Hardware trojan detection technique using frequency characteristic analysis of path delay in application specific integrated circuits

Journal of Science and Technology on Information Security 
36 No 2.CS (10) 2019 
Van Phuc Hoang, Thai Ha Tran, Ngoc Tuan Do, Hai Duong Nguyen 
 
Abstract— Since the last decade, 
hardware Trojan (HT) have become a serious 
problem for hardware security because of 
outsourcing trends in Integrated Circuit (IC) 
manufacturing. As the fabrication of IC is 
becoming very complex and costly, more and 
more chipmakers outsource their designs or 
parts of the fabrication process. This trend 
opens a loophole in hardware security, as an 
untrusted company could perform malicious 
modifications to the golden circuit at design or 
fabrication stages. Therefore, assessing risks 
and proposing solutions to detect HT are very 
important tasks. This paper presents a 
technique for detecting HT using frequency 
characteristic analysis of path delay. The 
results show that measuring with the 
frequency step of 0.016 MHz can detect a HT 
having the size of 0.2% of the original design. 
Tóm tắt— Từ thập niên 2010, Trojan phần 
cứng (HT) đã trở thành một vấn đề nghiêm 
trọng đối với bảo mật phần cứng, do xu hướng 
thuê sản xuất mạch tích hợp (Integrated 
Circuit - IC). Khi quá trình chế tạo IC trở nên 
phức tạp và tốn kém, ngày càng nhiều nhà sản 
xuất chip lựa chọn phương án thuê lại một 
phần hoặc toàn bộ thiết kế IC. Xu hướng này 
tạo ra lỗ hổng trong bảo mật phần cứng, vì 
một công ty không đáng tin cậy có thể thực 
hiện các sửa đổi độc hại vào trong mạch 
nguyên bản ở giai đoạn thiết kế hoặc chế tạo. 
Do đó, đánh giá rủi ro và đề xuất giải pháp 
phát hiện HT là một trong những nhiệm vụ 
hết sức quan trọng. Bài báo này trình bày một 
giải pháp phát hiện HT sử dụng phân tích đặc 
This manuscript is received September 7, 2019. It is 
commented on October 18, 2019 and is accepted on October 
21, 2019 by the first reviewer. It is commented on November 
2, 2019 and is accepted on November 6, 2019 by the second 
reviewer. 
tính tần số của độ trễ đường truyền tín hiệu. 
Kết quả cho thấy, thực hiện khảo sát với bước 
tần số 0,016 MHz có thể phát hiện được HT có 
kích thước 0,2% so với thiết kế ban đầu. 
Keywords— Hardware Trojan; path delay, 
side-channel analysis, hardware security. 
Từ khóa— Trojan phần cứng, trễ đường 
truyền, phân tích kênh kề, bảo mật phần cứng. 
I. INTRODUCTION 
HT is a malicious module inserted in the 
Integrated Circuits during design or fabrication 
processes. An HT consists of two parts by 
common, namely Trigger and Payload. The 
Trigger is the condition that HT changes from 
the inactive state to the active state. Payload 
executes the HT’s function. Once inserted, HT 
can perform dangerous tasks such as Denial of 
Service, extract secret information or change 
behavior of the circuit... Detection and 
prevention are two main categories to protect 
embedded systems from the risk of HT [1, 2]. 
Prevention consists of modifying the original 
circuit during the conception phase to make a 
secure design, to assist another detection 
technique or to create a trusted production 
chain. On the other hand, detection includes 
techniques to determine whether or not HT is in 
the design. Classification of the existing HT 
detection techniques is shown in Fig.1: 
Hardware Trojan Detection Technique 
Using Frequency Characteristic Analysis of 
Path Delay in Application Specific 
 Integrated Circuits
Nghiên cứu Khoa học và Công nghệ trong lĩnh vực An toàn thông tin 
 No 2.CS (10) 2019 37 
HT detection 
techniques
Non-Destructive Destructive
Test-time Run-Time
Logic test
Side-Channel 
Analysis
Delay Power
Fig.1. HT detection techniques 
Side-channel analysis (SCA) is considered as 
one of the most effective technique to detect 
HT. In these methods, side-channel signals such 
as power, current, electromagnetic and delay are 
used for HT detecting. Typically, HT insertion 
results in the change of physical characteristic 
of circuits in some parameters. Hence, in SCA 
methods, these parameters can be used to detect 
HT by comparing with the golden circuit. The 
most common parameters used for detecting HT 
are power and delay. Also, in most of the 
techniques based on power, HT activation is 
necessary but it is not necessary when using 
delay [3]. Various delay-based detection 
methods are proposed as follows: 
 A fingerprint is generated by measuring the 
delay and comparing it with a golden circuit 
fingerprint [4]. This method tries to generate 
the test vectors covering maximum outputs 
and uses them to measure the path delays. 
