Hardware Trojans (HTs) are an emerging threat to the integrity of Integrated Circuits (ICs) and their applications. Malicious hardware modification during the manufacture of commercial and consumer devices. It is a serious security problem. Such tampering alters the functional behavior of an integrated circuit (IC), which can have disastrous effects on the safety of critical applications.
Apart from commercial and consumer devices, Hardware Trojans have evolved as a danger to the military weaponry and other sophisticated weapons also in the form of ICs/SoCs used in the complex weapons, and those HTs are most commonly known as Kill Switch. Because the majority of countries rely on foreign armament companies, this threat is growing increasingly prevalent.
Attackers or the controller of the kill switch try to control the operation of ICs by activating HTs, which can have severe consequences such as denial of service, sensitive information leakage, or deactivation of the whole device, etc. The threats of HTs are enormous, but the interest is focused on the use of HTs as a Kill Switch in the military’s complex and sophisticated weaponry, and various ways to avoid HTs have been presented by many engineers during the last years, but whether they are effective is a question mark.
In this article, we have explained Hardware Trojans and ways to prevent them. We have also highlighted the key problems and major threats connected with this security risk and the research that will be required to solve them in the future.
What are Hardware Trojans?
Hardware Trojan (HTs) are malicious alterations of an integrated circuit’s circuitry. In other terms, a Hardware Trojan is any malicious addition or change to a circuit or system, so that with the help of this integration electronic systems could be controlled remotely with radio waves or the Malicious addition could activate itself when certain conditions happen or triggers.
In many cases, HTs may be a chip implanted in an integrated circuit’s circuitry(electronics hardware) or it may be a computer program that has been coded and injected into an integrated circuit’s memory chips or storage chips.
The physical and structural extension of a HTs, or the number of components it is comprised of, determines its size. The designer can spread the parts of a harmful logic on the chip since a Trojan might be made up of several components. The extra logic may be placed anywhere on the chip to alter, add, or delete a function. On the one hand, harmful components can be dispersed if the Trojan’s operation requires it. This is referred to as loose dispersion. On the other hand, because a Trojan may be made up of only a few components, the space where harmful logic fills the chip architecture is limited. This is referred to as tight distribution. If the designer find out no effect of that HT, he regenerates the layout, changing the arrangement of the IC’s components, and in this the dimension of the chip is also changed sometimes.
Types of Hardware Trojans
HTs can be named and categorised using a variety of methods, such as knowing its physical representation, trigger, payload, secrecy, activation phase, and action phase. We have also tried to classify the types of HTs in a similar way.
- Based on its physical characteristic: it can be either functional or parametric, for example it can be functional if the adversary adds or deletes any transistors or gates to the original chip desig, and parametric Trojan, modifies the original circuitry, like thinning of wires, weakening of flip-flops or transistors, subjecting the chip to radiation, or using Focused Ion-Beams to reduce the reliability of a chip.
- Based on its condition, action or activation characteristic: condition-based HTs can be triggered by sensors, internal logic states, a particular input pattern or an internal counter value. Action could modify the chip’s function or change its parametric properties or can also be transmit confidential information to the enemy. Activation could activate HTs through radio signals, targeted laser signals or any orther methods.
- Based on Peripheral device types: it can be designed to communicate with the network endpoint using the permitted peripheral device’s communication protocol. For example, a USB keyboard that communicates with the target network endpoint via unintended USB channels to disguise all malicious processor cycles from the target network endpoint to which it is attached. After extracting data HT may process it and determine what to do with it. It may also be able to transfer it to the internet via wireless, or use the hacked network endpoint as a pivot.
How can HTs be activated?
Hardware Trojans can be activated in a variety of ways. Internally active Trojans monitor one or more signals inside the integrated circuit. The harmful circuitry might wait for an attacker to add countdown logic to the chip, causing the Trojan to wake up after a set amount of time. The polar opposite is triggered externally. Malicious circuitry can exist inside a chip that makes use of an antenna or other sensors that an enemy can access from outside the chip. A Trojan might, for example, be hidden inside a fighter jet’s control system. The jet’s pilot is unaware that the enemy will be able to turn off jet’s missile system through radio signals or targeted laser signals.
