The globalization of integrated circuit chip production drives more and more chip design companies to use overseas production services. Since these production services are not closely monitored, the security of integrated circuit chips has become a major concern, especially because hardware attacks are becoming increasingly prevalent. Insertion of Hardware Trojans (HTs) is one type of hardware attacks. These HTs are extremely stealthy due to their small sizes and low power consumption. Well-designed HTs inserted during manufacturing can change the timing and power consumption. However, these changes can be smaller than the timing and power variations caused due to the process variations. It is therefore difficult to detect these HTs the traditional timing and power analysis tools.
In this paper, we propose a novel optical method, where we image the integrated circuit chip from the backside without powering it up or delayering it. Using our method, any replacements, modifications or re-arrangements of gates by HTs can be easily detected through comparisons between the rigorously simulated optical response and backside imaged measurements. We introduce the idea of a noise-based detection method as our testing method to have higher HT detection rates in different testbenches. To further improve the robustness of our method, we strategically place high reflectance fill cells in the designs. Our imaging method provides high-resolution, non-destructive and rapid means to detect HTs inserted during fabrication. We evaluate our approach using various hardware blocks where the HTs can occupy less than 0.1% of the total area or consist of fewer than 3 gates. In addition, we analyze our method with different magnitudes of noise, process variations, detection window sizes, and resolutions.