Researchers have shown that it is possible to compromise the functioning of a cryptographic chip without changing its physical layout. Based on altering the distribution of dopants in a few components on the chip during fabrication, this method represents a big challenge for cyber-security as it is nearly impossible to detect with any currently practical detection scheme.
Progress in the design and fabrication of processor chips is mainly aimed at making them faster and smaller. There is another important requirement, however – ensuring that they function as intended. In particular, the cryptographic functions of new chips must provide the level of security with which they were designed. If they fail in this task, even use of sophisticated security software, physical isolation, and well vetted operators cannot ensure the security of a system.
Such structural attacks on the functions of a chip are called hardware Trojans, and are capable of rendering ineffective the security protecting our most critical computer systems and data. Both industry and governments have put a great deal of not very public effort into the problem of hardware Trojans. The most reliable tests to find hardware Trojans will be applied to the finished product. So how are they tested and what are the implications of the new research?
Extremely sophisticated devices for functional testing abound in the world of IC design and fabrication. Unfortunately, such testing is usually not very effective for finding hardware Trojans. It is impossible in any practical sense to test all patterns of activation of all components in the chip, so the test patterns are usually designed to test all the known gates on the chip. While such patterns catch most accidental design flaws and fabrication defects, they are likely to fail to activate malicious logic elements added to the original design.
While reverse-engineering a chip sounds like a good way to detect hardware alterations, the problem is considerably more slippery when the goal is to find hardware Trojans. When reverse-engineering is the goal, you start with your competitor's chip, and try to decipher and duplicate the chip. While various techniques can be applied to the chip to complicate this process, you are never in any doubt that the original chip works properly.
If a production chip is suspected of harboring hardware Trojans, however, the structure revealed in the disassembly process must be compared with some reference design. The ideal reference is a "golden chip", meaning a chip known to accurately reflect the goals of the desired chip functionality with no additions, subtractions, or alterations. We'll talk about where such a chip might come from later.
Unfortunately, the complex design and fabrication process is nearly always farmed out to contractors and subcontractors worldwide. While this approach to design and fabrication is cost-effective, the overall manufacturing entity gives up a good deal of control over the various stages of the process. As a result, it is hard to be sure that your golden chip isn't simply a gilt imitation. If a supposedly golden chip actually contains the same hardware Trojans as do the production chips, all the comparative testing in the world won't find them.
The UMass team has demonstrated disruption of the Ivy Bridge chip so that it generates far simpler pseudorandom numbers. The resulting chip does not provide acceptable levels of cryptographic security.
The authors of this research point out that altered doping profiles are currently used in commercial code-obfuscation systems to prevent an attacker from optically reverse-engineering a chip. This suggests that the changes required to convert an inverter gate into a Trojan gate will not be detected by such structural analysis. Methods do exist to probe the local doping characteristics of a silicon layer, which could in principle be used to identify a hardware Trojan of the type described in the present research. However, these methods examine one tiny patch of material at a time, making their use to check a billion transistors impractical.
The doping-profile Trojan approach identified by the UMass-based research team could be applied in many ways to compromise the functionality of cryptographic systems without being noticed. Now that the possibility of such stealthy attacks on cryptographic systems has been established, a great deal of effort will doubtless go into our ability to detect them.
Source: Stealthy Dopant-Level Hardware Trojans[PDF]
See the stories that matter in your inbox every morning