{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:59:20Z","timestamp":1771700360636,"version":"3.50.1"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2023,5,29]],"date-time":"2023-05-29T00:00:00Z","timestamp":1685318400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,5,29]],"date-time":"2023-05-29T00:00:00Z","timestamp":1685318400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100006188","name":"Einstein Stiftung Berlin","doi-asserted-by":"publisher","award":["EP-2018-480"],"award-info":[{"award-number":["EP-2018-480"]}],"id":[{"id":"10.13039\/501100006188","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["439918011"],"award-info":[{"award-number":["439918011"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Science Foundation","award":["2117349"],"award-info":[{"award-number":["2117349"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptogr Eng"],"published-print":{"date-parts":[[2023,11]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The threat of (HTs) and their detection is a widely studied field. While the effort for inserting a Trojan into an (ASIC) can be considered relatively high, especially when trusting the chip manufacturer, programmable hardware is vulnerable to Trojan insertion even after the product has been shipped or during usage. At the same time, detecting dormant HTs with small or zero-overhead triggers and payloads on these platforms is still a challenging task, as the Trojan might not get activated during the chip verification using logical testing or physical measurements. In this work, we present a novel Trojan detection approach based on a technique known from (IC) failure analysis, capable of detecting virtually all classes of dormant Trojans. Using (LLSI), we show how supply voltage modulations can awaken inactive Trojans, making them detectable using laser voltage imaging techniques. Therefore, our technique does not require triggering the Trojan. To support our claims, we present three case studies on 28\u00a0nm and 20\u00a0nm SRAM- and flash-based (FPGAs). We demonstrate how to detect with high confidence small changes in sequential and combinatorial logic as well as in the routing configuration of FPGAs in a non-invasive manner. Finally, we discuss the practical applicability of our approach on dormant analog Trojans in ASICs.\n<\/jats:p>","DOI":"10.1007\/s13389-023-00323-3","type":"journal-article","created":{"date-parts":[[2023,5,29]],"date-time":"2023-05-29T16:02:03Z","timestamp":1685376123000},"page":"485-499","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Trojan awakener: detecting dormant malicious hardware using laser logic state imaging (extended version)"],"prefix":"10.1007","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8569-2020","authenticated-orcid":false,"given":"Thilo","family":"Krachenfels","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jean-Pierre","family":"Seifert","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shahin","family":"Tajik","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,5,29]]},"reference":[{"key":"323_CR1","doi-asserted-by":"publisher","unstructured":"Ng, X.T., et al.: Integrated sensor: a backdoor for hardware trojan insertions? In: 2015 Euromicro conference on digital system design (2015). https:\/\/doi.org\/10.1109\/DSD.2015.119","DOI":"10.1109\/DSD.2015.119"},{"key":"323_CR2","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1007\/s41635-018-0035-4","volume":"2","author":"DB Roy","year":"2018","unstructured":"Roy, D.B., et al.: The conflicted usage of RLUTs for security-critical applications on FPGA. J. Hardw. Syst. Secur. 2, 162\u2013178 (2018). https:\/\/doi.org\/10.1007\/s41635-018-0035-4","journal-title":"J. Hardw. Syst. Secur."