Trojan Insertion versus Layout Defenses for Modern ICs: Red-versus-Blue Teaming in a Competitive Community Effort

Johann Knechtel; Mohammad Eslami; Peng Zou; Min Wei; Xingyu Tong; Binggang Qiu; Zhijie Cai; Guohao Chen; Benchao Zhu; Jiawei Li; Jun Yu; Jianli Chen; Chun Wei Chiu; Min Feng Hsieh; Chia Hsiu Ou; Ting Chi Wang; Bangqi Fu; Qijing Wang; Yang Sun; Qin Luo; Anthony W.H. Lau; Fangzhou Wang; Evangeline F.Y. Young; Shunyang Bi; Guangxin Guo; Haonan Wu; Zhengguang Tang; Hailong You; Cong Li; Ramesh Karri; Ozgur Sinanoglu; Samuel Pagliarini

doi:10.46586/TCHES.V2025.I1.37-77

Trojan Insertion versus Layout Defenses for Modern ICs: Red-versus-Blue Teaming in a Competitive Community Effort

Johann Knechtel, Mohammad Eslami, Peng Zou, Min Wei, Xingyu Tong, Binggang Qiu, Zhijie Cai, Guohao Chen, Benchao Zhu, Jiawei Li, Jun Yu, Jianli Chen, Chun Wei Chiu, Min Feng Hsieh, Chia Hsiu Ou, Ting Chi Wang, Bangqi Fu, Qijing Wang, Yang Sun, Qin LuoAnthony W.H. Lau, Fangzhou Wang, Evangeline F.Y. Young, Shunyang Bi, Guangxin Guo, Haonan Wu, Zhengguang Tang, Hailong You, Cong Li, Ramesh Karri, Ozgur Sinanoglu, Samuel Pagliarini

Research output: Contribution to journal › Article › peer-review

Abstract

Hardware Trojans (HTs) are a longstanding threat to secure computation. Among different threat models, it is the fabrication-time insertion of additional malicious logic directly into the layout of integrated circuits (ICs) that constitutes the most versatile, yet challenging scenario, for both attackers and defenders. Here, we present a large-scale, first-of-its-kind community effort through red-versus-blue teaming that thoroughly explores this threat. Four independently competing blue teams of 23 IC designers in total had to analyze and fix vulnerabilities of representative IC layouts at the pre-silicon stage, whereas a red team of 3 experts in hardware security and IC design continuously pushed the boundaries of these defense efforts through different HTs and novel insertion techniques. Importantly, we find that, despite the blue teams’ commendable design efforts, even highly-optimized layouts retained at least some exploitable vulnerabilities. Our effort follows a real-world setting for a modern 7nm technology node and industrygrade tooling for IC design, all embedded into a fully-automated and extensible benchmarking framework. To ensure the relevance of this work, strict rules that adhere to real-world requirements for IC design and manufacturing were postulated by the organizers. For example, not a single violation for timing and design-rule checks were allowed for defense techniques. Besides, in an advancement over prior art, neither red nor blue teams were allowed to use any so-called fillers and spares for trivial attack or defense approaches. Finally, we release all methods and artifacts: the representative IC layouts and HTs, the devised attack and defense techniques, the evaluation metrics and setup, the technology setup and commercial-grade reference flow for IC design, the encompassing benchmarking framework, and all best results. This full release enables the community to continue exploring this important challenge for hardware security, in particular to focus on the urgent need for further advancements in defense strategies.

Original language	English (US)
Pages (from-to)	37-77
Number of pages	41
Journal	IACR Transactions on Cryptographic Hardware and Embedded Systems
Volume	2025
Issue number	1
DOIs	https://doi.org/10.46586/TCHES.V2025.I1.37-77
State	Published - Dec 9 2025

Keywords

Hardware Security
IC Design
Red-versus-Blue Teaming
Trojans

ASJC Scopus subject areas

Software
Signal Processing
Hardware and Architecture
Computer Networks and Communications
Computer Graphics and Computer-Aided Design
Artificial Intelligence

Access to Document

10.46586/TCHES.V2025.I1.37-77

Cite this

Knechtel, J., Eslami, M., Zou, P., Wei, M., Tong, X., Qiu, B., Cai, Z., Chen, G., Zhu, B., Li, J., Yu, J., Chen, J., Chiu, C. W., Hsieh, M. F., Ou, C. H., Wang, T. C., Fu, B., Wang, Q., Sun, Y., ... Pagliarini, S. (2025). Trojan Insertion versus Layout Defenses for Modern ICs: Red-versus-Blue Teaming in a Competitive Community Effort. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2025(1), 37-77. https://doi.org/10.46586/TCHES.V2025.I1.37-77

