Hardware Trojans are created through the malicious and intentional alteration of hardware which produce effects unintended by initial design. They reside at the lowest level of information processing – on the integrated circuit (IC) board. Hardware Trojans are able to leak sensitive information, they can cause incorrect functioning of a component, or they can cause a component to fail in a Denial of Service (DoS) attack. Hardware Trojans are an increasing threat to every processing environment, particularly to commercial and military applications, as well as to critical infrastructure.
Hardware Trojans can be practically impossible to detect. They are undetectable at the software layer such as from a PC’s or mobile device’s anti-virus software as they operate on the hardware below the operating system level.
Integrated circuits can be compromised and infected with a hardware Trojan either during manufacture or post-manufacture tampering. With the globalisation of electronic component manufacture, where parts are manufactured or assembled in numerous countries, the threat of hardware Trojans is real and increasing. It is very difficult or impossible to ensure hardware integrity.
Hardware Trojans are not new. In 2007 Dr Fouad Kiamilev of the CVORG facility of the University of Delaware, demonstrated the leaking of an AES encryption key through a hardware Trojan, at DEFCON. The team showed how details of the AES encryption key could be transmitted from the system (1) through optical means (the pulsating of the power LED), (2) through thermal energy (pulses in the heat of a circuitry component, and (3) through transmission through an unused pin or cable connector.
Adding, removing or modifying circuitry components can be detected through quality control and integrity checks. Advanced scanning techniques, such as Scanning Optical Microscopy (SOM) or Scanning Electrical Microscopy (SEM) can show up any discrepancies in a circuit board.
However, a group of four researchers from the US and Europe demonstrated how they can introduce a hardware Trojan without any noticeable trace. These researchers made changes to the dopant polarity of individual transistors to weaken the chip’s random number generator. Dopant (or doping agent) is a trace impurity element added to a semi-conductor which alters its electrical properties. The team were able to make secret keys predictable by sabotaging the random number generator instructions through dopant infection of Intel’s Ivy Bridge processors.
In today’s interconnected world, it is not feasible to move all critical hardware production in-house. More research needs to go into ensuring hardware has not been compromised by Trojans. Consider for example, a USB-based hardware Trojan – it would not be very difficult to infiltrate and compromise computer networks through malware introduced in this way. Integrated circuits are the backbone of every electronic system: computer networks, communication systems, military weapons, power systems, financial systems, etc. The potential for disruption from DoS attack through hardware Trojans should not be understated.
Hardware Trojans raises many questions. With what we now know from the NSA revelations, has a Western power inserted Trojans into popular hardware enabling spying, backdoors and defeating encryption? What trust can we have in hardware in which a component has either been manufactured or assembled overseas such as in China (especially after the Mandiant exposure of APT1)?