},{"key":"323_CR3","doi-asserted-by":"crossref","unstructured":"Moradi, A., Schneider, T.: Improved side-channel analysis attacks on Xilinx bitstream encryption of 5, 6, and 7 series . In: International workshop on constructive side-channel analysis and secure design (2016)","DOI":"10.1007\/978-3-319-43283-0_5"},{"key":"323_CR4","doi-asserted-by":"crossref","unstructured":"Tajik, S., Lohrke, H., Seifert, J.-P., Boit, C.: On the power of optical contactless probing: attacking bitstream encryption of FPGAs . In: 2017 ACM SIGSAC conference on computer and communications security (CCS) (2017)","DOI":"10.1145\/3133956.3134039"},{"key":"323_CR5","doi-asserted-by":"crossref","unstructured":"Lohrke, H., Tajik, S., Krachenfels, T., Boit, C., Seifert, J.-P.: Key extraction using thermal laser stimulation. In: Conference on cryptographic hardware and embedded systems (CHES) (2018)","DOI":"10.46586\/tches.v2018.i3.573-595"},{"key":"323_CR6","doi-asserted-by":"crossref","unstructured":"Hettwer, B., Leger, S., Fennes, D., Gehrer, S., G\u00fcneysu, T.: Side-channel analysis of the Xilinx Zynq ultrascale+ encryption engine. In: Conference on cryptographic hardware and embedded systems (CHES) (2021)","DOI":"10.46586\/tches.v2021.i1.279-304"},{"key":"323_CR7","unstructured":"Ender, M., Moradi, A., Paar, C. The unpatchable silicon: a full break of the bitstream encryption of Xilinx 7-series FPGAs. In: 29th USENIX security symposium (USENIX security 20) (2020)"},{"issue":"3","key":"323_CR8","doi-asserted-by":"publisher","first-page":"665","DOI":"10.1109\/TVLSI.2018.2879878","volume":"27","author":"Z Zhang","year":"2019","unstructured":"Zhang, Z., Njilla, L., Kamhoua, C.A., Yu, Q.: Thwarting security threats from malicious FPGA tools with novel FPGA-oriented moving target defense. IEEE Trans. VLSI Syst. 27(3), 665\u2013678 (2019). https:\/\/doi.org\/10.1109\/TVLSI.2018.2879878","journal-title":"IEEE Trans. VLSI Syst."},{"key":"323_CR9","unstructured":"Microchip Technology, Inc. UG0753 User guide PolarFire FPGA security (2021)"},{"key":"323_CR10","unstructured":"Xilinx, Inc.: Developing tamper-resistant designs with Zynq UltraScale+ devices (2018)"},{"key":"323_CR11","doi-asserted-by":"crossref","unstructured":"Salmani, H., Tehranipoor, M., Plusquellic, J.: New design strategy for improving hardware trojan detection and reducing trojan activation time . In: 2009 IEEE international workshop on hardware-oriented security and trust (HOST) (2009)","DOI":"10.1109\/HST.2009.5224968"},{"key":"323_CR12","doi-asserted-by":"publisher","unstructured":"Ender, M., Ghandali, S., Moradi, A., Paar, C.: The first thorough side-channel hardware trojan. In: Advances in Cryptology\u2014ASIACRYPT 2017. 10624, 755\u2013780 (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_26","DOI":"10.1007\/978-3-319-70694-8_26"},{"key":"323_CR13","doi-asserted-by":"publisher","unstructured":"Yang, K., Hicks, M., Dong, Q., Austin, T., Sylvester, D.: A2: analog malicious hardware. In: 2016 IEEE symposium on security and privacy (SP) (2016). https:\/\/doi.org\/10.1109\/SP.2016.10","DOI":"10.1109\/SP.2016.10"},{"key":"323_CR14","doi-asserted-by":"publisher","unstructured":"Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware trojans. In: Conference on cryptographic hardware and embedded systems (CHES) (2013). https:\/\/doi.org\/10.1007\/978-3-642-40349-1_12","DOI":"10.1007\/978-3-642-40349-1_12"},{"key":"323_CR15","doi-asserted-by":"publisher","unstructured":"Song, P., et\u00a0al.: MARVEL\u2014malicious alteration recognition and verification by emission of light. In: 2011 IEEE international symposium on hardware-oriented security and trust (HOST) (2011). https:\/\/doi.org\/10.1109\/HST.2011.5955007","DOI":"10.1109\/HST.2011.5955007"},{"key":"323_CR16","doi-asserted-by":"publisher","unstructured":"Stellari, F., et\u00a0al.: Verification of untrusted chips using trusted layout and emission measurements. In: 2014 IEEE international symposium on hardware-oriented