Security researchers create undetectable hardware trojans
Method can be used to weaken hardware random number generators used for encryption
Computerworld - A team of security researchers from the U.S. and Europe has released a paper showing how integrated circuits used in computers, military equipment and other critical systems can be maliciously compromised during the manufacturing process through virtually undetectable changes at the transistor level.
As proof of the effectiveness of the approach, the paper describes how the method could be used to modify and weaken the hardware random number generator on Intel's Ivy Bridge processors and the encryption protections on a smartcard without anyone detecting the changes.
The research paper is important because it is the first to describe how someone can insert a hardware trojan into a microchip without any additional circuitry, transistors or other logic resources, said Christof Paar, chairman for embedded security, Department of Electrical Engineering and Information Technology at Ruhr University in Germany.
Hardware trojans have been the subject of considerable research since at least 2005 when the U.S. Department of Defense publicly expressed concerns over the military's reliance on integrated circuits manufactured abroad, Paar said.
Often, the individual circuit blocks in a single microchip are designed by different parties, manufactured by an offshore foundry, packaged by a separate company and distributed by yet another vendor. This kind of outsourcing and globalization of chip manufacturing has led to trust and security issues, the paper noted.
Over the years, more attention has been paid on finding ways to detect and defeat hardware trojans deliberately introduced during the manufacturing process, especially in the case of chips used for military and other critical applications.
Somewhat surprisingly, less attention has been paid to how someone might build and implement such hardware trojans in the first place, he said.
Previous research papers have described hardware trojans consisting of small to medium-sized integrated circuits added to a chip during what is known as the hardware description language layer of the manufacturing process.
In contrast, the latest research shows how a hardware trojan can be introduced at a later stage of the design process by changing the "doping" on a few transistors on the chip.
Doping is a process for modifying the electrical properties of silicon by introducing tiny impurities like phosphorous, boron and gallium, into the crystal. By switching the doping on a few transistors, parts of the integrated circuit no longer work as they should. Because the changes happen at the atomic level, "the stuff is hard to detect," Paatr said. "If you look at it optically there is nothing different," so the trojan is resistant to most detection techniques.
Security researcher and cryptographer Bruce Schneier on Monday called the sabotage the researchers describe "undetectable by function testing and optical inspection."
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Processors White Papers | Webcasts