Layout-Only Hardware Trojans: Attack Vectors and a Non-Golden Model Reverse Engineering-Based Counterstrategy

Globally distributed microelectronic supply chains have disrupted trust in silicon hardware and have drawn academia’s attention toward different scenarios of malicious circuit modifications, i.e., hardware Trojans. This dynamic hardware environment, including open-source approaches and evermore outsourcing, requires constant reassessment of offensive and defensive aspects. Based on an untrusted foundry model, this work assesses the concrete technical realizations of layout-only modifications via design file editing, mask editing, or in-line alterations. Furthermore, the attack possibility on different modules within a system on a chip is qualitatively evaluated. Consequently, a modification is demonstrated on an SRAM-’PUF’ module. To link the attack point-of-view with a defensive measure, we propose a hardware reverse engineering-based countermeasure, which is non-reliant on a golden layout. Through a novel approach relying on inherent polygon properties, potentially occurring modifications are detected via clustering and a statistical evaluation of the intra-cluster distributions.  Finally, the approach is demonstrated on samples from 7 nm to 150 nm, for which a modification detection rate between 95% and 100% is reached for all evaluated samples.