

# Hardware & Embedded Security

Prof Daniele Rossi



Via G. Caruso 16, room B-1-03

[daniele.rossi1@unipi.it](mailto:daniele.rossi1@unipi.it)

050 221 7611

1

## Design for Hardware Trust

### Hardware Trojans Detection Methodologies

---

Lecture 5-Part 1 - DR

2

1

## Brief Outline

---

- **Hardware Trojan detection methodologies**
  - Logic testing
  - Statistical approach
  - Side-channel analysis (power and delay)

3

## Design for Hardware Trust

---

- Verifying the trustworthiness of manufactured ICs requires a post-manufacturing step to validate the conformance of the fabricated ICs to the original functional and performance specifications
  - Current design methodologies provide an adversary with multiple opportunities to insert Trojans that can go undetected  
→ We need to know what the HW we are using is what it is supposed to be
  - It is important to develop **design-for-hardware-trust** (DFHT) strategies
    - (i) to prevent Trojan insertion into a design and
    - (ii) to detect the Trojan if inserted  
↓ So NOT ONLY DETECTION
- ICs must be designed in such a way that **undetected changes** to a circuit are near impossible

4

2

How can we identify hardware horizon?

1. Of course logic testing.
2. Statistical approach, but we will focus mostly on
3. Srolc channel analysis.

## IC (System) Trust



13

- **IC Trust Objective**

- Ensure that the fabricated chip/system will carry out only our desired function and **nothing more**

We will focus on IC trust for the reasons we discussed previously (IP)

## IC (System) Trust

- **Challenges:** SMP 5

- **Tiny:** several gates to millions of gates
- **Quiet:** hard-to-activate (rare event) or triggered itself (time-bomb)
- **Hard to model:** human intelligence
- Conventional test and validation approaches fail to reliably detect hardware Trojans
  - Focus on manufacture defects and does not target detection of additional functionality in a design



14

3

1. HW Tgs are tiny compared to our actual system (Millions of gates)
2. HW Tgs are mostly quiet before activation and occurrence of activation event is rare (you can also have timers): not simple to detect them.
3. Hard to model: they can be anything really.
  - You can run a conventional test, known: an activated program makes HW behave in anomaly ways. You could detect anomalies. But: you still need to activate it. So approach is not so effective, simple and tests don't scale very well. You will need some kind of side channel analysis.

## Classification of Trojan Detection Approaches for IC Trust



15

## Classification of Trojan Detection Approaches for IC Trust



- **Destructive Approach:** Expensive and time consuming
  - **Reverse engineering** to extract layer-by-layer images by using delayering and Scanning Electron Microscope
  - Identify transistors, gates and routing elements by using a **template-matching approach** → needs golden IC/layout

16

You have two main approaches for detection:

## 1. Destructive:

- Reverse Engineering: you open the chip up and layer by layer you analyze the chip. This approach looks at the very physical design of the chip, but for it to be effective you need a golden model for comparison.

## 2. Non Destructive:

- Runtime monitoring: idea is observing behavior of chip at runtime to scan for abnormal behavior. Sometimes called anomaly detection. Also useful for maintenance detection or intrusion detection. To do this you need to be able to model normal behavior to know how to recognise abnormal behavior. You could also use machine learning, but you need to know it well. Anyway idea is compare behavior of system with normal behavior. To do this, you can exploit pre-existing redundancy in the circuit. You can perform, for ex., a test in multiple cores and see if they behave the same way (as long as H/w is not everywhere, IP T/S case). Basic idea is that.
- Test-Time (no runtime):
  - Logic Testing-based approach to try and activate programs CALL 21 (PAG. 10)
  - Side channel analysis-based approach: we will focus mainly on delay and power (can be dynamic power but also static power), but also modulation.

STEP BACK ON LOGIC TESTING: Consolidated technique Equipment needed is easily available in big companies. To run logic testing you need to identify a set of test inputs and be able to control behavior of specific areas of your system and observe effects of control. You focus on activating certain ops in a specific area (control). But in a complex system you also need to propagate effect of the control (observability, another important property).

