hardly detectable backdoors at the chip-level – hardware trojans

Bruce Schneier with Interesting research into undetectably adding backdoors into computer chips during manufacture


In recent years, hardware Trojans have drawn
the attention of governments and industry as well as
the scientific community. One of the main concerns is
that integrated circuits, e.g., for military or critical-
infrastructure applications, could be maliciously ma-
nipulated during the manufacturing process, which of-
ten takes place abroad. However, since there have been
no reported hardware Trojans in practice yet, little is
known about how such a Trojan would look like, and
how difficult it would be in practice to implement one.
In this paper we propose an extremely stealthy ap-
proach for implementing hardware Trojans below the
gate level, and we evaluate their impact on the security
of the target device. Instead of adding additional cir-
cuitry to the target design, we insert our hardware Tro-
jans by changing the dopant polarity of existing tran-
sistors. Since the modified circuit appears legitimate
on all wiring layers (including all metal and polysili-
con), our family of Trojans is resistant to most detec-
tion techniques, including fine-grain optical inspection
and checking against “golden chips”. We demonstrate
the effectiveness of our approach by inserting Trojans
into two designs — a digital post-processing derived
from Intel’s cryptographically secure RNG design used
in the Ivy Bridge processors and a side-channel resis-
tant SBox implementation — and by exploring their
detectability and their effects on security.

Link to PDF: Stealthy Dopant-Level Hardware Trojans: Extended Version

Schreiben Sie einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.