Protecting Hardware Against Trojans

Tuesday, November 15, 2011 @ 01:11 PM gHale

There is a new hardware design that adds in a new technique that should assure the integrity of components against malicious altering or manufacturing flaws.

That all comes about because people falsely assume hardware elements are free of malware, said Ramesh Karri, a professor of electrical and computer engineering at New York University Polytechnic Institute.

RELATED STORIES
Classic Antenna Gives a Power Boost
Easier Organic Energy on Horizon
Health, Safety Behind the Wheel
Paper Sensor Detects Explosives

Since products are in many cases assembled of components manufactured all over the world, during the transportation and in other processes, hardware elements can suffer from tampering, Karri said.

Along those lines one year ago the FBI busted a criminal organization that possessed 700 pieces of counterfeit Cisco hardware worth $143 million.

Since companies could end up with these units, Karri felt something had to happen to verify the integrity of hardware, especially since in many cases that product goes in systems used by critical infrastructure agencies.

One of the techniques proposed by the scientists involved ring oscillators, devices composed of odd numbers or NOT gates whose output oscillates between two voltage levels. Since circuits that contain these devices produce specific frequencies, any kind of tampering would alter their original design, thus alerting testers of compromised circuits.

To make it difficult for criminals to replicate these frequencies, the researchers proposed the creation of more versions of the ring oscillator arrangements to make it impossible to keep track of.

To test their theories they needed infected pieces of hardware, but since companies aren’t that willing to hand over their property, the team asked the help of their students who managed to provide 58 samples for the experts to study.

The findings could help future studies determine the best means to protect critical components against potential attacks.



Leave a Reply

You must be logged in to post a comment.