Security researchers create undetectable hardware trojans
Method can be used to weaken hardware random number generators used for encryption
Computerworld - A team of security researchers from the U.S. and Europe has released a paper showing how integrated circuits used in computers, military equipment and other critical systems can be maliciously compromised during the manufacturing process through virtually undetectable changes at the transistor level.
As proof of the effectiveness of the approach, the paper describes how the method could be used to modify and weaken the hardware random number generator on Intel's Ivy Bridge processors and the encryption protections on a smartcard without anyone detecting the changes.
The research paper is important because it is the first to describe how someone can insert a hardware trojan into a microchip without any additional circuitry, transistors or other logic resources, said Christof Paar, chairman for embedded security, Department of Electrical Engineering and Information Technology at Ruhr University in Germany.
Hardware trojans have been the subject of considerable research since at least 2005 when the U.S. Department of Defense publicly expressed concerns over the military's reliance on integrated circuits manufactured abroad, Paar said.
Often, the individual circuit blocks in a single microchip are designed by different parties, manufactured by an offshore foundry, packaged by a separate company and distributed by yet another vendor. This kind of outsourcing and globalization of chip manufacturing has led to trust and security issues, the paper noted.
Over the years, more attention has been paid on finding ways to detect and defeat hardware trojans deliberately introduced during the manufacturing process, especially in the case of chips used for military and other critical applications.
Somewhat surprisingly, less attention has been paid to how someone might build and implement such hardware trojans in the first place, he said.
Previous research papers have described hardware trojans consisting of small to medium-sized integrated circuits added to a chip during what is known as the hardware description language layer of the manufacturing process.
In contrast, the latest research shows how a hardware trojan can be introduced at a later stage of the design process by changing the "doping" on a few transistors on the chip.
Doping is a process for modifying the electrical properties of silicon by introducing tiny impurities like phosphorous, boron and gallium, into the crystal. By switching the doping on a few transistors, parts of the integrated circuit no longer work as they should. Because the changes happen at the atomic level, "the stuff is hard to detect," Paatr said. "If you look at it optically there is nothing different," so the trojan is resistant to most detection techniques.
Security researcher and cryptographer Bruce Schneier on Monday called the sabotage the researchers describe "undetectable by function testing and optical inspection."
- Transform IT: Transform the Enterprise This paper provides IT leaders with insight into three IT imperatives that 24 CIOs and senior IT executives used to reposition IT and...
- Case Study Adopting ITSM Tech to Support ITIL Initiatives CIO Bart Murphy Improves Service Delivery while Lowering Costs by consolidating services across 6 business units.
- Upstream Print Solutions improve customer service Fuji Xerox Australia subsidiary Upstream Print Solutions is rolling out SaaS service delivery to facilities, field engineering, health and safety, client service and...
The Wall Street Journal: CIO Journal
Article describes how cloud ITSM:
* Reduces drain on IT, increased response time
* Eliminates roadblocks to completion
* Enables IT to deliver...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Processors White Papers | Webcasts