There is no hardware overhead, however, in 
complex circuits with a large number of 
inputs and outputs, measuring all path delays 
is difficult and takes a lot of time. Also, 
generating test vectors for all paths is 
complicated and it may not be able to cover 
all desired states. 
 In the method using shadow register, some 
registers are placed beside the circuit 
registers with the same input as circuit 
registers and different clocks by different 
phases and use them to measure delay [5]. 
 Another method is proposed to use path 
delays to detect HT [6]. In this method, path 
delays in the k shortest paths are measured 
and compared to the corresponding path in 
the golden circuit. Detection probability in 
this method depends on two factors: the 
number of measured paths and delay 
measurement precision. The results show 
that measuring the delays on 20 paths with 
an accuracy of 0.01 ns can detect more than 
80 % of Trojans. However, the main problem 
of this method is not flexible because it uses 
ISE reports (Timing Analyzer tool) to get 
delay paths [7]. Also, these reports only 
include information about paths from input 
to output signals. 
These above mentioned methods focus on 
timing characteristics. In this paper, we propose 
a new approach to detect HT using frequency 
characteristic analysis of path delay. This  ... )
RF_OUT
fout = f
Fig.5. Algorithm of the proposed program 
 Change_Freq is a subprogram to 
change the frequency of signal 
generator, determine the pair of values 
( , ) f f . At the previous loop, assuming 
that the pair values of frequency and its 
step are ( , ) old oldf f . Choosing 
Coarse_step or Fine_step process will 
depend on j - the number of bits is being 
checked. Then, ( , ) f f is sent to the 
next subprogram called RF_OUT. 
 In coarse_step process: 
+ if 0 j : step frequency will get previous 
value: 
 oldf f (2) 
+ if 0 j : the new step value will be less 
than the old value four times: 
4
 old
f
f (3) 
and 
 oldf f f (4) 
Journal of Science and Technology on Information Security 
40 No 2.CS (10) 2019 
- Fine_step process: step frequency will be 
changed based on bisection method: 
2
 old
f
f (5) 
True
j = 1 
INIT
BEGIN
END
False
Coarse_step
f, Δf
Fine_step
Fig.6. Flowchart of Change_Freq subprogram 
 RF_OUT: this is a program to connect 
and control parameters on the signal 
generator. When the connection is 
successful, the required parameters from 
the PC will be sent, such as frequency, 
state, signal level, and so on. 
 Check_Points: at each frequency, PC sends 
capture_en command to Board_Under_Test, 
then receives 128 bits of the desired data. This 
operation is repeated 20 times. Then, it 
compares each bit of capture_data with 
reference data that was tested and stored in the 
database, if there are more than 10 different 
values and the process in Change_Freq is 
Fine_step, the number of checked bits will 
increment. When m bits are checked, the 
measurement results are saved to the database 
that will be used for evaluation. 
III. STRUCTURE OF DATABASE 
The block diagram of AES_128 is shown in 
Fig.7. This is a program that was written for 
Trojan benchmarks [9] and its architecture is 
the pipeline. The survey process will evaluate 
the difference in distance between points in 
one of the rounds. The selected round is 
random and can be changed. In this research, 
the first round is evaluated, so input and output 
signals are S0 and S1, respectively. 
AES_128
clk
state
key
128
128
s0
k0
expand_key_128
a1
Final_round
sout
128
+
k0
8'h1
k0b
k1
a9
k8
8'h1b
k8b
k9
a10
k9
8'h36
k9b
one_round
r1
k0b
s0
s1
r9
k8b
s8
s9
r10
k9b
s9
out
s1_out
128
Fig.7. Block diagram of 128-bit AES core 
Msg is selected as the pair of values Msg_0 
and Msg_1 corresponding to the output of S1 
contains all of bits 0 or all of bits 1 (Table 1). 
Msg_0 is used to set an initial value for 
registers and signals inside AES. For ILA_tiny, 
the Conditions input has a value equal Msg_1. 