security and trust (HOST) (2014). https:\/\/doi.org\/10.1109\/HST.2014.6855562","DOI":"10.1109\/HST.2014.6855562"},{"key":"323_CR17","doi-asserted-by":"publisher","unstructured":"Duncan, A., et\u00a0al.: FLATS: filling logic and testing spatially for FPGA authentication and tamper detection. In: 2019 IEEE international symposium on hardware oriented security and trust (HOST) (2019). https:\/\/doi.org\/10.1109\/HST.2019.8741025","DOI":"10.1109\/HST.2019.8741025"},{"issue":"7","key":"323_CR18","doi-asserted-by":"publisher","first-page":"1561","DOI":"10.1109\/TVLSI.2019.2906547","volume":"27","author":"LN Nguyen","year":"2019","unstructured":"Nguyen, L.N., Cheng, C.-L., Prvulovic, M., Zajic, A.: Creating a backscattering side channel to enable detection of dormant hardware trojans. IEEE Trans. VLSI Syst. 27(7), 1561\u20131574 (2019). https:\/\/doi.org\/10.1109\/TVLSI.2019.2906547","journal-title":"IEEE Trans. VLSI Syst."},{"key":"323_CR19","doi-asserted-by":"publisher","DOI":"10.1109\/TAP.2020.3000562","author":"S Adibelli","year":"2020","unstructured":"Adibelli, S., Juyal, P., Nguyen, L.N., Prvulovic, M., Zajic, A.: Near field backscattering based sensing for hardware trojan detection. IEEE Trans. Antennas Propag. (2020). https:\/\/doi.org\/10.1109\/TAP.2020.3000562","journal-title":"IEEE Trans. Antennas Propag."},{"issue":"1","key":"323_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3419105","volume":"20","author":"J He","year":"2020","unstructured":"He, J., Ma, H., Liu, Y., Zhao, Y.: Golden chip-free trojan detection leveraging trojan trigger\u2019s side-channel fingerprinting. ACM Trans. Embed. Comput. Syst. 20(1), 1\u201318 (2020). https:\/\/doi.org\/10.1145\/3419105","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"323_CR21","doi-asserted-by":"crossref","unstructured":"Stern, A., Mehta, D., Tajik, S., Farahmandi, F.,Tehranipoor, M.: SPARTA: a laser probing approach for trojan detection. In: 2020 IEEE international test conference (ITC) (2020)","DOI":"10.1109\/ITC44778.2020.9325222"},{"key":"323_CR22","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2020.2991680","author":"B Zhou","year":"2020","unstructured":"Zhou, B., et al.: Hardware trojan detection using backside optical imaging. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. (2020). https:\/\/doi.org\/10.1109\/TCAD.2020.2991680","journal-title":"IEEE Trans. Comput. Aided Des. Integr. Circuits Syst."},{"key":"323_CR23","doi-asserted-by":"publisher","unstructured":"Krachenfels, T., Ganji, F., Moradi, A., Tajik, S., Seifert, J.-P.: Real-world snapshots vs. theory: questioning the t-probing security model . In: 2021 IEEE symposium on security and privacy (SP) (2021). https:\/\/doi.org\/10.1109\/SP40001.2021.00029","DOI":"10.1109\/SP40001.2021.00029"},{"key":"323_CR24","doi-asserted-by":"crossref","unstructured":"Niu, B., et\u00a0al.: Laser logic state imaging (LLSI) (2014). In: 40th international symposium for testing and failure analysis ISTFA (2014)","DOI":"10.31399\/asm.cp.istfa2014p0065"},{"key":"323_CR25","doi-asserted-by":"publisher","unstructured":"Krachenfels, T., Seifert, J.-P., Tajik, S.: Trojan awakener: detecting dormant malicious hardware using laser logic state imaging. In: 5th workshop on attacks and solutions in hardware security (2021). https:\/\/doi.org\/10.1145\/3474376.3487282","DOI":"10.1145\/3474376.3487282"},{"key":"323_CR26","doi-asserted-by":"publisher","unstructured":"Wang, X., Tehranipoor, M., Plusquellic, J.: Detecting malicious inclusions in secure hardware: challenges and solutions. In: 2008 IEEE international workshop on hardware-oriented security and trust (2008). https:\/\/doi.org\/10.1109\/HST.2008.4559039","DOI":"10.1109\/HST.2008.4559039"},{"issue":"8","key":"323_CR27","doi-asserted-by":"publisher","first-page":"1229","DOI":"10.1109\/JPROC.2014.2334493","volume":"102","author":"S