default banner
Go back to Blog posts

Attacks based on the concealment of malicious hardware in integrated circuits have been nicknamed “Hardware Trojan”. A Trojan Horse is often described as malware that is made to look legitimate.

Hardware Trojans are becoming increasingly common and concerning in recent years due to growing numbers of attacks such as data theft and backdoor insertions into the electronics industry supply chain around the world. They have proven to be very dangerous and have the ability to maliciously modify the behavior of embedded chips.

 

Classification and Detection of Hardware Trojans

Trojans are very hard to locate as they can be inserted anywhere in a microchip; one may for example be in the chip’s processor and another in its power supply.

Trojans can be implemented at different phases in the life-cycle, from the specification phase to the assembly and packaging phase. They also have different purposes once integrated. Indeed, some Trojans will seek to change the functionality of the chip, others will choose to degrade performance or completely deny service offered by the chip; some will prefer only to leak information.

A Trojan is usually composed of a payload part (the content of the malicious circuit) and a trigger part (to activate the malicious circuit).

What makes a Trojan so difficult to detect is that it has different types of activation mechanisms that vary from one Trojan to another. The detection of malicious hardware can almost be considered as a type of reverse engineering for detection purposes. Abnormal behavior that could affect the functioning of the circuit is investigated during the system evaluation.

 

Dealing with Hardware Trojans

There are two methods to deal with Hardware Trojans; the reactive method and the proactive one.

The reactive method mostly consists in locating Hardware Trojans by first being aware of their presence in the system.

Analog detection can be used to try to find malicious hardware inside a system, either statically, i.e., by detecting visible components that are hidden on a printed circuit board or in the packaging; or dynamically, by looking for example at the electromagnetic activity of the system or other physical parameters to try to detect an unexpected phenomenon.

Using Sensors is also an effective reactive solution for locating Trojans. Indeed, when a Trojan is activated, the system begins to behave abnormally, which can potentially damage it and prevent it from working properly. Sensors can be used as a warning to notice such activities by detecting anomaly with a regular state-of-operation.

Some Hardware Trojans are actually composed of a combination of hardware and software vulnerabilities, that, when combined, can allow exploitation of the system. Hardware assertion methods involve identifying some high-level and critical behavioral invariants and checking them during circuit operation.

Although the reactive method of Trojan detection is effective, there is a constant need for additional trust. That is why some proactive methods are developed in the security sphere as they are particularly effective in detecting incoming attacks.

One of the proactive methods being developed is noticeably Machine Learning. The use of computer systems that can learn and adapt without following explicit instructions is key to the future of many topics, including Trojan detection. Since every Trojan is different, it can sometimes be difficult to define an exact method that can be applied to each case. Machine Learning can generate diverse and complex models and make decisions based on those models.

Another method is to protect the CPU directly by mitigating vulnerabilities and attacks targeting code execution or integrity induced by software code bugs, malicious activity or sought-after performances neglecting security. Attacks of this type are unique in that they engage both software and hardware; placing the protection layer in the hardware layer protects both. By escorting the program execution step by step, the method is able to detect any unexpected behavior of the CPU. Since it is not a method dedicated to a specific type of attack or Trojan, it is effective against any type of attack and any type of Trojan that would try to modify the behavior of the code execution.

The “encoded circuit” method is based on the observation that all integrated circuits are composed of two distinct parts: the combinational part and the sequential one. The sequential part includes the data and control registers which are easier to recognize on the IC layout because of their size. It is easier for an attacker to connect the Trojan to the sequential; therefore, this method aims at encoding and masking all sequential registers with Linear Boolean Code.

 

Secure-IC protects your embedded circuits

As Hardware Trojans continue to be developed for nefarious purposes, it is Secure-IC’s duty to protect the devices against these new threats.

Secure-IC has developed LaboryzrTM to assess the weaknesses of a system against Hardware Trojan threats. It offers a multitude of services and use-cases, associating both proactive and reactive methods to detect and deal with Trojans such as reactive analog detection or machine learning.

On the protection and embedded detection side, Secure-IC has also implemented proactive and reactive methods, such as Cyber Escort UnitTM and Digital SensorTM combined with Secure-IC’s AI-based security monitoring technology Smart MonitorTM.

 

If you want to learn more on Hardware Trojans Detection, we invite you to read our article published on U.S. Cyber Defense e-magazine online. 

 

Do you have questions on this topic and on our protection solutions?

We are here to help. Contact us

Go back to Blog posts
Contact