Threat from Hardware Trojans
Study shows Manipulation Possibilities.
On behalf of the German Federal Office for Information Security (BSI), experts from the IHP – Leibniz Institute for High Performance Microelectronics prepared the study “Analysis of Hardware Manipulations in Distributed Manufacturing Processes (PANDA)”. The result: Safety properties or functionality can be negatively affected in all sub-steps.
IHP scientist Hon. Prof. Zoya Dyka shows the BSI employees where the mainboard of a laptop could be manipulated.(c) Franziska Wegner / IHP
Hardware Trojans could become a threat. On behalf of the German Federal Office for Information Security (BSI), experts from the IHP – Leibniz Institute for High Performance Microelectronics prepared the study “Analysis of Hardware Manipulations in Distributed Manufacturing Processes (PANDA)”. The result: Safety properties or functionality can be negatively affected in all sub-steps. In order to increase security in the IT landscape, the experts inform IT manufacturers and service providers about the potential threat and advise companies to invest in trustworthy manufacturing processes and providers as well as in their own employees.
“Software Trojans are common knowledge, most of us use anti-virus software, check senders carefully before opening email attachments and only download apps to our mobile phones from official sources. However, when the journal Bloomberg Businessweek first reported on a Hardware Trojan in 2018, there was a great deal of uncertainty, especially among companies,” says Prof Peter Langendörfer, project leader for the recently published PANDA study. Trojans, the term goes back to the Greek legend of the Trojan horse, are deliberate manipulations that are inserted by an attacker.
“Globalisation means that more and more steps in the production chain are being outsourced, and the cheapest suppliers are often awarded the contract. When IT companies send their chip designs to production, they could still be modified. When assembling circuit boards, they could be manipulated, for example by attaching additional chips that then pick up and send information,” says Prof Peter Langendörfer, outlining two possible scenarios. The IT security expert heads the “Wireless Systems” department at IHP and is also a professor specialising in “Wireless Systems” at BTU Cottbus-Senftenberg.
The BSI made a conscious decision in favour of IHP for the PANDA study. On the one hand, the research institute can map numerous steps in the production chain thanks to its vertical concept. On the other hand, a relationship of trust already existed due to previous collaboration. The IHP experts based the study on both literature research and practical experiments in the production chain, particularly in the implementation of cryptographic functions in FPGAs and in the production of circuit boards. For example, the mainboard of a laptop was prepared in order to test whether these manipulations could be detected by optical methods, e.g. in quality control on receipt of a delivery. Additional chips were hidden under coils and capacitors. These are barely noticeable on microscopic examination and even on X-ray due to the numerous metal layers. Solder points and additional conductor tracks can reveal the additional chips. However, if these are wired as chip-on-board with aluminium bonds, they are almost invisible.
“Our study makes it clear: manipulation is possible at any time and IT manufacturers must react. Because once a hardware Trojan is there, it is incredibly difficult to find,” says Prof Peter Langendörfer.
Wissenschaftliche Ansprechpartner:
Prof. Dr. Peter Langendörfer
Originalpublikation:
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/PANDA/P…
Media Contact
All latest news from the category: Information Technology
Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.
This area covers topics such as IT services, IT architectures, IT management and telecommunications.
Newest articles
NASA: Mystery of life’s handedness deepens
The mystery of why life uses molecules with specific orientations has deepened with a NASA-funded discovery that RNA — a key molecule thought to have potentially held the instructions for…
What are the effects of historic lithium mining on water quality?
Study reveals low levels of common contaminants but high levels of other elements in waters associated with an abandoned lithium mine. Lithium ore and mining waste from a historic lithium…
Quantum-inspired design boosts efficiency of heat-to-electricity conversion
Rice engineers take unconventional route to improving thermophotovoltaic systems. Researchers at Rice University have found a new way to improve a key element of thermophotovoltaic (TPV) systems, which convert heat…