HARDWARE TROJANS

7/21/2019 HARDWARE TROJANS

http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 1/83

1260 –

1180 BCBronze Age



After a fruitless 10-year siege, the Greeks constructed a huge

wooden horse, and hid a select force of men inside. The Greeks

pretended to sail away and that night the Greek force crept out of the

horse and opened the gates for the rest of the Greek army anddestroyed the city of Troy



The views expressed in this presentation

are Mere Apne. Reference to anyspecific products, process, or service do

not necessarily constitute or imply

endorsement, recommendation, or

favoring by any Government

ALL FIGURES IN THE PPT ARE ONLY FOR DEPICTION

PURPOSE.



Not here

to



A Hardware Trojan is a

Malicious Modification of thecircuitry of an integrated circuit.



“ Outsourcing the fabrication and design to third

parties imputed to the huge scales of requirements

and economies involved ”



Bogus packaging

could disguise a

questionable chip as

legitimate one &

baking a chip for 24

hours after

fabrication could

shorten its life span

from 15 years to a

scant 6 months

Adding 1000 extra

transistors during

either the design or

the fabrication

process could create

a kill switch or a

trapdoor or could

enable access for a

hidden code that

shuts off all.

NICK THE WIRE

A notch in few

interconnects would

be almost

impossible to detectbut would cause

eventual mechanical

failure as the wire

become overloaded.

ADD ORRECONNECT WIRING

During the layout

process, new circuit

traces and wiring

can be added to thecircuit. A skilled

engineer familiar

with the chips

blueprint could

reconnect the wiresto undesired output.



DESIGN

• Untrusted Thirdparty IP cores

• Untrusted CADtools

• Untrustedautomation scripts

• Untrusted Libraries

FABRICATION

• UntrustedFoundries

TEST & VALIDATIONS

• Untrusted if notdone in-house

• Trusted if done inhouse



The IP core can be described as being

for chip design what a library is for computer

programming .



****Focused ion beam is a technique used particularly in the semiconductor industry, materialsscience for deposition, and ablation of materials.



Hardware Trojans

Physical

Distribution

Structure

Size

Type

Activation

Externally

Antenna

Sensor

Internally Always on Conditional

Logic

Sensor

Action

Transmit

Modify Specs

Modify Function



Hardware Trojans

DesignPhase

Specs

Fabrication

Test

Assemblyand

Package

AbstractionLevel

SystemLevel

Development

RT Level

Gate Level

PhysicalLevel

Effects

ChangeFunction

ChangeSpecs

Leak Info

Denial ofService

Location

Part/Identity

Processor

Memory

I/O

PowerSupply

Clock

Activation

Always on Triggered

Internally

Externally



Internet of Things

• 10 billion Devices and Counting

• Everything right from your computer to your phone to

your microwave can be compromised without you ever

knowing about it.



Logistics Systems and Support domain:

Transport Infrastructure, Traffic Control,

Metro/Rail Monitoring & Control



Civil Critical Applications: Banking, Stock

market IT Infrastructure

Milit S st s W C t l s st s



Military Systems: Weapon Control systems,

Satellite controls, Radar systems,

Surveillance Systems, Decision support

Systems.



Aviation and Aeronautics industry : Flight

control systems , Space Shuttles, Satellitesetc.



Miscellaneous

Data centers IT Infrastructure, Personal Info

stored in Clouds, Government Systems inCritical Setups etc



Attribute Hardware Trojans Software Trojans

Agency involved

to infect

Pre fabrication embedding in

the hardware IC during

manufacturing or retrofitted

later.

Resides in code of the OS or

in the running applications

and gets activated whilst

execution.

Mode

Third party untrusted

agencies involved to

manufacture ICs in various

stages of fabrication.

Downloading malicious files

from internet or via social

engineering methodsexecuting malicious files or

commonly sources USB etc.

Current Remedial

Measureavailable

Currently none since one

embedded there is no way to

remove the same other then

destroying.

Signatures released by

antivirus companies and

software patches based on

behavioral pattern observed.

Behavioral

Attribute

Once activated the behavioral

action of the Hardware

Trojan cannot be changed.

A Trojan behavior can

change by further update or

patch application etc



Anatomy of a

Events which enable the

Trojan Payload

Stealth depends on Triggers

The Ammo / firepower

Size is not proportional todestruction

Prior to triggering, a hardware trojan lies dormant without

interfering with the operation of any electronics.



