"The Threat of Hardware Trojan Horses Is Bigger Than We Have Thought"

Security researchers at the Tallinn University of Technology (TalTech) have demonstrated that Hardware Trojan Horses can be inserted into computer chips during the fabrication process. After finalizing their insertion methodology, the entire layout manipulation to insert four Trojan Horses took a little over one hour. They have shown that this type of threat is more feasible than previously thought. The team looked at this problem from the point of view of a rogue engineer from the chip factory. According to the researchers, a motivated adversary already has access to all the tools needed to perform this type of attack since the team used everyday software that is deployed to design circuits. For years, researchers have hypothesized that Hardware Trojan Horses can be inserted into computer chips while being fabricated. These Trojans are malicious circuits aimed at corrupting the computation being performed by a computer chip. Hardware Trojan Horses may also expose keys utilized in cryptography and other privileged data. Previous works in this topic often assumed the involvement of a highly resourceful and insightful adversary capable of manipulating any circuit in many ways. The team at TalTech adopted a more restrained and realistic approach in which it is assumed that there is a single rogue employee involved in the chip fabrication, and they only have a few hours to make these malicious modifications. Tiago Diadami Perez, a PhD student involved in the project, developed a framework for inserting the malicious logic while causing minimal disturbance to the existing circuitry. This was achieved by leveraging a feature that circuit designers have been using for many years, known as the ECO flow. This article continues to discuss findings and results from the TalTech team's research on the threat of Hardware Trojan Horses. 

EurekAlert! reports "The Threat of Hardware Trojan Horses Is Bigger Than We Have Thought"