Test is straightforward and easy. BUT you don't know what HWTs is going to look like. Plus in a complex system you have a lot of inputs, internal states. It is impossible to check all the possible states and input configurations. Plus, HWts activate on very rare events. And you still cannot focus on triggers that activate externally.

SMP 22 (Slide pag. 10)

## Classification of Trojan Detection Approaches for IC Trust

- **Non-destructive Approach:**

- **Run-time monitoring:** Monitor abnormal behaviour during run-time
  - Exploit pre-existing redundancy in the circuit
  - Compare results and select a trusted part to avoid an infected part of the circuit



17

## Classification of Trojan Detection Approaches for IC Trust

- **Non-destructive Approach:**

- Run-time monitoring: Monitor abnormal behaviour during run-time
  - Exploit pre-existing redundancy in the circuit
  - Compare results and select a trusted part to avoid an infected part of the circuit
- **Test-time Authentication:** Detect Trojans throughout test duration
  - **Logic-testing**-based approaches
  - **Side-channel** analysis-based approaches



18

5

## Logic Testing Approach

- Logic-testing approach focuses on test-vector generation for
  - Activating a Trojan circuit
  - Observing its malicious effect on the payload at the primary outputs RET
  - Both functional and structural test vectors are applicable
- Pros:
  - Straight-forward and easy to differentiate
- Cons:
  - The difficulty in exciting or observing low controllability or low observability nodes
  - Intentionally inserted Trojans are triggered under rare conditions. (e.g., sequential Trojans)
  - It cannot trigger Trojans that are activated externally and can only observe functional Trojans

21

• This is the idea

Fare slide analoga su structural test, se possibile

## Functional Test



22

6



23

## Functional Test vs Structural Test

- Until recently, manufacturers have relied on engineers to write test programs able to identify **failures in device function** - **functional test** - and have acquired sufficiently **powerful** automatic test equipment (**ATE**) resources to avoid any bottlenecks in production test and product shipment
- Rising **device complexity**, however, drives a proportionally **faster increase in test complexity** that simply surpasses the capabilities of test engineers and ATE to achieve cost-effective functional test solutions → IC companies have begun to deploy **structural test strategies** designed to uncover **manufacturing defects** within the most complex ICs  
(<https://www.design-reuse.com/articles/5100/what-designers-need-to-know-about-structural-test.html>)
- Functional test attempts to answer the question "**Does it function correctly?**"
- Structural test attempts to answer the question "**Was it manufactured correctly?**"

24

• Structural test simplifies a bit ability to observe behavior of internal nodes of your system. You have a chip modeled as a set of cascading pieces of random logic in slides. You have troubles observing internal nodes (control + propagation vs hard). Here, you have internal flip flops that can be arranged as kind of shift registers. So those flip flops can also be set to work as shift registers when you want to perform tests. You have a red line going through flip flops. This makes control and observe parts because you can shift in values that you like in the flip flops directly (so you bypass primary input). As you have shifted in the inputs, you apply them in your blocks. First line is input from the 1st one, second for  $\oplus$  the 2nd one etc. Then you can sample outputs of FF by using them and if you shift out contents of shift registers in output. This of course increases complexity of system (modify FF, add Multiplexers). But far more efficient than logic tests.

SMP 26 (page 13)

## Hardware Trojan Detection: Untrusted Manufactured Integrated Circuits

- Trojan circuits are designed to avoid detection, triggering only under rare conditions
- Trojans are silent most of their lifetimes and have a very small size, relative to their host circuits, and make only limited contributions to circuit characteristics
- These qualities suggest that they most likely connect to nets with low controllability and/or observability
- **Controllability:** The ability to **induce any signal on a line** → activation of the signal on a given line
- **Observability:** The ability to **observe the changes on lines at primary output** → propagation of the effect of the signal to output pins

