How to Build Hardware Trojans

Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security critical, e.g., medical devices, automotive electronics, or SCADA systems. If the underlying ICs in such applications are maliciously manipulated through hardware Trojans, the security of the entire system can be compromised. In recent years, hardware Trojans have drawn the attention of governments and the scientific community. Initially, the primary attacker model was a malicious foundry that could alter the design, i.e., introduce hardware Trojans which could interfere with the (securitysensitive) functionality of a chip. Many other attacker models exist too. For instance, a legitimate IC manufacturer, e.g., a consumer electronics company abroad, might be in cohort with a foreign intelligence agency to alter its products in a way that compromises their security. Even though hardware Trojans have been considerably studied, little is known about how they might look, especially those that are particularly designed to avoid detection. In this talk we introduce two recent research projects which deal with the Trojan insertion in two different types of hardware platforms, ASICs and FPGAs. This is joint work with Georg Becker, Wayne Burleson, Marc Fyrbiak, Philipp Koppe, Franceso Regazzoni and Pawel Swierczynski.