“September 2007, Israeli jets bombed a suspected nuclear

installation in northeastern Syria. Among the many mysteriesstill surrounding that strike was the failure of Syrian radar,

supposedly state of the art, to warn the Syrian military of the

incoming assault. It wasn’t long before military and

technology bloggers concluded that this was an incident of

electronic warfare and not just any kind. Post after post

speculated that the commercial off-the-shelf microprocessors

in the Syrian radar might have been purposely fabricated witha hidden “backdoor” inside. By sending a preprogrammed

code to those chips, an unknown antagonist had disrupted

the chips’ function and temporarily blocked the radar ”

Source : IEEE spectrum, 2007

Syrian RADAR Case



Computer Chip in a Commercial Jet



Computer Chip in a Commercial Jet

Compromised



Laptop Batteries Can Be Bricked



• The method involves accessing and sending

instructions to the chip housed on smart batteries

• Completely disables the batteries on laptops , making

them permanently unusable,

• Perform a number of other unintended actions like

false reporting of battery levels, temperature etc.

• Could also be used for more malicious purposes down

the road.

Laptop Batteries Can Be Bricked



A advantageously contrived and implanted backdoor at anuntrusted fabrication facility involved in manufacturing the

typical pc processor can be victimized by a software

antagonist at a later scheduled time line.

This kind of a backdoor in a

processor will never bedivulged by the run of the mill

or state of the art antivirus

versions predominately

available COTS.



• Sabotage on the Cryptographic Capability of Intel Processor

• Reduces the entropy of the random number generator from

128 bits to 32 bits.

• Accomplished by changing the doping polarity of a fewtransistors.

• Undetectable by built in self tests and physical inspection.

Intel Ivy Bridge Can’t Keep Your

Secret

**entropy is the randomness collected by an application for use in cryptography



A hardware Trojan to operate,

needs ground and power supply

which can be low or high

depending on the design it is

based on.

A Trojan that requires a low end

power supply will have low

chances of being detectedwhereas a Trojan requiring higher

power supply would be at a larger

chance of detection.



A Golden Chip i hi hi h



A Golden Chip is a chip which

is known to not include malicious

modifications



CountermeasuresFor

Hardware Trojans

TrojanDetection

Approaches

Design ForSecurity

PreventInsertion

FacilitateDetection

Run TimeMonitoring



Hardware is theRoot of Trust; Even

a small maliciousmodification can be

devastating to

system security

Key Takeaway 1



Key Takeaway 2

Virtually any andevery Electronic

System around us

can be potentially

Compromised.



Key Takeaway 3

Mostsemiconductor

companies

OUTSOURCE their

manufacturing due

to the high capitaland operational

costs



Key Takeaway 4

The trust in the

chip Design process

is Broken



A Hardware Trojanis near Impossible

to detect in tests

because its

designed to trigger

in mission mode

Key Takeaway 5

Key Takeaway 6



Long term research

can bring built in

security and tamper

resistance in IC

designs. However,for short term, the

threat can be

mitigated by making

the supply chain

trusted



http://www.eetimes.com/electronics-news/4373667/Report-reveals-fake-chips-in-military-hardware

• http://www.theatlanticwire.com/technology/2011/06/us-military-fake-microchips-china/39359/

• https://citp.princeton.edu/research/memory/media/

• Cyber security in federal government, Booz Allen Hamilton

• The hunt for the kill switch, IEEE Spectrum, May 2008• Report of the Defense Science Board Task Force on High Performance Microchip Supply,’’ Defense Science

Board, US DoD, Feb. 2005; http://www.acq.osd.mil/dsb/ reports/2005-02-HPMS_Report_Final.pdf.

• ‘‘Innovation at Risk Intellectual Property Challenges and Opportunities,’’ Semiconductor Equipment

and Materials International, June 2008.

• www.darpa.mil/mto/solicitations/baa07-24/index.html

• The hunt for the kill switch, IEEE Spectrum, May 2008

• Towards a comprehensive and systematic classification of hardware Trojans, J Rajendran et.al.• http://larc.ee.nthu.edu.tw/~cww/n/625/6251/05DFT0603.pdf

• X. Wang, M. Tehranipoor, and J. Plusquellic, ‘‘Detecting Malicious Inclusions in Secure Hardware:

Challenges and

• Hardware Trojan: Threats and Emerging Solutions, Rajat Subhra Chakraborty et al.



I am at :

[email protected]

http://about.me/anupam.tiwari

mailto:[email protected]





mailto:[email protected]

HARDWARE TROJANS

Documents

Transcript of HARDWARE TROJANS