Trojan horses can be slipped into chip designs

Paul van Gerven
Leestijd: 4 minuten

Estonian research has shown that it’s possible to insert fully-functioning Trojan IP into IC designs using standard methods to make small post-layout alterations.

When we talk about a Trojan horse or a Trojan, we’re usually referring to a piece of malicious software. By concealing its true content, Trojan malware tricks the user into thinking he’s opening a harmless file. While unfortunately quite a successful approach to steal information or blackmail victims, there may be even more insidious ways for attackers to compromise systems, requiring no user action at all. Users and manufacturers could be completely unaware that they’re buying or selling a device with a pre-installed Trojan.

Research from Tallinn University of Technology (Taltech) in Estonia suggests that this mode of attack isn’t as outlandish as it may seem at first glance. As it turns out, it’s not that hard to slip a Trojan into the design of an IC, even after it has been sent to a foundry for manufacturing. Using a standard method to fix minor bugs after the IC layout has been finalized, it takes a little over an hour to slip in hardware Trojans that leak cryptokeys over a power channel.

This article is exclusively available to premium members of Bits&Chips. Already a premium member? Please log in. Not yet a premium member? Become one and enjoy all the benefits.


Related content