04 December 2017

Understanding Hardware Trojans

As technology advances the demand for integrated circuit boards has increased exponentially.  This rapid growth in the industry has given rise to the “fabless” trend dominating today’s semiconductor industry.  In essence, western foundries are no longer able to cost-effectively produce goods to the same standard as their eastern counterparts, therefore, design and production companies are now farming this work out abroad.  While this is allowing companies to meet current demands it has created a situation whereby integrated circuits (IC’s) are becoming increasingly vulnerable to malicious attacks; by far the most concerning of these threats is the hardware trojan.

What is a hardware Trojan?

A hardware trojan can be described as a malicious alteration or inclusion to an integrated circuit (IC) that will either change its intended function or cause it to perform an additional malicious function. These malicious inclusions or alterations are generally extremely small and are programmed to activate only under a specific set of circumstances defined by their author.  Once active a hardware trojan can be used to leak confidential data, alter the intended function of a device or even to damage the IC itself.  As a result of their size and the difference in their structures and intended functions, they are extremely hard to detect, particularly whilst in their dormant form.

The Problem

The emergence of “fabless” companies has created numerous points of attack as each company involved in the manufacturing chain, from design to production, is a potential target.  The problem is such that even previously reputable foundries are vulnerable to attacks, all that is required is one employee to alter the existing design to include a trojan.  As most IC designs are extremely large containing huge amounts of code these inclusions are almost impossible to detect and the sheer size of the code can require that many people have access to it at a production level.

Design practices are also evolving – most designers now make use of IP cores when designing for IC boards.  IP cores are logical blocks of code that can be inserted into the design flow, as many of these IP cores are designed by third parties there is no way to guarantee that the contents of the logic block have not been tampered with.

The problem is expanded yet again when considered in relation to the growth in production of counterfeit goods, these goods are generally already being produced in less than reputable foundries by less than reputable companies so the inclusion of malicious code in the production process is far from unrealistic. As counterfeit goods are not generally sold through trustworthy channels it is impossible to recall products found to be unsafe or indeed to produce updated firmware to deal with emerging threats. This can expose consumers to a plethora of malicious attacks by hackers. For example, a trojan leaking cryptography keys in counterfeit IoT devices could potentially give hackers access to a network of devices that can be utilised in Mirai like attacks and cannot be recalled or patched.

Security Impact

As many military grade products utilise ICs, the problem of the hardware trojan is of critical importance with the threat level of the trojan being such that the ramifications could be catastrophic. Malicious inclusions of code could cause radars to fail, missiles to lose control and cryptography keys to be leaked.

While incidents of hardware trojans, particularly in relation to the military, are generally not openly spoken about due to potential consequences, there have been a few noted events that have raised eyebrows and sparked claims of hardware trojans. In 2007 it was rumoured that a backdoor built into a Syrian radar system was responsible for the systems failure to detect an incoming airstrike.  There are also reports of trojans being used by the USSR to intercept American communications during the cold war.

Security industries are not the only potential targets of a hardware trojan attack, there is also the threat of hardware trojan being used by rival firms in industrial sabotage.  An attack such as this could bring even global companies to their knees, particularly in industries such as technology and communications.  Aside from industrial sabotage, there is also a threat to consumer privacy, devices such as smartphones and tablets could be targeted by trojans designed to leak cryptography keys or private information.

In 2008 an experiment was carried out by the University of Illinois in which researchers designed and inserted a small backdoor circuit that gave access to privileged areas of the chip memory.  This trojan could then be used to change process numbers allowing attackers to perform all functions and access all data contained on the chip memory. It is easy to see why this could be catastrophic in settings such as finance.

As technology continues to advance the hardware trojan is set to become a global concern.  At this time there is no method of detection that is capable of finding hardware trojans in all of their forms and very few that can detect them whatsoever in their dormant state.  It is therefore imperative that research into this area is conducted across a much wider platform than is currently available and that the processes and procedures of the manufacturing chains, along with those of the foundries themselves, be more stringently regulated and monitored.