25

## Controllability and Observability

- **Controllability:** The ability to induce any signal on a line → activation of the signal on a given line
- **Observability:** The ability to observe the changes on lines at primary output → propagation of the effect of the signal to output pins
- **Combinational logic is usually easy to observe and control**
- **Sequential logic (finite state machines) can be very difficult to observe and control,** requiring many cycles to enter a desired state → *Stuck-at tests help*
- Good observability and controllability reduces number of test vectors required to testing → make it easier to detect the presence of a HT

26

8

If you want to check for anomalies at level 1, you can try to force E at 1, so you have to control A,B,C to 1 (you only have access to primary inputs) ① But even if you set E to 1, you don't necessarily see it. You need to propagate value to primary output. So you need to force primary output to depend only on E. Set D=0.

## Controllability and Observability: Example

### Controllability



- Controlling the **output** of a multi-input **AND gate** to **logic 1** requires the control of all its input to 1
- Controlling a node at **level 1** (such as node E) requires controlling the node at level 1 (E itself) and three nodes at level 0 (primary inputs) A, B and C → controllability cost increases from stepping from one level to the next one (it becomes more difficult)

27

## Controllability and Observability: Example

### Controllability



- Controlling a node at **level n** requires controlling the nodes at **levels 0 .. n-1** → controllability "cost" increases from stepping from one level to the next one (it becomes more difficult)

28

9

## Controllability and Observability: Example

### Observability



- To observe an **internal node** (E), it is necessary to control D to 0 in order to sensitize through the OR gate the primary output G
- Similarly, observability of D at G requires controllability of E to 0.
- The other primary inputs, A, B and C, have equal observability



29

## Controllability and Observability: Example

### Observability



- Consider primary outputs are at level n  
Then, observing a node at **level i**  
usually requires controlling some nodes  
at **levels i .. n-1**
- observability “cost” increases from  
stepping from one level to the  
**previous one** (it becomes more  
difficult)

SMP 18

30

10

## Functional Test Deficiency

- Functional patterns could potentially detect a "functional" Trojan
  - Exhaustive test would be effective, but certainly not applicable for large circuits
  - E.g. 64 input adder →  $2^{65}$  input combination (including carry in)
  - $2^{64} > 10^{18}$  : This is impractical
  - 100MHz is used →  $10^{10}$  s → 317 years; @10 GHz (exaggerate!) → 3.17 years
  - Only a few and more effective patterns are used → Trojan can escape
  - The fault coverage is low for manufacturing test
- In practice, structural tests are used

31

Any questions so far?

36

11

## HT Detection Using Side-Channel Signal Analysis

- Side channel signals include
  - **Timing signals**
  - **Power signals**
- Trojans typically **change a design's parametric characteristics** for example, by degrading performance, changing power characteristics. This
  - influences **power** and/or **delay** characteristics of wires and gates in the affected circuit
  - introduces reliability problems in the chip

37

## HT Detection Using Side-Channel Signal Analysis

- **Power-based** side-channel signals provide visibility of the **internal structure** and **activities** within the IC, enabling detection of Trojans without fully activating them. You don't need to activate all the Trojan to detect it.
- **Timing-based** side channels can detect a Trojan's presence if the chip is tested using **efficient delay tests** that are sensitive to small changes in the circuit delay along the **affected paths** and that can effectively differentiate Trojans from process variations
  - HTs do not need to be activated

RET

38

12

## SIDE CHANNEL ATTACKS

- We need to characterize behavior of system in terms of timing behavior (signal propagation) or power consumption of our circuits.
- What is the basic assumption for timing and power analysis? We need GOLD MODELS.  
↳ HW/TGs can affect both timing and power behavior of system. Impact is not gonna be massive, but still there. We can detect it.

For delays, we mentioned for counterfeiting that an increased delay can also be something related to reliability and not only performance. Why can we expect that an increase in delay is linked with reliability problems? (More valid for counterfeiting) [SOMETIMES INCREASE IN DELAY CAN REFLECT MISBEHAVIOR SO RELIABILITY ISSUES]

- Additional delay can be masked electrically by your system up until the delay doesn't go over the constraints set by setup, hold and propagation delay times. But again, this is more related to recycled components.  
Performance degradation should be so large that it exceeds margins set by system.

