Researchers report on hardware Trojans that are undetectable

Sep 19, 2013 by Nancy Owano weblog
Layout of the Trojan DFFR X1 gate. Credit: Georg T. Becker et al.

(Phys.org) —Worries that the security of integrated circuits used in critical systems by the military and industry can be compromised are all the more real with the release of a research paper titled "Stealthy Dopant-Level Hardware Trojans." The authors are a research team from United States, the Netherlands, Switzerland and Germany. They showed that integrated circuits can be maliciously compromised. The changes elude detection. Even physical inspection of the chip will not pick up the changes made. The authors discussed how they succeeded in modifying a circuit and yet detection mechanisms did not find anything amiss. The authors wrote that "we propose an extremely stealthy approach for implementing hardware Trojans below the gate level."

Instead of adding additional circuitry to the target design, the researchers inserted their hardware Trojans by changing "the dopant polarity of existing transistors."

That way, the modified circuit nonetheless appeared as legitimate on all wiring layers, including all metal and polysilicon. The team said that their family of Trojans was resistant to most detection techniques such as fine-grain optical inspection and checks against "golden chips."

The researchers tested their Trojan on Intel's design used in Ivy Bridge processors, as well as a Side-channel Trojan.

In deciding on this second case, they authors said that, after showing how their dopant Trojan could be used to compromise the security of a real world system, they turned to the second case study, where they wanted to emphasize the flexibility of the dopant Trojan. "Instead of modifying the logic behavior of a design, the dopant Trojan is used to establish a hidden side-channel to leak out ."

What do they mean by dopant? Threatpost said that "Dopant is a material that is added to that enables it to be electrically conductive." Computerworld explains doping as a process for modifying the electrical properties of silicon by introducing impurities such as gallium and phosphorous into the crystal. Changes made at the atomic level are difficult to detect.

Explaining their work further, the authors said that "In this paper we introduced a new type of sub-transistor level hardware Trojan that only requires modification of the dopant masks. No additional transistor gates are added and no other layout mask needs to be modified. Since only changes to the metal, or active area can be reliably detected with optical inspection, our dopant Trojans are immune to optical inspection."

This type of Trojan under discussion is said to pose a great challenge. The authors commented that "They set a new lower bar on how much overhead can be expected from a hardware Trojan in practice (i.e. zero!)." The authors recommended that future work should include developing new methods to detect these "sub-transistor level hardware Trojans."

Explore further: Cyclist's helmet, Volvo car to communicate for safety

More information: Research paper: Stealthy Dopant-Level Hardware Trojans—people.umass.edu/gbecker/BeckerChes13.pdf

Related Stories

"Dr. Web" anti-virus firm warns of new Mac Trojan

Mar 22, 2013

(Phys.org) —Dr. Web, the Russian anti-virus firm has issued an announcement regarding malware infecting Mac computers—called Trojan.Yontoo.1, it makes its way to users' computers by tricking them into ...

New system to combat online banking fraud

Apr 18, 2013

A security solution which protects against the most serious threat to online banking customers, responsible for millions in annual losses, is being rolled out across Europe by a Cambridge University spin-out.

Improving performance of a solar fuel catalyst

Oct 04, 2012

(Phys.org)—Hydrogen gas that is created using solar energy to split water into hydrogen and oxygen has the potential to be a cost-effective fuel source if the efficiency of the catalysts used in the water-splitting ...

Recommended for you

How will Google, Apple shake up car insurance industry?

1 hour ago

Car insurance industry, meet potential disrupters Google and Apple. Currently, nearly all mainstream insurers that offer driver-monitoring programs use relatively expensive devices that plug into a portal under the dashboard. ...

Cyclist's helmet, Volvo car to communicate for safety

22 hours ago

Volvo calls it "a life-saving wearable cycling tech concept." The car maker is referring to a connected car and helmet prototype that enables two-way communication between Volvo drivers and cyclists for proximity ...

California puzzles over safety of driverless cars

22 hours ago

California's Department of Motor Vehicles will miss a year-end deadline to adopt new rules for cars of the future because regulators first have to figure out how they'll know whether "driverless" vehicles ...

Cadillac CT6 will get streaming video mirror

Dec 20, 2014

Cadillac said Thursday it will add high resolution streaming video to the function of a rearview mirror, so that the driver's vision and safety can be enhanced. The technology will debut on the 2016 Cadillac ...

Poll: Americans skeptical of commercial drones (Update)

Dec 19, 2014

Americans broadly back tight regulations on commercial drone operators, according to a new Associated Press-GfK poll, as concerns about privacy and safety override the potential benefits of the heralded drone ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

malapropism
not rated yet Sep 19, 2013
An intelligent military (which I concede may be an oxymoron) would read this paper and decree, "no more hardware fab outsourcing," surely?
Urgelt
3 / 5 (6) Sep 20, 2013
Not exactly, Malapropism.

As the US is, for the moment, still arguably ahead in technology, the most likely first exploiter for this type of Trojan will be the US, not China or some other adversary.

Likely we can expect a two-pronged approach: detection and exploitation.

I don't expect much to come of the idea of ending outsourcing, though it's certainly logical. But logic does not carry the day when corporations are gaining enormous profits by outsourcing. They have far too much pull in Congress and the White House. We already knew outsourcing was a source of vulnerability. Now we know it again, but nothing will be done about it.

So the best prediction, I expect, will be some new and expensive detection technology that will held close by the government, plus government exploitation of the technology to feed their insatiable appetite for data about both adversaries and their own citizens. It's another advance that the surveillance state won't be able to resist.
thingumbobesquire
2.3 / 5 (3) Sep 20, 2013
How do we know that just such a back door has not already been implemented? The NSA has already been exposed for jury-rigging random number generators and injecting back doors at the SSL level.

"Much which is claimed to be electronic science, may turn out to have been a sexual fantasy about toys manufactured by the associates of the chronic and vicious hoaxster, Bertrand Russell and the radically reductionist generally." LaRouche

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.