Trojans in a software sense instantly connects with engineers across the world. This is because these actors are considered as dangerous threats to digital networks. Now, a new threat in the form of hardware trojans is also looming imminent as per experts.
Therefore, in a bid to understand hardware trojans in detail, and to bring to light the level of security threat these pose to systems, Rahul R of Electronics For You spoke to Sudeendra Kumar K who is a seasoned engineer and a researcher at the National Institute of Technology, Rourkela.
Q. Speaking about hardware trojans, the first thing that naturally comes to mind is the level of threat; hence, have you come across instances wherein there has been monetary loss due to hardware trojans?
A. Incidents of financial misappropriation due to hardware trojans is still yet to take place; however, the department of defense has identified malicious happenings and has come out with a list of components that are classified as the ones designed with the intention of spreading malicious hardware.
Side channel attacks (SCA) on Cryptographic implementations is well known and most of the microcontrollers targeted for security applications also have countermeasures against side channel attacks. Due to SCA, people have lost money during credit card related transactions.
Successful SCA needs expertise and sophisticated power and timing measurement equipments. And also, it depends on amount of samples which are significant to find out the secret key or data.
Hardware Trojans (HT) are basically malicious inclusions by an adversary, who is a part of design team in chip design house or in a semiconductor IP company.The intentions of an adversary may be leaking secret data or an attack similar to denial of service. Adversary’s intention may vary from design to design depending on application in which IC is used.
Most of the HT found today is either denial of service type or SCA promoting attack. HT makes SCA easy.
Q. From your statement above, the damaging potential of hardware trojans can be identified; now, how has been the awareness levels in India with respect to hardware trojans?
A. All the System-On-Chip (SoC) makers are incorporating countermeasures against side-channel attacks in their products used in security applications. Since, hardware trojans are extensions of side-channels (HT make SCA easy), research is yet to take place intensively in India and abroad.
Some amount of serious work on HT can be found in academics (including few Indian universities) and we can see good amount of research papers getting published on HT in high quality conferences (IEEE, ACM etc). Still, awareness on HT in industry and corporate sector is not very high. There may be few multi-national corporations (MNCs) that have started working on HT.
Q. How should you think that our industries should gear up to combat hardware trojans?
A. Detection of the source of hardware trojans is paramount. HT detection is a multi-dimensional problem. SoC makers normally source IP cores (Intellectual Property) from third-party vendors. This predicament opens up gateway for hardware trojans. Even in the case of internal development of chip components, there could be blacksheeps (adversary) within design engineering teams who could introduce hardware trojans at any level (RTL, Gate level netlist, layout and also during fabrication in foundry).
An important aspect to note is that hardware trojans can trigger (based on a timer) after lying dormant for months together. Now, imagine such a chip being incorporated in entities such as aircrafts and defence, the loss would be almost irreplaceable in these circumstances.
All the chip makers should have trusted security team in place to check the malicious inclusions in the design. Just like tool flows are standardized for test, verification etc, there is a need to build EDA tools and standardize the tool flow for Design for Security (DfS) or Design for Trust (DfTr). A trusted fabrication and production labs are also the need of the hour.