14 DAY TRIAL // Researchers have demonstrated that cybercriminals can develop hardware Trojans that can be difficult to detect.
Researchers Georg T. Becker, Francesco Regazzoni, Christof Paar and Wayne P. Burleson have published a paper called “Stealthy Dopant-Level Hardware Trojans.”
The experts highlight that the concept of hardware Trojans has been around for quite some time. However, no threats have been seen in practice.
The main concern is that such malicious elements can be integrated into the circuits used for critical infrastructure or military applications. The Trojan could be implemented during the manufacturing process, which in many cases takes place abroad.
Their research shows that hardware Trojans can be injected into a device without adding any extra circuits. Instead, they insert the threat simply by modifying the dopant polarity of existing transistors.
“Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including ne-grain optical inspection and checking against ‘golden chips’,” the paper reads.
The project focuses on two case studies: one in which an Intel cryptographically secure RNG design is used, and a side-channel resistant SBox implementation.
In the first case, the Trojan is capable of passing both Intel’s functional tests, and NIST’s random number test suite.
In the second case, the experts have demonstrated that the threat is versatile and that it can be utilized to establish a hidden side-channel even in a design that’s considered resistant to side-channel attacks.
“Detecting this new type of Trojans is a great challenge. They set a new lower bar on how much overhead can be expected from a hardware Trojan in practice (i.e. zero!). Future work should include developing new methods to detect these sub-transistor level hardware Trojans,” the researchers noted.