Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

New Technique Detects Hardware Trojans

The University of California San Diego (UCSD) has developed a technique that it claims will be able to detect hardware trojans that might be introduced to a chip design during its progress along the manufacturing supply chain. The complexity of modern chips, some containing in excess of 1 billion transistors, combined with the globalization of the manufacturing process makes this a very real threat.

The University of California San Diego (UCSD) has developed a technique that it claims will be able to detect hardware trojans that might be introduced to a chip design during its progress along the manufacturing supply chain. The complexity of modern chips, some containing in excess of 1 billion transistors, combined with the globalization of the manufacturing process makes this a very real threat.

There are no proven examples of existing hardware Trojans. However, following Israel’s successful air strike against Syria in 2007 there was considerable speculation that a ‘kill switch’ had been built into the off-the-shelf microprocessors that controlled the Syrian radar. There were later suggestions that France had built hardware trojan kill switches into its own weapons to prevent them being used against its allies (it was a French Exocet missile that destroyed the UK’s HMS Sheffield during the 1982 Falklands War).

Whether any of this is true or not, it is theoretically possible. A trojan could be introduced at the coding stage when new algorithms are added to the CAD tools used to design the chips; or it could be done at the manufacturing stage. A ‘trojan’ comprising a dozen tiny transistors would be difficult if not impossible to detect hidden among a billion other transistors.

“Trojans are designed specifically to avoid activation during testing,” explains UCSD Professor Ryan Kastner. “Hardware designs are complex and often consist of millions of lines of code. The standard rule is to expect one ‘bug’ per five lines of code. People with bad intentions – say, a disgruntled employee – can insert these special ‘bugs’ into sequence patterns that are very unlikely to be tested, where they lie dormant and wait for a rare input to happen and then they trigger something malicious, like draining your phone’s battery or stealing your cryptographic key.”

Existing detection methods are expensive and not foolproof; and mostly statistical. “The state of the art right now,” added Kastner “is teams at Qualcomm or Intel, for example, manually inspecting hardware code and the physical characteristics of the chip to determine what they think could happen. It’s a terribly imprecise process, and you could easily overlook a small error which could have large consequences.”

The new technique is described in a paper written by Wei Hu and Ryan Kastner from UCSD, Baolei Mao from Northwestern Polytechnical University, and Jason Oberg of Tortuga Logic titled Detecting Hardware Trojans with Gate-Level Information-Flow Tracking. It uses a technique called GLIFT — gate-level information flow tracking — which assigns a label to important data in a hardware design.

For example, if a test engineer wishes to understand the flow of, say, a cryptographic key, he would write a formal property asserting that the labeled key data should be constrained within a secure area. If the key flows outside of that area, then the hardware is capable of being compromised.

The authors admit that this new process cannot detect all types of hardware trojan, such as those that leak information through physical side channels. Nevertheless, they conclude, “our method holds a unique place in the spectrum of methods to detect hardware Trojans – namely, the identification of Trojans that can cause violation of information-flow security properties related to confidentiality and integrity.”

Advertisement. Scroll to continue reading.
Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.