Always-On Hardware Trojans

• Always-on Hardware Trojans are malicious sub-circuits permanently active in ICs, continuously leaking sensitive data or disrupting operations.
• They are introduced during design, manufacturing, or process phases, utilizing covert logic and wear-out mechanisms to evade traditional testing.
• Detection employs statistical, spectral, and formal methods, balancing minimal overhead with robust countermeasures against persistent threats.

An always-on hardware Trojan (HT) is a malicious circuit or subversion mechanism embedded into an integrated circuit (IC) that is permanently active once deployed, as opposed to remaining dormant until a rare or specific trigger event. Always-on HTs continuously leak sensitive information, disrupt operations, or, in some cases, subtly degrade the system over time, presenting persistent security risks to system-on-chip (SoC) environments, cryptographic accelerators, and other mission-critical hardware modules. Unlike triggered Trojans, always-on HTs exhibit payload effects at all times, which influences the choice of detection and mitigation strategies within the contemporary hardware security landscape.

1. Mechanisms of Always-On Hardware Trojans

Always-on HTs manifest through several attack vectors and physical mechanisms. Classic design-time insertions involve the addition of covert logic that, upon fabrication, is always operating, such as an oscillating ring-oscillator leaking cryptographic key bits over power or electromagnetic (EM) channels. A prominent example is the side-channel Trojan (SCT) inserted via engineering change order (ECO) flows: a ring-oscillator-based SCT is attached to cryptographic key buses and controlled by a finite state machine, shifting out the key through small current fluctuations in the power rail. This strategy resulted in a silicon-proven attack that extracted a 128-bit key in as few as 64 cycles with an area increase of ≤3%, dynamic power consumption increments of ≈10% over idle, and robustness to process, voltage, and temperature (PVT) variations while largely evading functional and timing tests (Perez et al., 2021).

A distinct mechanism, "Hot Carrier Injection (HCI) Trojans," avoids introducing extra logic. Instead, it maliciously alters process parameters or biasing networks during manufacturing, e.g., by reducing nitrogen passivation in certain devices, or by configuring specific local voltages, to drastically lower device lifetime through accelerated wear-out. Affected transistors (e.g., SRAM cell pass-gates) degrade and fail much sooner than expected, disrupting system reliability in an always-on fashion that is functionally dormant until expected device aging manifests as hardware failure (0906.3832).

A new direction leverages adversarial machine learning: hardware Trojans synthesize tiny, persistent power fluctuations—the universal adversarial "patch"—that obfuscate detectable side-channel traces via a single added transistor, DSP slice, or ring oscillator. Such approaches defeat even golden-model-free, ML-based detection with 100% attack success, while requiring minimal resource and power overheads (Omidi et al., 2024).

2. Insertion Methodologies and Threat Models

Manufacturing-time and design-time insertion are the main routes for always-on HTs. In the foundry threat model, an insider with access to the finalized layout and EDA tools extracts the gate-level netlist, estimates timing and power, synthesizes the SCT (e.g., clock-divider, Trojan controller, RO), and uses EDA ECO commands to reinsert the Trojanized netlist. This workflow requires only ~1 hour for a multi-million gate design—specifically, ≤17 minutes for netlist extraction, ≤48 minutes for timing/power estimation, and ≤6 minutes for ECO insertion per four cryptographic cores (Perez et al., 2021).

For process-level attacks, the adversary subtly alters passivation recipes or bias circuits during wafer manufacturing to reduce transistor HCI lifetimes in targeted regions, such that the devices degrade under perfectly nominal operation, bypassing all post-production logic or static structure tests (0906.3832).

The adversarial-ML Trojan (HTO) model assumes the attacker can insert minimal additional circuitry that injects precisely-organized power or EM noise, crafted using projected gradient methods (e.g., FGSM), into the IC data path to evade ML-based detectors. On FPGAs, this can be accomplished with 1–4 DSP slices or ring oscillators, with configurable activation vectors streamed from BRAM (Omidi et al., 2024).

3. Detection Techniques for Always-On Hardware Trojans

3.1 Run-time Statistical Monitoring (SIMCom)

The SIMCom methodology monitors inter-module communication on-chip, models packet injection time series via Hurst exponent (H), standard deviation (σ), and hop distribution (P), and enforces Property Specification Language (PSL) assertions in RTL:

• After establishing golden reference values (H₀, σ₀, P₀) for each channel, sliding window analyses (n≥512 cycles) compare current values (H, σ, P) to golden values within a ±10% tolerance. Any violation signals an alert and prompts recovery.
• SIMCom detected all always-on Trojans in Trust-Hub AES, Ethernet, and RSA modules on both MC8051 and LEON3 SoCs with ≥99% detection accuracy, ≤1% area/power overhead, and false positive/negative rates <1% (Khalid et al., 2018).
• Always-on Trojans yield persistent shifts in (H, σ, P); triggered Trojans produce transient outliers, detectable by fine-grained sampling.

SoC	Trojan	Detected	FP (%)	FN (%)	Overhead (% area/power)
MC8051-AES	AES-T100	100	0.5	0	0.8 / 0.6
MC8051-RSA	BasicRSA-T100	99.2	0.7	0.1	0.8 / 0.6
LEON3-AES	AES-T200	99.5	0.6	0.1	0.9 / 0.7
LEON3-Eth	EthMAC10GE-T600	100	0.3	0	0.9 / 0.7

3.2 Reference-Free Spectral and EM Analysis

Always-on HTs are detectable through EM side-channel analysis without a golden reference device. By computing multi-resolution Short-Time Fourier Transforms (STFT) on EM traces, summarizing time-frequency stability maps, and fitting Bayesian Information Criterion-selected Gaussian Mixture Models (BIC-GMMs), researchers distinguish between normal and always-on Trojanized devices by the low variance and component-count stability across STFT window scales. In AES-128 FPGA experiments, always-on Trojans were detected with 100% accuracy, 0% false positives and negatives, using a simple decision rule on the standard deviation of GMM component counts as window length is varied (Tahghigh et al., 28 Jan 2026).

