Hardware Trojan Detection using Generative AI

• Aadi Patel, Electrical Engineering, Rutgers University-NB

• Satwik Patnaik, Electrical/Computer Engineering, University of Delaware

The security and reliability of today’s digital systems are very important, especially for crucial applications like military and infrastructure systems. Hardware Trojans pose a major risk to these systems. They can be secretly added during design or manufacturing to change how the system works, steal sensitive information, or even shut down the system at critical moments. In this research, we explore Hardware Trojan insertion using generative AI. A hardware Trojan typically consists of a trigger and a payload. The trigger can be condition-based, activated by specific inputs or operations, time-based, or externally controlled. Once activated, the payload executes malicious actions such as corrupting data, disabling the system, creating backdoors for unauthorized access, or leaking sensitive information. We use the tool Atalanta, an automatic test pattern generation (ATPG) tool used in digital circuit testing. Atalanta parses the circuit to create an internal representation, generates a list of faults for both values zero and one, simulates these faults, and generates test patterns. It then calculates fault coverage by measuring the percentage of faults detected and outputs the test patterns and fault coverage report. For Hardware Trojan insertion, we identify internal wires in the circuit that only have one test pattern for either value zero or one. This way, we know which wires should be the inputs for the trigger. We then use a verification tool called ABC to ensure the Hardware Trojan-infected file is functional. Finally, we use Chat-GPT to test our infected files to see how well AI can detect a Hardware Trojan and determine the test pattern for a specific file. The application of AI in detecting and managing Hardware Trojans is becoming increasingly vital, as it enhances our ability to adapt to and mitigate evolving cybersecurity threats, thereby safeguarding the integrity of critical digital infrastructures.