PANKO ARGUES



- For power analysis what can we expect from HW/TGs? In order to detect an HW/TG through power analysis you need to activate it. Easier said than done. But what about delay?



For power analysis it would be better to activate Tr<sub>3</sub>. For path delay nope. Why? Because regardless of activation, extra connections introduce extra load capacitance, which means extra delay.



PANKO  
REASONS

CALL 38 (slide 17)

In all cases, you are going to need a golden model. Pros and cons for side channel analysis: you don't need to identify a misbehavior of the system (functional problem), just that you have anomaly in delay / power consumption. See if they fall out of your distribution of delay / consumption. You have distribution of parameters because of process variation.



So we still need to take process variation into account for both power and delay.

NOTE: When we say power, you might focus on the instant power CALL 40 (page 20) but it might not be easy: you might have small differences and need good equipment to measure it.

- You need to consider limitation of your process: not only process variation, you can have measurement noise for power analysis (and difference is minimal so any noise is bad). To remove noise, replicate measurement multiple times and if noise is pretty much random, it is going to be negligible if you take average. Still, to have an indication of Tr<sub>3</sub> you need differences beyond process variation.

JMP 42 (page 21)

## Side-channel Signals

- All the side-channel analyses are based on observing the effect of an inserted Trojan on a physical parameter such as
  - **IDQ:** Extra gates will consume leakage power
  - **IDDT:** Extra switching activities will consume more dynamic power
  - **Path Delay:** Additional gates and capacitance will increase path delay
  - **EM:** Electromagnetic radiation due to switching activity
- Pros & Cons
  - Pros: It is **effective for Trojan** which does **not cause observable malfunction** in the circuits
  - Cons: **Large process variations** in modern nanometer technologies and measurement noise can mask the effect of the Trojan circuits, especially for small Trojan

**Golden chip  
required!**

39

## Power-Based Hardware Trojan Detection



- In power-based techniques, the **power consumption of IC under authentication (IUA)** is compared with that of **Trojan-free (golden) circuit**
- Measured current from VDD pin in Trojan-free and Trojan-inserted circuits over a specific time interval

40

13

## Power-Based Hardware Trojan Detection

- Each current measurement consists of several elements, including:
  1. the **main circuit current** consumption which is the same for all chips
  2. **measurement noise** which can be eliminated by averaging several measurements
  3. **process variations** which are random and cannot be cancelled
  4. **Trojan** contributions if they exist
- Any measurable **difference beyond process variations** can be an indication of **Trojan** existence

41

## Power-Based Hardware Trojan Detection

- Hardware Trojans inserted in a chip can change the power consumption characteristics
- **Partial activation** of Trojan can be extremely valuable for power analysis
- The **more number of cells in Trojan is activated**, the more the Trojan will draw current from power grid



42

14

## Power-Based Analysis: Sensitivity Metric

- Improving Detection Sensitivity



43 JMP 23

## Delay-Based Hardware Trojan Detection



- Delay-based techniques analyze the **impact** of Trojans on design **performance**
- Any additional gates or wiring introduces **extra capacitances**, and then any rising or falling on **Trojan-inserted paths** creates extra time for transition
- The signal over the highlighted path passes through extra wiring and an additional gate and experiences additional delay due to the resistance and capacitance of the extra wiring and propagation delay of the Trojan gate

44

15

- Delay: by the very fact that something extra is present, you have extra capacitance. Propagation delay depends on how conductive the circuit is, supply voltage, and load capacitance.  
 $\hookrightarrow$  (Current)
  - A higher supply voltage will give a higher current for the mos
  - Note that on very low values of current, current doesn't increase very much quadratically with supply voltage, and a higher V<sub>DD</sub> means a higher logic 1 to reach  $\rightarrow$  more time.
- But what matters is that higher load  $\rightarrow$  higher delay. Let's focus on power:

$$P_{\text{dyn}} = \alpha C_D f_{\text{CLK}} V_{\text{DD}}^2$$

$\hookrightarrow$  activating HW<sub>1</sub> increases  $\alpha$ . Higher load.

