Stealthy Dopant-Level Hardware Trojans
Eugen Leitl
eugen at leitl.org
Fri Sep 13 02:49:24 PDT 2013
http://people.umass.edu/gbecker/BeckerChes13.pdf
Stealthy Dopant-Level Hardware Trojans ?
Georg T. Becker1
, Francesco Regazzoni2
, Christof Paar1,3 , and Wayne P. Burleson1
1University of Massachusetts Amherst, USA
2TU Delft, The Netherlands and ALaRI - University of Lugano, Switzerland
3Horst ortz Institut for IT-Security, Ruhr-Universiat Bochum, Germany
Abstract.
In recent years, hardware Trojans have drawn the attention of governments and
industry as well as the scientific community. One of the main concerns is
that integrated circuits, e.g., for military or critical infrastructure
applications, could be maliciously manipulated during the manufacturing
process, which often takes place abroad. However, since there have been no
reported hardware Trojans in practice yet, little is known about how such a
Trojan would look like, and how dicult it would be in practice to implement
one.
In this paper we propose an extremely stealthy approach for implementing
hardware Trojans below the gate level, and we evaluate their impact on the
security of the target device. Instead of adding additional circuitry to the
target design, we insert our hardware Trojans by changing the dopant polarity
of existing transistors. Since the modified circuit appears legitimate on all
wiring layers (including all metal and polysilicon), our family of Trojans is
resistant to most detection techniques, including fine-grain optical
inspection and checking against "golden chips". We demonstrate the
ectiveness of our approach by inserting Trojans into two designs | a digital
post-processing derived from Intel's cryptographically secure RNG design used
in the Ivy Bridge processors and a side-channel resistant SBox implementation
and by exploring their detectability and their ects on security.
Keywords: Hardware Trojans, malicious hardware, layout modifications, Trojan
side-channel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20130913/832ab42b/attachment-0001.sig>
More information about the cypherpunks
mailing list