hardware trojan
hardware trojan

Hardware Trojans (HTs) are an emerging threat to the integrity of Integrated Circuits (ICs) and their applications. Malicious hardware modification during the manufacture of commercial and consumer devices. It is a severe security problem. Such tampering alters the functional behavior of an integrated circuit (IC), which can have disastrous effects on the safety of critical applications.

Apart from commercial and consumer devices, Hardware Trojans have evolved as a danger to military weaponry and other sophisticated weapons in the form of ICs/SoCs used in complex weapons. Those HTs are most commonly known as Kill Switch. Because the majority of countries rely on foreign armament companies, this threat is growing increasingly prevalent.

Attackers or the controller of the kill switch try to control the operation of ICs by activating HTs, which can have severe consequences such as denial of service, sensitive information leakage, deactivation of the whole device, etc. The threats of HTs are enormous, but the interest is focused on using them as a Kill Switch in the military’s complex and sophisticated weaponry. Many engineers have presented various ways to avoid HTs during the last few years, but whether they are effective is a question mark.

In this article, we have explained Hardware Trojans and ways to prevent them. We have also highlighted the fundamental problems and major threats connected with this security risk and the research required to solve them in the future.

What are Hardware Trojans?

Hardware Trojans (HTs) are malicious alterations of integrated circuitry. In other terms, a Hardware Trojan is any negative addition or change to a circuit or system so that with the help of this integration, electronic systems could be controlled remotely with radio waves, or the Malicious addition could activate itself when certain conditions happen or triggers.

In many cases, HTs may be a chip implanted in an integrated circuitry(electronics hardware) or a computer program that has been coded and injected into an integrated circuit’s memory chips or storage chips.

The physical and structural extension of an HT, or its number of components, determines its size. The designer can spread the parts of harmful logic on the chip since a Trojan might have several features. The extra reason may be placed anywhere on the chip to alter, add, or delete a function. On the one hand, harmful ingredients can be dispersed if the Trojan’s operation requires it. This is referred to as loose dispersion.

Types of Hardware Trojans

HTs can be categorized using various methods, such as knowing their physical representation, trigger, payload, secrecy, activation, and action phases. We have also tried to classify the types of HTs similarly.

  • Based on its physical characteristic: it can be either functional or parametric; for example, it can be applied if the adversary adds or deletes any transistors or gates to the original chip design, and parametric Trojan, modifies the original circuitry, like thinning of wires, weakening of flipflops or transistors, subjecting the chip to radiation, or using Focused Ion-Beams to reduce the reliability of a chip.
  • Based on its condition, action, or activation characteristic: condition-based HTs can be triggered by sensors, internal logic states, a particular input pattern, or an internal counter value. For example, the action could modify the chip’s function, change its parametric properties, or transmit confidential information to the enemy. Activation could activate HTs through radio signals, targeted laser signals, or other methods.
  • Based on Peripheral device types: it can be designed to communicate with the network endpoint using the permitted peripheral device’s communication protocol. For example, a USB keyboard communicates with the target network endpoint via unintended USB channels to disguise all negative processor cycles from the target network endpoint to which it is attached. After extracting data, HT may process it and determine what to do with it. It may also transfer it to the internet via wireless or use the hacked network endpoint as a pivot.

How can HTs be activated?

Hardware Trojans can be activated in a variety of ways. Internally active Trojans monitor one or more signals inside the integrated circuit. The harmful circuitry might wait for an attacker to add countdown logic to the chip, causing the Trojan to wake up after a set time. The polar opposite is triggered externally. Malicious circuitry can exist inside a chip that uses an antenna or other sensors that an enemy can access from outside the chip. A Trojan might, for example, be hidden inside a fighter jet’s control system. The jet’s pilot is unaware that the enemy can turn off the jet’s missile system through radio or targeted laser signals.

Significant threats of Hardware Trojans

  • Change or control the functioning of an Integrated Circuit (IC) or a System on Chip (SoC), such as the logic value of a security-critical flipflop with significant consequences.
  • A Hardware Trojan can help leak sensitive information by propagating internal signals to the output pins, for example. To attackers, these signals can reveal sensitive information.
  • Reduce circuit reliability, for example, by adding circuitry capable of producing local temperature hotspots in the IC and, as a result, eventually causing the chip to fail.
  • If an HT can work as a Kill Switch when activated, the functionality can be changed, and the whole system can be destroyed or disabled.
  • Hardware Trojans are persistent, which means that once a system is infected, the danger persists every time the machine is powered on.
  • They can erode trust in all modern technological systems and thus can be introduced as hidden “Front-doors” or “Back doors” that are unwittingly inserted while designing a computer chip by using a pre-made application-specific integrated circuit (ASIC) semiconductor intellectual property core (IP Core) purchased from an untrustworthy source or inserted internally.

HTs as a Kill Switch in the Military’s Complex and Sophisticated Weapons

Kill Switch in military weapons means if you have the codes or access, you can control any complex weapon remotely that has a kill switch implanted, or the trojan chip may automatically be activated in certain conditions, or it may automatically start by itself. So, for example, you can shut off a fighter jet’s missile-launching electronics or shut off the entire jet’s electronics.