Note that load capacitance has also effect on power consumption, so even its existence has detectable effects for power consumption but the difference is going to be minimal if not activated.

## PATH DELAY FINGERPRINTING

- You select a few paths to analyze, and of course you need a golden model. Still you have the problem of process variation! Both within die (within die) and between die (inside the chip you still have some process variation).

JMP 47 (page 25)

## Delay-Based Hardware Trojan Detection

- Possible delay-based technique: **Path delay fingerprinting** (similar to the technique seen for counterfeit detection) (e.g., [3])
- A circuit has many paths, each representing one part of the entire circuit characteristic
- The technique measures the delay of **several nominated paths** on **several chips** to bring process variations into account
- Afterwards, the **chips are reversed engineered to ensure they are genuine**, and their measurements are used as a signature
- The same measurements are performed on other chips and compared with the signature
- Any difference can be an indication of Trojan insertion

45

## Process Variations

- Side-Channel Approach for Trojan Detection relies on observing **Trojan effect in physical side-channel parameter**, such as switching current, leakage current, path delay, electromagnetic (EM) emission

- Due to **process variations**, it is extremely challenging to detect the Trojan by considering Fmax or IDDT individually.



46

16

## Process Variations

- Side-Channel Approach for Trojan Detection relies on observing Trojan effect in physical side-channel parameter, such as switching current, leakage current, path delay, electromagnetic (EM) emission



47

## Power-based Side-Channel Analysis: Current (Charge) Integration Method



48

17

↓ BEGIN ↓

NOTA: Process variation doi problemi anche durante power analysis.

Hp: Trojan deve essere almeno almeno parzialmente

Ob: Verificare se P consumata da CVA è quella che ci aspettavamo (quella di un golden chip (o più di un golden chip che ci ha dato valor medio)). Quello che misuriamo è la corrente (come  $\rightarrow$  Potenza,  $P = IV_{DD}$ ). La corrente è definita come derivata della curva. Quindi misurando corrente e integrandola nel tempo troviamo la curva blu erogata da batteria.

NOTA: Tipicamente abbiamo più probe che controllano diverse parti del chip (verso più dell' alimentazione, ce ne sono diversi, non sono tutti collegati alla stessa alimentazione, che è una sola). Perché? Considera rete di alimentazione, formata da metalli <sup>interconnects</sup> che aggiunge resistenze e induttanze parasite. Se il Trojan si trova in una certa area e il pin analizzato è molto lontano, facendo fatica a trovare le differenze per la misurazione dal golden model.

RICORDA: Corrente diversa da quella attesa = sufficientemente diversa per le process variations. Questo è un problema se misuriamo la corrente istantanea, diversa in modo impercettibile. Per questo integriamo nel tempo: più integriamo, maggiore è l'accumulo delle differenze di corrente.

## Current (Charge) Integration Method



- First, a **golden chip** is identified
- Next, an average **current waveform** is formed in response to a **pattern set**
- Then, the pattern set is applied to **each CUA**, and the current is **measured locally** via power pads

- The small current consumption difference between Trojan-inserted and Trojan-free circuits can be increased through the integration process
- In the case of a Trojan's existence in a chip, **more current difference** can be **measured** by applying **more patterns to the chip**, making the Trojan detection task easier

49

## Current (Charge) Integration Method: Analysis

- $I_{\text{Trojan-free}}$ : current drawn by Trojan free circuit
- $I_{\text{Trojan-inserted}}$ : current drawn by Trojan-inserted circuit

- The integration current at time  $t$  for Trojan-free and Trojan-inserted circuits is:

$$Q_{\text{Trojan-free}} = \int_0^t I_{\text{Trojan-free}}(t) dt \quad Q_{\text{Trojan-inserted}} = \int_0^t I_{\text{Trojan-inserted}}(t) dt = \\ = \int_0^t [I_{\text{Trojan-free}}(t) + I_{\text{Trojan}}(t)] dt$$

contribute extra  
 the difference comes  
 down to the drop in line.

