In the first article in this series, we did an overview of backdoor hardware attacks and the potential threats they represent, the second article covered the means and motivations, and the last installment looked at the dreaded Rakshasa malware. Now we’ll turn our attention to backdoors inserted at gate level.
We’ve discussed the possibility of designing backdoors based on supplementary circuits, electronics component substitution and firmware. But the research is also evaluating more sophisticated methods based on the manipulation of dopant chemical elements.
Recently, a team of experts, composed by researchers Georg T. Becker, Francesco Ragazzoni, Christof Paar and Wayne P. Burleson, published a study on stealth dopant-level hardware Trojans.
The study describes how it is possible to conduct a hardware-based attack introducing legitimate circuits that aren’t detectable as Trojans.
“In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors.”
The possibility of infiltrating supply chains with hardware Trojans is a target for governments. The repercussions could be critical, considering the penetration of technology in military and commercial sectors.
Now, the security community has focused its research on designing hardware backdoors by modifying motherboard circuitry or wiring. This technique could be ineffective by a careful process of hardware qualification.
Another factor to consider is that an attacker would have access to layout masks and additional spaces for inserting malicious circuits that would be easy to detect. The researchers demonstrated how to modify a circuit introducing hardware Trojans able to elude detection. Backdoors are implemented at the gate level. That’s done by hanging the dopant polarity of existing transistors, instead of introducing supplementary hardware.
In the past, research has been conducted without successfully altering the behavior of hardware by changing the concentration of dopant element. Now, researchers have changed polarity with a specific foundry setting.
“Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against ‘golden chips.’”
By modifying the conductive behavior of electrical components with the addition of dopant, the researchers were able to insert their stealthy hardware Trojan. This was done on Intel’s random number generator design used in Ivy Bridge processors, as well as in a side-channel resistant SBox implementation.
The paper details how to compromise Intel Ivy Bridge processors by pulling off a side channel attack that leaked secret keys from the hardware. The attack is operated on dopant polarity of hardware components. Therefore, a backdoor is undetectable by optical inspection. The principle proposed by research is summarized in the following abstract:
“A gate of the original design is modified by applying a different dopant polarity to specific parts of the gate’s active area. These modifications change the behavior of the target gate in a predictable way and are very similar to the technique used for code-obfuscation in some commercial designs.”
The study demonstrated that the backdoor created with this technique isn’t detectable. That raises serious questions about hardware qualification and the delocalization of production in places where the cost of manufacturing is cheap. A similar backdoor is able to elude hardware Trojan detection mechanisms in post-manufacturing and pre-manufacturing processes.
The researcher specified that detection is possible but not practicable due to the complex analysis necessary on every single component. Because of the large volume of devices being produced, that’s not practical.
“Even if chips are manufactured in a trusted fabrication, there is the risk that chips with hardware Trojans could be introduced into the supply chain. The discovery of counterfeit chips in industrial and military products over the last years has made this threat much more conceivable.”
“A dedicated setup could eventually allow one to identify the dopant polarity. However, doing so in a large design comprising millions of transistors implemented with small technologies seems impractical and represents an interesting future research direction. We exploit this limitation to make our Trojans resistant against optical reverse-engineering.”
By attacking Ivy Bridge, researchers were able to get their Trojan onto the processor at the sub-transistor level:
“Our Trojan is capable of reducing the security of the produced random number from 128 bits to n bits, where n can be chosen. Despite these changes, the modified Trojan RNG passes not only the Built-In-Self-Test (BIST) but also generates random numbers that pass the NIST test suite for random numbers.”
The study illustrates the feasibility and efficiency of a new type of sub-transistor level Trojan that only needs dopant modification, leaving the layout mask unchanged. No additional electronic components nor gates are added. The method doesn’t change metal, polysilicion or the active area. That makes detection by optical inspection impracticable.
About the Author: Pierluigi Paganini writes for Infosec Institute and is a security expert with over 20 years of experience in the field, including being a Certified Ethical Hacker. Paganini is Chief Security Information Officer for Bit4Id, a researcher, security evangelist, security analyst and freelance writer. He is the author of the books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”, and is also Editor-in-Chief at CyberDefense Magazine and Security Affairs.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Improving Microsoft Patch Error Messages
- Vulnerability Counts, Remediation and Risk
- Top Five Hacker Tools Every CISO Should Understand
- Five More Hacker Tools Every CISO Should Understand
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock