extremely stealthy hardware Trojans - existing transistor dopant polarity changes
Zenaan Harkness
zen at freedbms.net
Wed May 16 02:55:32 PDT 2018
Holy firetruck, Punkman, sh1rts gettin' real:
Georg T. Becker, Francesco Regazzoni, Christof Paar, and
Wayne P. Burleson in the abstract of a paper [PDF]
https://link.springer.com/article/10.1007/s13389-013-0068-0
In recent years, hardware Trojans have drawn the attention of
governments and industry as well as the scientific community. One of
the main concerns is that integrated circuits, e.g., for military or
critical-infrastructure applications, could be maliciously
manipulated during the manufacturing process, which often takes
place abroad. However, since there have been no reported hardware
Trojans in practice yet, little is known about how such a Trojan
would look like and how difficult it would be in practice to
implement one. In this paper we propose an extremely stealthy
approach for implementing hardware Trojans below the gate level, and
we evaluate their impact on the security of the target device.
Instead of adding additional circuitry to the target design, we
insert our hardware Trojans by changing the dopant polarity of
existing transistors. Since the modified circuit appears legitimate
on all wiring layers (including all metal and polysilicon), our
family of Trojans is resistant to most detection techniques,
including fine-grain optical inspection and checking against "golden
chips". We demonstrate the effectiveness of our approach by
inserting Trojans into two designs—a digital post-processing derived
from Intel's cryptographically secure RNG design used in the Ivy
Bridge processors and a side-channel resistant SBox
implementation—and by exploring their detectability and their
effects on security.
(From LWN Briefs: https://lwn.net/Articles/749980/ )
More information about the cypherpunks
mailing list