German Researchers Devise New Method to Detect Manipulations in Chips
German researchers developed a new method to detect hardware manipulations in microchips early on in the production process—a time when chips are most vulnerable.
Attackers can create security vulnerabilities not only in software but also in hardware. To combat this issue, German researchers recently devised a novel method for detecting hardware manipulations on microchips. Such manipulations are most likely to occur during the chip's production process when they are most vulnerable to attacks. Because these small alterations are designed to be inconspicuous, they often go undetected by manufacturers.
One of the microchips assessed in the experiment. Researchers inspected two-square millimeter portions of chips this size. Image courtesy of the Ruhr University Bochum
Hardware Trojans are physical or behavioral modifications made to the circuitry of an electronic chip, allowing attackers to control technical applications. Such hardware attacks can have severe consequences, causing damage or even paralyzing parts of the telecommunications infrastructure. Detecting these changes is important for ensuring the security and reliability of microchip-based devices.
Researchers Put Microscopes and Algorithms to Task
Researchers from Ruhr University Bochum, Germany, and the Max Planck Institute for Security and Privacy (MPI-SP) in Bochum have developed a technique to identify deviations in the construction plans of manufactured chips using electron microscope images and a detection algorithm.
The researchers propose that manufacturers compare received semiconductor devices to the design files initially submitted to the foundry. While the team recognizes that this comparison would require qualified experts and advanced laboratory equipment, it would protect the data privacy of thousands of devices.
To test their detection method, the researchers broke into two teams: a red team and a blue team. The red team was tasked to implant small changes acting as surrogates for inserted hardware Trojans in the layouts of four modern CMOS technology generations: 28nm, 40nm, 65nm, and 90nm. From there, the blue team set out to detect the differences between the manufactured device and the digital layout using an electron microscope image comparison.
A Hide-and-Go-Seek of Hardware Trojans
The researchers first prepared the chips using mechanical and chemical methods to take thousands of images of the lowest chip layers, which in and of themselves contained several hundred thousand standard cells that execute logical operations. Because the red team couldn't modify the chips after they were already manufactured by a third party, they changed the designs retroactively to minimize the deviations between the construction plans and the chips. The blue team's job was to detect these changes without knowing what to look for and where.
The top layer shows the layouts of the four evaluated ASICs. On the bottom, you'll see the fused SEM images of the backside of the chips. The researchers only evaluated deviations within the standard cell area (within the orange square). Image courtesy of Ruhr University Bochum/MPI-SP
With their algorithm, the blue team detected deviations in 37 out of 40 cases, resulting in a detection rate of 92.5%. The researchers had the most success with identifying modifications in chips sizes 40nm, 65nm, and 90nm, with a total of 500 false positives. The method was less effective in detecting subtle changes in the smallest 28nm chip. The team suggested that with an improved detection algorithm, they might increase the detection rate for this chip size as well.
Improving Early Back Door Detection
If this technique were to be adopted by semiconductor manufacturers, they may improve the security of microchip-based devices by detecting weaknesses early on in the production process. One challenge of this technique, however, is that impurities on the chip may obstruct the visibility of specific regions of the image. Even minuscule foreign matter, such as microscopic fragments, specks of dust, or hair, can obscure a whole row of standard cells, creating a significant hurdle for detection. The researchers suggest using scanning electron microscopes in a clean room to increase accuracy.
That is o.k. provided that there are no *un-recorded* alterations to the design files “originally submitted to the foundry”...
Now, if those same researchers can develop a system for alerts when voltages of those chips are being observed by ‘third parties’when in use,
as described in “An introduction to power analysis side channel attacks”, their research grants might be moneys better spent….