ENTT: A Family of Emerging NVM-based Trojan Triggers

Hardware Trojans in the form of malicious modifications during the design and/or the fabrication process is a security concern due to globalization of the semiconductor production process. A Trojan is designed to evade structural and functional testing and trigger under certain conditions (e.g., after a number of clock ticks or assertion of a rare net) and deliver the payload (e.g., denial-of-service, information leakage). A wide variety of logic Trojans (both triggers and payloads) have been identified, however, very limited literature exists on memory Trojans in spite of their high likelihood. Emerging Non-Volatile Memories (NVMs) e.g., Resistive RAM (RRAM) possess unique characteristics e.g., non-volatility and gradual drift in resistance with pulsing voltage that make them a prime target to deploy a Hardware Trojan. In this paper, we present a delay and voltage-based Trojan trigger by exploiting the RRAM resistance drift under pulsing current. Simulation results indicate that these triggers can be activated by accessing a pre-selected address 2500–3000 times (varies with trigger designs) since the proposed trigger requires a large number of hammerings to evade test phase. Due to non-volatility, the hammering need not be consecutive and therefore can evade system-level techniques that can classify hammering as a potential security threat. We also propose a mechanism to reset the triggers. The maximum area and static/dynamic power overheads of the trigger circuit are 6.68μm2 and 104.24μW/0.426μW, respectively in PTM 65nm technology.