Security researchers create undetectable hardware trojans
Method can be used to weaken hardware random number generators used for encryption
Computerworld - A team of security researchers from the U.S. and Europe has released a paper showing how integrated circuits used in computers, military equipment and other critical systems can be maliciously compromised during the manufacturing process through virtually undetectable changes at the transistor level.
As proof of the effectiveness of the approach, the paper describes how the method could be used to modify and weaken the hardware random number generator on Intel's Ivy Bridge processors and the encryption protections on a smartcard without anyone detecting the changes.
The research paper is important because it is the first to describe how someone can insert a hardware trojan into a microchip without any additional circuitry, transistors or other logic resources, said Christof Paar, chairman for embedded security, Department of Electrical Engineering and Information Technology at Ruhr University in Germany.
Hardware trojans have been the subject of considerable research since at least 2005 when the U.S. Department of Defense publicly expressed concerns over the military's reliance on integrated circuits manufactured abroad, Paar said.
Often, the individual circuit blocks in a single microchip are designed by different parties, manufactured by an offshore foundry, packaged by a separate company and distributed by yet another vendor. This kind of outsourcing and globalization of chip manufacturing has led to trust and security issues, the paper noted.
Over the years, more attention has been paid on finding ways to detect and defeat hardware trojans deliberately introduced during the manufacturing process, especially in the case of chips used for military and other critical applications.
Somewhat surprisingly, less attention has been paid to how someone might build and implement such hardware trojans in the first place, he said.
Previous research papers have described hardware trojans consisting of small to medium-sized integrated circuits added to a chip during what is known as the hardware description language layer of the manufacturing process.
In contrast, the latest research shows how a hardware trojan can be introduced at a later stage of the design process by changing the "doping" on a few transistors on the chip.
Doping is a process for modifying the electrical properties of silicon by introducing tiny impurities like phosphorous, boron and gallium, into the crystal. By switching the doping on a few transistors, parts of the integrated circuit no longer work as they should. Because the changes happen at the atomic level, "the stuff is hard to detect," Paatr said. "If you look at it optically there is nothing different," so the trojan is resistant to most detection techniques.
Security researcher and cryptographer Bruce Schneier on Monday called the sabotage the researchers describe "undetectable by function testing and optical inspection."
- IDC ranks IBM #1 in market share for enterprise social software IDC ranks IBM #1 in worldwide market share for 3 consecutive years. IDC also shares its Social Software 2013 - 2017 market forecast....
- The Social Business: Unlocking the collective knowledge of people Five years ago, IBM observed the planet was becoming instrumented, interconnected and intelligent. 20,000 engagements later, here's what we know and believe about...
- Hiring the Right Talent Since Human Resources (HR) departments want to hire quality candidates, they have no room for error during job interviews. What can Human Resources...
- Onboarding New Employees Read this paper to understand the difference between training and socialization in employee onboarding.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Processors White Papers | Webcasts