While the threat of software-based cyberattacks is well recognized, far less attention has been given to the potential that the integrated circuits (ICs, or chips) that are in almost every electronic device and system could be vulnerable to the insertion of hidden, malicious circuits during the design process. These “Trojan” circuits could be used to impede the function of the device containing the corrupted chip or to compromise security and/or the integrity of the information moving through the circuit.
The increasing complexity of modern chips means that Trojans can be difficult or impossible to find in advance. In addition, the increasing use of outsourcing during the design process provides more opportunities for attackers to access and corrupt a design. Given these trends we believe that combating hardware attacks requires not only improved pre-deployment testing methodologies, but also measures inside the chips themselves that can handle the inevitable cases in which a Trojan circuit escapes detection during this testing.
Our work in this area involves equipping chips with built-in defenses that can identify the presence of an attack within milliseconds after it occus. These defenses can then spring into action to isolate the offending hardware, replicate the lost functionality, and provide a warning to other devices that might contain the same corrupted hardware.
One countermeasure is a secure system bus including an address decoder that ensures that functional blocks on the chip are prevented from accessing portions of memory that they have no need to access. A paper describing the secure bus can be accessed small pdf icon here.
Our work in this area was also described in an article in the August 2010 issue of Scientific American.
A paper published through the Brookings Institution in May 2011 on the topic of ensuring hardware cybersecurity can be accessed here.