Major threats of Hardware Trojans
- Change or control the functioning of an Integrated Circuit (IC) or a System on Chip (SoC), such as the logic value of a security-critical flipflop with significant consequences.
- A Hardware Trojan can help leak sensitive information by propagating internal signals to the output pins, for example. To attackers, these signals can reveal sensitive information.
- Reduce circuit reliability, for example, by adding circuitry capable of producing local temperature hotspots in the IC and, as a result, eventually causing the chip to fail.
- If an HT can work as a Kill Switch, when activated the functionality can be changed, the whole system can be destroyed or disabled.
- Hardware Trojans are persistent, which means that once a system is infected, the danger persists every time the machine is powered on.
- They have the capacity to erode trust in all modern technological systems thus can be introduced as hidden “Front-doors” or “Back doors” that are unwittingly inserted while designing a computer chip, by using a pre-made application-specific integrated circuit (ASIC) semiconductor intellectual property core (IP Core) purchased from an untrustworthy source or inserted internally.
HTs as a Kill Switch in the Military’s Complex and Sophisticated Weapons
Kill Switch in the military weapons means if you have the codes or access you can control any complex weapon remotely that has a kill switch implanted or the trojan chip may automatically be activated in certain conditions or it may automatically activate by itself. For example, you can shut off a fighter jet’s missile-launching electronics or shut off the entire jet electronics.
The scenarios of HTs as a Kill Switch in the military’s complex and sophisticated weapons are cropping up more often. According to a U.S. defense contractor who spoke on condition of anonymity, a European chipmaker recently built microprocessors a kill switch that could be accessed remotely. French defense contractors said to IEEE Spectrum that they have used the chips in military equipment because if in the future the equipment fell into unfriendly hands, the French can disable its circuit remotely.
Smartphones, already incorporate this kind of capability. Apple introduced a remote “kill switch,” in case of a phone stolen a phone’s owner can use to make sure no one else can use his or her lost or stolen phone. If this feature is worth putting in consumer devices, why not it can be embedded in complex weapons.
Ways to prevent Hardware Trojans
Condition-based Trojans are detectable with power traces to some degree when inactive. That is due to the leakage currents generated by the trigger or counter circuit activating the Trojan.
Obfuscation is one type of preventative measure that may be used to avoid stealthy HTs introduction. To induce an efficient HT, an attacker must have a thorough understanding of the IC he is attacking, particularly low controllability and observability nodes. If the defender obfuscates its IC (for example, by using functions that use a key that is unknown to the attacker), an attacker will have a higher chance of inducing benign HTs or HTs that are easily detected by traditional logic testing because they will have a higher chance of triggering during test-time.
Because of their stealthy nature, a vast number of potential instances, and wide diversity in structure and operating mode, traditional design-time verification and post-manufacturing testing cannot be easily expanded to identify hardware Trojans (HTs).
To learn How to prevent and Detect HTs read these articles:
- Hardware Trojan Attack and Defense Techniques By Aman Gupta
- Hardware Trojan: Threats and Emerging Solutions By Rajat Subhra Chakraborty, Seetharam Narasimhan, and Swarup Bhunia
Research required to solve Hardware Trojans threat
The main problem is determining whether or not the supplied product has been tampered with. There are no simple or cost-effective techniques to verify a delivered IC since they are extremely interconnected and complicated. Direct IC analysis can only be done destructively, and it is only valid for the chips that have been examined; it cannot ensure the integrity of all chips. As a result, non-destructive testing procedures that may be used on any chip are required. Logic testing or Side-Channel Analysis are used to create these (SCA). Logic testing seeks out an output that deviates from the original design. While this could indicate the presence of an HT, the likelihood of detecting one is highly dependent on the complexity of the trigger.
