Researchers Develop Undetectable Hardware Trojan | The State of Security
Jared Sperli stashed this in security
A team of researchers from the University of Massachusetts announced they have produced an undetectable hardware-based Trojan that can evade detection.
The technique employed involves altering the dopant material in semiconductors that is used to allow the material to conduct electricity.
“Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against golden chips,” the researchers stated.
The team was able to demonstrate the technique by inserting Trojans into Intel’s cryp- tographically secure RNG used in the Ivy Bridge processors at the sub-transistor level which allowed them undermine the 128-bit random numbers generated and successfully exfiltrate data.
“Our Trojan is capable of reducing the security of the produced random number from 128 bits to n bits, where n can be chosen. Despite these changes, the modified Trojan RNG passes not only the Built-In-Self-Test (BIST) but also generates random numbers that pass the NIST test suite for random numbers,” the team said.
The research will certainly add to growing concerns about supply-chain security in the production and distribution of hardware on an international level, a subject that has major implications for the military, critical infrastructure, and the private sector.
“The dopant Trojan can be used to compromise the security of a meaningful real-world target while avoiding detection by functional testing as well as Trojan detection mechanisms.”