Manipulating computer chips How intelligence agencies spy out our data
Integrating Trojans in computer chips is a time consuming and at the same time highly sophisticated attack method. They are almost impossible to detect - an advantage that intelligence agencies would love to exploit.
Christof Paar has made it: the Head of the Chair for Embedded Security at Ruhr-Universität Bochum received one of the highly contested Advanced European Research Council Grants (ERC) in 2016. Merely a few applicants have been successful, because the funding is awarded only to those who conduct groundbreaking pioneering research at the highest international level.
The fact that he received the ERC Advanced award demonstrates the significance of the proposed research: Paar intends to develop mechanisms that will render the Internet of Things more secure. He focuses on a specific security gap: the manipulation of computer chips, i.e. hardware components. These components can be found not only in PCs and laptops, but also in all other devices with integrated electronics; those include credit cards, cars, and smartphones, as well as large industrial facilities and medical equipment.
Attackers may potentially manipulate those chips in such a way that the encryption algorithms running on them can be disabled or private date can be leaked. In the same way, functions can be reprogrammed via manipulated hardware, or an attacker can gain control over devices and systems. This can be as perilous in cars as in drones.
Unlike traditional software Trojans that can, for example, infiltrate a system via malicious email attachments, hardware Trojans are security vulnerabilities which could either be integrated in the devices by the manufacturers from the outset, or which could be included during chip manufacturing. The alarming fact is that more than 90 per cent of all hardware chips designed in Germany are manufactured in Asia.
Governments all over the world might be deeply interested in hardware Trojans.
Christof Paar
Why should manufacturers or chip manufactures be motivated to introduce Trojans? Christof Paar has a theory: “Governments all over the world might be deeply interested in hardware Trojans. Ever since Edward Snowden published his whistleblower reports, we have been aware that intelligence agencies invest a lot of time and money into disabling security systems using a host of methods.”
Often, companies find it difficult to say no to intelligence agencies, even though they take a great risk: should it become known that they have been betraying their customers by introducing Trojans, they lose their clients’ trust. This happened to “Crypto AG” in the 1980s. The Swiss company manufactured encryption devices for governments during the Cold War. It later emerged that the National Security Agency, short NSA, had made sure the devices were manipulated in such a manner that the NSA was able to break the encryption.
Experts refer to those integrated security gaps as backdoors. “Academics have known for a long time that security solutions can be manipulated,” says Christof Paar. Yet, he and his colleagues were surprised by the extent to which the NSA has implemented attacks against crypto-solutions. That was reason enough for Paar to investigate the issue in detail. Financed by the ERC Grant, he is now able to do so.
Dozens of millions of elementary components
The research problem that Christof Paar will tackle together with a team of PhD students is made up of two parts: in the first step, the researchers assume the perspective of the attackers and will investigate which hardware Trojans are possible. This knowledge is necessary for the researchers in order to develop effective countermeasures.
A particular difficulty is that modern chips are often made of up to dozens of millions of elementary components, so-called logic gates. An attacker has only has to perform miniscule alterations of a few of those components in order to realise a Trojan. In the second part, the researchers intend to develop solutions that would prevent such manipulations.
Christof Paar doesn’t lack ideas of how hardware Trojans might be used. The manipulated chip could, for example, perform an incorrect computation only if a certain trigger is present. “In a drone or in a car, that might consist of specific GPS coordinates,” says Paar. “The Trojan would be activated only if the user was in a certain region.”
A particularly sophisticated approach on the part of the attackers, as Paar explains, would be if they did not swap the logic gates, i.e. change the circuits. Such an attack might possibly be detected by clever users, for example if they inspected the chips with dedicated microscopes.
Manipulations of the computer’s basic components, namely so-called transistors, on the other hand, are virtually invisible. As many as a billion of those microscopically small computing devices are integrated in modern chips. “For example, it is very easy to make a transistor slightly slower,” says Paar. To this end, it is enough to alter a few atoms in the semiconductor that makes up the transistor. Or make the width of the miniscule connection lines between the transistors narrower by a few nanometres.
The 52-year-old researcher does not worry that intelligence agencies might interfere with his research. “In Europe, my research is viewed quite positively. After all, my objective is to understand what kind of damage might be caused by determined attackers with sound financial backing. Today, most European countries are in agreement that hardware manipulations pose a serious threat for citizens, the economy, and governments.”