Wednesday, August 3, 2011

Trojans Inside Computer Hardware

Globalization of the semiconductor industry and associated supply chains have made integrated circuits increasingly vulnerable to Trojan programs inside a microprocessor that executes designed microcode. A Trojan is a destructive program that masquerades as an application. The software initially appears to perform a desirable function for the user prior to installation, but steals information or performs illegal the system functions.

Vulnerabilities in the current integrated circuit (lC) development process have raised serious concerns about possible threats from hardware Trojans to military, financial, transportation, and electrical power systems.

An adversary can introduce a Trojan through an IC that will disable or destroy a system at some specific future time. Alternatively, an attacker can design a wire or some IC components to survive the testing phase but fail before the expected lifetime. A hardware Trojan can also covertly cause a system to leak confidential information.

Trojans can be implemented as hardware modifications to application-specific integrated circuits (ASICs), commercial off-the-shelf (COTS) parts, microprocessors, microcontrollers, network processors, or digital signal processors (DSPs), or as firmware modifications-for ex­ ample, to field-programmable gate array (FPGA) bit streams.

To ensure that an IC used by a client is authentic, either the developer must make the IC design and fabrication processes trustworthy or the client must verify the IC for trustworthiness. Because the former approach requires a trusted design center and foundry, it is expensive and economically infeasible given current trends in the globalization of IC design and fabrication. On the other hand, verifying trustworthiness requires a post-manufacturing step to validate conformance of the fabricated IC to the original functional and performance specifications­ nothing more and nothing less.

Most Trojan detection methodologies assume the existence of secure IC circuits, which are obtained by arbitrarily selecting chips from a large batch of fabricated ICs and thoroughly testing them. This procedure assumes that Trojans are inserted into random ICs, but to do so, an attacker must use a different set of masks for selected chips, making such an effort unattractive. It is more viable for an attacker to insert a stealthy Trojan into every fabricated IC that passes manufacturing tests and trust validations, obviating the need for additional expensive masks. This raises the challenge of detecting Trojans in ICs without relying on a proven secure IC.

Current design methodologies provide multiple opportunities to insert Trojans that can go undetected. It is important to incorporate new design-for-trust strategies that prevent attackers from inserting Trojans into a design as well as effectively detect Trojans in fabricated circuits. ICs must be designed such that undetected changes are nearly impossible.

COTS components are commonly used in today’s systems. These components are usually designed and fabricated offshore and thus cannot be trusted. The challenge is to develop testing methodologies that consider COTS components’ specifications and functionality without having access to their internal structure. The internal details of components are no longer supplied by the original equipment manufacturer.

SUMMARY
Hardware has become a vulnerable link in the chain of trust in computing systems and must be overcome. The problem of hardware security has gained significant attention during the past several years. The assumption that hardware is trustworthy and that security efforts need only focus on networks and software is no longer valid given globalization of ICs and systems design and fabrication. Until DoD develops novel techniques to secure hardware any computer application potentially can be considered untrusted while in the field.

 1 Extracted from Computer, IEEE Computer Society, July 2011

15 comments:

  1. This is a bit scary.... Trojans who can enter into hardware are perhaps the most deadly virus ever known. But there is no need to worry if one is careful in browsing the internet and opening files of dubious origin.

    ReplyDelete
  2. Thanks for sharing great information about Trojans Inside Computer Hardware

    ReplyDelete
  3. such a nice posting. Find manufacturers directory which contain list of bulk computer parts exporters & importers.

    ReplyDelete
  4. This is a very informative post. About the hardware security, till now, my office is still looking for the best anti virus software for protecting all computers in my office. I hope you can make a list about some of the best anti virus software. Thank you.

    ReplyDelete
  5. well trojan inside a hardware got to be the one of most deadliest virus that it can enter. Formatting also cant help because it will effect your bios coding.

    ReplyDelete
  6. This is a very informative post. About the hardware security, till now, Computer doctor zone Technologies is the leading provider of IT management solutions that enable IT professionals to manage their IT infrastructures with greater ease and efficiency. We provide Desktop laptop repair, Computer repair servicesd, Computer networking, Computer accessories desktop laptop, Computer annual maintenance, Computer amc gurgaon, Computer amc noida, Computer networking services, Computer repair services delhi, Computer sales for computer accessories & Affordable web design and development services.

    ReplyDelete
  7. Wow I never incounter this before but thanks for the article.


    Xeon

    ReplyDelete
  8. i have it in my PC and my hardisk external with all my backup file was lost not literally lost all is not visible when i try to open it

    ReplyDelete
  9. With the ever rising use of computers and a continuous growth of understanding computers, it is no surprise that a new type of risk exists in our world. Computer training long island

    ReplyDelete
  10. It feels awesome to read such informative and unique articles on your websites.
    computer hardware components

    ReplyDelete
  11. Nice Blog Thanks for sharing with me and for information about “Computer accessories here

    ReplyDelete
  12. Easytechy offers best and affordbale computer hardware and software installation services. If you are facing these kinds of problem, just give a call easytechy. We will fix your problem just a few minutes.

    Easytechy Hardware Installation Services | Las Vegas, Nevada - 89146 | Tech Support Number: 1-855-859-0057

    ReplyDelete

For comments please e-mail paul@strassmann.com