A team of researchers from the University of Massachusetts announced they have produced an undetectable hardware-based Trojan.How the method could be used to modify and weaken the hardware random number generator on Intel's Ivy Bridge processors and the encryption protections on a smartcard without anyone detecting the changes.
The research paper describe how someone can insert a hardware Trojan into a microchip without any additional circuitry, transistors or other logic resources, Hardware Trojans have been the subject of considerable research since at least 2005 when the U.S. Department of Defense publicly expressed concerns over the military's reliance on integrated circuits manufactured abroad.
An individual circuit blocks in a single microchip are designed by different parties, manufactured by an offshore foundry, packaged by a separate company and distributed by yet another vendor. This kind of outsourcing and globalization of chip manufacturing has led to trust and security issues.
Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against ‘golden chips,
Now thinking about the later stage of the design process by changing the "Dopant" on a few transistors on the chip. Dopant is a process for modifying the electrical properties of silicon by introducing tiny impurities like phosphorous, boron and gallium, into the crystal. Changes made at the atomic level are difficult to detect.
the dopant polarity of individual transistors to weaken the chip's random number generator and able to reduce the random number generator's entropy from 128 to 32 bits, making cryptographic keys much more predictable. They claim the exploit is stealthy enough to pass not only the CPU's built-in self-test, but also the National Institute of Standards and Technology's tests for random number generators.
The research paper describe how someone can insert a hardware Trojan into a microchip without any additional circuitry, transistors or other logic resources, Hardware Trojans have been the subject of considerable research since at least 2005 when the U.S. Department of Defense publicly expressed concerns over the military's reliance on integrated circuits manufactured abroad.
An individual circuit blocks in a single microchip are designed by different parties, manufactured by an offshore foundry, packaged by a separate company and distributed by yet another vendor. This kind of outsourcing and globalization of chip manufacturing has led to trust and security issues.
Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against ‘golden chips,
Now thinking about the later stage of the design process by changing the "Dopant" on a few transistors on the chip. Dopant is a process for modifying the electrical properties of silicon by introducing tiny impurities like phosphorous, boron and gallium, into the crystal. Changes made at the atomic level are difficult to detect.
the dopant polarity of individual transistors to weaken the chip's random number generator and able to reduce the random number generator's entropy from 128 to 32 bits, making cryptographic keys much more predictable. They claim the exploit is stealthy enough to pass not only the CPU's built-in self-test, but also the National Institute of Standards and Technology's tests for random number generators.
No comments:
Post a Comment