Thus, when changing Msg, the condition in 
Eq.(1) is satisfied. After two periods of the 
clock, S1 will contain all of the bits to 1 which 
is the desired data capture_data. The selected 
inputs of AES as follows: 
Key = "00112233445566778899aabbccddeeff" 
Msg_0= "5aa6044e28ec2d1596cae34557eac82c" 
Msg_1= "f8a89d615fe23b9a3ca0223df0615106" 
At each measurement, the corresponding 
critical values are saved. With a mathematical 
model, this result is represented in the form of a 
row vector, each element is the frequency 
corresponding to each bit of S1. To ensure the 
statistical properties, the survey process was 
carried out in N trials. Finally, the data set of 
measurement results is presented in the form of 
a matrix with a size of N×128. 
0 0.0 0.1 0.127
1.0 1.1 1.1271
N 1.0 N 1.1 N 1.1271 
 N
f f f
f f f
f f f
f
f
f
f
 (6) 
where: 
if : Row vector, its size is 1 128 resulted in 
i-th trial; 
Nghiên cứu Khoa học và Công nghệ trong lĩnh vực An toàn thông tin 
 No 2.CS (10) 2019 41 
.i jf : Element in row i, column j, it is 
presented critical frequency corresponding to j-
th bit of S1 in the i-th trial. 
From (6), the HT can be detected based on 
the pair of values ( , ) j j for each bit, where: 
 Mean value: 
 0 1 127   μ (7) 
1
.
0
1

 
N
j i j
i
f
N
 (8) 
 Variance: 
 2 2 2 2
0 1 127
   σ (9) 
1
2
2
.
0
1
 
 
N
j i j j
i
f
N
 (10) 
TABLE 1. VALUE OF EACH TRANSFORMATION 
IN ROUND 1 
State Use Msg_0 Use Msg_0 
Msg 
(Initial state) 
5a 28 96 57 
a6 ec ca ea 
04 2d e3 c8 
4e 15 45 2c 
f8 5f 3c f0 
a8 e2 a0 61 
9d 3b 22 51 
61 9a 3d 06 
Key 
(Initial round key) 
00 44 88 cc 
11 55 99 dd 
22 66 aa ee 
33 77 bb ff 
00 44 88 cc 
11 55 99 dd 
22 66 aa ee 
33 77 bb ff 
S0 
(State at 
start of Round 1) 
5a 6c 1e 9b 
b7 b9 53 37 
26 4b 49 26 
7d 62 fe d3 
f8 1b b4 3c 
b9 b7 39 bc 
bf 5d 88 bf 
52 ed 86 f9 
After SubBytes 
be 50 72 14 
a9 56 ed 9a 
f7 b3 3b f7 
ff aa bb 66 
41 af 8d eb 
56 a9 12 65 
08 4c c4 08 
00 55 44 99 
After ShiftRows 
be 50 72 14 
56 ed 9a a9 
3b f7 f7 b3 
66 ff aa bb 
41 af 8d eb 
a9 12 65 56 
c4 08 08 4c 
99 00 55 44 
After MixColumns 
c0 84 0c c0 
39 6c f5 28 
34 52 f8 16 
78 0f b4 4b 
3f 7b f3 3f 
c6 93 0a d7 
cb ad 07 e9 
87 f0 4b b4 
AddRoundkey 
c0 84 0c c0 
39 6c f5 28 
34 52 f8 16 
78 0f b4 4b 
c0 84 0c c0 
39 6c f5 28 
34 52 f8 16 
78 0f b4 4b 
S1 
(State at start 
of Round 2) 
00 00 00 00 
00 00 00 00 
00 00 00 00 
00 00 00 00 
ff ff ff ff 
ff ff ff ff 
ff ff ff ff 
ff ff ff ff 
IV. HT DETECTION RESULTS 
In order to evaluate the impact of HT in 
FPGAs, we need to keep the same placement 
and routing between the golden and HT infected 
circuits. Hence, the only difference between 
them is the logic utilized for implementing the 
HT logic. Chip Planner in Altera Quartus II and 
Xilinx FPGA Editor in Xilinx ISE/Vivado 
Suites are two basic tools that can insert HTs 
without modifying the designed routing. There 
are four main steps to implement HT with 
Xilinx FPGA Editor tool [10]: 
1) Perform Synthesize, Translate, Map, Place 
& Route steps for the original circuit. 
2) Extract the Native Circuit Description 
(NCD) file which contains the logic, placement 
& routing information of the original circuit as 
the golden model. 
3) Using the FPGA Editor to insert HT in 
unused LUTs and slices of FPGA with the NCD 
file, manually or by a script. 
