Logic locking and hardware Trojans are two fields in hardware security that have been mostly developed independently from each other. In this paper, we identify the relationship between these two fields. We find that a common structure that exists in many logic locking techniques has desirable properties of hardware Trojans (HWT). We then construct a novel type of HWT, called Trojans based on Logic Locking (TroLL), in a way that can evade state-of-the-art ATPG-based HWT detection techniques. In an effort to detect TroLL, we propose customization of existing state-of-the-art ATPG-based HWT detection approaches as well as adapting the SAT-based attacks on logic locking to HWT detection. In our experiments, we use random sampling as reference. It is shown that the customized ATPG-based approaches are the best performing but only offer limited improvement over random sampling. Moreover, their efficacy also diminishes as TroLL's triggers become longer (i.e. have more bits specified). We thereby highlight the need to find a scalable HWT detection approach for TroLL.

翻译：逻辑锁定与硬件木马是硬件安全领域中两个主要独立发展的研究方向。本文揭示了这两个领域之间的内在关联。我们发现，多种逻辑锁定技术中普遍存在的一种结构，恰好具备硬件木马（HWT）所需的理想特性。基于此，我们构建了一种新型硬件木马——基于逻辑锁定的木马（TroLL），其设计方式能够规避当前最先进的基于ATPG的硬件木马检测技术。为检测TroLL，我们提出了对现有先进ATPG检测方法的定制化改进，并将针对逻辑锁定的SAT攻击方法适配于硬件木马检测。实验中，我们以随机采样作为基准参照。结果表明，定制化的ATPG方法性能最优，但相较于随机采样仅提供有限的改进。此外，随着TroLL触发条件长度增加（即指定比特数增多），这些方法的有效性也会下降。由此，我们强调了为TroLL寻找可扩展的硬件木马检测方法的迫切需求。