab.se Bioinformatics Long-term Support (WABI) Systems Biology Facility @ Chalmers Outline Gene-set analysis - What and why? Gene-set collections

303 views • 29 slides
Genomic and epigenomic signatures for interpreting complex disease Manolis Kellis Broad Institute

Genomic and epigenomic signatures for interpreting complex disease Manolis Kellis Broad Institute

Genomic and epigenomic signatures for interpreting complex disease Manolis Kellis Broad Institute of MIT and Harvard MIT Computer Science & Artificial Intelligence Laboratory

1.15k views • 60 slides
Health claim and evidence in health food in Japan: vocabulary and law International Conference

Health claim and evidence in health food in Japan: vocabulary and law International Conference

Health claim and evidence in health food in Japan: vocabulary and law International Conference and Exhibition on Nutraceuticals and Functional Foods (ISNFF) 2011 16 November 2011, Sapporo, Japan Kiichiro TSUTANI MD, PhD Dept.

520 views • 23 slides
Data fusion based gene function prediction using ensemble methods Matteo Re and Giorgio Valentini

Data fusion based gene function prediction using ensemble methods Matteo Re and Giorgio Valentini

BITS annual meeting Data fusion based gene function prediction using ensemble methods Matteo Re and Giorgio Valentini D.S.I. - Dipartimento di Scienze dellInformazione Universit` a degli Studi di Milano March 19, 2009 Matteo Re and

389 views • 19 slides
Division of Integrative Organismal Systems (IOS) Virtual Office Hour Welcome to the IOS Virtual

Division of Integrative Organismal Systems (IOS) Virtual Office Hour Welcome to the IOS Virtual

Division of Integrative Organismal Systems (IOS) Virtual Office Hour Welcome to the IOS Virtual Office Hour. We will begin soon. Please submit questions via the chat box in the Q & A section available to you on WebEx Division of

479 views • 13 slides
CURRENT CHALLENGES IN GENOMIC DATA VISUALIZATION Cydney Nielsen BC Cancer Agency Genome

CURRENT CHALLENGES IN GENOMIC DATA VISUALIZATION Cydney Nielsen BC Cancer Agency Genome

CURRENT CHALLENGES IN GENOMIC DATA VISUALIZATION Cydney Nielsen BC Cancer Agency Genome Sciences Centre Vancouver, Canada The Data Deluge ~$5,000 in 2001 ~10 in 2011 Sequencing Experiments De novo assembly Re-sequencing Enrichment

841 views • 31 slides
Genome Sequencing & Analysis Core Resource Olivier Fedrigo Friday, October 19, 12 Reference

Genome Sequencing & Analysis Core Resource Olivier Fedrigo Friday, October 19, 12 Reference

Genome Sequencing & Analysis Core Resource Olivier Fedrigo Friday, October 19, 12 Reference genome * * GENOME RESEQUENCING Friday, October 19, 12 Reference genome DE NOVO GENOME SEQUENCING Friday, October 19, 12 Reference genome

534 views • 39 slides

More recommend