The University of California San Diego (UCSD) has developed a technique that it claims will be able to detect hardware trojans that might be introduced to a chip design during its progress along the manufacturing supply chain. The complexity of modern chips, some containing in excess of 1 billion transistors, combined with the globalization of the manufacturing process makes this a very real threat.
There are no proven examples of existing hardware Trojans. However, following Israel’s successful air strike against Syria in 2007 there was considerable speculation that a ‘kill switch’ had been built into the off-the-shelf microprocessors that controlled the Syrian radar. There were later suggestions that France had built hardware trojan kill switches into its own weapons to prevent them being used against its allies (it was a French Exocet missile that destroyed the UK’s HMS Sheffield during the 1982 Falklands War).
Whether any of this is true or not, it is theoretically possible. A trojan could be introduced at the coding stage when new algorithms are added to the CAD tools used to design the chips; or it could be done at the manufacturing stage. A ‘trojan’ comprising a dozen tiny transistors would be difficult if not impossible to detect hidden among a billion other transistors.
“Trojans are designed specifically to avoid activation during testing,” explains UCSD Professor Ryan Kastner. “Hardware designs are complex and often consist of millions of lines of code. The standard rule is to expect one ‘bug’ per five lines of code. People with bad intentions – say, a disgruntled employee – can insert these special ‘bugs’ into sequence patterns that are very unlikely to be tested, where they lie dormant and wait for a rare input to happen and then they trigger something malicious, like draining your phone’s battery or stealing your cryptographic key.”
Existing detection methods are expensive and not foolproof; and mostly statistical. “The state of the art right now,” added Kastner “is teams at Qualcomm or Intel, for example, manually inspecting hardware code and the physical characteristics of the chip to determine what they think could happen. It’s a terribly imprecise process, and you could easily overlook a small error which could have large consequences.”
The new technique is described in a paper written by Wei Hu and Ryan Kastner from UCSD, Baolei Mao from Northwestern Polytechnical University, and Jason Oberg of Tortuga Logic titled Detecting Hardware Trojans with Gate-Level Information-Flow Tracking. It uses a technique called GLIFT — gate-level information flow tracking — which assigns a label to important data in a hardware design.
For example, if a test engineer wishes to understand the flow of, say, a cryptographic key, he would write a formal property asserting that the labeled key data should be constrained within a secure area. If the key flows outside of that area, then the hardware is capable of being compromised.
The authors admit that this new process cannot detect all types of hardware trojan, such as those that leak information through physical side channels. Nevertheless, they conclude, “our method holds a unique place in the spectrum of methods to detect hardware Trojans – namely, the identification of Trojans that can cause violation of information-flow security properties related to confidentiality and integrity.”

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- Sysdig Launches Realtime Attack Graph for Cloud Environments
- The CISO Carousel and Its Effect on Enterprise Cybersecurity
- Venafi Leverages Generative AI to Manage Machine Identities
- Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd
- OT/IoT and OpenTitan, an Open Source Silicon Root of Trust
- CISOs and Board Reporting – an Ongoing Problem
- Vector Embeddings – Antidote to Psychotic LLMs and a Cure for Alert Fatigue?
- The Team8 Foundry Method for Selecting Investable Startups
Latest News
- US State Department Says 60,000 Emails Taken in Alleged Chinese Hack
- Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product
- Verisoul Raises $3.25 Million in Seed Funding to Detect Fake Users
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Government Shutdown Could Bench 80% of CISA Staff
- Moving From Qualitative to Quantitative Cyber Risk Modeling
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
- Russian Zero-Day Acquisition Firm Offers $20 Million for Android, iOS Exploits
