Computer Engineering and Intelligent Systems www.iiste.org ISSN 2222-1719 (Paper) ISSN 2222-2863 (Online) Vol.12, No.2, 2021 1 A Survey on Integrated Circuit Trojans Halit Türksönmez * Mehmet Hilal Özcanhan Department of Computer Engineering, Dokuz Eylül University, PO box 35390, İzmir, Turkey Abstract Traditionally, computer security has been associated with the software security, or the information-data security. Surprisingly, the hardware on which the software executes or the information stored-processed-transmitted has been assumed to be a trusted base of security. The main building blocks of any electronic device are Integrated circuits (ICs) which form the fabric of a computer system. Lately, the use of ICs has expanded from handheld calculators and personal computers (PCs) to smartphones, servers, and Internet-of-Things (IoT) devices. However, this significant growth in the IC market created intense competition among IC vendors, leading to new trends in IC manufacturing. System-on-chip (SoC) design based on intellectual property (IP), a globally spread supply chain of production and distribution of ICs are the foremost of these trends. The emerging trends have resulted in many security and trust weaknesses and vulnerabilities, in computer systems. This includes Hardware Trojans attacks, side-channel attacks, Reverse-engineering, IP piracy, IC counterfeiting, micro probing, physical tampering, and acquisition of private or valuable assets by debugging and testing. IC security and trust vulnerabilities may cause loss of private information, modified/altered functions, which may cause a great economical hazard and big damage to society. Thus, it is crucial to examine the security and trust threats existing in the IC lifecycle and build defense mechanisms against IC Trojan threats. In this article, we examine the IC supply chain and define the possible IC Trojan threats for the parties involved. Then we survey the latest progress of research in the area of countermeasures against the IC Trojan attacks and discuss the challenges and expectations in this area. Keywords: IC supply chain, IC security, IP privacy, hardware trojans, IC trojans DOI: 10.7176/CEIS/12-2-01 Publication date: April 30 th 2021 1. Introduction For a long time, hardware has been assumed as root-of-trust for the entire computer system and used as a virtual layer that runs the code sent from the software layer. Meanwhile, computer system security has been associated with software security or information security. Consequently, the studies on hardware security are mostly associated with the performance improvement of crypto-related algorithms embedded in hardware, such as crypto ICs (Preneel & Takagi 2011; Jin 2015). Hardware copyright protection is also considered in the hardware security domain (Rad et al. 2008). For many years, computer systems security researchers assumed that adversaries could not compromise ICs easily, or profit by compromising the ICs. The assumption was so extensive that the security of the IC supply chain was not even considered. The alarm was raised when illegal IC duplicates started to appear in the market. ICs are the main building blocks of any electronic device that forms the fabric of a computer system. Their usage has been increased over the years, from handheld calculators and desktop computers to servers, smartphones, and Internet-of-Things (IoT) devices. In Figure 1, the income from the global semiconductor market for ICs between 2009 and 2021. In 2021, the income from IC sales is predicted to reach US $383.84 billion by Statista (Alsop 2020). However, this significant growth in the semiconductor market created intense competition among IC vendors such as Intel, Samsung, Broadcom, and Qualcomm, leading to new trends in IC manufacturing (Salmani 2018). SoC design based on IP, and a globally spread supply chain for production and delivery of ICs are the foremost of these trends.