Ten years of hardware Trojans: a survey from the attacker's perspective

Mingfu Xue, Chongyan Gu, Weiqiang Liu, Shichao Yu, Maire O'Neill

Research output: Contribution to journalArticlepeer-review

6 Citations (Scopus)
193 Downloads (Pure)


In the last decade, hardware Trojan has emerged as a serious concern in integrated circuit (IC) industry. As such,hardware Trojan detection techniques have been studied extensively. However, in order to develop reliable and effective defenses,it is important to figure out how hardware Trojans are implemented in practical scenarios. In this paper, we attempt to makea review of the hardware Trojan design and implementations in the last decade and also provide an outlook. Unlike all previoussurveys that discuss Trojans from the defender’s perspective, for the first time, we study the Trojans from the attacker’s perspective,focusing on the attacker’s methods, capabilities and challenges when he designs and implements a hardware Trojan. Particularly,the following questions are explored. What are the current methods and capabilities of attackers after ten years of researchand development? By considering more and more sophisticated hardware Trojan detection techniques, what challenges do theattackers face, and vice versa? First, we present adversarial models in terms of the adversary’s methods, adversary’s capabilitiesand adversary’s challenges in seven practical hardware Trojan implementation scenarios: in-house design team attacks, thirdparty intellectual property (3PIP) vendor attacks, computer-aided design (CAD) tools attacks, fabrication stage attacks, testingstage attacks, distribution stage attacks, and field programmable gate array (FPGA) Trojan attacks. Second, we analyze thehardware Trojan implementation methods under each adversarial model in terms of seven aspects/metrics: hardware Trojan attackscenarios, the attacker’s motivation, feasibility (the practicality of the attacks), detectability (anti-detection capability of that kind ofTrojan), protection and prevention suggestions for the designer, overhead analysis, and case studies of Trojan implementations.Finally, future directions on hardware Trojan attacks and defenses are discussed. This paper also presents several new insightsand assumptions for the first time, including considering the Trojans not only from the copyright owner’s perspective, but also fromthe users’ perspective, and discussing the hardware Trojan attacks in the testing phase and in the distribution phase. This papercan hopefully provide a reference for future works on building effective hardware Trojan defenses.
Original languageEnglish
Number of pages27
JournalIET Computers And Digital Techniques
Early online date15 Oct 2020
Publication statusEarly online date - 15 Oct 2020


Dive into the research topics of 'Ten years of hardware Trojans: a survey from the attacker's perspective'. Together they form a unique fingerprint.

Cite this