Side-channels (for example, power usage and electromagnetic radiation) Radiations from an integrated circuit (IC radiations), previously only known in the context of Side-Channel Attacks, disclose information about a circuit’s interiority have been used to develop new technologies. As a result, it has the potential to be employed in HT detection. Although the techniques are highly promising, they do have certain inherent limitations.
HTs are dangerous threat to a nation and its implantation in weaponary is too crucial, thus there’s a need to make strong policies and laws and also need to ensure that these laws and policies must have followed by weapon companies. Countries like India whose most weapons are imported must think on this critical threat and also have be less dependent on foreign weapons. It would be worse if those kill switches become able to easily bypass confidential data, there is therefore a need for research, development and training to identify and eliminate HTs.
Today, however, we are consciously choosing to develop and distribute medium and heavy weapons without limiting their use. This decision has far-reaching consequences. Kill switches are worth investigating if they may spare even one innocent life, including the lives of our own warriors.
- S. Adee. The Hunt for the Kill Switch. In Proc. IEEE Spectrum, volume 45, pages 34–39, 2008.
- S. Skorobogatov and C. Woods. Breakthrough Silicon Scanning Discovers Backdoor in Military Chip. In Proc. Cryptographic Hardware and Embedded Systems − CHES, volume 7428, pages 23–40, 2012.
- J. Kumagai. Chip Detectives. In IEEE Spectrum, Volume 37, pages 43–48, 2000.
- S. Jha and S. K. Jha. Randomization Based Probabilistic Approach to Detect Trojan Circuits. In Proc. IEEE High Assurance Systems Engineering Symposium − HASE, pages 117–124, 2008.
- R. S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, and S. Bhunia. MERO: A Statistical Approach for Hardware Trojan Detection. In Proc. Cryptographic Hardware and Embedded Systems − CHES, volume 5747, pages 396–410, 2009.
- D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar. Trojan Detection using IC Fingerprinting. In Proc. IEEE Symposium on Security and Privacy − SP, pages 296–310, 2007.
- M. Banga and M. S. Hsiao. A Region Based Approach for the Identification of Hardware Trojans. In Proc. IEEE Workshop on HardwareOriented Security and Trust − HOST, pages 40–47, 2008.
- Y. Alkabani and F. Koushanfar. Consistency-based Characterization for IC Trojan Detection. In Proc. IEEE International Conference on Computer-Aided Design − ICCAD, pages 123–127, 2009.
- M. Banga and M. S. Hsiao. A Novel Sustained Vector Technique for the Detection of Hardware Trojans. In Proc. IEEE International Conference on VLSI Design, pages 327–332, 2009.
- M. Potkonjak, A. Nahapetian, M. Nelson, and T. Massey. Hardware Trojan Horse Detection Using Gate-Level Characterization. In Proc. IEEE Design Automation Conference − DAC, pages 688–693, 2009.
- D. Du, S. Narasimhan, R. S. Chakraborty, and S. Bhunia. SelfReferencing: A Scalable Side-Channel Approach for Hardware Trojan Detection. In Proc. Cryptographic Hardware and Embedded Systems − CHES, volume 6225, pages 173–187, 2010.
- S. Narasimhan, D. Du, R. S. Chakraborty, S. Paul, F. Wolff, C. Papachristou, K. Roy, and S. Bhunia. Multiple-Parameter Side-Channel Analysis: A Non-Invasive Hardware Trojan Detection Approach. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 13–18, 2010. H. Salmani, M. Tehranipoor, and J. Plusquellic. A Layout-Aware Approach for Improving Localized Switching to Detect Hardware Trojans in Integrated Circuits. In IEEE International Workshop on Information Forensics and Security − WIFS, pages 1–6, 2010.
- P. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In Advances in Cryptology − CRYPTO, LNCS, volume 1666, pages 388–397, 1999.
