Jump to navigation

Logo RUB
  • Corona-Infos
  • Studium
  • Forschung
  • Transfer
  • News
  • Über uns
  • Einrichtungen
 
MENÜ
  • RUB-STARTSEITE
  • News
  • Wissenschaft
  • Studium
  • Transfer
  • Leute
  • Hochschulpolitik
  • Kultur und Freizeit
  • Vermischtes
  • Servicemeldungen
  • Serien
  • Dossiers
  • Bildergalerien
  • Presseinformationen
    • Abonnieren
  • RUB in den Medien
    • Abonnieren
  • Rubens
    • Printarchiv
  • Rubin
    • Abonnieren
    • Printarchiv
  • Archiv
  • English
    • Press releases
  • Redaktion
  • Serviceangebote
    • Für RUB-Mitglieder
    • Für Pressevertreter
    • Sonstige Services
    • Social Media
  • Aktionen

Newsportal - Ruhr-Universität Bochum

Blick auf einen Computerchip, auf dem ein Polizisten-Modellmännchen steht.
Computer chips may become targets of attackers. Protecting them is not an easy task.
© Roberto Schirdewahn
Manipulating computer chips

How intelligence agencies spy out our data

Integrating Trojans in computer chips is a time consuming and at the same time highly sophisticated attack method. They are almost impossible to detect - an advantage that intelligence agencies would love to exploit.

Christof Paar has made it: the Head of the Chair for Embedded Security at Ruhr-Universität Bochum received one of the highly contested Advanced European Research Council Grants (ERC) in 2016. Merely a few applicants have been successful, because the funding is awarded only to those who conduct groundbreaking pioneering research at the highest international level.

The fact that he received the ERC Advanced award demonstrates the significance of the proposed research: Paar intends to develop mechanisms that will render the Internet of Things more secure. He focuses on a specific security gap: the manipulation of computer chips, i.e. hardware components. These components can be found not only in PCs and laptops, but also in all other devices with integrated electronics; those include credit cards, cars, and smartphones, as well as large industrial facilities and medical equipment.

  • Thin lines connect the individual elements on the circuit board. Two chips are depicted at the bottom of the image. They look very similar on the inside, only much smaller.
    © Roberto Schirdewahn
  • The chip is the centrepiece of each computer.
    © Roberto Schirdewahn
  • Christof Paar heads the Chair for Embedded Security at RUB.
    © Roberto Schirdewahn
  • Electronic components are crucial for connecting everyday items and rendering them intelligent.
    © Roberto Schirdewahn
  • Modern computer chips consist of tiny components, so-called transistors. Christof Paar observes them under the microscope.
    © Roberto Schirdewahn
  • Electronic components have long been integral parts of computers and other devices. Chips can also be found in cars, household appliances, and debit cards.
    © Roberto Schirdewahn
  /  

Attackers may potentially manipulate those chips in such a way that the encryption algorithms running on them can be disabled or private date can be leaked. In the same way, functions can be reprogrammed via manipulated hardware, or an attacker can gain control over devices and systems. This can be as perilous in cars as in drones.

Unlike traditional software Trojans that can, for example, infiltrate a system via malicious email attachments, hardware Trojans are security vulnerabilities which could either be integrated in the devices by the manufacturers from the outset, or which could be included during chip manufacturing. The alarming fact is that more than 90 per cent of all hardware chips designed in Germany are manufactured in Asia.

Governments all over the world might be deeply interested in hardware Trojans.

– Christof Paar

Why should manufacturers or chip manufactures be motivated to introduce Trojans? Christof Paar has a theory: “Governments all over the world might be deeply interested in hardware Trojans. Ever since Edward Snowden published his whistleblower reports, we have been aware that intelligence agencies invest a lot of time and money into disabling security systems using a host of methods.”

Often, companies find it difficult to say no to intelligence agencies, even though they take a great risk: should it become known that they have been betraying their customers by introducing Trojans, they lose their clients’ trust. This happened to “Crypto AG” in the 1980s. The Swiss company manufactured encryption devices for governments during the Cold War. It later emerged that the National Security Agency, short NSA, had made sure the devices were manipulated in such a manner that the NSA was able to break the encryption.

Experts refer to those integrated security gaps as backdoors. “Academics have known for a long time that security solutions can be manipulated,” says Christof Paar. Yet, he and his colleagues were surprised by the extent to which the NSA has implemented attacks against crypto-solutions. That was reason enough for Paar to investigate the issue in detail. Financed by the ERC Grant, he is now able to do so.

Dozens of millions of elementary components

The research problem that Christof Paar will tackle together with a team of PhD students is made up of two parts: in the first step, the researchers assume the perspective of the attackers and will investigate which hardware Trojans are possible. This knowledge is necessary for the researchers in order to develop effective countermeasures.

A particular difficulty is that modern chips are often made of up to dozens of millions of elementary components, so-called logic gates. An attacker has only has to perform miniscule alterations of a few of those components in order to realise a Trojan. In the second part, the researchers intend to develop solutions that would prevent such manipulations.

Christof Paar doesn’t lack ideas of how hardware Trojans might be used. The manipulated chip could, for example, perform an incorrect computation only if a certain trigger is present. “In a drone or in a car, that might consist of specific GPS coordinates,” says Paar. “The Trojan would be activated only if the user was in a certain region.”

The inside of a chip: getting denser and denser and more and more complex. Up to a billion transistors ensure top computing performance.
© I-Stock, Amadeusamse

A particularly sophisticated approach on the part of the attackers, as Paar explains, would be if they did not swap the logic gates, i.e. change the circuits. Such an attack might possibly be detected by clever users, for example if they inspected the chips with dedicated microscopes.

Manipulations of the computer’s basic components, namely so-called transistors, on the other hand, are virtually invisible. As many as a billion of those microscopically small computing devices are integrated in modern chips. “For example, it is very easy to make a transistor slightly slower,” says Paar. To this end, it is enough to alter a few atoms in the semiconductor that makes up the transistor. Or make the width of the miniscule connection lines between the transistors narrower by a few nanometres.

The 52-year-old researcher does not worry that intelligence agencies might interfere with his research. “In Europe, my research is viewed quite positively. After all, my objective is to understand what kind of damage might be caused by determined attackers with sound financial backing. Today, most European countries are in agreement that hardware manipulations pose a serious threat for citizens, the economy, and governments.”

Download high-resolution images
The selected images are downloaded as a ZIP file.
The captions and image credits are available in the HTML file after unzipping.
Conditions of use
The images are free to use for members of the press, provided the relevant copyright notice is included. The images may be used solely for press coverage of Ruhr-Universität Bochum that relates to the contents of the article that includes the link for the image download.
I accept the conditions of use.
Published
Thursday
16 June 2016
11.00 AM
By
Raffaela Römer (rr)
Translated by
Donata Zuber
Share
Teilen
 
English News
Overview
 
German News
Homepage
  • A-Z
  • N
  • K
Logo RUB
Impressum | Kontakt
Ruhr-Universität Bochum
Universitätsstraße 150
44801 Bochum

Datenschutz
Barrierefreiheit
Impressum
Schnellzugriff
Service und Themen
Anreise und Lagepläne
Hilfe im Notfall
Stellenangebote
Social Media
Facebook
Twitter
YouTube
Instagram
Seitenanfang y Kontrast N
Impressum | Kontakt