Mitigating Hardware Trojan Risks in the Global IC Supply Chain: Pre- and Post-Silicon Detection Approaches

Abstract

The integrity of modern systems is critically dependent on trust in the underlying hardware, yet complex Integrated Circuit (IC) supply chains introduce numerous vulnerabilities for malicious insertions. This thesis confronts the challenge of IC trust by examining two distinct detection methodologies, illuminating the fundamental trade-offs inherent in practical hardware verification under black-box conditions.

The first contribution targets Trojan detection in Third Party Intellectual Property (3PIP) by adapting power-based side-channel fuzzing with Field-Programmable Gate Arrays (FPGAs). This investigation confirms that dynamic power analysis serves as an effective oracle for identifying the activation of a Trojan, creating a statistically significant side-channel anomaly. However, the work also demonstrates that random fuzzing is an impractical search strategy for discovering the low-probability trigger required for activation, highlighting a significant barrier to its widespread adoption.

To overcome the limitations of methods requiring dynamic Trojan activation, this work explores static, on-chip sensing using Ring Oscillator Networks (RONs). This research addresses a gap in prior work by characterizing RON behaviour on a modern 28nm process and subsequently developing a statistical framework to distinguish malicious modifications from normal process variations. The proposed approach was validated against a benchmark hardware Trojan and successfully classified all Trojan-free and Trojan-infected devices. These results confirm that RON-based detection remains effective on 28nm process technology and demonstrate the robustness of the developed anomaly detection algorithm.

By juxtaposing a dynamic, trigger-based detection method with a static, reference-based approach, this thesis illuminates the fundamental trade-offs inherent in hardware trust verification. The findings reveal a practical difference between the high specificity of dynamic analysis and the broad applicability of static verification. This research concludes that while physical side-channels are powerful tools, future progress will depend on developing solutions that effectively balance these competing demands, for a more comprehensive security strategy in the IC supply chain.