Trojan-based cyberattacks are on the rise. The challenge is that these malicious, hardware-borne attacks are difficult to detect and thus nearly impossible to eliminate. However, the use of hardware reverse engineering may offer new insights and ways to counter the evolving threat.

Security

Computer attacks are on the rise. According to some estimates, there were 3.2 billion attacks in the first half of 2020 alone. And while the majority of these are based on malicious software, attacks based on manipulated hardware, referred to as hardware Trojans, are particularly dangerous. According to Christof Paar, a researcher at the Max Planck Institute for Security and Privacy, this is because hardware-borne attacks are extremely difficult to detect and often impossible to eliminate. “Because they are virtually invisible to the user and require only tiny manipulations to infect a computer’s hardware, Trojans are a technically challenging topic,” says Paar. “They are also at the heart of our current discussions about foreign-built computer equipment and whether we can trust hardware for 5G mobile communication networks.” Despite the enormous implications, there has been relatively little research looking into the threat posed by hardware Trojans. For this reason, with the support of the EU-funded EpoCH project, Paar is working to better understand – and counter – the evolving Trojan threat.

Hardware reverse engineering

At the heart of Paar’s efforts is hardware reverse engineering (HRE). “HRE is key to understanding how adversaries are able to manipulate hardware,” explains Paar. One of the most challenging aspects of this work was investigating integrated circuits (ICs), which are used in products and can potentially become the target of hardware Trojans. “We found reverse engineering modern ICs to be a very complex undertaking that creates many challenging scientific problems along the way,” adds Paar. Challenges notwithstanding, the research team was able to make several important discoveries. For example, they found that programmable hardware devices, so-called FPGAs, offer far less protection against manipulations than previously thought. “This is particularly concerning considering that there are hundreds of millions of FPGAs built into products every year, with applications ranging from computer servers to medical devices and military equipment,” notes Paar. Based on these findings, Paar says industry is already taking steps to enhance their FPGA standards.

Bolstering hardware security

According to Paar, EPoCH, which was supported by the European Research Council, was extremely helpful at identifying future ‘large’ research questions. “As a result of our work, we now have a much better understanding of the different approaches an attacker can take to introduce hardware Trojans,” he concludes. “Our work will help industry and governments take this novel threat into account, which is important for ensuring the sovereignty of the European tech sector.” Researchers are now working to build tools that can be used to inspect hardware chips and detect stealthy manipulations and theft of intellectual property. Some of these are already available as an open-source tool that can be downloaded. The project is also exploring the cognitive aspects of HRE, a field they believe could lead to designing hardware that is much more robust against attacks.

Keywords

EPoCH, hardware Trojan, cyberattacks, hardware reverse engineering, hardware, 5G, integrated circuits