Is it so outlandish anymore to consider that an attacker interested in military, political or corporate espionage would be able to infiltrate a supply chain and drop malware onto an integrated circuit? Evidence of hardware-based Trojans is anecdotal at best, and experts believe a change in motherboard circuitry or wiring, for example, would be detectable either via visual inspection or in comparison to a gold copy of the hardware in question.
However, given that documents leaked by NSA whistleblower Edward Snowden intimate the U.S. spy agency was working with chipmakers and placing backdoors into hardware bound for foreign targets, the once-outlandish doesn’t seem so outrageous anymore.
And now, an international team of researchers may have upped the ante on hardware-based attacks. In a recently published paper, they describe how they are able to modify a circuit with malware and yet, to detection mechanisms, the circuit appears to be pristine.
“Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against ‘golden chips,’” the team—Georg T. Becker, Francesco Rgazzoni, Christof Paar and Wayne P. Burleson—wrote in its paper.
Dopant is a material that is added to semiconductor material that enables it to be electrically conductive. The researchers tested their stealthy Trojan on Intel’s random number generator design used in Ivy Bridge processors, as well as in a side-channel resistant SBox implementation.
While there is relatively little research available on hardware Trojans, the team dove into its research understanding that a jump in outsourcing—circuits are often designed in one location, likely built offshore, and then packed and distributed by more external parties—damages trust in the security of circuits.
“Even if chips are manufactured in a trusted [fabrication], there is the risk that chips with hardware Trojans could be introduced into the supply chain,” the researchers wrote. “The discovery of counterfeit chips in industrial and military products over the last years has made this threat much more conceivable.”
Some existing work on hardware Trojans, done mostly in academic settings, introduce malware at the hardware layer. This generally happens in a foundry setting where an attacker would have access only to layout masks; this limited access makes these types of attacks impractical because additional space is required for the malicious circuit and connections and would be easy to detect. Attacks using dopant have also been tried before where the concentration of dopant is changed to age the circuit, eventually causing it to fail. However, the researchers point out that approach is impractical because it’s impossible to predict when the circuit would fail and cause a denial-of-service condition.
The researchers said their approach is more realistic because it is done by modifying the polarity of the dopant, which can be done at a foundry setting, and still resist optical inspection and go undetected.
“A dedicated setup could eventually allow one to identify the dopant polarity. However, doing so in a large design comprising millions of transistors implemented with small technologies seems impractical and represents an interesting future research direction,” the paper said. “We exploit this limitation to make our Trojans resistant against optical reverse-engineering.”
“To the best of our knowledge, our dopant-based Trojans are the first proposed, implemented, tested, and evaluated layout-level hardware Trojans that can do more than act as denial-of-service Trojans based on aging effects.”
The paper explains in great detail how the researchers attacked the Intel Ivy Bridge processors and pulled off a side channel attack that leaked secret keys from the hardware.
Ivy Bridge generates unpredictable 128-bit random numbers for the security of transactions. The researchers were able to get their Trojan onto the processor at the sub-transistor level to compromise the security of the keys generated with its random number generator.
“Our Trojan is capable of reducing the security of the produced random number from 128 bits to n bits, where n can be chosen,” the researchers wrote. “Despite these changes, the modified Trojan RNG passes not only the Built-In-Self-Test (BIST) but also generates random numbers that pass the NIST test suite for random numbers.”
As for the side-channel Trojan, it demonstrates flexibility of the dopant Trojan by attacking weaknesses that enable side-channel attacks in iMDPL, or improved Masked Dual Rail Logic.
“Rather than modifying logic behavior of a design, dopant Trjoan establishes a hidden side-channel attack that leaks secret keys,” the researchers wrote. “The dopant Trojan can be used to compromise the security of a meaningful real-world target while avoiding detection by functional testing as well as Trojan detection mechanisms.”