In our digital world, integrated circuits are present in nearly every moment of our daily life. Even when using the coffee machine in the morning, or driving our car to work, we interact with integrated circuits. The increasing spread of information technology in virtually all areas of life in the industrialized world offers a broad range of attack vectors. So far, mainly software-based attacks have been considered and investigated, while hardware-based attacks have attracted comparatively little interest. The design and production process of integrated circuits is mostly decentralized due to financial and logistical reasons. Therefore, a high level of trust has to be established between the parties involved in the hardware development lifecycle. During the complex production chain, malicious attackers can insert non-specified functionality by exploiting untrusted processes and backdoors. This work deals with the ways in which such hidden, non-specified functionality can be introducedinto hardware systems. After briefly outlining the development and production process of hardware systems, we systematically describe a new type of threat, the hardware Trojan. We provide a historical overview of the development of research activities in this field to show the growing interest of international research in this topic. Current work is considered in more detail. We discuss the components that make up a hardware Trojan as well as the parameters that are relevant for an attack. Furthermore, we describe current approaches for detecting, localizing, and avoiding hardware Trojans to combat them effectively. Moreover, this work develops a comprehensive taxonomy of countermeasures and explains in detail how specific problems are solved. In a final step, we provide an overview of related work and offer an outlook on further research in this field.
Authors and Affiliations
Vienna University of Technology and SBA Research, USA
Christian Krieg,
Adrian Dabrowski,
Heidelinde Hobel,
Katharina Krombholz,
Edgar Weippl
About the authors
His research focuses on applied concepts of IT-security and e-learning. After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked in a research startup for two years. He then spent one year teaching as an assistant professor at Beloit College, WI. From 2002-2004, while with the software vendor ISIS Papyrus, he worked as a consultant in New York, NY and Albany, NY, and in Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and founded the research center SBA Research together with A Min Tjoa and Markus Klemen.His research interests include hardware security, wireless sensor networks, and the Internet of Things. Christian Krieg graduated with a Masters degree from Vienna University of Technology in 2013. After researching in the field of malicious hardware, he is now engaged at the Institute of Computer Technology in the detection and prevention of hardware Trojans using formal methods.His research interests cover RFID, cyberphysical security, and hardware security. Adrian Dabrowski received his Masters degree from Vienna University of Technology. He participated and later organized the Viennese iCTF team, winning two times. Before that he made several media appearances concerning insecurity of systems in public use and taught part-time at a technical high school.Her research interests include, among others, software protection, privacy-preserving technologies and privacy by design. She received a Masters degree in Business Informatics with focus on IT security from the Vienna University of Technology in 2013.
Bibliographic Information
Book Title: Hardware Malware
Authors: Christian Krieg, Adrian Dabrowski, Heidelinde Hobel, Katharina Krombholz, Edgar Weippl