The scenarios of HTs as a Kill Switch in the military’s complex and sophisticated weapons are cropping up more often. For example, according to a U.S. defense contractor who spoke on anonymity, a European chipmaker recently built microprocessors with a kill switch that could be accessed remotely. French defense contractors said to IEEE Spectrum that they had used the chips in military equipment because if the equipment fell into unfriendly hands in the future, the French could disable its circuit remotely.

Smartphones already incorporate this kind of capability. For example, apple introduced a remote “kill switch,” in case of a phone stolen a phone’s owner can use to make sure no one else can use their lost or stolen phone. If this feature is worth putting in consumer devices, why not? It can be embedded in complex weapons.

Ways to prevent Hardware Trojans

Condition-based Trojans are detectable with power traces to some degree when inactive. That is due to the leakage currents generated by the trigger or counter circuit activating the Trojan.

Obfuscation is one preventative measure that may be used to avoid stealthy HTs introduction. An attacker must thoroughly understand the IC he is attacking to induce an efficient HT, particularly low controllability and observability nodes. Suppose the defender obfuscates its IC (for example, by using functions that use a key unknown to the attacker). In that case, an attacker will have a higher chance of inducing benign HTs or HTs that are easily detected by traditional logic testing because they will have a higher chance of triggering during test time.

Because of their stealthy nature, vast potential instances, and comprehensive structure and operating mode diversity, traditional design-time verification and post-manufacturing testing cannot be easily expanded to identify hardware Trojans (HTs).

To learn How to prevent and Detect HTs, read these articles:

Research required to solve Hardware Trojans threat

The main problem is determining whether or not the supplied product has been tampered with. Unfortunately, there are no simple or cost-effective techniques to verify a delivered IC since they are highly interconnected and complicated. Furthermore, direct IC analysis can only be done destructively and is only valid for the chips examined; it cannot ensure the integrity of all fragments. As a result, non-destructive testing procedures that may be used on any chip are required. Logic testing or Side-Channel Analysis is used to create these (SCA). Logic testing seeks out an output that deviates from the original design. While this could indicate the presence of an HT, the likelihood of detecting one is highly dependent on the complexity of the trigger.

Side-channels (for example, power usage and electromagnetic radiation) Radiations from an integrated circuit (IC radiations), previously only known in the context of Side-Channel Attacks, disclose information about a circuit’s interiority and have been used to develop new technologies. As a result, it can be employed in HT detection. However, although the techniques are up-and-coming, they have inherent limitations.

Conclusion

HTs are a dangerous threat to a nation, and their implantation in weaponry is too crucial. Thus there’s a need to make solid policies and laws and ensure that weapon company follows these laws and policies. Countries like India, whose most weapons are imported, must consider this critical threat and be less dependent on foreign weapons. It would be worse if those kill switches become able to bypass confidential data easily, there is, therefore, a need for research, development, and training to identify and eliminate HTs.

Today, however, we consciously choose to develop and distribute medium and heavy weapons without limiting their use. This decision has far-reaching consequences. Kill switches are worth investigating if they may spare even one innocent life, including the lives of our warriors.