Bhunia","year":"2014","unstructured":"Bhunia, S., Hsiao, M.S., Banga, M., Narasimhan, S.: Hardware trojan attacks: threat analysis and countermeasures. Proc. IEEE 102(8), 1229\u20131247 (2014). https:\/\/doi.org\/10.1109\/JPROC.2014.2334493","journal-title":"Proc. IEEE"},{"key":"323_CR28","doi-asserted-by":"crossref","unstructured":"Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware trojans. In: Conference on cryptographic hardware and embedded systems (CHES) (2013)","DOI":"10.1007\/978-3-642-40349-1_12"},{"issue":"1","key":"323_CR29","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/s41635-017-0001-6","volume":"1","author":"B Shakya","year":"2017","unstructured":"Shakya, B., et al.: Benchmarking of hardware trojans and maliciously affected circuits. J. Hardw. Syst. Secur. 1(1), 85\u2013102 (2017). https:\/\/doi.org\/10.1007\/s41635-017-0001-6","journal-title":"J. Hardw. Syst. Secur."},{"key":"323_CR30","doi-asserted-by":"publisher","unstructured":"Cruz, J., Huang, Y., Mishra, P., Bhunia, S.: An automated configurable trojan insertion framework for dynamic trust benchmarks (2018). In: 2018 design, automation & test in Europe conference & exhibition (DATE). https:\/\/doi.org\/10.23919\/DATE.2018.8342270","DOI":"10.23919\/DATE.2018.8342270"},{"key":"323_CR31","doi-asserted-by":"publisher","unstructured":"Jacob, N., Rolfes, C., Zankl, A., Heyszl, J., Sigl, G.: Compromising FPGA SoCs using malicious hardware blocks (2017). In: Design, automation test in Europe conference exhibition (DATE). https:\/\/doi.org\/10.23919\/DATE.2017.7927157","DOI":"10.23919\/DATE.2017.7927157"},{"key":"323_CR32","doi-asserted-by":"crossref","unstructured":"Jacob, N., Heyszl, J., Zankl, A., Rolfes, C., Sigl, G.: How to break secure boot on FPGA SoCs through malicious hardware. In: Conference on cryptographic hardware and embedded systems (CHES) (2017)","DOI":"10.1007\/978-3-319-66787-4_21"},{"key":"323_CR33","doi-asserted-by":"crossref","unstructured":"Vashistha, N., et\u00a0al.: Trojan scanner: detecting hardware trojans with rapid SEM imaging combined with image processing and machine learning. In: 44th international symposium for testing and failure analysis (ISTFA) (2018)","DOI":"10.31399\/asm.cp.istfa2018p0256"},{"key":"323_CR34","doi-asserted-by":"crossref","unstructured":"Sugawara, T., et\u00a0al.: Reversing stealthy dopant-level circuits. In: International workshop on cryptographic hardware and embedded systems (2014)","DOI":"10.1007\/978-3-662-44709-3_7"},{"key":"323_CR35","unstructured":"Doug Black.: Xilinx says its new FPGA is world\u2019s largest (2019). https:\/\/www.enterpriseai.news\/2019\/08\/21\/xilinx-says-its-new-fpga-is-worlds-largest\/"},{"key":"323_CR36","unstructured":"Krachenfels, T., Kiyan, T., Tajik, S., Seifert, J.-P.: Automatic extraction of secrets from the transistor jungle using laser-assisted side-channel attacks. In: 30th USENIX security symposium (USENIX security 21) (2021)"},{"issue":"1","key":"323_CR37","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1186\/s12859-017-1934-z","volume":"18","author":"CT Rueden","year":"2017","unstructured":"Rueden, C.T., et al.: Image J2: ImageJ for the next generation of scientific image data. BMC Bioinform. 18(1), 529 (2017). https:\/\/doi.org\/10.1186\/s12859-017-1934-z","journal-title":"BMC Bioinform."},{"key":"323_CR38","unstructured":"Xilinx, Inc.: 7 series FPGAs configurable logic block user guide (UG474) (2016)"},{"key":"323_CR39","unstructured":"Microsemi Corporation: White paper: PolarFire non-volatile FPGA family delivers ground breaking value: cost optimized, Lowest Power, EU immunity, and high-security (2017). https:\/\/www.microsemi.com\/document-portal\/doc_download\/1243174-polarfire-fpga-white-paper"},{"key":"323_CR40","unstructured":"Microchip Technology, Inc.: UG0680 user guide PolarFire FPGA fabric (2021)"},{"issue":"1","key":"323_CR41","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1109\/TDMR.2007.898074","volume":"7","author":"U Kindereit","year":"2007","unstructured":"Kindereit, U., et al.: Quantitative investigation of laser beam modulation in electrically active devices as used in laser voltage probing. IEEE Trans. Device Mater. Reliab. 