- M. Banga and M. S. Hsiao. VITAMIN: Voltage Inversion Technique to Ascertain Malicious Insertions in ICs. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 104–107, 2009.
- Y. Jin and Y. Makris. Hardware Trojan Detection using Path Delay Fingerprint. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 51–57, 2008.
- R. Rad, J. Plusquellic, and M. Tehranipoor. Sensitivity Analysis to Hardware Trojans using Power Supply Transient Signals. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 3– 7, 2008.
- S. Narasimhan, X. Wang, D. Du, R. S. Chakraborty, and S. Bhunia. TeSR: A Robust Temporal Self-Referencing Approach for Hardware Trojan Detection. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 71–74, 2011.
- R. Rad, X. Wang, M. Tehranipoor, and J. Plusquellic. Power Supply Signal Calibration Techniques for Improving Detection Resolution to Hardware Trojans. In Proc. IEEE International Conference on Computer-Aided Design − ICCAD, pages 632–639, 2008.
- R. Rad, J. Plusquellic, and M. Tehranipoor. A Sensitivity Analysis of Power Signal Methods for Detecting Hardware Trojans Under Real Process and Environmental Conditions. In Proc. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, volume 18, pages 1735– 1744, 2010.
- C. Marchand and J. Francq. Low-Level Implementation and SideChannel Detection of Stealthy Hardware Trojans on Field Programmable Gate Arrays. In IET Computers and Digital Techniques, volume 8, pages 246–255, 2014.
- S. Bhasin, J.-L. Danger, S. Guilley, X. T. Ngo, and L. Sauvage. Hardware Trojan Horses in Cryptographic IP Cores. In Proc. IEEE Fault Diagnosis and Tolerance in Cryptography − FDTC, pages 15–29, 2013.
- I. Exurville, J. Fournier, J.-M. Dutertre, B. Robisson, and A. Tria. Practical Measurements of Data Path Delays for IP Authentication and Integrity Verification. In Proc. IEEE International Workshop on Reconfigurable and Communication-Centric Systems-on-Chip − ReCoSoC, pages 1–6, 2013.
- G. Di Natale, S. Dupuis, and B. Rouzeyre. Is Side-Channel Analysis Really Reliable for Detecting Hardware Trojans? In Proc. IEEE Conference on Design of Circuits and Integrated Systems − DCIS, pages 238–242, 2012.
- X. T. Ngo, Z. Najm, S. Guilley, S. Bhasin, and J.-L. Danger. Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel. In Proc. Security Proofs for Embedded Systems − PROOFS, 2014.
- S. Dupuis, G. Di Natale, M.-L. Flottes, and B. Rouzeyre. Identification of Hardware Trojans Triggering Signals. In Proc. Workshop on Trustworthy Manufacturing and Utilization of Secure Devices − TRUDEVICE, 2013.
- S. Dupuis, P.-S. Ba, G. Di Natale, M.-L. Flottes, and B. Rouzeyre. A Novel Hardware Logic Encryption Technique for thwarting Illegal Overproduction and Hardware Trojans. In Proc. IEEE International On-Line Testing Symposium − IOLTS, pages 49–54, 2014.
- H. Salmani, M. Tehranipoor, and J. Plusquellic. A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time. In Proc. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, volume 20, pages 112–125, 2012.
- X. T. Ngo, S. Guilley, S. Bhasin, J.-L. Danger, and Z. Najm. Encoding the State of Integrated Circuits: A Proactive and Reactive Protection against Hardware Trojans Horses. In Proc. ACM Workshop on Embedded Systems Security − WESS, 2014.
This Article was Published On: 30 July, 2021 And Last Modified On: 24 August, 2022
FACT CHECK: We strive for accuracy and fairness. But if you see something that doesn’t look right, please contact us
SUPPORT US: Help us deliver true multilingual stories to the world. Support the UNREVEALED FILES by making a small monetary contribution. Your contribution will help us run this platform. You can contribute instantly by clicking on this PAY NOW link or SUBSCRIBE membership.