Hardware backdoor explained

Hardware backdoors are backdoors in hardware, such as code inside hardware or firmware of computer chips.[1] The backdoors may be directly implemented as hardware Trojans in the integrated circuit.

Hardware backdoors are intended to undermine security in smartcards and other cryptoprocessors unless investment is made in anti-backdoor design methods. They have also been considered for car hacking.[2]

Severity

Hardware backdoors are considered to be highly problematic for several reasons. For instance, they cannot be removed by conventional means such as antivirus software. They can also circumvent other types of security, such as disk encryption. Lastly, they can also be injected during production where the user has no control.

Examples

Countermeasures

Skorobogatov has developed a technique capable of detecting malicious insertions into chips.[18]

New York University Tandon School of Engineering researchers have developed a way to corroborate a chip's operation using verifiable computing whereby "manufactured for sale" chips contain an embedded verification module that proves the chip's calculations are correct and an associated external module validates the embedded verification module.[7] Another technique developed by researchers at University College London (UCL) relies on distributing trust between multiple identical chips from disjoint supply chains. Assuming that at least one of those chips remains honest the security of the device is preserved.[19]

Researchers at the University of Southern California Ming Hsieh Department of Electrical and Computer Engineering and the Photonic Science Division at the Paul Scherrer Institute have developed a new technique called Ptychographic X-ray laminography.[20] This technique is the only current method that allows for verification of the chips blueprint and design without destroying or cutting the chip. It also does so in significantly less time than other current methods. Anthony F. J. Levi Professor of electrical and computer engineering at University of Southern California explains “It’s the only approach to non-destructive reverse engineering of electronic chips—[and] not just reverse engineering but assurance that chips are manufactured according to design. You can identify the foundry, aspects of the design, who did the design. It’s like a fingerprint.” This method currently is able to scan chips in 3D and zoom in on sections and can accommodate chips up to 12 millimeters by 12 millimeters easily accommodating an Apple A12 chip but not yet able to scan a full Nvidia Volta GPU. "Future versions of the laminography technique could reach a resolution of just 2 nanometers or reduce the time for a low-resolution inspection of that 300-by-300-micrometer segment to less than an hour, the researchers say."

See also

Further reading

Notes and References

  1. Web site: Rakshasa: The hardware backdoor that China could embed in every computer - ExtremeTech. ExtremeTech. 22 January 2017. 1 August 2012.
  2. Book: Smith. Craig. The Car Hacker's Handbook: A Guide for the Penetration Tester. No Starch Press. 9781593277031. 22 January 2017. en. 2016-03-24.
  3. Book: Wagner. David. Advances in Cryptology - CRYPTO 2008: 28th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2008, Proceedings. Springer Science & Business Media. 9783540851738. 22 January 2017. en. 2008-07-30.
  4. Book: Mishra. Prabhat. Bhunia. Swarup. Tehranipoor. Mark. Hardware IP Security and Trust. Springer. 9783319490250. 22 January 2017. en. 2017-01-02.
  5. Web site: Hardware-Hack: Backdoor in China-Chips entdeckt?. CHIP Online. 22 January 2017. de. 2 February 2017. https://web.archive.org/web/20170202014113/http://www.chip.de/news/Hardware-Hack-Backdoor-in-China-Chips-entdeckt_56047005.html. dead.
  6. Web site: Hackers Could Access US Weapons Systems Through Chip. CNBC. 22 January 2017. 8 June 2012.
  7. Web site: Self-checking chips could eliminate hardware security issues - TechRepublic. 31 August 2016 . Tech Republic. 22 January 2017. en.
  8. Web site: Lee. Michael. Researchers find backdoor on ZTE Android phones. ZDNet. 22 January 2017. en.
  9. Book: Schoen . Douglas E. . Douglas E. Schoen . Kaylan . Melik . The Russia-China Axis: The New Cold War and America's Crisis of Leadership . 9 September 2014 . Encounter Books . 2014 . 9781594037573 . 2020-05-16 . Hardware-encoded backdoors are more threatening than software-encoded ones [...] In October 2012, the U.S. House Permanent Select Committee on Intelligence recommended that U.S. companies avoid hardware made by Chinese telecom giants Huawei and ZTE, saying that its use constitutes a risk to national security. Huawei and ZTE manufacture network hardware for telecommunications systems..
  10. Web site: Researchers find new, ultra-low-level method of hacking CPUs - and there's no way to detect it - ExtremeTech. ExtremeTech. 22 January 2017. 16 September 2013.
  11. Web site: Photos of an NSA "upgrade" factory show Cisco router getting implant. Ars Technica. 22 January 2017. en-us. 2014-05-14.
  12. News: NSA's Secret Toolbox: Unit Offers Spy Gadgets for Every Need. Der Spiegel. 30 December 2013. SPIEGEL ONLINE. 22 January 2017.
  13. Web site: Your USB cable, the spy: Inside the NSA's catalog of surveillance magic. Ars Technica. 22 January 2017. en-us. 2013-12-31.
  14. Greenberg. Andy. This 'Demonically Clever' Backdoor Hides In a Tiny Slice of a Computer Chip. WIRED. 22 January 2017. June 2016.
  15. Web site: Storm. Darlene. Researchers built devious, undetectable hardware-level backdoor in computer chips. Computerworld. 22 January 2017. en. 2016-06-06.
  16. Web site: Hardware hack defeats iPhone passcode security. BBC News. 22 January 2017. 19 September 2016.
  17. Web site: Bloomberg . The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies . Jordan . Robertson . Michael . Riley . 4 October 2018 . 2022-03-06.
  18. News: Cambridge Scientist Defends Claim That US Military Chips Made In China Have 'Backdoors'. Business Insider. 22 January 2017. en.
  19. Web site: Vasilios Mavroudis. etal. A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components. backdoortolerance.org. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. en.
  20. Web site: X-Ray Tech Lays Chip Secrets Bare. Moore. Samuel. 2019-10-07. IEEE Spectrum: Technology, Engineering, and Science News. en. 2019-10-08.