hardware trojans
DESCRIPTION
Hardware Trojan is a designedly modification of an IC ensuing in the unsought conduct of an electronic device when desired to be in operation with a malicious intent without the knowledge of the user. This undesired conduct in the IC may take any of the forms viz Logic Modification which might involve placing an additional logic gate with a optional activation programmed can to give unlooked-for output signal leading to overall erred result or it can be an Electrical modification that would fudge the timing characteristics of IC by doing additional capacitive loading on a circuit path.The presentation brings out an over view of this emerging threat.TRANSCRIPT
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 1/83
1260 –
1180 BCBronze Age
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 2/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 3/83
After a fruitless 10-year siege, the Greeks constructed a huge
wooden horse, and hid a select force of men inside. The Greeks
pretended to sail away and that night the Greek force crept out of the
horse and opened the gates for the rest of the Greek army anddestroyed the city of Troy
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 4/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 5/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 6/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 7/83
The views expressed in this presentation
are Mere Apne. Reference to anyspecific products, process, or service do
not necessarily constitute or imply
endorsement, recommendation, or
favoring by any Government
ALL FIGURES IN THE PPT ARE ONLY FOR DEPICTION
PURPOSE.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 8/83
Not here
to
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 9/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 10/83
A Hardware Trojan is a
Malicious Modification of thecircuitry of an integrated circuit.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 11/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 12/83
“ Outsourcing the fabrication and design to third
parties imputed to the huge scales of requirements
and economies involved ”
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 13/83
Bogus packaging
could disguise a
questionable chip as
legitimate one &
baking a chip for 24
hours after
fabrication could
shorten its life span
from 15 years to a
scant 6 months
Adding 1000 extra
transistors during
either the design or
the fabrication
process could create
a kill switch or a
trapdoor or could
enable access for a
hidden code that
shuts off all.
NICK THE WIRE
A notch in few
interconnects would
be almost
impossible to detectbut would cause
eventual mechanical
failure as the wire
become overloaded.
ADD ORRECONNECT WIRING
During the layout
process, new circuit
traces and wiring
can be added to thecircuit. A skilled
engineer familiar
with the chips
blueprint could
reconnect the wiresto undesired output.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 14/83
DESIGN
• Untrusted Thirdparty IP cores
• Untrusted CADtools
• Untrustedautomation scripts
• Untrusted Libraries
FABRICATION
• UntrustedFoundries
TEST & VALIDATIONS
• Untrusted if notdone in-house
• Trusted if done inhouse
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 15/83
The IP core can be described as being
for chip design what a library is for computer
programming .
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 16/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 17/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 18/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 19/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 20/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 21/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 22/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 23/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 24/83
****Focused ion beam is a technique used particularly in the semiconductor industry, materialsscience for deposition, and ablation of materials.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 25/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 26/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 27/83
Hardware Trojans
Physical
Distribution
Structure
Size
Type
Activation
Externally
Antenna
Sensor
Internally Always on Conditional
Logic
Sensor
Action
Transmit
Modify Specs
Modify Function
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 28/83
Hardware Trojans
DesignPhase
Specs
Fabrication
Test
Assemblyand
Package
AbstractionLevel
SystemLevel
Development
RT Level
Gate Level
PhysicalLevel
Effects
ChangeFunction
ChangeSpecs
Leak Info
Denial ofService
Location
Part/Identity
Processor
Memory
I/O
PowerSupply
Clock
Activation
Always on Triggered
Internally
Externally
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 29/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 30/83
Internet of Things
• 10 billion Devices and Counting
• Everything right from your computer to your phone to
your microwave can be compromised without you ever
knowing about it.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 31/83
Logistics Systems and Support domain:
Transport Infrastructure, Traffic Control,
Metro/Rail Monitoring & Control
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 32/83
Civil Critical Applications: Banking, Stock
market IT Infrastructure
Milit S st s W C t l s st s
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 33/83
Military Systems: Weapon Control systems,
Satellite controls, Radar systems,
Surveillance Systems, Decision support
Systems.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 34/83
Aviation and Aeronautics industry : Flight
control systems , Space Shuttles, Satellitesetc.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 35/83
Miscellaneous
Data centers IT Infrastructure, Personal Info
stored in Clouds, Government Systems inCritical Setups etc
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 36/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 37/83
Attribute Hardware Trojans Software Trojans
Agency involved
to infect
Pre fabrication embedding in
the hardware IC during
manufacturing or retrofitted
later.
Resides in code of the OS or
in the running applications
and gets activated whilst
execution.
Mode
Third party untrusted
agencies involved to
manufacture ICs in various
stages of fabrication.
Downloading malicious files
from internet or via social
engineering methodsexecuting malicious files or
commonly sources USB etc.
Current Remedial
Measureavailable
Currently none since one
embedded there is no way to
remove the same other then
destroying.
Signatures released by
antivirus companies and
software patches based on
behavioral pattern observed.
Behavioral
Attribute
Once activated the behavioral
action of the Hardware
Trojan cannot be changed.
