On automating delayered IC analysis for hardware IP protection.

Fabrication of Integrated Circuits (ICs) is outsourced to third-party foundries to decrease time to market and production cost. Outsourcing renders the ICs vulnerable to malicious modifications. These malicious circuit modifications, known as Hardware Trojans (HTs), tamper with the integrity of intellectual property cores and hence, must be detected accurately. A highly accurate method for detecting HTs is through time-consuming physical inspection of reverse-engineered chips. Apparently, physically inspection of all suspected chips is unrealistic. Therefore, the knowledge gained from reverse engineering a single infected IC should be used to detect trojans non-invasively in other ICs. The extra malicious logic, in other suspected chips, can be triggered using suitable test patterns leading to its detection. In order to facilitate detection using test patterns, however, the HT should be mapped to the golden circuit, and automated tools should be used to find appropriate patterns. In this work, we explore the feasibility of this two-step methodology for HT detection by discussing the required steps and identifying the unsolved challenges in each step.