NYU (US) — Most engineers design systems under the assumption that the underlying hardware is free of malicious elements. That assumption, researchers say, is false.
In May 2010, for example, the FBI’s Operation Network Raider seized more than 700 pieces of counterfeit Cisco network hardware and labels with an estimated retail value of more than $143 million. While that scheme was likely conceived for financial gain, designers of integrated circuits, or microchips, also need to protect military, financial, transportation, and other critical digital infrastructure from Trojans inserted by intruders with other criminal or military intentions.
Like the Trojan horses of Greek mythology, cyber Trojans appear to be harmless but instead steal information or harm a system once it is in operation.
Ramesh Karri, professor of electrical and computer engineering at Polytechnic Institute of New York University (NYU-Poly), and researchers from the University of Connecticut have developed new techniques that designers can use to defend against weaknesses in the supply chain, which typically includes an overseas manufacturer and often stretches across the globe.
Their new “design for trust” techniques update the well established “design for manufacturability” and “design for testability” mantras. They were outlined in two IEEE Computer Magazine articles, “Trustworthy Hardware: Trojan Detection and Design-for-Trust Challenges,” and “Trustworthy Hardware: Identifying and Classifying Hardware Trojans.”
“The ‘design for trust’ techniques build on existing design and testing methods,” explains Karri.
One such technique involves ring oscillators, which are sets of odd numbered, inverting logic gates that designers use to ensure an integrated circuit’s reliability. Circuits with ring oscillators produce specific frequencies based on the arrangement of ring oscillators. Trojans alter the original design’s frequencies and alert testers to a compromised circuit.
However, sophisticated criminals could account for the frequency change in their Trojan design and implementation. Karri and his team suggest designers thwart their tactics by creating more variants of ring oscillator arrangements than criminals can keep track of, making it harder for them to implant a Trojan without testers detecting it.
Unlike microbiologists with relatively easy access to sample viruses, Karri and other hardware security researchers cannot study ample real-world Trojans because companies and governments are reluctant to share infected hardware for reasons of intellectual property, national security, or fear of embarrassment.
So Karri and his colleagues turned to the crowd to collect sample Trojans that informed their design-for-trust techniques.
Graduate and undergraduate students from across the country build and detect hardware Trojans for the Embedded Systems Challenge.
Karri and his team analyzed a diverse collection of 58 submissions from the 2008 competition and developed a taxonomy that is helping to standardize metrics for evaluating Trojans.
Crowdsourcing Trojans benefits the team’s research and will help guide future researchers and practitioners, according to Jeyavijayan Rajendran, an NYU-Poly electrical and computer engineering doctoral candidate and co-author.
Rajendran was the 2009 winner of the Embedded Systems Challenge and has been the student leader of the national challenge since then. In the 2010 competition, Rajendran’s 2009-winning defense was successfully attacked.
“I went back and studied the vulnerabilities and developed additional techniques to fix them,” he says. “The Embedded Systems Challenge changed my research process. Now I am not only thinking from a defender’s point of view, but I am also thinking from an attacker’s point of view.”
Trojans from the Embedded Systems Challenge and the design-for-trust techniques are available on TrustHub.org, a site funded by the National Science Foundation (NSF) that was created to encourage community building and knowledge exchange among hardware security researchers and professionals. NYU-Poly is one of four cybersecurity research institutions that founded the site.
In addition to the NSF, the Air Force Research Laboratory supports Karri and his team’s research at NYU-Poly.
More news from NYU-Poly: www.poly.edu/about/press