7(1), 19\u201330 (2007). https:\/\/doi.org\/10.1109\/TDMR.2007.898074","journal-title":"IEEE Trans. Device Mater. Reliab."},{"key":"323_CR42","unstructured":"Kindereit, U.: Investigation of laser-beam modulations induced by the operation of electronic devices. Ph.D. thesis, Technische Universit\u00e4t Berlin (2009). https:\/\/depositonce.tu-berlin.de\/\/handle\/11303\/2440"},{"key":"323_CR43","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-5768-9","volume-title":"Advanced Flip Chip Packaging","author":"H Tong","year":"2013","unstructured":"Tong, H., Lai, Y., Wong, C.: Advanced Flip Chip Packaging. Springer (2013)"},{"key":"323_CR44","doi-asserted-by":"publisher","unstructured":"Boit, C., et\u00a0al.: From IC debug to hardware security risk: the power of backside access and optical interaction. In: 23rd international symposium on the physical and failure analysis of integrated circuits (IPFA) (2016). https:\/\/doi.org\/10.1109\/IPFA.2016.7564318","DOI":"10.1109\/IPFA.2016.7564318"},{"key":"323_CR45","doi-asserted-by":"publisher","unstructured":"Lohrke, H., Tajik, S., Boit, C., Seifert, J.-P.: No place to hide: contactless probing of secret data on FPGAs. In: Conference on cryptographic hardware and embedded systems (CHES) (2016). https:\/\/doi.org\/10.1007\/978-3-662-53140-2_8","DOI":"10.1007\/978-3-662-53140-2_8"},{"key":"323_CR46","doi-asserted-by":"publisher","unstructured":"Rahman, M.T., et\u00a0al.: Physical inspection attacks: new frontier in hardware security. In: 2018 IEEE 3rd international verification and security workshop (IVSW) (2018). https:\/\/doi.org\/10.1109\/IVSW.2018.8494856","DOI":"10.1109\/IVSW.2018.8494856"},{"key":"323_CR47","doi-asserted-by":"crossref","unstructured":"Rahman, M.T., Tajik, S., Rahman, M.S., Tehranipoor, M., Asadizanjani, N.: The key is left under the mat: on the inappropriate security assumption of logic locking schemes. In: IEEE international symposium on hardware oriented security and trust (HOST) (2020)","DOI":"10.1109\/HOST45689.2020.9300258"},{"key":"323_CR48","unstructured":"Hamamatsu Photonics K.K.: NanoLens-SHR (2015). https:\/\/www.hamamatsu.com\/resources\/pdf\/sys\/SSMS0053E_Nanolens-SHR.pdf"},{"key":"323_CR49","doi-asserted-by":"crossref","unstructured":"Von\u00a0Haartman, M., et\u00a0al.: Optical fault isolation and nanoprobing techniques for the 10\u00a0nm technology node and beyond. In: 41st international symposium for testing and failure analysis (ISTFA) (2015)","DOI":"10.31399\/asm.cp.istfa2015p0052"}],"container-title":["Journal of Cryptographic Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-023-00323-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13389-023-00323-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-023-00323-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T12:20:31Z","timestamp":1700742031000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s13389-023-00323-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,29]]},"references-count":49,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2023,11]]}},"alternative-id":["323"],"URL":"https:\/\/doi.org\/10.1007\/s13389-023-00323-3","relation":{},"ISSN":["2190-8508","2190-8516"],"issn-type":[{"value":"2190-8508","type":"print"},{"value":"2190-8516","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,5,29]]},"assertion":[{"value":"13 May 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 April 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 May 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}