Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stealthy Dopant-Level Hardware Trojans

Posted by Soulskill on from the getting-in-before-the-rush dept.

DoctorBit writes "A team of researchers funded in part by the NSF has just published a paper in which they demonstrate a way to introduce hardware Trojans into a chip by altering only the dopant masks of a few of the chip's transistors. From the paper: 'Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against "golden chips."' In a test of their technique against Intel's Ivy Bridge Random Number Generator (RNG) the researchers found that by setting selected flip-flop outputs to zero or one, 'Our Trojan is capable of reducing the security of the produced random number from 128 bits to n bits, where n can be chosen.' They conclude that 'Since the Trojan RNG has an entropy of n bits and [the original circuitry] uses a very good digital post-processing, namely AES, the Trojan easily passes the NIST random number test suite if n is chosen sufficiently high by the attacker. We tested the Trojan for n = 32 with the NIST random number test suite and it passed for all tests. The higher the value n that the attacker chooses, the harder it will be for an evaluator to detect that the random numbers have been compromised.'"

5 of 166 comments (clear)

  1. Get Your Tinfoil Hats by stewsters · · Score: 4, Informative

    I would guess that an intelligence agency figured this out a few years ago. One that can plant moles at Intel. That's why they also want to remove rdrand from Linux.
    http://linux.slashdot.org/story/13/09/10/1311247/linus-responds-to-rdrand-petition-with-scorn

  2. Re:optical inspection? by Anonymous Coward · · Score: 4, Insightful

    There are easy numeric methods for determining how random data is.

    Actually, no. Technically speaking, there is no such thing as random data, only a random process. You can certainly test how random a data stream seems, but if the data source is a black box, you never really know.

    From TFS:

    Since the Trojan RNG has an entropy of n bits and [the original circuitry] uses a very good digital post-processing, namely AES, the Trojan easily passes the NIST random number test suite if n is chosen sufficiently high by the attacker. We tested the Trojan for n = 32 with the NIST random number test suite and it passed for all tests.

    What if your black box is just feeding you encrypted bits of pi? You would never know, but the black box's maker could trivially reproduce your "random" numbers.

  3. Re:Fascinating... by Anonymous Coward · · Score: 5, Insightful

    NSA? Probably not. The Chinese chip fab that has been known to have a third shift and has full access to masks and such? Certainly.

    The NSA isn't the only agency wanting to know everything a person does.

  4. Proxy whistleblowing? (Re:Get Your Tinfoil Hats) by Anonymous Coward · · Score: 4, Interesting

    If I were a disgruntled member of the intelligence industrial complex and knew that this was actually being done by a government agency, and I did not relish the thought of a Russian sabbatical, couldn't I surface the news by telling researcher friends of mine how to do it?

  5. Re:I wonder by Beardo+the+Bearded · · Score: 4, Funny

    Sure, it's obscure, except all our chips are being made in a country that is actively in an electroni

    THE PEOPLE'S GLORIOUS REPUBLIC DENIES THESE CLAIMS.

    --

    ---
    ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.