- Since the same pattern set is applied to both a golden chip and a CUA, the difference between  $I_{\text{Trojan-free}}$  and  $I_{\text{Trojan-inserted}}$  comes from
  - the additional current drawn by Trojan gates
  - changes in the circuit current due to process variations

COME? Annoyando t.

50

18

## Current (Charge) Integration Method: Analysis

- By integrating the current along the time axis for both chips, their cumulative difference at time  $t$ ,  $D(t)$ , can be increased by applying more patterns

$$D(t) = Q_{Trojan-inserted} - Q_{Trojan-free} = \int_0^t I_{Trojan}(t) dt$$

- When  $D(t) \geq D_{th}$  → the chip is identified as a Trojan-inserted chip
- Threshold  $D_{th}$  is determined by the **Trojan detection timing budget** as well as the **current measurement device resolution**
- Current integration capability does not depend on the location of a Trojan in a circuit, since current is measured locally through power pads → **Trojan circuitry impacts at least one power pad**

51

## Current (Charge) Integration Method: Example



S38417 from ISCAS89 Sequential Benchmark Circuits:  
# 28 inputs  
# 106 outputs  
# 1636 D-type flipflops  
# 13470 inverters  
# 8709 gates (4154 ANDs + 2050 NANDs + 226 ORs + 2279 NORs)

52

19

D La differenza del corrente erogato deve essere superiore a una certa soglia, data da process variazioni ma anche risoluzione (non posso detectare differenze nell'ordine di mA!). Aumentare intervallo di registrazione = aumentare durata del test pulito. In 53 vedrai esempi: 1500-200 Flip Flop (con contatore come trigger). Le differenze che si trovano dipendono dalle differenze relative tra trigger e chip. Bisogna controllare se quelle variazioni sono nell'ordine delle variazioni del processo.

JMP SG

## Current (Charge) Integration Method: Example



53

## Example: Trojan Inserted into s38417 Benchmark



- Current difference measured from power pad 17 (Trojan-free vs Trojan-inserted)
- There is no change in layout of the circuit: Trojan inserted in an unused space in the layout

54

JMP 55

20

NOTE:  $C_L$  changes a bit thanks to the Trojan, but impact is not so high.  
We need to bet on  $\alpha$ , and the right test vectors.

SWITCHING ACTIVITY: We can play with this:  
use test vectors that try to maximize the Trojan switching activity and minimize the remaining

## Power Analysis: Challenges

### Pattern Generation

- ▶ How to increase switching activity in Trojans?
- ▶ How to reduce background noise? Given by measurement instrument, especially for small measurement
- ▶ Switching locality

### Measurement Device Accuracy

- ▶ Measurement noise

I need to generate that  
if I put on chip and  
to make measurements, they  
can be vulnerable to attacks.

We don't know where the T is.

Increases  
measurement time.

### Process Variations

- ▶ Calibration how much of a difference I can expect from PV.

### On-Chip Measurement

- ▶ Vulnerable to attack

### Authentication Time

- ▶ Trojans can be inserted randomly

55

## Delay-based Side Channel Analysis

- Hard to detect using power analysis are:
  - Distributed Trojans
  - Hard-to-activate Trojans
- Path delay: A change in physical dimension of the wires and transistors can also change path delay