3.3 Formal Golden-Free Pre-Silicon Analysis

A formal, golden-free method checks "2-safety" properties via interval property checking (IPC) across fan-out layers of state/output signals in a self-composed RTL miter. For non-interfering accelerators, always-on and sequential HTs are reliably detected by checking that output/state equality holds regardless of initial state. The method guarantees that always-on Trojans whose payloads manifest in any output or state (even those triggered at reset) will violate these properties or remain as uncovered signals in coverage checks. On 31 Trust-Hub accelerator benchmarks, all always-on Trojans were detected with per-property runtime of 1–3 s and <1 GB memory use (Antón et al., 2023).

3.4 ML-Based Side-Channel Approaches and Evasion

ML-based power side-channel detectors, such as HTNet, can efficiently detect always-on HTs but are vulnerable to adversarial noise injection (HTO). An attacker produces a universal adversarial patch, requiring only a single transistor on ASICs or minimal DSP/RO resources on FPGAs, which, when activated, drops ML-based detection accuracy from 91.9–100% to 0% (i.e., 100% evasion success). Spectral pre-filtering sometimes restores detection in limited cases, but adaptive adversaries can collocate noise within filtered bands at the cost of greater power overhead (e.g., up to 35 mW leakage) (Omidi et al., 2024).

4. Practical Realizations, Overheads, and Stealth

4.1 Layout-Time and Process Attacks

Layout-level SCTs can be inserted into a finalized GDSII layout in ≈1 h without touching I/Os or critical BEOL layers. Area overhead is ≤3% for AES cores and timing closure impact is negligible (extra slack consumed ~20 ps). The injected RO-based SCT is always-on post-trigger but only observable via high-resolution power analysis in core idle phases; functional and IO tests remain unaffected.

Process-level attacks via HCI lever manipulation are undetectable by conventional delay monitors, ring oscillator aging checks, or package-level environmental stress tests, as the targeted transistors pass parametric tests at production and fail only after accelerated normal operation. Typical lifetime reduction models suggest T_fail can shift from >10 years to <1000 h, depending on local field and duty cycle (0906.3832).

4.2 Side-Channel Obfuscation

HTO circuits provide stealth with minimal overhead: in experiments, 1 transistor or 1 DSP/2 ROs suffice for a universal adversarial patch on AES Trust-Hub benchmarks, yielding virtually perfect evasion. Power and area overheads remain negligible and do not affect design timing or throughput (Omidi et al., 2024).

4.3 Robustness to Variation and Detection

Silicon-measured SCTs demonstrate 100% key extraction across 25 samples and all PVT corners. Power/EM side-channels used for detection require consistent experimental setups to avoid masking by environmental drift. Integration of on-chip, high-resolution noise sensors or the injection of synthetic noise can mitigate detection SNR, but often at the cost of significant power or area overhead (Perez et al., 2021).

5. Countermeasures and Limitations

Countermeasures for always-on HTs are multi-faceted but each faces critical limitations:

• Supply-chain/process: Tight nitrogen monitoring, trap-density measurement, and post-manufacture HCI stress-testing help but are not foolproof against small, selective Trojan insertions (0906.3832).
• Layout/design: Split manufacturing and dummy filling can eliminate ECO attack vectors but cost 40% or greater leakage overhead (Perez et al., 2021).
• Run-time: Hierarchical side-channel and in-band power/EM monitoring raise detection rates at marginal area/power overhead, particularly when combined with statistical or formal methods (Khalid et al., 2018).
• ML-based: Spectral filtering and adversarial training partially restore robustness but either fail against adaptive spectral obfuscation or incur significant accuracy losses on clean data (Omidi et al., 2024).
• Formal verification: Golden-free, property-driven approaches offer exhaustive pre-silicon guarantees for non-interfering IPs but require RTL-level side-channel observability and do not generalize to analog HTs (Antón et al., 2023).

In all cases, defenders are encouraged to combine static netlist checks, randomized run-time countermeasures, on-chip sensors, and cross-modality (power, EM, optical) side-channel monitoring (Omidi et al., 2024). For always-on HTs exploiting wear-out physics (e.g., HCI Trojans), only substantial process-level oversight and localized aging monitors are effective (0906.3832).

6. Future Directions and Open Challenges

Future research emphasizes:

• Dynamically adapting statistical and spectral detection thresholds under varying workloads and environmental regimes (Khalid et al., 2018).
• Extending formal and statistical detection beyond mesh/AMBA NoCs and non-interfering accelerators to more general SoC architectures (Antón et al., 2023).
• Leveraging nonparametric (Dirichlet process) mixture models and alternative time-frequency transforms (wavelets, synchrosqueezing) to enhance unsupervised detection (Tahghigh et al., 28 Jan 2026).
• Developing high-resolution, streaming-capable EM and power analytics to facilitate real-time in-field screening (Tahghigh et al., 28 Jan 2026).
• Optimizing split-manufacturing and ECO trace-checking workflows for practical deployment at volume production scale (Perez et al., 2021).
• Integrating robust ML and adversarial defense techniques with formal, invariant-based property checking (Omidi et al., 2024).

A persistent open challenge is the detection of HTs that never interact with observable communication channels or remain latent at the analog device level outside of RTL and side-channel observability (Khalid et al., 2018, Antón et al., 2023, 0906.3832).