Table of Contents
Fetching ...

Reference-Free EM Validation Flow for Detecting Triggered Hardware Trojans

Mahsa Tahghigh, Hassan Salmani

TL;DR

This work tackles the challenge of detecting triggered hardware Trojans without golden references by introducing a reference-free EM side-channel flow. It converts per-trace EM signals into time–frequency scalograms via $\text{CWT}$, learns discriminative features with a CNN, reduces dimensionality with PCA, and performs unsupervised clustering with BGMM, yielding interpretable confidence metrics such as $\alpha_{post}$, $\beta_{post}$, $\Delta \text{BIC}$, and $D$. Experimental validation on AES-128 cores with four HTs demonstrates clear separability between HT-free and HT-activated states, with robust performance across PCA thresholds and activation patterns, supporting potential runtime and in-field trust assurance. The approach offers a scalable, design-agnostic framework for post-silicon HT validation that provides quantitative, interpretable evidence of tampering without requiring golden data or design access, signaling a practical path for trusted microelectronics in distributed manufacturing.

Abstract

Hardware Trojans (HTs) threaten the trust and reliability of integrated circuits (ICs), particularly when triggered HTs remain dormant during standard testing and activate only under rare conditions. Existing electromagnetic (EM) side-channel-based detection techniques often rely on golden references or labeled data, which are infeasible in modern distributed manufacturing. This paper introduces a reference-free, design-agnostic framework for detecting triggered HTs directly from post-silicon EM emissions. The proposed flow converts each EM trace into a time-frequency scalogram using Continuous Wavelet Transform (CWT), extracts discriminative features through a convolutional neural network (CNN), reduces dimensionality with principal component analysis (PCA), and applies Bayesian Gaussian Mixture Modeling (BGMM) for unsupervised probabilistic clustering. The framework quantifies detection confidence using posterior-based metrics (alpha_{post}, beta_{post}), Bayesian information criterion (Delta BIC), and Mahalanobis cluster separation (D), enabling interpretable anomaly decisions without golden data. Experimental validation on AES-128 designs embedded with four different HTs demonstrates high separability between HT-free and HT-activated conditions and robustness to PCA variance thresholds. The results highlight the method's scalability, statistical interpretability, and potential for extension to runtime and in-field HT monitoring in trusted microelectronics.

Reference-Free EM Validation Flow for Detecting Triggered Hardware Trojans

TL;DR

This work tackles the challenge of detecting triggered hardware Trojans without golden references by introducing a reference-free EM side-channel flow. It converts per-trace EM signals into time–frequency scalograms via , learns discriminative features with a CNN, reduces dimensionality with PCA, and performs unsupervised clustering with BGMM, yielding interpretable confidence metrics such as , , , and . Experimental validation on AES-128 cores with four HTs demonstrates clear separability between HT-free and HT-activated states, with robust performance across PCA thresholds and activation patterns, supporting potential runtime and in-field trust assurance. The approach offers a scalable, design-agnostic framework for post-silicon HT validation that provides quantitative, interpretable evidence of tampering without requiring golden data or design access, signaling a practical path for trusted microelectronics in distributed manufacturing.

Abstract

Hardware Trojans (HTs) threaten the trust and reliability of integrated circuits (ICs), particularly when triggered HTs remain dormant during standard testing and activate only under rare conditions. Existing electromagnetic (EM) side-channel-based detection techniques often rely on golden references or labeled data, which are infeasible in modern distributed manufacturing. This paper introduces a reference-free, design-agnostic framework for detecting triggered HTs directly from post-silicon EM emissions. The proposed flow converts each EM trace into a time-frequency scalogram using Continuous Wavelet Transform (CWT), extracts discriminative features through a convolutional neural network (CNN), reduces dimensionality with principal component analysis (PCA), and applies Bayesian Gaussian Mixture Modeling (BGMM) for unsupervised probabilistic clustering. The framework quantifies detection confidence using posterior-based metrics (alpha_{post}, beta_{post}), Bayesian information criterion (Delta BIC), and Mahalanobis cluster separation (D), enabling interpretable anomaly decisions without golden data. Experimental validation on AES-128 designs embedded with four different HTs demonstrates high separability between HT-free and HT-activated conditions and robustness to PCA variance thresholds. The results highlight the method's scalability, statistical interpretability, and potential for extension to runtime and in-field HT monitoring in trusted microelectronics.
Paper Structure (6 sections, 1 equation, 8 figures, 2 tables)

This paper contains 6 sections, 1 equation, 8 figures, 2 tables.

Figures (8)

  • Figure 1: EM-Based Detection flow for Triggered Hardware Trojans.
  • Figure 2: Experimental Setup.
  • Figure 3: $8 \times 8$ heatmaps displaying the peak-to-peak difference in EM signals. (a) illustrates the baseline signal without AES, while (b) reveals the impact of AES implementation on signal amplitude.
  • Figure 4: Representative EM traces and corresponding time–frequency scalograms captured from FPGA regions with and without AES activity. The weak signal from inactive grid X0Y1 contrasts with the stronger emissions from the AES region X3Y7. The scalograms illustrate how hardware Trojan (HT#1) activation alters the time–frequency structure of the EM signal, changing both its energy distribution and waveform morphology.
  • Figure 5: (1) Cumulative PCA variance for the information-leakage hardware Trojan (HT#1); (2) normalized weighted sum of PCs of AES-128 under HT activation; and (3) BGMM-identified Gaussian clusters revealing distinct leakage behavior.
  • ...and 3 more figures