A Novel Use of Approximate Circuits to Thwart
Hardware Trojan Insertion and Provide Obfuscation
H. Martin and L. Entrena
Department of Electronics Technology
Universidad Carlos III de Madrid
(hmartin,entrena)@ing.uc3m.es
Abstract—Hardware Trojans have become in the last decade a
major threat in the Integrated Circuit industry. Many techniques
have been proposed in the literature aiming at detecting such
malicious modifications in fabricated ICs. For the most critical
circuits, prevention methods are also of interest. The goal of
such methods is to prevent the insertion of a Hardware Trojan
thanks to ad-hoc design rules. In this paper, we present a novel
prevention technique based on approximation. An approximate
logic circuit is a circuit that performs a possibly different but
closely related logic function, so that it can be used for error
detection or error masking where it overlaps with the original
circuit. We will show how this technique can successfully detect
the presence of Hardware Trojans, with a solution that has a
smaller impact than triplication.
Index Terms—Hardware Trojan, Approximation.
I. I NTRODUCTION
The most straightforward way to deal with Hardware Tro-
jans (HTs) is the detection of potential HTs in fabricated ICs.
This is commonly done though side-channel analysis [1] or
logic testing [2]. However, HT detection is very challenging
since HTs are assumed to be designed stealthy enough to evade
detection. To tackle HTs in a more efficient way than post-
fabrication detection, prevention methods have been proposed.
These so called Design-for-Trust or Design-for-Hardware-
Trust (DfHT) techniques [3] include the encoding of internal
registers, scan flip-flops insertion and encryption.
HTs represent an all the more important threat for critical
ICs such as ICs devoted to space applications. Such ICs, for
which a fault (intentional or not) is inadmissible, have received
a special attention due to their paramount importance and cost.
For mitigating the effect of single event upsets and single
event transients, designers make use of well known fault-
tolerance techniques based on full replication: Dual or Triple
Modular Redundancy (DMR or TMR). The use of DRM and
TMR to thwart HT has been introduced in [4], [5]. However,
straightforward replication is not considered as an obstacle to
insert an HT in these ICs. Indeed, replicating the HT in all
replica of the original circuit will successfully activate the HT.
In this paper, we propose the use of a novel approximation
circuit technique [6] in order to prevent the insertion of an HT.
In addition, we will take advantage of the differences between
the golden and the approximate circuits in order to obfuscate
the final design.
Funded by:ESP2015-68245-C4-1-P.
978-1-5386-5992-2/18/$31.00 2018
c IEEE
S. Dupuis and G. Di Natale
LIRMM
Univ. Montpellier, CNRS
(dinatale,dupuis)@lirmm.fr
II. A PPROXIMATED TMR DETECTION APPROACH
Our approach combines two well-known techniques in the
field of HT detection and Design-for-Reliability. On the one
hand, our approach makes use of a logic-based detection
principle that consists in the discovery of signals that are
most likely to be used as trigger inputs. On the other hand,
an approximate TMR scheme is used to detect and mask the
errors induced by HTs.
Firstly, it is necessary to assess the testability of the different
nodes in order to apply different approximation approaches.
For this purpose, a stuck-at fault model is applied on this
process using the simulation tool HOPE [7]. HOPE provides
information about the faults which are detected/undetected for
each test vector, so the fault sensitivity will depend on the set
of test vectors. We have generated two different sets of test
vectors.
The first set of vectors is composed of 50000 random test
vectors, including stuck-at vectors provided by the Tetramax
ATPG tool.The second set of vectors is obtained thanks to
a tool generating vectors dedicated to HT detection [2].This
tool takes into account not only the controllability of potential
trigger input signals, but also, their time margin and proximity
in the layout.
Each set of vectors will lead to a different fault sensitivity
and hence, to different approximate circuits. The set that
contains the 50000 random test vectors will derive in a more
representative distribution of the fault sensitivity while the
set that contains the test vectors dedicated to HT triggering
will generate a biased error distribution towards the low
controllable nodes.
After that, approximations are generated selecting the
thresholds. In this case, nodes which fault sensitivity are under
the threshold values are approximated. Using this approach,
the nodes with a low fault sensitivity are tied to logic constants.
The lower the testability threshold, the fewer faults approx-
imated, which implies that approximate circuits are more
similar to the original one and therefore the error masking
rate is higher. Conversely, higher testability threshold allows
approximating more faults, reducing the error masking rate
and the resources consumption [8].
Setting an appropriate testability threshold for each ap-
proach is of paramount importance in order to reach a trade-off
41
 Undetected Errors Detected Errors Area
100%100%100%100%100%100%100%100%100% 104
2500 2.4
2.2
2000
2 2
1.8
1500
55.1% 1.6
1.4
1000
1.2
1 1
500
0.8
0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0%
0 0.6
TMR 1 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95
Thresholds
Fig. 1. Undetected/detected errors and area vs thresholds (RND vectors)
between resources consumption, obfuscation and error detec-
tion and correction. After the circuit analysis and the selection
of approach and thresholds, approximations are generated for
each case. Faults which produce an under-approximation are
assigned to one of the replicas of the original circuit, and faults
that generate an over-approximation are assigned to the other
replica. Using these approximations, an approximate TMR is
generated. As in [4], it is important to note that the voting
system will be subjected to an exhaustive test in order to
guarantee that is an HT-free block. In addition, the obfuscation
of the complete scheme will be increased by synthesising,
placing and routing in different layouts each of the TMR
blocks (Original, over and under approximations).