Knechtel, J, Eslami, M, Zou, P, Wei, M, Tong, X, Qiu, B, Cai, Z, Chen, G, Zhu, B, Li, J, Yu, J, Chen, J, Chiu, CW, Hsieh, MF, Ou, CH, Wang, TC, Fu, B, Wang, Q, Sun, Y, Luo, Q, Lau, AWH, Wang, F, Young, EFY, Bi, S, Guo, G, Wu, H, Tang, Z, You, H, Li, C, Karri, R , Sinanoglu, O & Pagliarini, S 2025, 'Trojan Insertion versus Layout Defenses for Modern ICs: Red-versus-Blue Teaming in a Competitive Community Effort', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2025, no. 1, pp. 37-77. https://doi.org/10.46586/TCHES.V2025.I1.37-77

@article{f76bce6733a74066a5632e8e7da27bea,

title = "Trojan Insertion versus Layout Defenses for Modern ICs: Red-versus-Blue Teaming in a Competitive Community Effort",

abstract = "Hardware Trojans (HTs) are a longstanding threat to secure computation. Among different threat models, it is the fabrication-time insertion of additional malicious logic directly into the layout of integrated circuits (ICs) that constitutes the most versatile, yet challenging scenario, for both attackers and defenders. Here, we present a large-scale, first-of-its-kind community effort through red-versus-blue teaming that thoroughly explores this threat. Four independently competing blue teams of 23 IC designers in total had to analyze and fix vulnerabilities of representative IC layouts at the pre-silicon stage, whereas a red team of 3 experts in hardware security and IC design continuously pushed the boundaries of these defense efforts through different HTs and novel insertion techniques. Importantly, we find that, despite the blue teams{\textquoteright} commendable design efforts, even highly-optimized layouts retained at least some exploitable vulnerabilities. Our effort follows a real-world setting for a modern 7nm technology node and industrygrade tooling for IC design, all embedded into a fully-automated and extensible benchmarking framework. To ensure the relevance of this work, strict rules that adhere to real-world requirements for IC design and manufacturing were postulated by the organizers. For example, not a single violation for timing and design-rule checks were allowed for defense techniques. Besides, in an advancement over prior art, neither red nor blue teams were allowed to use any so-called fillers and spares for trivial attack or defense approaches. Finally, we release all methods and artifacts: the representative IC layouts and HTs, the devised attack and defense techniques, the evaluation metrics and setup, the technology setup and commercial-grade reference flow for IC design, the encompassing benchmarking framework, and all best results. This full release enables the community to continue exploring this important challenge for hardware security, in particular to focus on the urgent need for further advancements in defense strategies.",

keywords = "Hardware Security, IC Design, Red-versus-Blue Teaming, Trojans",

author = "Johann Knechtel and Mohammad Eslami and Peng Zou and Min Wei and Xingyu Tong and Binggang Qiu and Zhijie Cai and Guohao Chen and Benchao Zhu and Jiawei Li and Jun Yu and Jianli Chen and Chiu, {Chun Wei} and Hsieh, {Min Feng} and Ou, {Chia Hsiu} and Wang, {Ting Chi} and Bangqi Fu and Qijing Wang and Yang Sun and Qin Luo and Lau, {Anthony W.H.} and Fangzhou Wang and Young, {Evangeline F.Y.} and Shunyang Bi and Guangxin Guo and Haonan Wu and Zhengguang Tang and Hailong You and Cong Li and Ramesh Karri and Ozgur Sinanoglu and Samuel Pagliarini",

year = "2025",

month = dec,

day = "9",

doi = "10.46586/TCHES.V2025.I1.37-77",

language = "English (US)",

volume = "2025",

pages = "37--77",

journal = "IACR Transactions on Cryptographic Hardware and Embedded Systems",

issn = "2569-2925",

publisher = "Ruhr-University of Bochum",

number = "1",

}

TY - JOUR

T1 - Trojan Insertion versus Layout Defenses for Modern ICs

T2 - Red-versus-Blue Teaming in a Competitive Community Effort

AU - Knechtel, Johann

AU - Eslami, Mohammad

AU - Zou, Peng

AU - Wei, Min

AU - Tong, Xingyu

AU - Qiu, Binggang

AU - Cai, Zhijie

AU - Chen, Guohao

AU - Zhu, Benchao

AU - Li, Jiawei

AU - Yu, Jun

AU - Chen, Jianli

AU - Chiu, Chun Wei

AU - Hsieh, Min Feng

AU - Ou, Chia Hsiu

AU - Wang, Ting Chi

AU - Fu, Bangqi

AU - Wang, Qijing

AU - Sun, Yang

AU - Luo, Qin

AU - Lau, Anthony W.H.

