This article presents large delay-based analog Trojan circuits, a new class of analog Trojans that can be interfaced with digital and analog macros to launch fabrication-time hardware attacks. Two different circuit topologies of analog Trojan are presented, which can generate a delayed trigger output after two days and 60 ms, respectively, when implemented in 65-nm CMOS technology. The large delay is achieved using the transistor’s gate-oxide leakage current or a diode’s reverse saturation current in combination with the Miller capacitance-based circuits. The proposed analog Trojans can operate across multiple on-chip power domains and can be launched without any digital input signal, making their detection challenging. They show very limited variation in side-channel parameters, which makes them harder to detect through side-channel analysis. In addition, the proposed designs have a small area footprint of $55.5 ~\mu m^{2}$ and $28 ~\mu m^{2}$ , respectively, and can be easily concealed on-chip. We also demonstrate an attack launched using these Trojans to construct a “kill-switch” that disables the power management unit of an IC. Process and temperature variations were also investigated to assess their impact on the design. We implemented the thick-oxide gate leakage modeling to study the robustness of the proposed Trojan design. We also present the long-term potential threat of these Trojans where the output trigger signal is generated after an even larger delay.

中文翻译：

---

大延迟模拟特洛伊木马：利用模拟方式的无声制造时间攻击

本文介绍了基于大型延迟的模拟特洛伊木马电路，这是一种新型的模拟特洛伊木马，可以与数字和模拟宏进行接口以发起制造时的硬件攻击。提出了两种模拟特洛伊木马的电路拓扑，当采用65纳米CMOS技术实现时，它们可以分别在两天和60毫秒后生成延迟触发输出。大延迟是通过晶体管的栅极氧化物泄漏电流或二极管的反向饱和电流与基于Miller电容的电路相结合而实现的。拟议中的模拟特洛伊木马程序可以在多个片上电源域上运行，并且可以在没有任何数字输入信号的情况下启动，从而使检测变得困难。它们显示的旁通道参数变化非常有限，这使得它们很难通过旁通道分析进行检测。 $ 55.5〜\ mu m ^ {2} $ 和 $ 28〜\ mu m ^ {2} $ ，并且可以很容易地隐藏在芯片上。我们还演示了使用这些特洛伊木马程序发起的攻击，以构造一个“杀死开关”，从而禁用了IC的电源管理单元。还研究了工艺和温度变化，以评估其对设计的影响。我们实施了厚氧化物门泄漏建模，以研究所提出Trojan设计的鲁棒性。我们还介绍了这些木马的长期潜在威胁，这些木马在更大的延迟后会生成输出触发信号。