Exploring the Limitations of the Property-based Hardware-Trojan Detection Methods.

The ever-growing complexity of the IC supply chain increases the risk of involvement of a malicious agent capable of inserting a Hardware Trojan (HT). As such, the detection of Hardware Trojans has become of central interest. In recent years, many methods for hardware Trojan detection have been proposed. Some of them are based on the existence of a ‘Golden Model’, which can be used for comparison. Thus, when such a model does not exist, researchers suggest to detect Trojans based on logical or functional properties attributed to them. Some methods derive the properties from the expected behavior of the Trojan, others extract features from synthetic Trojan benchmarks. This paper challenges the assumption that Hardware Trojans possess some unique properties that allow such a classification. In order to support this, we examine two published property-based detection methods, replicate and test them on the published benchmarks as well as on Trojan-free benchmarks. With the latter, we observe large false-positive rates and assert the methods' dependency on pre-determined thresholds, that cannot necessarily be decided correctly without prior and vast knowledge of the circuit. Finally, we suggest methods to be further explored for finding fitting thresholds without said prior knowledge of the circuit and reducing dependency on the implementation.