University of Massachusetts Amherst

Search Google Appliance

Paper on Stealthy Trojans Attracting International Attention

A paper authored by, among others, three researchers in the Electrical and Computer Engineering Department has been attracting international attention in the media. ECE Ph.D. student Georg T. Becker, Adjunct Professor Christof Paar, and Professor Wayne Burleson were among the authors of a paper entitled “Stealthy Dopant-Level Hardware Trojans,” presented in August at the Cryptographic Hardware and Embedded Systems 2013 (CHES 2013) workshop in Santa Barbara, California. “CHES 13 is the largest conference in applied crypto with more than 400 participants,” explains Paar in summarizing his paper. “We presented a way of building hidden hardware Trojans.” So far the paper has been covered in Slashdot (slashdothardware-trojans), Ars Technica (arstechnica.cpus/), Computerworld (computerworld.trojans), and Germany’s Der Spiegel (spiegel.html).

The paper was also authored by Francesco Regazzoni of TU Delft, the Netherlands, and ALaRI, University of Lugano, Switzerland.

As the abstract of the paper explains, “In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like, and how difficult it would be in practice to implement one.

“In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against ‘golden chips.’

“We demonstrate the effectiveness of our approach by inserting Trojans into two designs: a digital post-processing derived from Intel's cryptographically secure true random number generator  used in the Ivy Bridge processors and a side-channel resistant SBox implementation; and by exploring their detectability and their effects on security.”


A Slashdot website article also summarizes the research:

"A team of researchers funded in part by the NSF has just published a paper in which they demonstrate a way to introduce hardware Trojans into a chip by altering only the dopant masks of a few of the chip's transistors. From the paper: 'Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against ‘golden chips.’”

Slashdot added that “In a test of their technique against Intel's Ivy Bridge Random Number Generator (RNG) the researchers found that by setting selected flip-flop outputs to zero or one, 'Our Trojan is capable of reducing the security of the produced random number from 128 bits to n bits, where n can be chosen.' They conclude that 'Since the Trojan RNG has an entropy of n bits and [the original circuitry] uses a very good digital post-processing, namely AES, the Trojan easily passes the NIST random number test suite if n is chosen sufficiently high by the attacker. We tested the Trojan for n = 32 with the NIST random number test suite and it passed for all tests. The higher the value n that the attacker chooses, the harder it will be for an evaluator to detect that the random numbers have been compromised.' (September 2013)