4) Generate bit files for both original and HT 
infected designs with FPGA Editor. 
LUT_B
in_B
LUT_A
in_1
in_2
net_1
net_2 out_A
out_B
Round 1
Fig.8. Algorithm of the proposed program 
With this method, we can ensure that the 
placement and routing of the original circuit are 
the same in both golden and HT infected circuit. 
We explain how to add HT in the third step as 
follows: 
Create Trigger component of HT: 
 Randomly select an unused LUT, 
denoted by LUT_A; 
 Select signals related to Round 1, assume 
that two selected signals are net_1 and 
net_2. These nets are routed to in_1 and 
in_2 of LUT_A; 
 Change the function of LUT_A so that 
HT is not activated. 
Create Payload component of HT: 
 Randomly select a used LUT in Round 1, 
denoted by LUT_B. Note that LUT_B has 
at least a free pin. 
 Connect out_A to in_B, then changing 
LUT_B’s function. 
Journal of Science and Technology on Information Security 
42 No 2.CS (10) 2019 
In this work, two selected nets are S0[126] 
và S0[125]. There is only an OR gate in LUT_A. 
From Table 1, in_B is always “True” when 
MSG is either Msg_0 or Msg_1. LUT_B’s 
function is given by: 
 _ ( ) out B f B . (11a) 
When adding the in_B into LUT_B’pin, its 
function is modified so that the value of output 
is not changed. Here, an AND gate is used: 
 _ ( ) _ out B f B AND in B . (11b) 
TABLE 2. CRITICAL FREQUENCIES 
OF S1[0:1] (MHz) 
Trials 
S1[0] S1[1] 
Without 
HT 
With 
HT 
Without 
HT 
With 
HT 
1 416.970 417.513 418.438 418.902 
2 417.225 417.587 418.311 418.960 
3 417.102 417.442 418.444 418.991 
4 417.098 417.472 418.183 419.115 
5 417.095 418.066 418.433 419.329 
6 416.960 417.882 418.492 419.320 
7 417.630 418.002 419.035 419.376 
8 417.789 417.834 419.068 419.110 
9 416.971 417.852 418.265 419.081 
10 417.500 417.404 419.107 418.760 
j 417.234 417.705 418.577 419.094 
j 0.282 0.234 0.334 0.189 
TABLE 3. CRITICAL FREQUENCIES 
OF S1[126:127] 
Trials 
S1[126] S1[127] 
Without 
HT 
With 
HT 
Without 
HT 
With 
HT 
1 356.569 357.119 358.808 359.357 
2 356.319 357.097 358.619 359.365 
3 357.156 357.100 359.267 359.433 
4 356.513 357.150 358.813 359.390 
5 356.514 357.482 358.813 359.717 
6 356.568 357.409 358.742 359.582 
7 357.409 357.381 359.615 359.760 
8 357.281 357.378 359.487 359.645 
9 357.005 357.474 359.162 359.618 
10 356.622 357.059 358.972 359.248 
j 356.795 357.264 359.029 359.511 
j 0.360 0.164 0.319 0.164 
In this research, the Board_Under_Test is 
Sakura-G board and the signal generator is 
Rohde&Schwarz SMBV100A [11, 12]. In our 
implementation, the size of the genuine and 
infected circuit is 626 and 627 slices, 
respectively. This information is presented in 
Xilinx’s reports or the number of slices in 
FPGA Editor. So, we have an infected circuit 
with HT of size 0.2% of the original one. Fig.9 
is the normal distributions of the critical 
frequencies corresponding to the benchmark 
circuits S1[0], S1[1], S1[126] and S1[127]. 
Fig.9. Distributions of the critical frequencies 
corresponding to path delays 
(a) 
(b) 
Fig.10. Using frequency charateristic 
combined with fingerprint 
In addition, combining fingerprints can be a 
solution to determine whether or not HT is in the 
design. Firstly, this method finds the smallest 
critical frequency. Then, fingerprint is a set of 
differences between the remaining points and this 
frequency. We can see that the fingerprints of the 
two circuits are nearly overlapping (Fig.10a), the 
difference is more evident with the segment in 
Fig.10b. 
Nghiên cứu Khoa học và Công nghệ trong lĩnh vực An toàn thông tin 
 No 2.CS (10) 2019 43 
IV. CONCLUSION 
This paper presented the new technique to 
detect HT using frequency characteristic analysis of 
path delay. The preliminary hardware 
implementation results in the FPGA platform have 
clarified the feasibility of the proposed method. 
