Side-channel analysis has been proven effective at detecting hardware Trojans in integrated circuits (ICs). However, most detection techniques rely on large external probes and antennas for data collection and require a long measurement time to detect Trojans. Such limitations make these techniques impractical for run-time deployment and ineffective in detecting small Trojans with subtle side-channel signatures. To overcome these challenges, we propose a Programmable Sensor Array (PSA) for run-time hardware Trojan detection, localization, and identification. PSA is a tampering-resilient integrated on-chip magnetic field sensor array that can be re-programmed to change the sensors' shape, size, and location. Using PSA, EM side-channel measurement results collected from sensors at different locations on an IC can be analyzed to localize and identify the Trojan. The PSA has better performance than conventional external magnetic probes and state-of-the-art on-chip single-coil magnetic field sensors. We fabricated an AES-128 test chip with four AES Hardware Trojans. They were successfully detected, located, and identified with the proposed on-chip PSA within 10 milliseconds using our proposed cross-domain analysis.

翻译：侧信道分析已被证明能有效检测集成电路中的硬件木马。然而，大多数检测技术依赖大型外部探针和天线进行数据收集，且需要较长的测量时间才能检测到木马。这些局限性使得技术无法在运行时部署，也难以检测具有微弱侧信道特征的微小木马。为克服这些挑战，我们提出一种可编程传感器阵列（PSA），用于运行时硬件木马的检测、定位与识别。PSA是一种抗篡改的集成式片上磁场传感器阵列，可通过重新编程改变传感器的形状、尺寸和位置。利用PSA，可分析集成电路不同位置传感器采集的电磁侧信道测量结果，从而定位并识别木马。与传统的电磁外部探针及现有最先进的片上单线圈磁场传感器相比，PSA具有更优性能。我们制作了一个包含四个AES硬件木马的AES-128测试芯片，通过所提出的片上PSA结合跨域分析，在10毫秒内成功实现了这些木马的检测、定位与识别。