Threat from Hardware Trojans

The changes on the board are not visible to the naked eye.
(c) Franziska Wegner / IHP

Study shows Manipulation Possibilities.

On behalf of the German Federal Office for Information Security (BSI), experts from the IHP – Leibniz Institute for High Performance Microelectronics prepared the study “Analysis of Hardware Manipulations in Distributed Manufacturing Processes (PANDA)”. The result: Safety properties or functionality can be negatively affected in all sub-steps.

IHP scientist Hon. Prof. Zoya Dyka shows the BSI employees where the mainboard of a laptop could be manipulated.
IHP scientist Hon. Prof. Zoya Dyka shows the BSI employees where the mainboard of a laptop could be manipulated.(c) Franziska Wegner / IHP

Hardware Trojans could become a threat. On behalf of the German Federal Office for Information Security (BSI), experts from the IHP – Leibniz Institute for High Performance Microelectronics prepared the study “Analysis of Hardware Manipulations in Distributed Manufacturing Processes (PANDA)”. The result: Safety properties or functionality can be negatively affected in all sub-steps. In order to increase security in the IT landscape, the experts inform IT manufacturers and service providers about the potential threat and advise companies to invest in trustworthy manufacturing processes and providers as well as in their own employees.

“Software Trojans are common knowledge, most of us use anti-virus software, check senders carefully before opening email attachments and only download apps to our mobile phones from official sources. However, when the journal Bloomberg Businessweek first reported on a Hardware Trojan in 2018, there was a great deal of uncertainty, especially among companies,” says Prof Peter Langendörfer, project leader for the recently published PANDA study. Trojans, the term goes back to the Greek legend of the Trojan horse, are deliberate manipulations that are inserted by an attacker.

“Globalisation means that more and more steps in the production chain are being outsourced, and the cheapest suppliers are often awarded the contract. When IT companies send their chip designs to production, they could still be modified. When assembling circuit boards, they could be manipulated, for example by attaching additional chips that then pick up and send information,” says Prof Peter Langendörfer, outlining two possible scenarios. The IT security expert heads the “Wireless Systems” department at IHP and is also a professor specialising in “Wireless Systems” at BTU Cottbus-Senftenberg.

The BSI made a conscious decision in favour of IHP for the PANDA study. On the one hand, the research institute can map numerous steps in the production chain thanks to its vertical concept. On the other hand, a relationship of trust already existed due to previous collaboration. The IHP experts based the study on both literature research and practical experiments in the production chain, particularly in the implementation of cryptographic functions in FPGAs and in the production of circuit boards. For example, the mainboard of a laptop was prepared in order to test whether these manipulations could be detected by optical methods, e.g. in quality control on receipt of a delivery. Additional chips were hidden under coils and capacitors. These are barely noticeable on microscopic examination and even on X-ray due to the numerous metal layers. Solder points and additional conductor tracks can reveal the additional chips. However, if these are wired as chip-on-board with aluminium bonds, they are almost invisible.

“Our study makes it clear: manipulation is possible at any time and IT manufacturers must react. Because once a hardware Trojan is there, it is incredibly difficult to find,” says Prof Peter Langendörfer.

Wissenschaftliche Ansprechpartner:

Prof. Dr. Peter Langendörfer

Originalpublikation:

https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/PANDA/P…

http://www.ihp-microelectronics.com

Media Contact

Franziska Wegner Presse
IHP - Leibniz-Institut für innovative Mikroelektronik

All latest news from the category: Information Technology

Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.

This area covers topics such as IT services, IT architectures, IT management and telecommunications.

Back to home

Comments (0)

Write a comment

Newest articles

Innovative 3D printed scaffolds offer new hope for bone healing

Researchers at the Institute for Bioengineering of Catalonia have developed novel 3D printed PLA-CaP scaffolds that promote blood vessel formation, ensuring better healing and regeneration of bone tissue. Bone is…

The surprising role of gut infection in Alzheimer’s disease

ASU- and Banner Alzheimer’s Institute-led study implicates link between a common virus and the disease, which travels from the gut to the brain and may be a target for antiviral…

Molecular gardening: New enzymes discovered for protein modification pruning

How deubiquitinases USP53 and USP54 cleave long polyubiquitin chains and how the former is linked to liver disease in children. Deubiquitinases (DUBs) are enzymes used by cells to trim protein…