Similar to other SCA based detection methods, the 
experiment’s conditions are constant or negligibly 
changed, such as temperature, the accuracy of 
frequency, and so on. In future work, we will 
improve the proposed method to achieve better 
results with more detail analysis. 
ACKNOWLEDGMENT 
This work is funded by the research project 
under grant number HNQT/TKCG/04.20. 
REFERENCES 
[1]. Swarup Bhunia, Mark M. Tehranipoor, “The 
Hardware Trojan War: Attacks, Myths, and Defenses,” 
Springer, pp. 15-51, 2018. 
[2]. Xuan Thuy Ngo, Van Phuc Hoang and Han Le Duc, 
“Hardware Trojan threat and its countermeasures,” 
NAFOSTED Conference on Information and 
Computer Science, pp. 36-51, 2018. 
[3]. Hao Xue, Saiyu Ren, “Hardware Trojan detection by 
timing measurement theory and implementation,” 
Microelectronics Journal, vol. 77, pp. 16-25, 2018. 
[4]. Jin and Y. Makris, “Hardware Trojan detection using 
path delay fingerprint,” IEEE Int. Workshop 
Hardware-Oriented Security and Trust, 2008, pp. 51-
57, IEEE, 2008. 
[5]. L. Jie, J. Lach, “At-speed delay characterization for IC 
authentication and Trojan Horse detection,” IEEE Int. 
Workshop Hardware-Oriented Security and Trust, 
2008, pp. 8-14, IEEE, 2008. 
[6]. A. Amelian and S.E. Borujeni, “A Side-Channel 
Analysis for Hardware Trojan detection based on Path 
Delay Measurement,” Journal of Circuits, Systems, 
and Computers Vol. 27, No. 9, (2018). 
[7]. Xilinx, “Timing Closure User guide,” UG612 (v13.3) 
October 19, 2011. 
[8]. Xilinx, LogiCORE IP ChipScope Pro Integrated Logic 
Analyzer (ILA) (v1.04a), DS299, June 2011. 
[9]. Trojan Benchmarks, AES-T1500, 
https://www.trusthub.org/resource/benchmarks/AES/ 
AES-T1500.zip. 
[10]. Xuan Thuy Ngo, Prevention and Detection of 
Hardware Trojan in Integrated Circuits, PhD Thesis, 
Telecom ParisTech, 2016. 
[11]. Sakura-G specification ver 1.0, 
A-G_Spec_Ver1.0_English.pdf 
[12]. Rohde&Schwarz, R&S SMBV100A Vector Signal 
Generator Operating Manual, 2017.Bertoni, G., et al. 
Sponge functions. in ECRYPT hash workshop. 2007. 
Citeseer. 
ABOUT THE AUTHORS 
PhD. Associate Professor 
Van Phuc Hoang 
Workplace: Deputy Head, 
Department of Microelectronics & 
Microprocessing, Le Quy Don 
Technical University. 
Email: phuchv@lqdtu.edu.vn 
The education process: Received 
B.S. degree and M.S. degree from Le Quy Don Technical 
University. Ph.D. degree in Electronic Engineering from 
The University of Electro-Communications, Tokyo, Japan 
in 2012. 
Research today: Hardware security, Embedded system 
design for Internet of Things (IoT); Digital VLSI/ASIC 
design and FPGA-based system hardware design. 
MSc. Thai Ha Tran 
Workplace: Le Quy Don Technical 
University. 
Email: hathaitran@lqdtu.edu.vn 
The education process: received 
B.S. degree and M.Sc. degree from 
Faculty of Radio & Electronic 
Engineering, Le Quy Don Technical 
................................University. 
Research today: Micro-electronics and hardware 
security; Digital Signal processing 
MSc. Ngoc Tuan Do 
Workplace: Le Quy Don 
Technical University. 
Email: ngoctuansqtt@gmail.com 
The education process: Received 
B.S. degree from 
Telecommunications University 
and M.S. degree from Le QuyDon 
...................................Technical University. 
Research today: Hardware security and embedded system. 
PhD. Hai Duong Nguyen 
Workplace: Le Quy Don Technical 
University 
Email:mta.haiduongnguyen@gmail.
com 
The education process: B.S. 
degree, M.S. degree from Le Quy 
Don Technical University, and 
Ph.D. degree from Bauman Moscow State Technical 
University, Russia. 
Research today: Embedded system, hardware security 
and parallel system.