A Trojan behavior can
change by further update or
patch application etc
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 38/83
Anatomy of a
Events which enable the
Trojan Payload
Stealth depends on Triggers
The Ammo / firepower
Size is not proportional todestruction
Prior to triggering, a hardware trojan lies dormant without
interfering with the operation of any electronics.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 39/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 40/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 41/83
“September 2007, Israeli jets bombed a suspected nuclear
installation in northeastern Syria. Among the many mysteriesstill surrounding that strike was the failure of Syrian radar,
supposedly state of the art, to warn the Syrian military of the
incoming assault. It wasn’t long before military and
technology bloggers concluded that this was an incident of
electronic warfare and not just any kind. Post after post
speculated that the commercial off-the-shelf microprocessors
in the Syrian radar might have been purposely fabricated witha hidden “backdoor” inside. By sending a preprogrammed
code to those chips, an unknown antagonist had disrupted
the chips’ function and temporarily blocked the radar ”
Source : IEEE spectrum, 2007
Syrian RADAR Case
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 42/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 43/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 44/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 45/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 46/83
Computer Chip in a Commercial Jet
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 47/83
Computer Chip in a Commercial Jet
Compromised
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 48/83
Laptop Batteries Can Be Bricked
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 49/83
• The method involves accessing and sending
instructions to the chip housed on smart batteries
• Completely disables the batteries on laptops , making
them permanently unusable,
• Perform a number of other unintended actions like
false reporting of battery levels, temperature etc.
• Could also be used for more malicious purposes down
the road.
Laptop Batteries Can Be Bricked
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 50/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 51/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 52/83
A advantageously contrived and implanted backdoor at anuntrusted fabrication facility involved in manufacturing the
typical pc processor can be victimized by a software
antagonist at a later scheduled time line.
This kind of a backdoor in a
processor will never bedivulged by the run of the mill
or state of the art antivirus
versions predominately
available COTS.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 53/83
• Sabotage on the Cryptographic Capability of Intel Processor
• Reduces the entropy of the random number generator from
128 bits to 32 bits.
• Accomplished by changing the doping polarity of a fewtransistors.
• Undetectable by built in self tests and physical inspection.
Intel Ivy Bridge Can’t Keep Your
Secret
**entropy is the randomness collected by an application for use in cryptography
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 54/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 55/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 56/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 57/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 58/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 59/83
A hardware Trojan to operate,
needs ground and power supply
which can be low or high
depending on the design it is
based on.
A Trojan that requires a low end
power supply will have low
chances of being detectedwhereas a Trojan requiring higher
power supply would be at a larger
chance of detection.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 60/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 61/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 62/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 63/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 64/83
A Golden Chip i hi hi h
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 65/83
A Golden Chip is a chip which
is known to not include malicious
modifications
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 66/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 67/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 68/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 69/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 70/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 71/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 72/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 73/83
CountermeasuresFor
Hardware Trojans
TrojanDetection
Approaches
Design ForSecurity
PreventInsertion
FacilitateDetection
Run TimeMonitoring
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 74/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 75/83
Hardware is theRoot of Trust; Even
a small maliciousmodification can be
devastating to
system security
Key Takeaway 1
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 76/83
Key Takeaway 2
Virtually any andevery Electronic
System around us
can be potentially
Compromised.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 77/83
Key Takeaway 3
Mostsemiconductor
companies
OUTSOURCE their
manufacturing due
to the high capitaland operational
costs
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 78/83
Key Takeaway 4
The trust in the
chip Design process
is Broken
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 79/83
A Hardware Trojanis near Impossible
to detect in tests
because its
designed to trigger
in mission mode
Key Takeaway 5
Key Takeaway 6
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 80/83
Long term research
can bring built in
security and tamper
resistance in IC
designs. However,for short term, the
threat can be
mitigated by making
the supply chain
trusted
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 81/83
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 82/83
http://www.eetimes.com/electronics-news/4373667/Report-reveals-fake-chips-in-military-hardware
• http://www.theatlanticwire.com/technology/2011/06/us-military-fake-microchips-china/39359/
• https://citp.princeton.edu/research/memory/media/
• Cyber security in federal government, Booz Allen Hamilton
• The hunt for the kill switch, IEEE Spectrum, May 2008• Report of the Defense Science Board Task Force on High Performance Microchip Supply,’’ Defense Science
Board, US DoD, Feb. 2005; http://www.acq.osd.mil/dsb/ reports/2005-02-HPMS_Report_Final.pdf.
• ‘‘Innovation at Risk Intellectual Property Challenges and Opportunities,’’ Semiconductor Equipment
and Materials International, June 2008.
• www.darpa.mil/mto/solicitations/baa07-24/index.html
• The hunt for the kill switch, IEEE Spectrum, May 2008
• Towards a comprehensive and systematic classification of hardware Trojans, J Rajendran et.al.• http://larc.ee.nthu.edu.tw/~cww/n/625/6251/05DFT0603.pdf
• X. Wang, M. Tehranipoor, and J. Plusquellic, ‘‘Detecting Malicious Inclusions in Secure Hardware:
Challenges and
• Hardware Trojan: Threats and Emerging Solutions, Rajat Subhra Chakraborty et al.
7/21/2019 HARDWARE TROJANS
http://slidepdf.com/reader/full/hardware-trojans-56d9f0aa85109 83/83
I am at :
http://about.me/anupam.tiwari