56

21

## Comparing Approaches

*> it analyses functionalities.*

|      | Logic Testing                                                                                                                                              | Side-Channel Analysis                                                                                                                                   |
|------|------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------|
| Pros | <ul style="list-style-type: none"> <li>• Robust under process noise</li> <li>• Effective for ultra-small Trojans<br/><i>↳ If we activate it</i></li> </ul> | <ul style="list-style-type: none"> <li>• Effective for large Trojans <i>(②)</i></li> <li>• Easy to generate test vectors</li> </ul>                     |
| Cons | <ul style="list-style-type: none"> <li>• Difficult to generate test vectors</li> <li>• Large Trojan detection<br/><i>↳ NOT EASY TAKES TIME</i></li> </ul>  | <ul style="list-style-type: none"> <li>• Vulnerable to process noise <i>process variation</i></li> <li>• Ultra-small Trojan Det. challenging</li> </ul> |

- A combination of logic testing & side-channel analysis could provide the good coverage!
- Online validation approaches can potentially provide a second layer of defense!

- ① Why? If a Trojan is big from functional POV (takes a lot of circuit inputs to activate): you need a strong combination of inputs to activate, which has a low probability. For side channel it is cheap.
- ② Partial activation (not necessarily functional change) is needed. And what for power analysis only.

The two approaches complete each other. How to combine them to maximize detection? We'll see.

~~END~~

Why does delay side channel analysis can be more effective?

1. No need for activation facilitates detection
2. Commodity detection of distributed bugs easier; difference in power consumption is minimal, but delay monitoring is easier. Distributed impacts delay of many different parts so it is better.

SOLUTION TO ADOPT: REFERENCES TO SLIDE 57. ① ↴

- We have our original circuit (blue) triggered by sys clock.

We saw in the past how to work with clock sweeping, changing clock frequencies to identify interval in which prop. delay falls into.

This solution uses a shadow clock that has same frequency of original one, that has been negatively skewed (we add a delay). So only one clock frequency and place to add skew.

- IDEP: you start shadow clock so you start anticipating the sampling edge of clock and then you sample it,



TPD is enough for clock, shadow clock ① but not for shadow clock ②. You recognise this because comparators will give different values because of different samplings.

Given skew and Tclk how to find delay?

$T_{PD} \approx T_{CLK} - \text{Skew}$  [with some margin of error because I cannot hit the perfect skew]

If you modify skew by adding small chunks (skew-interval), you can give a propagation delay definition in a smaller interval.



Thus is a not so expensive approach!

### • Limitations:

- Of course process variation (golden module comparison)
- With respect to clock skewing, you have extra area overhead (additional clock, shadow reg., comparators etc.). Thus for every path to measure.

SMP 59

## Delay-based Methods: Shadow Register

- **Shadow-register** provides a possible solution for measuring internal path delay
- The basic unit contains **one shadow register**, one comparator and one result register
- **Shadow register clock's negative skew** is gradually increased until the shadow register stores a different (incorrect) value than its main register → we can obtain delay of comb. path as a function of skew amount



57

## Delay-based Methods: Shadow Register

- Shadow-register provides a possible solution for measuring internal path delay.
- The basic unit contains one shadow register, one comparator and one result register.
- **Limitations:**
  - PV
  - Overhead
  - Shadow-clock (negatively skewed wrt system clock)



58

22

## Delay-based Methods: Clock Sweeping

- Clock sweeping involves applying a pattern at different clock frequencies, from a lower speed to higher speeds
- Some paths sensitized by the pattern which are longer than the current period start to fail when the clock speed increases
- The obtained start-to-fail clock frequency can indicate the delays of the paths sensitized by the patterns



59

## Delay Analysis -- Challenges

- Major advantage over power analysis: No activation is required. } MAIN ADVANTAGE; easier to measure smaller delay differences rather than power.
- Detection and Isolation**
  - How significant is the delay inserted by Trojan?
  - It depends on Trojan size and type
  - Location: on short paths or long paths
- Pattern Generation**
  - Delay test patterns You still need test inputs to have propagation. To measure
  - Path Coverage
- Process Variations ( $V_{thr}$ ,  $L$ ,  $T_{ox}$ )**
  - Impact circuit delay characteristics significantly
  - Differentiate between Trojan and PV
- Trojan can have impact on multiple paths → advantage GOOD

60

23