Hardware Trojans (HTs) are a major concern in cyber-physical systems security. Outsourcing activities related to the design and implementation of digital systems expose them to malicious modification. Such modifications may long stay silent, not detected by post-production tests, and then inhibit system functions or steal information.
Many research groups have proposed a number of methodologies aimed at detecting HTs before deploying the system. All these methodologies have limitations. Side-channel-based detection relies on the unlikely availability of a golden reference of the circuit under analysis. Optical inspection is not effective for very small HTs. Logic testing tries to expose the functional modifications induced by a HT, but generally HTs activate under rare conditions. Structural analysis and formal methods rely on known HT models, an inadvisable assumption on HT behavior. Thus, the research community has moved toward building trustworthy systems on top of untrusted components by tolerating the effects of HTs rather than detecting them.
This paper proposes a methodology based on selective triplication at the circuit level. The proposed technique uses a probabilistic model of the circuit to identify equally probable output paths and considers these paths for triplication. I see a number of issues in the proposed work. First, the authors fail to cite recent papers related to HT detection at runtime based on circuit replication. Second, the authors’ assumption is that HTs inserted in two copies of the triple modular redundancy (TMR) are much more likely to be detected by side-channel analysis because they will make the circuit significantly larger than the original. This is not true since HTs may be very small, and duplicating the Trojan would not lead to a significant increase in area; moreover, a golden reference of the circuit must be available, and the authors do not clarify how to achieve this. Finally, if an HT is inserted in the voter, the entire detection method will not work. Given this, the authors do not discuss how to protect the voter from HT insertion.