Counters have been widely adopted in modern circuit design. Also, they have been used to facilitate the implementation of hardware Trojan. It is necessary to reverse engineer the counter design from a chip so as to detect the possible Trojan. However, the existing reverse engineering technique is expensive and intrusive. In this work, we first propose to rely on the scan dump data to identify the registers included in a counter. In this scheme, the scan data can be collected by operating the chip in testing mode, thus the proposed scheme never impacts or impairs a chip as the traditional reverse engineering techniques. The regularity of data from different types of counters is first analyzed. The relationship between the data from a pair of registers is explored so that the counter registers can be distinguished from other normal registers. The proposed method is applied on several circuits containing counters from OpenCores. The experiment results show the proposed method can accurately identify the counter registers with a perfect true positive rate and true negative rate.
Qi-Dong Wang received the B.S. degrees in applied physics from Harbin University of Technology and Science, Harbin, China, in 2018. He is currently pursuing the M.S. degrees in integrated circuit engineering from Harbin Institute of Technology (SHENZHEN), Shenzhen, China. His current research interests include hardware security and security of testing.

counter register;reverse engieering;scan-based side-channel attack;data analytics