AU - Wang, Fangzhou

AU - Young, Evangeline F.Y.

AU - Bi, Shunyang

AU - Guo, Guangxin

AU - Wu, Haonan

AU - Tang, Zhengguang

AU - You, Hailong

AU - Li, Cong

AU - Karri, Ramesh

AU - Sinanoglu, Ozgur

AU - Pagliarini, Samuel

PY - 2025/12/9

Y1 - 2025/12/9

N2 - Hardware Trojans (HTs) are a longstanding threat to secure computation. Among different threat models, it is the fabrication-time insertion of additional malicious logic directly into the layout of integrated circuits (ICs) that constitutes the most versatile, yet challenging scenario, for both attackers and defenders. Here, we present a large-scale, first-of-its-kind community effort through red-versus-blue teaming that thoroughly explores this threat. Four independently competing blue teams of 23 IC designers in total had to analyze and fix vulnerabilities of representative IC layouts at the pre-silicon stage, whereas a red team of 3 experts in hardware security and IC design continuously pushed the boundaries of these defense efforts through different HTs and novel insertion techniques. Importantly, we find that, despite the blue teams’ commendable design efforts, even highly-optimized layouts retained at least some exploitable vulnerabilities. Our effort follows a real-world setting for a modern 7nm technology node and industrygrade tooling for IC design, all embedded into a fully-automated and extensible benchmarking framework. To ensure the relevance of this work, strict rules that adhere to real-world requirements for IC design and manufacturing were postulated by the organizers. For example, not a single violation for timing and design-rule checks were allowed for defense techniques. Besides, in an advancement over prior art, neither red nor blue teams were allowed to use any so-called fillers and spares for trivial attack or defense approaches. Finally, we release all methods and artifacts: the representative IC layouts and HTs, the devised attack and defense techniques, the evaluation metrics and setup, the technology setup and commercial-grade reference flow for IC design, the encompassing benchmarking framework, and all best results. This full release enables the community to continue exploring this important challenge for hardware security, in particular to focus on the urgent need for further advancements in defense strategies.

AB - Hardware Trojans (HTs) are a longstanding threat to secure computation. Among different threat models, it is the fabrication-time insertion of additional malicious logic directly into the layout of integrated circuits (ICs) that constitutes the most versatile, yet challenging scenario, for both attackers and defenders. Here, we present a large-scale, first-of-its-kind community effort through red-versus-blue teaming that thoroughly explores this threat. Four independently competing blue teams of 23 IC designers in total had to analyze and fix vulnerabilities of representative IC layouts at the pre-silicon stage, whereas a red team of 3 experts in hardware security and IC design continuously pushed the boundaries of these defense efforts through different HTs and novel insertion techniques. Importantly, we find that, despite the blue teams’ commendable design efforts, even highly-optimized layouts retained at least some exploitable vulnerabilities. Our effort follows a real-world setting for a modern 7nm technology node and industrygrade tooling for IC design, all embedded into a fully-automated and extensible benchmarking framework. To ensure the relevance of this work, strict rules that adhere to real-world requirements for IC design and manufacturing were postulated by the organizers. For example, not a single violation for timing and design-rule checks were allowed for defense techniques. Besides, in an advancement over prior art, neither red nor blue teams were allowed to use any so-called fillers and spares for trivial attack or defense approaches. Finally, we release all methods and artifacts: the representative IC layouts and HTs, the devised attack and defense techniques, the evaluation metrics and setup, the technology setup and commercial-grade reference flow for IC design, the encompassing benchmarking framework, and all best results. This full release enables the community to continue exploring this important challenge for hardware security, in particular to focus on the urgent need for further advancements in defense strategies.

KW - Hardware Security

KW - IC Design

KW - Red-versus-Blue Teaming

KW - Trojans

UR - http://www.scopus.com/inward/record.url?scp=85215387340&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85215387340&partnerID=8YFLogxK

U2 - 10.46586/TCHES.V2025.I1.37-77

DO - 10.46586/TCHES.V2025.I1.37-77

M3 - Article

AN - SCOPUS:85215387340

SN - 2569-2925

VL - 2025

SP - 37

EP - 77

JO - IACR Transactions on Cryptographic Hardware and Embedded Systems

JF - IACR Transactions on Cryptographic Hardware and Embedded Systems

IS - 1

ER -

Trojan Insertion versus Layout Defenses for Modern ICs: Red-versus-Blue Teaming in a Competitive Community Effort

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this