III. E XPERIMENTAL R ESULTS AND ANALYSIS
To demonstrate the suitability of the proposed approach, we
applied it to a well-known circuit of the ISCAS’85 benchmark
set (c7552) [9]. In order to test our proposal, 30 infected
circuits that contain an HT have been generated using the
assumptions described in [2]. The inserted HTs have been
designed in order to be triggered by so-called rare conditions
i.e. subsets of low controllable signals individually excited to
their rare value. Different sizes of triggers have been created:
2, 4 and 8 inputs-triggers. The HTs’ payloads consist in a XOR
gate that inverts a randomly chosen output when the trigger is
activated.
After that, a TMR scheme has been generated for each
approximate circuit, replacing the original circuit by an in-
fected circuit. Each TMR scheme has been simulated using
50000 random test vectors (different from those used in the
generation) in Modelsim and then synthesised using Saed90
library, Synopsys and the default synthesis options.
Fig.1 and Fig.2 show the results for the c7552 circuit. In
this case, 2493 errors have been originated by the HTs. The
best results were obtained when random vectors (RND) were
used to generate the approximations. It is noteworthy the area
42 24th International Symposium on On-Line Testing and Robust System Design (IOLTS 2018)
Undetected Errors Detected Errors Area
98.7%98.7%100% 100% 104
2500 2.4
89.9%
2.2
81.8%
2000
71.3%
1.8
1500
1.6
45.6%
1.4
1000 36.4%36.4%36.4%
1.2
26.1%
500
5.5% 9.7%
0.8
3.7%
0% 0% 0% 0% 0.2% 0.2%
0 0.6
TMR 1 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95
Thresholds
Fig. 2. Undetected/detected errors and area vs thresholds (INF vectors)
savings in both cases, RND and INF. It is necessary to reach a
good trade-off between area saving, protection and obfuscation
in order to thwart effectively the insertion of HTs.
IV. C ONCLUSION
A novel design-for-trust approach has been proposed to
fight against HT insertion. The idea is to take advantage of
approximate logic circuits in order to create a lightweight
TMR scheme. Furthermore, the use of approximate logic
circuits prevents the insertion of an HT in each replicate.
Experimental results have shown that it was possible to create
circuits that were less expensive in area than a conventional
TMR, able to detect all the stealthy HTs that we inserted.
R EFERENCES
[1] D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar, “Trojan
Detection using IC Fingerprinting,” in IEEE Symposium on Security and
Privacy (SP), 2007, pp. 296–310.
[2] S. Dupuis, P.-s. Ba, M.-l. Flottes, G. Di Natale, and B. Rouzeyre,
“New Testing Procedure for Finding Insertion Sites of Stealthy Hardware
Trojans,” in Design Automation & Test in Europe (DATE), 2015, pp. 776–
781.
[3] J. Rajendran, O. Sinanoglu, and R. Karri, “Regaining Trust in VLSI
Design: Design-for-Trust Techniques,” Proceedings of the IEEE, Special
Issue on Trustworthy Hardware, vol. 102, no. 8, pp. 1266–1282, 2014.
[4] M. Palanichamy and et al., “Duplication-based concurrent detection of
hardware trojans in integrated circuits,” in Trustworthy Manufacturing
and Utilization of Secure Devices (TRUDEVICE), 2016, pp. 1–4.
[5] N. B. Gunti and K. Lingasubramanian, “Effective usage of redundancy to
aid neutralization of hardware Trojans in Integrated Circuits,” Integration,
the VLSI Journal, vol. 59, no. January, pp. 233–242, 2017.
[6] A. Sanchez-Clemente, L. Entrena, G.-V. M., and C. Lopez-Ongil, “Logic
masking for set mitigation using approximate logic circuits,” in IEEE
International On-Line Testing Symposium (IOLTS), 2012, pp. 176–181.
[7] H. K. Lee and D. S. Ha, “Hope: an efficient parallel fault simulator for
synchronous sequential circuits,” IEEE Transactions on Computer-Aided
Design of Integrated Circuits and Systems, vol. 15, no. 9, pp. 1048–1058,
Sep 1996.
[8] A. Sanchez-Clemente, “Transient error mitigation by means of approx-
imate logic circuits,” Ph.D. dissertation, Departamento de Tecnologia
Electronica, Universidad Carlos III de Madrid, Nov 2017.
[9] F. Brglez and H. Fujiwara, “A neutral netlist of 10 combinatorial
benchmark circuits and a target translator in FORTRAN,” in In Int.
Symposium on Circuits and Systems, ISCAS’85.