Sources

  • S. Adee. The Hunt for the Kill Switch. In Proc. IEEE Spectrum, volume 45, pages 34–39, 2008.
  • S. Skorobogatov and C. Woods. Breakthrough Silicon Scanning Discovers Backdoor in Military Chip. In Proc. Cryptographic Hardware and Embedded Systems − CHES, volume 7428, pages 23–40, 2012.
  • J. Kumagai. Chip Detectives. In IEEE Spectrum, Volume 37, pages 43–48, 2000.
  • S. Jha and S. K. Jha. Randomization Based Probabilistic Approach to Detect Trojan Circuits. In Proc. IEEE High Assurance Systems Engineering Symposium − HASE, pages 117–124, 2008.
  • R. S. Chakraborty, F. Wolff, S. Paul, C. Papachristou, and S. Bhunia. MERO: A Statistical Approach for Hardware Trojan Detection. In Proc. Cryptographic Hardware and Embedded Systems − CHES, volume 5747, pages 396–410, 2009.
  • D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar. Trojan Detection using IC Fingerprinting. In Proc. IEEE Symposium on Security and Privacy − SP, pages 296–310, 2007.
  • M. Banga and M. S. Hsiao. A Region-Based Approach for the Identification of Hardware Trojans. In Proc. IEEE Workshop on HardwareOriented Security and Trust − HOST, pages 40–47, 2008.
  • Y. Alkabani and F. Koushanfar. Consistency-based Characterization for IC Trojan Detection. In Proc. IEEE International Conference on Computer-Aided Design − ICCAD, pages 123–127, 2009.
  • M. Banga and M. S. Hsiao. A Novel Sustained Vector Technique for the Detection of Hardware Trojans. In Proc. IEEE International Conference on VLSI Design, pages 327–332, 2009.
  • M. Potkonjak, A. Nahapetian, M. Nelson, and T. Massey. Hardware Trojan Horse Detection Using Gate-Level Characterization. In Proc. IEEE Design Automation Conference − DAC, pages 688–693, 2009.
  • D. Du, S. Narasimhan, R. S. Chakraborty, and S. Bhunia. SelfReferencing: A Scalable Side-Channel Approach for Hardware Trojan Detection. In Proc. Cryptographic Hardware and Embedded Systems − CHES, volume 6225, pages 173–187, 2010.
  • S. Narasimhan, D. Du, R. S. Chakraborty, S. Paul, F. Wolff, C. Papachristou, K. Roy, and S. Bhunia. Multiple-Parameter Side-Channel Analysis: A Non-Invasive Hardware Trojan Detection Approach. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 13–18, 2010. H. Salmani, M. Tehranipoor, and J. Plusquellic. A Layout-Aware Approach for Improving Localized Switching to Detect Hardware Trojans in Integrated Circuits. In IEEE International Workshop on Information Forensics and Security − WIFS, pages 1–6, 2010.
  • P. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In Advances in Cryptology − CRYPTO, LNCS, volume 1666, pages 388–397, 1999.
  • M. Banga and M. S. Hsiao. VITAMIN: Voltage Inversion Technique to Ascertain Malicious Insertions in ICs. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 104–107, 2009.
  • Y. Jin and Y. Makris. Hardware Trojan Detection using Path Delay Fingerprint. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 51–57, 2008.
  • R. Rad, J. Plusquellic, and M. Tehranipoor. Sensitivity Analysis to Hardware Trojans using Power Supply Transient Signals. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 3– 7, 2008.
  • S. Narasimhan, X. Wang, D. Du, R. S. Chakraborty, and S. Bhunia. TSR: A Robust Temporal Self-Referencing Approach for Hardware Trojan Detection. In Proc. IEEE Workshop on Hardware-Oriented Security and Trust − HOST, pages 71–74, 2011.
  • R. Rad, X. Wang, M. Tehranipoor, and J. Plusquellic. Power Supply Signal Calibration Techniques for Improving Detection Resolution to Hardware Trojans. In Proc. IEEE International Conference on Computer-Aided Design − ICCAD, pages 632–639, 2008.
  • R. Rad, J. Plusquellic, and M. Tehranipoor. A Sensitivity Analysis of Power Signal Methods for Detecting Hardware Trojans Under Real Process and Environmental Conditions. In Proc. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, volume 18, pages 1735– 1744, 2010.
  • C. Marchand and J. Francq. Low-Level Implementation and SideChannel Detection of Stealthy Hardware Trojans on Field Programmable Gate Arrays. In IET Computers and Digital Techniques, volume 8, pages 246–255, 2014.
  • S. Bhasin, J.-L. Danger, S. Guilley, X. T. Ngo, and L. Sauvage. Hardware Trojan Horses in Cryptographic IP Cores. In Proc. IEEE Fault Diagnosis and Tolerance in Cryptography − FDTC, pages 15–29, 2013.
  • I. Exurville, J. Fournier, J.-M. Dutertre, B. Robisson, and A. Tria. Practical Measurements of Data Path Delays for IP Authentication and Integrity Verification. In Proc. IEEE International Workshop on Reconfigurable and Communication-Centric Systems-on-Chip − ReCoSoC, pages 1–6, 2013.
  • G. Di Natale, S. Dupuis, and B. Rouzeyre. Is Side-Channel Analysis Reliable for Detecting Hardware Trojans? In Proc. IEEE Conference on Design of Circuits and Integrated Systems − DCIS, pages 238–242, 2012.
  • X. T. Ngo, Z. Najm, S. Guilley, S. Bhasin, and J.-L. Danger. Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel. In Proc. Security Proofs for Embedded Systems − PROOFS, 2014.
  • S. Dupuis, G. Di Natale, M.-L. Flottes, and B. Rouzeyre. Identification of Hardware Trojans Triggering Signals. In Proc. Workshop on Trustworthy Manufacturing and Utilization of Secure Devices − TRUDEVICE, 2013.
  • S. Dupuis, P.-S. Ba, G. Di Natale, M.-L. Flottes, and B. Rouzeyre. A Novel Hardware Logic Encryption Technique for thwarting Illegal Overproduction and Hardware Trojans. In Proc. IEEE International On-Line Testing Symposium − IOLTS, pages 49–54, 2014.
  • H. Salmani, M. Tehranipoor, and J. Plusquellic. A Novel Technique for Improving Hardware Trojan Detection and Reducing Trojan Activation Time. In Proc. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, volume 20, pages 112–125, 2012.
  • X. T. Ngo, S. Guilley, S. Bhasin, J.-L. Danger, and Z. Najm. Encoding the State of Integrated Circuits: A Proactive and Reactive Protection against Hardware Trojans Horses. In Proc. ACM Workshop on Embedded Systems Security − WESS, 2014.

FACT CHECK: We strive for accuracy and fairness. But if you see something that doesn’t look right, please Contact us.

DISCLOSURE: This Article may contain affiliate links and Sponsored ads, to know more please read our Privacy Policy.

Stay Updated: Follow our WhatsApp Channel and Telegram Channel.

RELATED ARTICLESMORE FROM AUTHOR

Leave a reply

Please enter your comment!
Please enter your name here